### 简要描述:
互动在线科技有限公司参数过滤不严,可SQL注入,
### 详细说明:
[<img src="https://images.seebug.org/upload/201503/1721202608a722a5f4f90ecd0a6bdfe98d06974a.png" alt="选区_002.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/1721202608a722a5f4f90ecd0a6bdfe98d06974a.png)
http://kaiyuan.hudong.com/sq/site_authorize.php?siteurl=
使用sqlmap检测,可得到数据库信息,如下图所示
[<img src="https://images.seebug.org/upload/201503/172121465c4efc5b810cf79b5db9a11f75db5072.png" alt="选区_001.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/172121465c4efc5b810cf79b5db9a11f75db5072.png)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201503/1721202608a722a5f4f90ecd0a6bdfe98d06974a.png" alt="选区_002.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/1721202608a722a5f4f90ecd0a6bdfe98d06974a.png)
[<img src="https://images.seebug.org/upload/201503/172121465c4efc5b810cf79b5db9a11f75db5072.png" alt="选区_001.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/172121465c4efc5b810cf79b5db9a11f75db5072.png)
京公网安备 11010502034610号
暂无评论