某安卓市场论坛注入导致百万用户信息泄露

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-084841

漏洞标题：某安卓市场论坛注入导致百万用户信息泄露

漏洞作者：咖啡

提交时间：2014-11-27 17:05

修复时间：2014-12-02 17:06

公开时间：2014-12-02 17:06

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2014-11-27：细节已通知厂商并且等待厂商处理中
2014-12-02：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

某安卓市场论坛注入导致百万用户信息泄露

详细说明：

http://www.nduoa.com/message/noticeDetail?id=30
居然有这么赤果果的注入

漏洞证明：

| cpa_install_log_2012               |
| cpa_install_log_2013               |
| cpa_install_log_20140328           |
| cpa_install_log_temp               |
| cpa_settle_results                 |
| cpa_settle_results_back20140421    |
| cpd_download_log_201310            |
| cpd_download_log_201311            |
| cpd_download_log_201312            |
| cpd_download_log_201401            |
| cpd_download_log_201402            |
| cpd_download_log_201403            |
| cpd_download_log_201404            |
| cpd_download_log_201405            |
| cpd_download_log_201406            |
| cpd_download_log_201407            |
| cpd_download_log_201408            |
| cpd_download_log_201409            |
| cpd_download_log_201410            |
| cpd_download_log_201411            |
| cps_download_jingwu                |
| cps_settle_detail                  |
| cps_settle_typein                  |
| cps_trade_log                      |
| crawl_package                      |
| crawl_package_info                 |
| crawl_package_version              |
| crawl_resource_queue               |
| crawl_site                         |
| htc_push                           |
| ma_activity                        |
| ma_activity_comment                |
| ma_activity_pack                   |
| ma_activity_prize                  |
| ma_ad                              |
| ma_ad_new                          |
| ma_ad_setting                      |
| ma_adv                             |
| ma_adv_space                       |
| ma_adver                           |
| ma_adver_space                     |
| ma_adview_push_apks                |
| ma_apk_download_backup             |
| ma_apk_translation                 |
| ma_arch_using                      |
| ma_archive                         |
| ma_authorization                   |
| ma_authorization_package           |
| ma_authorized                      |
| ma_bot_app                         |
| ma_bot_app_log                     |
| ma_business_app_price              |
| ma_category                        |
| ma_category_mapping                |
| ma_check_result                    |
| ma_check_result_360                |
| ma_check_result_jingwu_20141117    |
| ma_check_result_jinshan            |
| ma_claim                           |
| ma_class                           |
| ma_class_mapped                    |
| ma_clients_bookmark                |
| ma_clients_category                |
| ma_clients_mobile                  |
| ma_clients_package                 |
| ma_clients_recommend               |
| ma_clients_soft                    |
| ma_clients_user                    |
| ma_comment                         |
| ma_comment_badword                 |
| ma_comment_banip                   |
| ma_commenting                      |
| ma_commenting_20140630             |
| ma_commenting_20140704_audit       |
| ma_commenting__bak_20140630        |
| ma_commenting_bk                   |
| ma_commenting_id_20140630          |
| ma_company_developer               |
| ma_developer                       |
| ma_dict                            |
| ma_dl_aggregate_daily              |
| ma_dl_aggregate_monthly            |
| ma_dl_aggregate_weekly             |
| ma_dl_stats                        |
| ma_dl_stats_bk                     |
| ma_dl_stats_bk_20140822            |
| ma_dl_stats_temp                   |
| ma_down_split                      |
| ma_game_block                      |
| ma_gather_custom_installed_package |
| ma_global_area                     |
| ma_guess_recommend                 |
| ma_hot_game                        |
| ma_hot_keywords                    |
| ma_hot_keywords_soft               |
| ma_image_block                     |
| ma_individual_developer            |
| ma_language_taxonomy               |
| ma_localized_download              |
| ma_login_log_count                 |
| ma_m_search                        |
| ma_m_visit                         |
| ma_mail                            |
| ma_market_feature                  |
| ma_medal                           |
| ma_members                         |
| ma_message                         |
| ma_messaging                       |
| ma_meta_factor                     |
| ma_mobile                          |
| ma_mobile_hardware                 |
| ma_moto_soft                       |
| ma_moto_soft_extra                 |
| ma_moto_soft_log                   |
| ma_netqin_detection                |
| ma_notice                          |
| ma_notice_user_log                 |
| ma_notification                    |
| ma_pa_soft_interim                 |
| ma_package                         |
| ma_package_category                |
| ma_package_category_update         |
| ma_package_gift                    |
| ma_package_gift_code               |
| ma_package_grade                   |
| ma_package_grade_bk                |
| ma_package_lang                    |
| ma_package_recommend               |
| ma_package_tag                     |
| ma_package_version_extra           |
| ma_package_version_lang            |
| ma_package_version_list            |
| ma_package_version_patch           |
| ma_package_version_patch_20130823  |
| ma_partner_package_category        |
| ma_partner_soft                    |
| ma_partner_user                    |
| ma_pc_poster                       |
| ma_pkg_hit                         |
| ma_pkg_rank                        |
| ma_popular_top                     |
| ma_poster                          |
| ma_push_games                      |
| ma_push_soft                       |
| ma_qq_check_result                 |
| ma_rank_daily                      |
| ma_rank_monthly                    |
| ma_rank_weekly                     |
| ma_rating                          |
| ma_rec360_tmp                      |
| ma_recommend                       |
| ma_refuse_reason                   |
| ma_reg_log_count                   |
| ma_report                          |
| ma_rom                             |
| ma_rom_brand                       |
| ma_rom_comment                     |
| ma_rom_device                      |
| ma_rom_download_link               |
| ma_rom_report                      |
| ma_sdk_download_app_logs           |
| ma_sdk_download_log                |
| ma_sdk_downlog                     |
| ma_sdk_info                        |
| ma_sdk_integral_apklist            |
| ma_search_additional               |
| ma_search_pinyin                   |
| ma_search_setting                  |
| ma_section                         |
| ma_soft                            |
| ma_soft_authorized                 |
| ma_soft_blacklist                  |
| ma_soft_copyright                  |
| ma_soft_extra                      |
| ma_soft_factor_matching            |
| ma_soft_fields                     |
| ma_soft_hit                        |
| ma_soft_medal                      |
| ma_soft_recommend                  |
| ma_soft_request_ownership          |
| ma_soft_sdkpay                     |
| ma_soft_sdkpay_contract            |
| ma_soft_sdkpay_contract_logs       |
| ma_soft_sdkpay_contract_uploads    |
| ma_special                         |
| ma_special_softlist                |
| ma_splash                          |
| ma_store_goods                     |
| ma_store_order                     |
| ma_store_order_goods               |
| ma_subject_push                    |
| ma_sync                            |
| ma_sync_list                       |
| ma_sync_log                        |
| ma_tag_category_count              |
| ma_tag_package                     |
| ma_term_taxonomy                   |
| ma_terms                           |
| ma_tokens                          |
| ma_trend_checking                  |
| ma_trend_detection                 |
| ma_trend_detection_jingwu_20141117 |
| ma_uninstall                       |
| ma_unpublish_game_white            |
| ma_user                            |
| ma_user_20140515mobile             |
| ma_user_backup_packages            |
| ma_user_bao                        |
| ma_user_bao_bphistory              |
| ma_user_bao_code                   |
| ma_user_bao_cpa                    |
| ma_user_bao_downs                  |
| ma_user_bao_message_content        |
| ma_user_bao_message_user           |
| ma_user_bao_ms                     |
| ma_user_bao_pn                     |
| ma_user_bao_settle_apply           |
| ma_user_email_debug                |
| ma_user_email_tester               |
| ma_user_external                   |
| ma_user_external_jingwu_20140522   |
| ma_user_favor                      |
| ma_user_financial_information      |
| ma_user_last_action                |
| ma_user_newfav                     |
| ma_user_profile                    |
| ma_user_rom                        |
| ma_user_rom_applymoney             |
| ma_user_rom_settle_log             |
| ma_user_setting                    |
| ma_user_superstars                 |
| ma_user_task                       |
| ma_user_task_gift                  |
| ma_user_task_result                |
| ma_user_tester                     |
| ma_web_hotwords                    |
| ma_web_search_log                  |
| ma_zhuixin                         |
| masterkey                          |
| mf_banner                          |
| mobfond_client                     |
| pa_partner                         |
| partner                            |
| pc_biggame_vote                    |
| pc_brand                           |
| pc_client_log                      |
| pc_device                          |
| pc_driver                          |
| pc_help                            |
| pc_manufacturer                    |
| pc_mobilephoneimg                  |
| pc_nomodel                         |
| pc_poster                          |
| pc_poster_client                   |
| register_settle                    |
| rom                                |
| rom_brand                          |
| rom_cpa                            |
| rom_cpa_user                       |
| rom_dev_user                       |
| rom_download_count                 |
| rom_download_count_by_rom          |
| rom_faq                            |
| rom_hot_model                      |
| rom_hot_model_v                    |
| rom_index_banner                   |
| rom_model                          |
| rom_post                           |
| rom_preinstalled_apk               |
| rom_recomm                         |
| rom_referral                       |
| rom_refuse_reason                  |
| rom_settle                         |
| rom_settle_apply                   |
| rom_settle_month                   |
| rom_settle_refuse_money            |
| rom_tool                           |
| rom_tutorial                       |
| rom_upload_user                    |
| rom_xml                            |
| tmp_download_hour_2014080109       |
| tmp_download_hour_2014080110       |
| tmp_download_hour_2014080112       |
| tmp_download_hour_2014080115       |
| tmp_online_pkg_factor              |
| tmp_online_soft_factor             |
| tmp_pkg_factor                     |
| tmp_soft_factor                    |
| tmp_test                           |
| vb_interface_log                   |
| vb_user_meta                       |
+------------------------------------+

修复方案：

版权声明：转载请注明来源咖啡@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2014-12-02 17:06

厂商回复：

漏洞评价：

2014-12-02 23:21 | Observer ( 实习白帽子 | Rank:35 漏洞数:8 | 我在夕阳下奔跑，那是我逝去的青春)

忽略。。。不会偷偷修复了吧就不测试了看看楼下怎么说。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-084841

漏洞标题：某安卓市场论坛注入导致百万用户信息泄露

相关厂商：nduoa.com

漏洞作者：咖啡

提交时间：2014-11-27 17:05

修复时间：2014-12-02 17:06

公开时间：2014-12-02 17:06

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源咖啡@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-084841

漏洞标题：某安卓市场论坛注入导致百万用户信息泄露

相关厂商：nduoa.com

漏洞作者： 咖啡

提交时间：2014-11-27 17:05

修复时间：2014-12-02 17:06

公开时间：2014-12-02 17:06

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2014-084841"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 咖啡@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：咖啡

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源咖啡@乌云