Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

修复会话管理存在的sql注入风险 #1299 #1300

Merged
merged 1 commit into from
Dec 27, 2021
Merged

修复会话管理存在的sql注入风险 #1299 #1300

merged 1 commit into from
Dec 27, 2021

Conversation

nick2wang
Copy link
Collaborator

修复会话管理存在的sql注入风险 #1299

修复会话管理存在的sql注入风险 #1299
@codecov
Copy link

codecov bot commented Dec 27, 2021

Codecov Report

Merging #1300 (867ee92) into master (3eb7d5c) will not change coverage.
The diff coverage is 0.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1300   +/-   ##
=======================================
  Coverage   77.90%   77.90%           
=======================================
  Files          77       77           
  Lines       12046    12046           
=======================================
  Hits         9385     9385           
  Misses       2661     2661           
Impacted Files Coverage Δ
sql/db_diagnostic.py 16.27% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3eb7d5c...867ee92. Read the comment docs.

@nick2wang
Copy link
Collaborator Author

修改后:

[root@m1 sqlmap]# sqlmap -r req.txt  -flush-session
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.5.12.3#dev}
|_ -| . [,]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[*] starting @ 16:21:50 /2021-12-27/

[16:21:50] [INFO] parsing HTTP request from 'req.txt'
[16:21:54] [INFO] flushing session file
[16:21:54] [INFO] testing connection to the target URL
[16:21:54] [INFO] checking if the target is protected by some kind of WAF/IPS
[16:21:56] [INFO] testing if the target URL content is stable
[16:21:56] [INFO] target URL content is stable
[16:21:56] [INFO] testing if POST parameter 'instance_name' is dynamic
[16:21:56] [INFO] POST parameter 'instance_name' appears to be dynamic
[16:21:56] [WARNING] heuristic (basic) test shows that POST parameter 'instance_name' might not be injectable
[16:21:56] [INFO] testing for SQL injection on POST parameter 'instance_name'
[16:21:56] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[16:21:56] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[16:21:56] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[16:21:56] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[16:21:56] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[16:21:57] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[16:21:57] [INFO] testing 'Generic inline queries'
[16:21:57] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[16:21:57] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[16:21:57] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[16:21:57] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[16:21:57] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[16:21:57] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[16:21:57] [INFO] testing 'Oracle AND time-based blind'
[16:21:59] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[16:21:59] [WARNING] POST parameter 'instance_name' does not seem to be injectable
[16:21:59] [INFO] testing if POST parameter 'ThreadIDs' is dynamic
[16:21:59] [WARNING] POST parameter 'ThreadIDs' does not appear to be dynamic
[16:22:00] [WARNING] heuristic (basic) test shows that POST parameter 'ThreadIDs' might not be injectable
[16:22:00] [INFO] testing for SQL injection on POST parameter 'ThreadIDs'
[16:22:00] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[16:22:00] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[16:22:00] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[16:22:01] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[16:22:01] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[16:22:01] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[16:22:01] [INFO] testing 'Generic inline queries'
[16:22:01] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[16:22:01] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[16:22:02] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[16:22:02] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[16:22:02] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[16:22:02] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[16:22:02] [INFO] testing 'Oracle AND time-based blind'
[16:22:02] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[16:22:03] [WARNING] POST parameter 'ThreadIDs' does not seem to be injectable
[16:22:03] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'
[16:22:03] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 72 times

[*] ending @ 16:22:03 /2021-12-27/

@hhyo hhyo merged commit 02c8d8d into hhyo:master Dec 27, 2021
@nick2wang nick2wang deleted the nick-patch branch December 28, 2021 09:49
@kongxinling
Copy link

显示是在 v1.8.3 版本修复的该漏洞,为什么在 v1.8.2版本中复现不出来呢

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants