The Socket transmission between the C/S client and the server is not encrypted, causing the database to be exposed to the public.
For details, you can log on to any account through the C/S client of the Zhengfang educational administration system. The server returns the encrypted password of the account, you can log on to the system with simple decryption, which puts the system in danger. The details are as follows:
1. You can log on to the system through the old C/S client and initialize the interface. At this time, the system has logged on to the database. Enter an account password, click the login button, and immediately capture packets using the packet capture tool. You can find that the system has sent a query SQL statement to the server.
2. At this time, the system will prompt you for a wrong password because you enter the password at will!
3 .... to put it bluntly, I caught the packet and found that I had sent the account and password to my client. One, the password here was encrypted, but the encryption method really wanted me to put it bluntly! It's easy. Let's do it on your own!
4. Then, there will be no more, and the login will be successful!
QQ 2595638858
Do you still need to prove it? This is a rare bug in the huge vulnerability system of Zhengfang! Haha
Solution:
Transmission encryption, using complex encryption methods
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
