The SQL injection of Shien milk powder on a website involves 1.03 million member information.
Milk Powder
Detailed description:
http://www.scient.com.cn/news/news.php?id=303
Parameter id injection point:
Table: member2013[34 columns]+-----------------+--------------+| Column | Type |+-----------------+--------------+| AddressInfo | varchar(200) || BabyName | varchar(50) || BabyTran | varchar(50) || BirthDay | varchar(50) || CityAddress | varchar(100) || CommandName | varchar(50) || Email | varchar(100) || IP | varchar(50) || IPAddress | varchar(100) || IsAcceptProduct | int(11) || IsActiveEmail | int(11) || IsEnable | int(11) || IsSex | int(11) || LastDate | datetime || LoginName | varchar(100) || LoginPwd | varchar(100) || Member2013ID | int(11) || MemberTypeID | int(11) || Mobile | varchar(50) || NickName | varchar(100) || NowSelPinPai | varchar(50) || OauthToken | varchar(200) || OauthTokenSecre | varchar(200) || ParentName | varchar(50) || Phone | varchar(50) || RegDate | datetime || SelServices | varchar(50) || Tel | varchar(50) || UserCard | varchar(100) || UserName | varchar(100) || WeiboHead | varchar(200) || WeiBoID | varchar(100) || WeiboUrl | varchar(200) || ZipCode | varchar(50) |+-----------------+--------------+
Proof of vulnerability:
http://www.scient.com.cn/news/news.php?id=303
Parameter id injection point:
Table: member2013[34 columns]+-----------------+--------------+| Column | Type |+-----------------+--------------+| AddressInfo | varchar(200) || BabyName | varchar(50) || BabyTran | varchar(50) || BirthDay | varchar(50) || CityAddress | varchar(100) || CommandName | varchar(50) || Email | varchar(100) || IP | varchar(50) || IPAddress | varchar(100) || IsAcceptProduct | int(11) || IsActiveEmail | int(11) || IsEnable | int(11) || IsSex | int(11) || LastDate | datetime || LoginName | varchar(100) || LoginPwd | varchar(100) || Member2013ID | int(11) || MemberTypeID | int(11) || Mobile | varchar(50) || NickName | varchar(100) || NowSelPinPai | varchar(50) || OauthToken | varchar(200) || OauthTokenSecre | varchar(200) || ParentName | varchar(50) || Phone | varchar(50) || RegDate | datetime || SelServices | varchar(50) || Tel | varchar(50) || UserCard | varchar(100) || UserName | varchar(100) || WeiboHead | varchar(200) || WeiBoID | varchar(100) || WeiboUrl | varchar(200) || ZipCode | varchar(50) |+-----------------+--------------+
Solution:
Filter.