The SQL injection of wine mei.com causes a large number of member data leaks.

Ordinary SQL injection, not even waf, all the data in the visual test is in it, a variety of data, a few add up to nearly one thousand table name ah, mobile phone number AH, mailbox ah, address ah, phone number, order number, password, or something http://www.winenice.com/json/cj_list.shtml?activeID=1&m=0.7585369871730625&n=20activeID This parameter indicates that all data is in available databases [6]: [*] 9 hipibackend [*] master [*] model [*] msdb [*] T118DB [*] tempdb Database: 9 hipibackend [658 tables] + tables + | dbo.51DM _ Customer | dbo.51DM _ Customer_bak20100809 | dbo.51DM _ Customer_bak20111130 | dbo. a_test_JingDong | dbo. backGatheringReturnGood | I am a mosaic | dbo. sys. xml_schema_types | dbo. sys. xml_schema_wildcard_namespaces | dbo. sys. xml_schema_wildcards | + ------------------------------------------------------- +


The user name and password will not pop up. In these tables, dbo. customer | dbo. customer_info | dbo. customer_joint | dbo. customer_lib | dbo. customer_orders_review | dbo. customer_point | dbo. customer_point_log | dbo. customer_profile | dbo. customer_type | dbo. customer_wineCollarNo |Solution:Due to the large amount of data, once acquired, a large number of personal privacy leaks, such as account, password, address, name, and mobile phone number. I. Filtering 2. separate application databases. The database is too messy, and all kinds of data are in one piece, one injection, and all information is obtained. The vulnerability proves that I only tested a small part of my pants, and I did not take off any other data. I'm a white hat.