Blue Shield smart traffic control management system SQL Injection Vulnerability
Blue Shield smart traffic control management system SQL Injection Vulnerability
The Blue Shield Intelligent Traffic Control Management System https: // 219.156.146.15/login.html logon box contains post injection.
POST/main. php? M = SysManage & c = adminUser & a = adminLogin HTTP/1.1
Host: 219.156.146.15
Connection: keep-alive
Content-Length: 29
Origin: https: // 219.156.146.15
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 33.0) Gecko/20120101 Firefox/33.0
Content-Type: application/x-www-form-urlencoded
Accept :*/*
Referer: https: // 219.156.146.15/login.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN, zh; q = 0.8
Cookie: PHPSESSID = a28ba36a54df2e6596690128c16a6ea3
UserName = admin & passWord = admin
Parameter username
You can execute any command after logging on ..
Solution:
SQL Injection filtering, etc.