Tianhong mall app SQL injection (including 380 million + mall user data and 330 million + VIP user data)
SQL Injection for APP security
Objectives: Tianhong mall red scarf APP
Check that SQL Injection exists in the following places: (injection parameter user_id, UNION Query/time blind injection)
Http://member.honglingjin.cn/center/delivery_address/list? User_id = 40002096939 & access_token = 60b7d95679tps14a2e6e1f49d3f61f70 user website link injection, it is estimated that only the user library table should be typed, and the rear yard caught fire ~~
1. SQLMap vulnerability proof
2. List current database users
3. list all databases, and the user database is displayed.
4. List the table below, all of which are user tables. A total of 380 million + mall user data and 330 million + VIP user data will not be further explored.
Solution:
Please kindly advise ~