首页 » 漏洞 » 证券安全之世纪证券Getshell可造成478175数据泄露

证券安全之世纪证券Getshell可造成478175数据泄露

 

URL:

http://**.**.**.**/framework/UserMainPageWin8.aspx

user: test pass: 123456

QQ图片20151015170514.png

此处上传为验证不严可改包突破。获取webshell

http://**.**.**.**//fileroot//1ee55b67-8e9f-4aae-9769-c9767515f8b2.asp 22

QQ图片20151015170748.png

可提权获取system权限.

code 区域
<add name="SmartLearningOraConn" connectionString="Data Source=Rain;User Id=sa;Password=newv123;" providerName="System.Data.OracleClient" />

<add name="SmartLearningDBConn" connectionString="Persist Security Info=False;server=**.**.**.**;User ID=wbyh;Password=csco@2014;database=Newv2014EL; Connection Reset=FALSE;Packet Size=4096;Pooling=true;Max Pool Size=100;Min Pool Size=1" providerName="System.Data.SqlClient" />

<!--<add name="SmartLearningDBConn" connectionString="Persist Security Info=False;server=**.**.**.**;User ID=sa;Password=sa;database=SmartBos_Standard; Connection Reset=FALSE;Packet Size=4096;Pooling=true;Max Pool Size=100;Min Pool Size=1" providerName="System.Data.SqlClient" />-->

</connectionStrings>

QQ图片20151015170855.png

nv_user表存在478175条数据.

QQ图片20151015171728.png

密码应该是AES加密。。

漏洞证明:

URL:

http://**.**.**.**/framework/UserMainPageWin8.aspx

user: test pass: 123456

QQ图片20151015170514.png

此处上传为验证不严可改包突破。获取webshell

http://**.**.**.**//fileroot//1ee55b67-8e9f-4aae-9769-c9767515f8b2.asp 22

QQ图片20151015170748.png

可提权获取system权限.

code 区域
<add name="SmartLearningOraConn" connectionString="Data Source=Rain;User Id=sa;Password=newv123;" providerName="System.Data.OracleClient" />

<add name="SmartLearningDBConn" connectionString="Persist Security Info=False;server=**.**.**.**;User ID=wbyh;Password=csco@2014;database=Newv2014EL; Connection Reset=FALSE;Packet Size=4096;Pooling=true;Max Pool Size=100;Min Pool Size=1" providerName="System.Data.SqlClient" />

<!--<add name="SmartLearningDBConn" connectionString="Persist Security Info=False;server=**.**.**.**;User ID=sa;Password=sa;database=SmartBos_Standard; Connection Reset=FALSE;Packet Size=4096;Pooling=true;Max Pool Size=100;Min Pool Size=1" providerName="System.Data.SqlClient" />-->

</connectionStrings>

QQ图片20151015170855.png

nv_user表存在478175条数据.

QQ图片20151015171728.png

密码应该是AES加密。。

修复方案:

11

原文链接:证券安全之世纪证券Getshell可造成478175数据泄露,转载请注明来源!

0