I have detected injection attacks on Sohu, TOM, and Netease portals, and found that there are also obvious injection vulnerabilities, which are very poor in security.
1. MySQL injection Detection
First, let's take a look at Sohu's website. Most of the dynamic web pages on Sohu's website are written in PHP, and there are also a lot of injections. For example:
Http://app.sh.sohu.com/lo###l/s.php? Id = 636
This webpage is an l'oreal advertisement page. Without detecting submitted digital parameters, you can directly use SQL injection to obtain information such as the current data version, database name, and user. First, the number of fields obtained through the Order by query is 9, and then various information of the database can be obtained through the union select query. Figure 1 ):
Http://app.sh.sohu.com/lo###l/s.php? Id = 636 and 1 = 2 union select 1, 2, group_concat (user (), 0x7C7C, version (), 0x7C7C, database (),
Figure 1 query database information through SQL Injection on Sohu website