当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139530

漏洞标题:有壹手主站MySQL注射漏洞(涉及234表/可导致整站用户信息泄露)

相关厂商:北京有壹手汽车科技有限公司

漏洞作者: 路人甲

提交时间:2015-09-07 17:25

修复时间:2015-10-22 18:18

公开时间:2015-10-22 18:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-07: 细节已通知厂商并且等待厂商处理中
2015-09-07: 厂商已经确认,细节仅向厂商公开
2015-09-17: 细节向核心白帽子及相关领域专家公开
2015-09-27: 细节向普通白帽子公开
2015-10-07: 细节向实习白帽子公开
2015-10-22: 细节向公众公开

简要描述:

望走大厂商

详细说明:

注入点zoneId

http://y1s.cn/index.php?g=home&m=zone&a=detail&zoneId=162


虽然库不多,表包含很多信息

Database: imeiche
[179 tables]
+-----------------------------------------+
| imc_accelerate                          |
| imc_act_channel_code_list               |
| imc_act_channel_sendcode_log            |
| imc_activities                          |
| imc_activities_zone                     |
| imc_activitieschannelsetup              |
| imc_activitiescode                      |
| imc_activitiescodesetup                 |
| imc_activitiescodesetup_service         |
| imc_activitiestransfer                  |
| imc_ad                                  |
| imc_adboard                             |
| imc_admin                               |
| imc_article                             |
| imc_baidu_order                         |
| imc_balance_record                      |
| imc_balance_session                     |
| imc_booking                             |
| imc_bookinginfo                         |
| imc_brand                               |
| imc_business                            |
| imc_business_bill                       |
| imc_business_servicetype                |
| imc_business_templete                   |
| imc_business_washingtype                |
| imc_call_record                         |
| imc_car                                 |
| imc_cargroup                            |
| imc_carwash                             |
| imc_case_img                            |
| imc_caseimg                             |
| imc_category                            |
| imc_channel                             |
| imc_channel_bill                        |
| imc_channel_business                    |
| imc_channel_moka_receivedata            |
| imc_channel_price                       |
| imc_channel_setting                     |
| imc_channel_stat_log                    |
| imc_city                                |
| imc_comment_multiple                    |
| imc_commuting_time                      |
| imc_compen                              |
| imc_compkami_channel_business           |
| imc_compkami_channel_price              |
| imc_compkami_user                       |
| imc_consumer_details                    |
| imc_countdeposit                        |
| imc_counter                             |
| imc_coupon_service                      |
| imc_customer_info                       |
| imc_customer_order                      |
| imc_customer_order_insuranceinfo        |
| imc_customer_order_log                  |
| imc_dashang_amount                      |
| imc_dashang_stat                        |
| imc_discount_set                        |
| imc_ditui                               |
| imc_ditui_ticheng                       |
| imc_ditui_user_stat                     |
| imc_electriccar_apply                   |
| imc_employee                            |
| imc_employee_ability                    |
| imc_employee_mobilize_log               |
| imc_employee_worktime                   |
| imc_employeeresult                      |
| imc_employeewashwork                    |
| imc_employeeworkinfo                    |
| imc_employeeworkinfo_dis                |
| imc_firstprice                          |
| imc_flink                               |
| imc_freesingle                          |
| imc_getsendcar_address_usual            |
| imc_group                               |
| imc_icode_order                         |
| imc_icode_userecord                     |
| imc_initcarwash                         |
| imc_insurance_order                     |
| imc_insurance_order_related             |
| imc_ipadcode                            |
| imc_joinus                              |
| imc_kalad                               |
| imc_loginfo                             |
| imc_member                              |
| imc_memberservice                       |
| imc_memberservice_consumer              |
| imc_memberservice_renewals              |
| imc_membertype                          |
| imc_memberwashprice                     |
| imc_menu                                |
| imc_message_log                         |
| imc_mobileequipment                     |
| imc_msg_control                         |
| imc_msg_num                             |
| imc_msg_tpl                             |
| imc_msgtplsetting                       |
| imc_nav                                 |
| imc_notice                              |
| imc_online_customer                     |
| imc_order_attach                        |
| imc_orders                              |
| imc_orders_stype                        |
| imc_package                             |
| imc_package_workinfo                    |
| imc_package_zone                        |
| imc_parkingroom                         |
| imc_parkinguselog                       |
| imc_preferential_record                 |
| imc_price                               |
| imc_province                            |
| imc_qa                                  |
| imc_qatype                              |
| imc_remind                              |
| imc_reworkreason                        |
| imc_right                               |
| imc_servertczone                        |
| imc_servertechnics                      |
| imc_servicetype                         |
| imc_servicetype_workingstep             |
| imc_setting                             |
| imc_shop_grade                          |
| imc_shop_service_grade                  |
| imc_spring                              |
| imc_stat_channel_record                 |
| imc_stock                               |
| imc_stockintosales                      |
| imc_stocksalesrecords                   |
| imc_stocktype                           |
| imc_sub_account                         |
| imc_sys_emailconfig                     |
| imc_sys_firstprice                      |
| imc_sys_msgtpl                          |
| imc_sys_servicetype                     |
| imc_sys_servicetype_workingstep         |
| imc_sys_washingtype                     |
| imc_sysnotice                           |
| imc_systips                             |
| imc_systips_config                      |
| imc_temporary_activity                  |
| imc_url                                 |
| imc_user                                |
| imc_user_code                           |
| imc_user_complaint                      |
| imc_user_menu                           |
| imc_user_shop                           |
| imc_user_sitemsg                        |
| imc_user_tip                            |
| imc_user_weixin                         |
| imc_vehicleinformation                  |
| imc_videoinfo                           |
| imc_waitphone                           |
| imc_wallet                              |
| imc_wallet_log                          |
| imc_washprice                           |
| imc_washwork                            |
| imc_work                                |
| imc_work_workingstep                    |
| imc_workbalance                         |
| imc_workbalance_profin                  |
| imc_workbalanceinfo                     |
| imc_workcheckcost                       |
| imc_workinfo                            |
| imc_workingroom_apply                   |
| imc_workingroom_employeesetting         |
| imc_workingroom_entity                  |
| imc_workingroom_entityservice           |
| imc_workingroom_entitystep              |
| imc_workingroom_entityworkinfo          |
| imc_workingroom_entityworkinfo_employee |
| imc_workingroom_msg                     |
| imc_workwashstock                       |
| imc_workwashstock_balance               |
| imc_wx_camera                           |
| imc_wx_pushlog                          |
| imc_wxtplsetting                        |
| imc_zone                                |
| imc_zone_join                           |
| imc_zone_servicetype_setting            |
| imc_zone_workstep_blackworker           |
+-----------------------------------------+
Database: information_schema
[59 tables]
+-----------------------------------------+
| CHARACTER_SETS                          |
| COLLATIONS                              |
| COLLATION_CHARACTER_SET_APPLICABILITY   |
| COLUMNS                                 |
| COLUMN_PRIVILEGES                       |
| ENGINES                                 |
| EVENTS                                  |
| FILES                                   |
| GLOBAL_STATUS                           |
| GLOBAL_VARIABLES                        |
| INNODB_BUFFER_PAGE                      |
| INNODB_BUFFER_PAGE_LRU                  |
| INNODB_BUFFER_POOL_STATS                |
| INNODB_CMP                              |
| INNODB_CMPMEM                           |
| INNODB_CMPMEM_RESET                     |
| INNODB_CMP_PER_INDEX                    |
| INNODB_CMP_PER_INDEX_RESET              |
| INNODB_CMP_RESET                        |
| INNODB_FT_BEING_DELETED                 |
| INNODB_FT_CONFIG                        |
| INNODB_FT_DEFAULT_STOPWORD              |
| INNODB_FT_DELETED                       |
| INNODB_FT_INDEX_CACHE                   |
| INNODB_FT_INDEX_TABLE                   |
| INNODB_LOCKS                            |
| INNODB_LOCK_WAITS                       |
| INNODB_METRICS                          |
| INNODB_SYS_COLUMNS                      |
| INNODB_SYS_DATAFILES                    |
| INNODB_SYS_FIELDS                       |
| INNODB_SYS_FOREIGN                      |
| INNODB_SYS_FOREIGN_COLS                 |
| INNODB_SYS_INDEXES                      |
| INNODB_SYS_TABLES                       |
| INNODB_SYS_TABLESPACES                  |
| INNODB_SYS_TABLESTATS                   |
| INNODB_TRX                              |
| KEY_COLUMN_USAGE                        |
| OPTIMIZER_TRACE                         |
| PARAMETERS                              |
| PARTITIONS                              |
| PLUGINS                                 |
| PROCESSLIST                             |
| PROFILING                               |
| REFERENTIAL_CONSTRAINTS                 |
| ROUTINES                                |
| SCHEMATA                                |
| SCHEMA_PRIVILEGES                       |
| SESSION_STATUS                          |
| SESSION_VARIABLES                       |
| STATISTICS                              |
| TABLES                                  |
| TABLESPACES                             |
| TABLE_CONSTRAINTS                       |
| TABLE_PRIVILEGES                        |
| TRIGGERS                                |
| USER_PRIVILEGES                         |
| VIEWS                                   |
+-----------------------------------------+

漏洞证明:

1.jpg


各种账号 密码 沦陷

2.jpg


3.jpg


由于敏感信息太多,不深入了, 怕被厂商拉着我打

修复方案:

危险你懂,求礼物

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-09-07 18:18

厂商回复:

谢谢关注。

最新状态:

暂无