Full SQL Injection caused by a log leakage on the KFC Main Site
A log is leaked to a complete SQL injection process.
First, the artifact is scanned
http://www.kfc.com.cn/service/log.txt
---------- Begin ----------- 1/19/2016 12:49:04 PMSystem. serviceModel. faultException: Server was unable to process request. ---> Incorrect syntax near 'as an open consumption resting place '. unclosed quotation mark after the character string ''. server stack trace: at System. serviceModel. channels. serviceChannel. handleReply (ProxyOperationRuntime operation, ProxyRpc & rpc) at System. serviceModel. channels. serviceChannel. call (String action, Boolean oneway, ProxyOperationRuntime operation, Object [] ins, Object [] outs, TimeSpan timeout) at System. serviceModel. channels. serviceChannelProxy. invokeService (IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System. serviceModel. channels. serviceChannelProxy. invoke (IMessage message) Exception rethrown at [0]: at System. runtime. remoting. proxies. realProxy. handleReturnMessage (IMessage reqMsg, IMessage retMsg) at System. runtime. remoting. proxies. realProxy. privateInvoke (MessageData & msgData, Int32 type) at kfcService. webService1Soap. complainDataSet (String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent) at kfcService. webService1SoapClient. complainDataSet (String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent) at complain. ibtnSubmit_Click (Object sender, ImageClickEventArgs e) ---------- End -----------
Which of the following statements indicates an injection?
----------Begin-----------2/4/2016 10:52:15 AMSystem.ServiceModel.FaultException: Server was unable to process request. ---> Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2012 - 11.0.2218.0 (X64) Jun 12 2012 13:05:25 Copyright (c) Microsoft CorporationStandard Edition (64-bit) on Windows NT 6.1 (Build 7601: Service Pack 1) (Hypervisor)' to data type int.Server stack trace: at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at kfcService.WebService1Soap.complainDataSet(String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent) at kfcService.WebService1SoapClient.complainDataSet(String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent) at complain.ibtnSubmit_Click(Object sender, ImageClickEventArgs e)----------End-----------
Done !!!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
