Alibabacloud.com offers a wide variety of articles about scan website for sql injection vulnerabilities, easily find your scan website for sql injection vulnerabilities information here online.
Brief description:
Xin Tong huashun Network Information Co., Ltd. provides mobile WAP access to the website for financial information access. SQL Injection exists on multiple pages.Detailed description:
Databases on the SQL Injection page of the company use the MYSQL Root
A severe mysql injection vulnerability exists in the website construction system of zule activity platform. The construction system includes Mengniu sour milk and other influential websites. Among them, Mengniu sour milk database contains a large number of Sina and authorized tokens for logon by users.I thought Mengniu sour milk http://www.mnssr.com is a self-built site, background guess the background foun
Author: Monkey QQ: 812009485
I just got home from the holiday. I am idle and have nothing to do, and it's heavy snow. I don't want to go out and soak mm ..
Suddenly I saw an enterprise cms, So I downloaded the program.
G.cn Keyword: 6CMS enterprise Site Management System (Chinese and English Traditional Chinese Version)
Default Account Password: admin
Background: admin/
I don't know how the programmer got it. I can see that the admin directory of the program has an anti-
SQL injection vulnerability in a website under Zhongguancun online
Zhongguancun online under a station SQL injection vulnerability http://easyxiu.zol.com.cn/H/
POST/H/action /? Act = order HTTP/1.1Content-Length: 75Content-Type: application/x-www-form-urlencodedX-Requested
SQL injection attacks are not effectively prevented. This vulnerability can directly cause leakage of company-related confidential information.Detailed Description: directly submit the SQL injection vulnerability locationHttp://www.nongfuspring.com/app/newsDetail.action? HeadtodetailId = 853Proof of vulnerability:Due t
If the website only opens port 80, you will find that the following method is more useful.The methods used are almost none I have found. I have some personal experience and skills in injection.There are four methods (currently known)
Method 1:
This is the method described in Take advantage of sqlserver's xp_dirtree. Okay, let's take a look at the method first, and then let's talk about its advantages and disadvantages (based on the original article)
C
During the test, the dongle intercepted the SQL query on the website where the dongle was used. However, the dongle was able to bypass the security and obtain the database information. For the protection device, if important information is obtained by the passer when it is enabled, I think it has been bypassed... the test procedure is as follows: bbs.siteserver.cn installed the url of the dongle request to
Kingsoft Ciba has SQL injection in the background of a website.
Kingsoft
Injection of this site beforeWooYun: a management system leaked a lot of Kingsoft MAC (tftp + ftp account 30 + decrypted MD5 enters the management background)Decrypt the login with the first account posted
Chenhui1 password chenhui2Log on to
Alimama travel website has SQL Injection
(⊙ O ⊙ )...
If a problem occurs at a point, check whether there are any problems with all similar points .... POST/lvyou/dest_index/AjaxGetTripList HTTP/1.1Content-Length: 66Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.lvmama.com/lvyou/Cookie: uid = wKgKcFZNZmCynk9 + CC
SQL Injection for an important website of Tom Online
POST /redeem/tom_ecardExchange.php HTTP/1.1Content-Length: 191Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://tangyuan.tom.com/Cookie: PHPSESSID=0bfa903262d197b1a2039b9b8ef55db0; tom_test=rPcet0oDU!4!1!1459218920!1459219309!4!0!http://tangyuan.tom.com/redeem/game
Preface:
Other basic injection methods are not described in detail.
Unable to understand the injection basics of this site
Article .
For better use of injection, we suggest you read the SQL syntax articles on this site.
[Retrieve all database names]Select name from Master. DBO. sysdatabases where dbid = 7 // The v
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.