Search for a website SQL Injection Vulnerability (DBA permission)

Source: Internet
Author: User

Search for a website SQL Injection Vulnerability (DBA permission)

Search for a website SQL Injection Vulnerability (DBA permission)

Vulnerability addresses: http://oa.xywy.com/

We will capture packets and modify the user name

And then drop the ing sqlmap.
Code Region
Sqlmap. py-r 4.txt -- tamper space2comment. py, base64encode. py-p loginCode -- level 5 -- risk 3 -- dbms mssql --
Dbs
Database

This permission looks comfortable.

View ip

Let's go to the Intranet .. Well, you don't have a server in your hand. Otherwise, you can try to download and run the trojan remotely .. Let's look at the table segment.

More than 1000. Well, Baidu gold and the software database dictionary did not find logon.
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.