Failed to fix SQL injection vulnerability on a platform of Xinhua life insurance, resulting in another Getshell
Failed to fix SQL injection vulnerability on a platform of Xinhua life insurance, resulting in another Getshell
When I read the case, I found that the SSL injection vulnerability of a platform of WooYun: Xinhua life insurance has been Getshell.
The SSL injection vulnerability of a platform of Xinhua life insurance has been detected by Getshell following the ssl name. The result is an error in SQL.
Okay, now let's take a look,
Injection point: http: // 123.127.246.34/index. php? G = Wap & m = Dining & a = ShowDetail & id = 2
According to the progress of wooyun, the vendor has disabled the system ,,
But, are you lying to me,
Test: injection still exists
The fun thing is,
The shell uploaded by the last buddy is also kept:
Http://weixintest.newchinalife.com/uploads/a/admin/8/7/ B /2/56712d732270b.php password c
Then I went over it ,,,
Well, the vendor should pay attention to the actual repair.