漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0150116
漏洞标题:英皇集团主站存在sql注入(大量数据泄露)
相关厂商:英皇集团(国际)有限公司
漏洞作者: 路人甲
提交时间:2015-10-28 22:43
修复时间:2015-12-14 17:30
公开时间:2015-12-14 17:30
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-10-28: 细节已通知厂商并且等待厂商处理中
2015-10-30: 厂商已经确认,细节仅向厂商公开
2015-11-09: 细节向核心白帽子及相关领域专家公开
2015-11-19: 细节向普通白帽子公开
2015-11-29: 细节向实习白帽子公开
2015-12-14: 细节向公众公开
简要描述:
英皇集团(国际)有限公司主页存在sql注入
详细说明:
漏洞地址:http://**.**.**.**/tch/property/index.php?location=OM&type=20049 (GET)
数据库表:
Database: integcle_v3db
+------------------------+---------+
| Table | Entries |
+------------------------+---------+
| campaign_result | 7613330 |
| customer_contact_group | 5315393 |
| media_connect_history | 5068367 |
| customer_contact | 874193 |
| campaign_result_view | 431879 |
| campaign_result_link | 407416 |
| campaign_display | 188859 |
| cms_sql | 137341 |
| admin_ip2country | 132355 |
| admin_log | 33412 |
| admin_photos | 27948 |
| admin_access | 23385 |
| customer_unsubscribe | 16822 |
| mail_group | 7970 |
| cms_365 | 4264 |
| campaign_link | 3122 |
| campaign_admin | 2323 |
| campaign_adver | 2091 |
| campaign_hitcount | 2091 |
| cms_41 | 1768 |
| cms_170 | 1720 |
| cms_33 | 1616 |
| cms_89 | 1513 |
| cms_259 | 1503 |
| cms_38 | 1412 |
| cms_16 | 1237 |
| cms_370 | 1196 |
| cms_313 | 1020 |
| cms_311 | 948 |
| cms_12 | 938 |
| cms_185 | 819 |
| customer_group | 770 |
| cms_403 | 716 |
| cms_511 | 684 |
| cms_344 | 678 |
| cms_122 | 659 |
| cms_391 | 653 |
| cms_387 | 634 |
| cms_315 | 622 |
| cms_32 | 615 |
| cms_78 | 604 |
| cms_18 | 589 |
| cms_14 | 582 |
| cms_367 | 543 |
| admin_cms | 523 |
| cms_524 | 514 |
| cms_123 | 510 |
| cms_317 | 456 |
| cms_21 | 436 |
| cms_19 | 403 |
| cms_333 | 403 |
| cms_188 | 399 |
| cms_536 | 365 |
| cms_554 | 356 |
| cms_31 | 350 |
| cms_203 | 344 |
| cms_251 | 332 |
| cms_34 | 324 |
| cms_450 | 324 |
| cms_540 | 301 |
| cms_583 | 273 |
| cms_192 | 272 |
| cms_338 | 264 |
| cms_561 | 259 |
| cms_111 | 235 |
| cms_355 | 234 |
| cms_186 | 223 |
| cms_74 | 221 |
| cms_566 | 220 |
| cms_75 | 214 |
| cms_544 | 212 |
| cms_388 | 210 |
| cms_154 | 202 |
| cms_295 | 201 |
| cms_322 | 199 |
| cms_324 | 199 |
| cms_579 | 199 |
| cms_296 | 195 |
| shopping_item | 195 |
| temp_c | 195 |
| cms_254 | 191 |
| cms_350 | 189 |
| cms_189 | 184 |
| cms_340 | 183 |
| cms_132 | 178 |
| cms_190 | 177 |
| cms_385 | 168 |
| cms_187 | 166 |
| cms_550 | 162 |
| cms_179 | 161 |
| cms_72 | 161 |
| cms_360 | 159 |
| cms_200 | 154 |
| cms_523 | 153 |
| cms_532 | 150 |
| cms_565 | 149 |
| cms_327 | 148 |
| cms_249 | 141 |
| cms_93 | 138 |
| cms_525 | 136 |
| cms_258 | 133 |
| cms_156 | 130 |
| cms_11 | 129 |
| cms_515 | 128 |
| cms_307 | 126 |
| cms_530 | 125 |
| cms_418 | 122 |
| cms_44 | 122 |
| cms_485 | 119 |
| cms_323 | 118 |
| cms_36 | 117 |
| cms_469 | 115 |
| cms_43 | 113 |
| cms_102 | 110 |
| cms_294 | 108 |
| cms_318 | 107 |
| cms_358 | 107 |
| cms_556 | 105 |
| cms_555 | 101 |
| cms_384 | 99 |
| cms_116 | 98 |
| cms_117 | 96 |
| cms_195 | 96 |
| cms_571 | 96 |
| cms_518 | 95 |
| eshop_order | 95 |
| cms_393 | 93 |
| cms_263 | 91 |
| cms_371 | 91 |
| shopping_order | 91 |
| cms_148 | 90 |
| cms_382 | 87 |
| cms_397 | 87 |
| cms_510 | 87 |
| admin_users | 86 |
| cms_430 | 85 |
| cms_page | 84 |
| cms_137 | 83 |
| cms_337 | 83 |
| cms_558 | 83 |
| cms_534 | 81 |
| cms_547 | 81 |
| cms_56 | 80 |
| cms_503 | 78 |
| admin_sites | 77 |
| cms_234 | 73 |
| cms_284 | 72 |
| cms_316 | 72 |
| cms_408 | 72 |
| cms_262 | 69 |
| cms_552 | 69 |
| cms_87 | 69 |
| cms_101 | 67 |
| cms_336 | 67 |
| admin_groups | 64 |
| cms_538 | 62 |
| cms_13 | 60 |
| cms_165 | 60 |
| cms_85 | 60 |
| cms_541 | 58 |
| cms_77 | 58 |
| cms_392 | 57 |
| cms_301 | 56 |
| cms_96 | 56 |
| cms_105 | 55 |
| cms_176 | 54 |
| cms_218 | 54 |
| cms_364 | 54 |
| cms_368 | 54 |
| cms_381 | 54 |
| cms_94 | 52 |
| cms_261 | 51 |
| cms_389 | 51 |
| cms_577 | 51 |
| cms_330 | 50 |
| campaign_template | 49 |
| cms_222 | 49 |
| cms_184 | 48 |
| cms_342 | 48 |
| cms_383 | 48 |
| cms_573 | 48 |
| cms_266 | 47 |
| cms_584 | 46 |
| cms_332 | 45 |
| cms_354 | 45 |
| cms_97 | 45 |
| cms_412 | 44 |
| cms_sql2 | 44 |
| cms_108 | 42 |
| cms_138 | 40 |
| cms_257 | 39 |
| cms_527 | 39 |
| admin_pages | 38 |
| cms_400 | 37 |
| cms_537 | 37 |
| cms_107 | 36 |
| cms_199 | 36 |
| cms_223 | 36 |
| cms_375 | 36 |
| cms_517 | 36 |
| cms_569 | 36 |
| cms_119 | 35 |
| cms_512 | 35 |
| admin_module | 33 |
| cms_104 | 33 |
| cms_120 | 33 |
| cms_125 | 33 |
| cms_487 | 33 |
| cms_553 | 33 |
| cms_126 | 32 |
| cms_17 | 32 |
| cms_264 | 32 |
| cms_305 | 32 |
| cms_352 | 32 |
| cms_531 | 32 |
| cms_414 | 30 |
| cms_585 | 30 |
| shopping_gift | 30 |
| cms_220 | 29 |
| cms_224 | 29 |
| cms_250 | 29 |
| cms_128 | 28 |
| cms_129 | 28 |
| cms_219 | 28 |
| cms_221 | 28 |
| cms_265 | 28 |
| cms_411 | 28 |
| cms_437 | 28 |
| cms_507 | 28 |
| cms_289 | 27 |
| cms_417 | 27 |
| cms_482 | 27 |
| cms_570 | 27 |
| cms_600 | 27 |
| cms_71 | 26 |
| cms_169 | 25 |
| cms_201 | 25 |
| cms_208 | 25 |
| cms_209 | 25 |
| cms_406 | 25 |
| admin_crm_field | 24 |
| cms_139 | 24 |
| cms_161 | 24 |
| cms_168 | 24 |
| cms_206 | 24 |
| cms_207 | 24 |
| cms_226 | 24 |
| cms_286 | 24 |
| cms_447 | 24 |
| cms_55 | 24 |
| cms_217 | 22 |
| cms_353 | 22 |
| cms_466 | 22 |
| cms_204 | 21 |
| cms_290 | 21 |
| cms_386 | 21 |
| cms_420 | 21 |
| cms_484 | 21 |
| cms_529 | 21 |
| cms_586 | 21 |
| cms_130 | 20 |
| cms_191 | 20 |
| cms_452 | 19 |
| cms_521 | 19 |
| cms_212 | 18 |
| cms_310 | 18 |
| cms_339 | 18 |
| cms_351 | 18 |
| cms_402 | 18 |
| cms_522 | 18 |
| cms_528 | 18 |
| cms_581 | 18 |
| cms_159 | 17 |
| cms_462 | 17 |
| cms_465 | 17 |
| cms_167 | 16 |
| cms_172 | 16 |
| cms_349 | 16 |
| cms_415 | 16 |
| cms_574 | 16 |
| cms_143 | 15 |
| cms_329 | 15 |
| cms_395 | 15 |
| cms_396 | 15 |
| cms_514 | 15 |
| cms_575 | 15 |
| cms_582 | 15 |
| campaign_report | 14 |
| cms_131 | 14 |
| cms_164 | 14 |
| cms_182 | 14 |
| cms_347 | 14 |
| cms_405 | 14 |
| cms_423 | 14 |
| cms_454 | 14 |
| cms_228 | 13 |
| cms_229 | 13 |
| cms_282 | 13 |
| cms_424 | 13 |
| cms_45 | 13 |
| cms_497 | 13 |
| cms_559 | 13 |
| cms_121 | 12 |
| cms_178 | 12 |
| cms_205 | 12 |
| cms_210 | 12 |
| cms_213 | 12 |
| cms_235 | 12 |
| cms_236 | 12 |
| cms_238 | 12 |
| cms_239 | 12 |
| cms_240 | 12 |
| cms_241 | 12 |
| cms_272 | 12 |
| cms_273 | 12 |
| cms_274 | 12 |
| cms_314 | 12 |
| cms_42 | 12 |
| cms_474 | 12 |
| cms_54 | 12 |
| cms_543 | 12 |
| cms_545 | 12 |
| cms_551 | 12 |
| cms_560 | 12 |
| cms_564 | 12 |
| cms_237 | 11 |
| cms_458 | 11 |
| cms_460 | 11 |
| cms_526 | 11 |
| cms_562 | 11 |
| cms_166 | 10 |
| cms_242 | 10 |
| cms_275 | 10 |
| cms_285 | 10 |
| cms_300 | 10 |
| cms_331 | 10 |
| cms_39 | 10 |
| cms_463 | 10 |
| cms_475 | 10 |
| cms_513 | 10 |
| cms_533 | 10 |
| cms_95 | 10 |
| cms_115 | 9 |
| cms_256 | 9 |
| cms_308 | 9 |
| cms_334 | 9 |
| cms_341 | 9 |
| cms_363 | 9 |
| cms_372 | 9 |
| cms_394 | 9 |
| cms_399 | 9 |
| cms_401 | 9 |
| cms_476 | 9 |
| cms_542 | 9 |
| cms_549 | 9 |
| cms_84 | 9 |
| admin_keys | 8 |
| cms_118 | 8 |
| cms_141 | 8 |
| cms_160 | 8 |
| cms_281 | 8 |
| cms_321 | 8 |
| cms_343 | 8 |
| cms_366 | 8 |
| cms_434 | 8 |
| cms_457 | 8 |
| cms_468 | 8 |
| cms_109 | 7 |
| cms_110 | 7 |
| cms_124 | 7 |
| cms_155 | 7 |
| cms_174 | 7 |
| cms_268 | 7 |
| cms_361 | 7 |
| cms_440 | 7 |
| cms_483 | 7 |
| cms_486 | 7 |
| cms_519 | 7 |
| cms_81 | 7 |
| cms_86 | 7 |
| cms_175 | 6 |
| cms_214 | 6 |
| cms_255 | 6 |
| cms_283 | 6 |
| cms_287 | 6 |
| cms_288 | 6 |
| cms_302 | 6 |
| cms_356 | 6 |
| cms_359 | 6 |
| cms_374 | 6 |
| cms_380 | 6 |
| cms_432 | 6 |
| cms_455 | 6 |
| cms_496 | 6 |
| cms_502 | 6 |
| cms_53 | 6 |
| cms_546 | 6 |
| cms_548 | 6 |
| cms_557 | 6 |
| cms_563 | 6 |
| cms_567 | 6 |
| cms_568 | 6 |
| cms_580 | 6 |
| admin_campaign_type | 5 |
| cms_181 | 5 |
| cms_243 | 5 |
| cms_244 | 5 |
| cms_245 | 5 |
| cms_276 | 5 |
| cms_277 | 5 |
| cms_280 | 5 |
| cms_335 | 5 |
| cms_413 | 5 |
| cms_422 | 5 |
| cms_425 | 5 |
| cms_431 | 5 |
| cms_439 | 5 |
| cms_443 | 5 |
| cms_444 | 5 |
| cms_445 | 5 |
| cms_446 | 5 |
| cms_456 | 5 |
| cms_472 | 5 |
| cms_508 | 5 |
| cms_539 | 5 |
| admin_campaign | 4 |
| admin_language | 4 |
| cms_134 | 4 |
| cms_15 | 4 |
| cms_152 | 4 |
| cms_153 | 4 |
| cms_162 | 4 |
| cms_198 | 4 |
| cms_202 | 4 |
| cms_215 | 4 |
| cms_230 | 4 |
| cms_271 | 4 |
| cms_398 | 4 |
| cms_419 | 4 |
| cms_426 | 4 |
| cms_459 | 4 |
| cms_461 | 4 |
| cms_464 | 4 |
| cms_470 | 4 |
| cms_473 | 4 |
| cms_479 | 4 |
| cms_506 | 4 |
| cms_509 | 4 |
| cms_535 | 4 |
| admin_cms_group | 3 |
| admin_user_type | 3 |
| cms_106 | 3 |
| cms_136 | 3 |
| cms_142 | 3 |
| cms_193 | 3 |
| cms_346 | 3 |
| cms_369 | 3 |
| cms_378 | 3 |
| cms_409 | 3 |
| cms_410 | 3 |
| cms_421 | 3 |
| cms_428 | 3 |
| cms_442 | 3 |
| cms_448 | 3 |
| cms_478 | 3 |
| cms_505 | 3 |
| cms_516 | 3 |
| cms_76 | 3 |
| cms_82 | 3 |
| admin_approve_group | 2 |
| admin_crm_customfield | 2 |
| admin_user_module | 2 |
| cms_100 | 2 |
| cms_103 | 2 |
| cms_133 | 2 |
| cms_135 | 2 |
| cms_140 | 2 |
| cms_146 | 2 |
| cms_149 | 2 |
| cms_151 | 2 |
| cms_173 | 2 |
| cms_177 | 2 |
| cms_180 | 2 |
| cms_183 | 2 |
| cms_231 | 2 |
| cms_232 | 2 |
| cms_233 | 2 |
| cms_252 | 2 |
| cms_253 | 2 |
| cms_269 | 2 |
| cms_304 | 2 |
| cms_306 | 2 |
| cms_326 | 2 |
| cms_345 | 2 |
| cms_348 | 2 |
| cms_357 | 2 |
| cms_376 | 2 |
| cms_377 | 2 |
| cms_379 | 2 |
| cms_390 | 2 |
| cms_40 | 2 |
| cms_416 | 2 |
| cms_427 | 2 |
| cms_429 | 2 |
| cms_436 | 2 |
| cms_480 | 2 |
| cms_494 | 2 |
| cms_520 | 2 |
| cms_57 | 2 |
| cms_83 | 2 |
| cms_99 | 2 |
| cms_150 | 1 |
| cms_158 | 1 |
| cms_171 | 1 |
| cms_194 | 1 |
| cms_197 | 1 |
| cms_246 | 1 |
| cms_247 | 1 |
| cms_248 | 1 |
| cms_278 | 1 |
| cms_279 | 1 |
| cms_293 | 1 |
| cms_298 | 1 |
| cms_299 | 1 |
| cms_303 | 1 |
| cms_325 | 1 |
| cms_328 | 1 |
| cms_35 | 1 |
| cms_438 | 1 |
| cms_441 | 1 |
| cms_449 | 1 |
| cms_471 | 1 |
| cms_488 | 1 |
| cms_495 | 1 |
| cms_587 | 1 |
| cms_98 | 1 |
| cms_action | 1 |
| cms_table | 1 |
| cms_temp | 1 |
| ecomm_connect | 1 |
+------------------------+---------+
暴露了好多ftp账号密码:
然后发现很多香港网站都外联的这个数据库:
比如上图中暴露的这个:http://**.**.**.**/(余仁生(香港)有限公司)
主站也存在注入:http://**.**.**.**/tch/product/details.php?p=30347&b=&s= (GET)
漏洞证明:
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2015-10-30 17:28
厂商回复:
暂未建立与网站管理单位的直接处置渠道,待认领。
最新状态:
暂无