The Phoenix mobile game network SQL blind injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201338068
Type myhack58
Reporter 佚名
Modified 2013-04-01T00:00:00


Brief description:

The Phoenix mobile game network, fill in the phone number to send the push to connect places exist sql blind injection vulnerability.

Detailed description:

The presence of SQL blind injection url: fenghuang/game/game_send_sms. jsp? gameid=1 3 0 2 2 1 3 4 6 0 0 0% 2 7%20and%20sleep%2 8 2% 2 9%3d%2 7&mo=1


Vulnerability proof:


Guess the database:


Can see the mysql system database, it appears that the user permissions should be very high.

Repair solutions: