SQL注入,后台地址泄露且无验证码!
同一个站点,有些注入点是access数据库,而有一处注入点是MSSQL有12个数据库
站点:
http://www.law-lib.com/ 法律法规网,百度权重7,果断总结提交!
MSSQL注入点:
http://www.law-lib.com/cbs/cbs-view.asp?cbsm=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD
Access的GET注入点三枚:
1.http://www.law-lib.com/flsz/szml.asp?flh=a
2.http://www.law-lib.com/lawseek/wzcoun.asp?wz=http://www.fasac.cn/lawyer
3.http://www.law-lib.com/lawseek/wzcoun.asp?wz=http://www.yjlawyer.cn/Main/NewsView.asp?ID=324&SortID=4
Access的POST注入点:
http://www.law-lib.com/flsz/szml.asp B2=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&ff=zz&zz=88952634
后台地址:
http://www.law-lib.com/lawyer/lawyerlogin.asp
MSSQL注入:
1.当前账户:
2.12个数据库:
Access的GET注入点:
Access的POST注入点:
后台地址:
http://www.law-lib.com/lawyer/lawyerlogin.asp 无验证码 黑吧安全网
修复方案:
作为hack黑客大牛er的您肯定是懂的,我就不多说废话了,因为我也是个黑客,哈哈!