There are two SQL injections for an OEM device product (No Logon is required and many security vendors are involved)

There are two SQL injections for an OEM device product (No Logon is required and many security vendors are involved)

Http: // **. **/bugs/wooyun-2010-0122195

According to the previous report, two other injections are also found.

Article 1:
 

/Topframe. cgi? Act = 1 & lang = undefined & session_id = undefined & user_name = test parameter user_name

Second:
 

/Bottomframe. cgi? Lang = zh_CN.UTF-8 & session_id = undefined & user_name = test parameter user_name

Tianyao Network Security Audit System
 

 

Shenzhou.com online behavior management system
 

SecFox Security Management System
 

System title: network behavior management system
 

 

Refer to the wooyun-2010-0122195 report for the following cases (no additional cases due to numerous devices involved)
 

1. beijing Venus star Information Security Technology Co., Ltd.: tianyao network security audit system **. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/Netoray NSG online behavior management system **. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/2. lux Technology (Beijing) Co., Ltd.: Netoray SMB enterprise easy Netcom **. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/Netoray NSG online behavior management system **. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/Netoray TOG Lux bandwidth Management System V5.0 **. **. **. **/3. wangshen Information Technology (Beijing) Co., Ltd.: SecFox Security Management System **. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/https ://**. **. **. **/4. hanbai Technology Co., Ltd.: poweraegis 5500 online behavior management system **. **. **. **/**. **. **. **/**. **. **. **/5. shanghai Information Technology Co., Ltd.: InforCube NSG Shanghai news online behavior management system **. **. **. **/6. digital China Holdings Limited: Digital China online behavior management system **. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/**. **. **. **/https ://**. **. **. **/**. **. **. **/7. chengdu feiyuxing Technology Development Co., Ltd.: volans sr internet behavior audit gateway **. **. **. **/8. beijing rising Information Technology Co., Ltd. Rising online behavior management system **. **. **. **/**. **. **. **/9. beijing Wangyu yunxing Information Technology Co., Ltd. Wangyu online behavior management system Leadsec ACM **. **. **. **: 8443/10. beijing Network Rui Xing An Technology Co., Ltd. Network Rui Xing An log system **. **. **. **/11. chengdu yichuang Technology Co., Ltd. yichuang professional online behavior management equipment e-strong ibm **. **. **. **/12. unknown manufacturer system title: online behavior management system **. **. **. **/**. **. **. **/13. unknown manufacturer system title: network behavior management system **. **. **. **/**. **. **. **/**. **. **. **/https ://**. **. **. **/**. **. **. **/**. **. **. **/https ://**. **. **. **/**. **. **. **/https ://**. **. **. **/https ://**. **. **. **/**. **. **. **/**. **. **. **/14. nesoft online behavior management system **. **. **. **/

Solution:

Filter