Mysql injection and phpinfo at a site of Apsara Stack

Mysql injection and phpinfo at a site of Apsara Stack

Mysql injection and phpinfo at a site of Apsara Stack

First scanned the phpinfo file, http://my.gfan.com/info.php

Then I want to find the injection and file contains such a vulnerability, so in my.gfan.com find an injection point POST URL: Issue problem parameter: chargepaymentcurrent user: 'My _ web@10.8.8. % 'Unfortunately, the current user is him and his permissions are insufficient. After all, this is a risk. It takes time to get the shell.

 

available databases [4]:[*] gfan_game[*] gfan_gamepay[*] gfan_pay[*] information_schemaDatabase: gfan_pay[63 tables]+------------------------------+| user || action_type || admin_operate_log || admin_user || app_info_apk || card_config || channel || charge_log || check_check_info || check_check_status || client_channel || consume_log || contrast_appkey_productid || login_log_20121222 || login_log_tmp || payorder_status_log || rebate_info || recharge_alipay_notify_log || recharge_channel || recharge_channel_account || recharge_dic_channel || recharge_log || recharge_mo9_notify_log || recharge_order || recharge_order_history || recharge_order_operate_log || recharge_order_reb || recharge_request || recharge_submit || recharge_tenpay_notify_log || recharge_uc_recharge_log || recharge_unionpay_notify_log || recharge_unionpay_trade_log || sdk_app || sdk_message_client_log || sdk_message_pay_log || sdk_pay_log || sdk_pay_point_arrive || sdk_save_ios_order || sdk_sp_dictionary || sdk_sp_sms || shenzhoufu || sp_channelinfo_admini || sp_companyinfo_admini || sp_developerinfo_admini || sp_errormessages_log || sp_install_forwardtell_log || sp_partname_admini || sp_pay_forwardtell_log || sp_spcustom_admini || sp_statusreport_log || sp_support_admini || sp_uploadinterface_log || sp_userinfo_admini || sp_version_admini || test || tgr_getcharge_logbyuid || tgr_getconsume_logbyuid || tgr_getsdk_appbyuid || uc_pay_log || uc_uid_imei || user_payorder_url || wap_test |+------------------------------+Database: gfan_gamepay+-------------------+---------+| Table | Entries |+-------------------+---------+| gamepay_order | 49027 || gamepay_usercheck | 44 || gamepay_server | 43 || gamepay_qz | 32 || gamepay_channel | 5 || gamepay_rate | 3 || gamepay_param | 2 |+-------------------+---------+

Solution:

1. Delete phpinfo
2. Filter Single quotes and special characters that do not affect the business