A system vulnerability package in gionee may leak the IMEI serial number of 3.69 million users (unauthorized access/SQL injection)
Export the IMEI serial number file of the 3.69 million user in one click, and calculate 20 rank
Http: // 218.16.100.212: 8080/gionee/weibo/imeiManager! List can be accessed directly without logon
Built-in export Function
Export the data of January 1, December 27
A total of January 1, 2014 string numbers from January 1, December 27, 2015 to January 1, 3696071
The weak password of the admin account of this system is 123456, but it seems that there are two query functions after the system is entered.
SQL Injection:
python SQLMap/SQLMap.py -u "http://218.16.100.212:8080/gionee/weibo/imeiManager!list?p=88&ps=10&time_num=&imei=&startTime=&endTime=" --time-sec 6 --current-db --dbms "Microsoft SQL Server"
Solution:
Parameterized query, check the system, and add permission control to the page.