乐视网某APP存在两处SQL注入漏洞乐视看球app
GET /sports/api/my_teams?devId=864394014414512&version=2.2&pcode=120110183 HTTP/1.1
User-Agent: Dalvik/1.4.0 (Linux; U; Android 2.3.6; K-Touch W619 Build/GRK39F)
Host: sports.app.m.letv.com
Accept-Encoding: gzip
Proxy-Connection: close
Connection: close
注入点:devId
GET /dynamic.php?pcode=120110183&devId=864394014414512&act=matches_remind&version=2.2&ctl=index&mod=api20 HTTP/1.1
User-Agent: Dalvik/1.4.0 (Linux; U; Android 2.3.6; K-Touch W619 Build/GRK39F)
Host: sports.app.m.letv.com
Accept-Encoding: gzip
Proxy-Connection: close
Connection: close
注入点还是devId
修复方案:
这个app很多注入啊
版权与免责声明:
凡注明稿件来源的内容均为转载稿或由网友用户注册发布,本网转载出于传递更多信息的目的;如转载稿涉及版权问题,请作者联系我们,同时对于用户评论等信息,本网并不意味着赞同其观点或证实其内容的真实性;