中鐵快運存在SQL注入導致大量信息泄漏(全國各分公司組織代碼、登錄名、密碼)
http://**.**.**.**/jsp/fgsjj/detail_4_dd.jsp?id=914 get類型未過濾,注入類型:
dbs:
Database: CREWLW
[231 tables]
+-----------------------------+
| AAAA |
| APP_FEEDBACK |
| APP_PROJECT |
| APP_PROJECT_SCHEDULE |
| APP_STARTCITY |
| APP_TB_NEWS |
| CAMS_ITEM |
| CAMS_NEWS_HISTORY |
| CRE_BAG_DISTANCE_DETAIL_TAB |
| CUSTOMER_DICT |
| CUSTOMER_LOG |
| CUSTOMER_ORG_DICT |
| DICT_DEP_KD_EXTENT |
| DICT_DEP_KY_EXTENT |
| DICT_DEP_MAP |
| DICT_DEP_MAP_BAK |
| DICT_DEP_MAP_H |
| DICT_DEP_MAP_SJ |
| DIC_STATE |
| DIC_TIME |
| DIC_WEBACCESS |
| DIC_YWSTATE |
| DLM_STATE |
| FINAL_CREWLW_ORG |
| FINAL_ORG_ORDER |
| GOODS_TAB |
| GTKD_TB_RESOURCE |
| GTKD_TB_RESOURCE_ORDER |
| LOG$INFORMATION |
| MSG |
| MSG_CHECK_DICT |
| MSG_CHECK_HTTP |
| MSG_CHECK_SERVLET |
| MSG_PHONE |
| MSG_PHONE1 |
| MSG_PHONETEST |
| MSG_PHONE_CHECK |
| ORDER_HEAD |
| ORDER_LINE |
| P_ACCESS_DAY |
| P_ADCOLUMN |
| P_ADINFOCONTENT |
| P_ADPIC |
| P_ADTEMPLATE |
| P_ADWEB |
| P_ADWEBPUBLISH |
| P_AGENT |
| P_AGENTDEFAULTWEB |
| P_AGENTROLE |
| P_AGENTWEB |
| P_ARRIVE_DETAIL |
| P_BACKUP |
| P_CHILDWEB |
| P_CITY |
| P_CLIENT_CODE |
| P_CN_TMP |
| P_COLLECTMAGAZINE |
| P_COLNAVIGATION |
| P_COLUMN |
| P_COLUMNPERMISSIONS |
| P_COLUMNTEMPLATE |
| P_COLUMNTOINFO |
| P_COLUMNVISIBLE |
| P_CREMEMBER |
| P_CRITIC |
| P_CUSTOMFIELD |
| P_CWFB |
| P_CXHACCESS |
| P_DEALDEPART |
| P_DEPT |
| P_DEPTDUTY |
| P_DEPTGROUP |
| P_DEPTGROUPLINK |
| P_DEPTNODEAGENT |
| P_DIR |
| P_DOC |
| P_DOWNLOAD |
| P_EMAIL |
| P_FEILU |
| P_FILE |
| P_FILESIGN |
| P_FILESIGNRESULT |
| P_FLOW |
| P_GROUP |
| P_GTKD_PRICE_SHENG |
| P_GTKD_PRICE_SHI |
| P_HITNUMBER |
| P_HITNUMBER_DW |
| P_HOTSPOT |
| P_INDEXTEMPLET |
| P_INFO |
| P_INFOSEND |
| P_INFOSHARE |
| P_INFOSHAREAUTO |
| P_INFOSOURCE |
| P_INFOTOINFO |
| P_INTEGRALDETAIL |
| P_IP |
| P_ISSUEMAGAZINE |
| P_JOB |
| P_JYP |
| P_KEYS |
| P_KHDC |
| P_KHTS |
| P_KHTSBASICINF |
| P_KHTSDO |
| P_KHTS_DO |
| P_KYHWBL_ADDRESS_BOOK |
| P_KYHWBL_BB_HYJG |
| P_KYHWBL_BB_YDWC |
| P_KYHWBL_BB_ZCQK |
| P_KYHWBL_BLRB |
| P_KYHWBL_BLXX |
| P_KYHWBL_BLXX_BAK0626 |
| P_KYHWBL_BLXX_CLXX |
| P_KYHWBL_BLXX_DATE |
| P_KYHWBL_BL_STATION |
| P_KYHWBL_CLXX |
| P_KYHWBL_CZJL |
| P_KYHWBL_DKH |
| P_KYHWBL_DKH_NEW |
| P_KYHWBL_JH |
| P_KYHWBL_PL_DICT |
| P_KYHWBL_SLXX |
| P_KYHWBL_SLXX_ZP |
| P_KYHWBL_STATIONDICT |
| P_KYHWBL_YDDETAIL |
| P_KYHWBL_YDDETAIL_TEMP |
| P_LEADERMAIL |
| P_LEADERMAIL1 |
| P_LICHENG |
| P_LINK |
| P_LOB_FILE |
| P_LOB_TEXT |
| P_LOGCATEGORY |
| P_LOGINFO |
| P_MAGASERIALCOL |
| P_MAGAZINE |
| P_MAGAZINECOLUMN |
| P_MAGAZINEINFO |
| P_MENU |
| P_MESSAGEBOARD |
| P_MESSAGE_TYPE |
| P_MMINFO |
| P_MM_FEILU |
| P_MM_FS |
| P_MM_QH |
| P_NAVIGATION |
| P_NODE |
| P_NODEAGENT |
| P_OPERATECODE |
| P_OTHERWEB |
| P_PERSONWEB |
| P_PNAME |
| P_POR_MODULECONFIG |
| P_POR_MODULELAYOUT |
| P_POR_MODULES |
| P_POR_PERMISSION |
| P_POR_USER |
| P_PRIVATEADDRESS |
| P_PROGRAMTEMPLET |
| P_PUBLICADDRESS |
| P_QNERESULT |
| P_QUESTIONFIELD |
| P_QUESTIONS |
| P_QUESTIONTABLE |
| P_RECEIVECITY |
| P_RECIPIENT |
| P_REGION |
| P_RELEASEROLE |
| P_REMOTEHOST |
| P_REPLY |
| P_RESEARCH |
| P_RESOPTION |
| P_RESRESULT |
| P_RESUME |
| P_REVERTMB |
| P_ROLE |
| P_ROLEMENU |
| P_ROLEWEB |
| P_SENDCITY |
| P_SENDCITY_BAK |
| P_SENDCITY_SJ |
| P_SENDRECIVECITY |
| P_SEND_DETAIL |
| P_SITEACCESSLOG |
| P_SITETEMPLATE |
| P_STATE_DIC |
| P_TABLE |
| P_TABLEFIELD |
| P_TABLEPROGRAM |
| P_TABOO |
| P_TEMPDESIGN |
| P_TEMPINCLUDE |
| P_TEMPLET |
| P_TEMPWEB |
| P_TODO |
| P_TOPIC |
| P_TOPICQUESTIONS |
| P_USER |
| P_USERDEPT |
| P_USERGROUP |
| P_USERINTEGRAL |
| P_VIDEO |
| P_WEB |
| P_WEBACCESS |
| P_WEBCOPYRIGHT |
| P_WEBTITLE |
| P_WORKFLOW |
| P_WORKFLOWDETAIL |
| P_WORKLOG |
| P_WORKPLAN |
| P_WORKREVIEW |
| P_WSXD_DD |
| P_YWBL |
| P_YWBL_ADDRESS |
| P_YWBL_DO |
| P_YWBL_FU |
| P_YWBL_GOODS |
| P_YWBL_GOODS_LS |
| P_YWBL_LS |
| P_YWBL_SEQ |
| RBAC_RESOURCE |
| RBAC_ROLE |
| RBAC_ROLE_RES |
| RBAC_USER |
| RBAC_USER_ROLE |
| RIBAO |
| TB_YYB_MAP_BAK |
| TJ_FW |
| TJ_IP |
+-----------------------------+
200多張表啊。。。
各個分公司組織機構代碼、用戶名、密碼(大量弱口令):
解決方案:
你們懂得.
就愛閱讀www.92to.com網友整理上傳,為您提供最全的知識大全,期待您的分享,轉載請注明出處。
歡迎轉載:http://www.kanwencang.com/bangong/20161116/55859.html
文章列表
留言列表
