漏洞概要
关注数(24)
关注此漏洞
漏洞标题:旅游安全之国旅某分站SQL注入,泄漏上百万数据,可影响多个系统
提交时间:2015-06-18 14:42
修复时间:2015-08-02 16:44
公开时间:2015-08-02 16:44
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:厂商已经确认
Tags标签:
无
漏洞详情
披露状态:
2015-06-18: 细节已通知厂商并且等待厂商处理中
2015-06-18: 厂商已经确认,细节仅向厂商公开
2015-06-28: 细节向核心白帽子及相关领域专家公开
2015-07-08: 细节向普通白帽子公开
2015-07-18: 细节向实习白帽子公开
2015-08-02: 细节向公众公开
简要描述:
旅游安全之国旅某分站SQL注入,泄漏上百万数据,可影响多个系统.统计了一下:泄漏了25个数据库,上千张表,部分数据是从阿里、淘宝、微信、携程等处过来的.
PS:挖洞不易,求高rank,谢谢!
详细说明:
漏洞证明:
证明海量数据:
<code>
Database: SAAS11
+-------------------------------+---------+
| Table | Entries |
+-------------------------------+---------+
| USR_LOG | 278660 |
| USR_ENTERPRISE_TAG | 278254 |
| INTERFACE_QUNAR_LOG | 139093 |
| B2B_TICKET_PEOPLE | 138209 |
| USR_LOGIN_LOG | 120790 |
| B2B_TICKET_DETAIL | 102137 |
| B2B_TICKET | 101260 |
| B2C_TAOBAO_LOG | 98210 |
| SYS_SMS_LOG | 92629 |
| INFO_HOTEL_NUM | 65161 |
| USR_CREDIT_LOG | 58193 |
| ORDER_LOG | 47273 |
| INFO_TICKET_RELVIEW | 32639 |
| INFO_TICKET | 30462 |
| SETTLE_PAYABLE | 29260 |
| EXPCODE_DETAIL | 28793 |
| PAY_ORDER_LOG | 28454 |
| INFO_TICKET_NUM | 23442 |
| INFO_TRAVEL_CYCLE | 22378 |
| B2B_TICKET_EX | 21701 |
| INFO_HOTEL | 19965 |
| B2B_TICKET_FINISH_LOG | 17468 |
| WX_USER_INFO | 16653 |
| INFO_TICKET_RELCAT | 14958 |
| INFO_TOGO | 14134 |
| USR_VIEW_MSG | 12328 |
| GROUP_YY_ORDER_LOG | 10540 |
| PAY_BALANCE | 10276 |
| CM_SYNC_LOG | 8916 |
| CM_SYNC_PROD_LOG | 8444 |
| WX_MSG | 6320 |
| INTERFACE_MEITUAN_LOG | 6191 |
| PAY_MOMEY_LOG | 5954 |
| INTERFACE_LLK_CODE | 4415 |
| USR_LOGIN | 4356 |
| RECE_PAYMENT_DETAIL | 4236 |
| B2B_CHANNEL_PRICE_DAY | 4193 |
| USR_INFO | 3892 |
| GROUP_YY_ORDER_DETAIL | 3782 |
| GROUP_YY_ORDER | 3594 |
| GROUP_YY_ORDER_PEOPLE | 3594 |
| INFO_TICKET_EX | 3587 |
| INFO_TICKET_PRICE | 3170 |
| B2B_TICKET_CHANGE | 3136 |
| SETTLE_STATEMENT_DETAIL | 2957 |
| WX_SCENE_LOG | 2732 |
| TB_RECEIVE_LOG | 2506 |
| WX_AD_SEND_LOG | 2463 |
| WX_ORDER_TASK | 2424 |
| ORDER_ABNORMAL_LOG | 2283 |
| TB_CONSUME_CODE | 1908 |
| INFO_TICKET_RELAREA | 1891 |
| INTERFACE_LUOHUSHAN_LOG | 1820 |
| INTERFACE_IHUIU_LOG | 1819 |
| CM_PROD_LOG | 1793 |
| INFO_TICKET_CANCEL | 1638 |
| USR_ACCOUNT_SET | 1619 |
| INTERFACE_QUNAR_HOTEL_LOG | 1515 |
| INFO_TRAVEL_JOURNEY | 1443 |
| CM_CHANNEL_PRICE | 1432 |
| INFO_TICKET_COND | 1396 |
| B2B_GRADE_PRICE | 1342 |
| INFO_CATALOG | 1271 |
| USR_MANAGER_USER | 1252 |
| INFO_TICKET_DETAIL | 1234 |
| INFO_TICKET_CUST | 1150 |
| B2B_CHANNEL_PRICE | 1092 |
| INFO_TRAVEL | 1030 |
| USR_PROD_WHILE_LIST | 958 |
| B2B_PACKAGE | 913 |
| INFO_TICKET_NUM_FOREX | 854 |
| XIECHENG_HOTEL_LOG | 776 |
| USR_CREDIT | 766 |
| INTERFACE_MJLD_LOG | 709 |
| CUST_INFO_GROUP_CHANNEL | 624 |
| SETTLE_PAYABLE_DETAIL | 609 |
| INFO_CONDS | 594 |
| INTERFACE_HOTEL_SYR_LOG | 582 |
| WX_KEY | 513 |
| USR_MEMBER | 374 |
| WX_SCENE_IN | 374 |
| INFO_FREETRAVEL | 357 |
| GROUP_INFO_DETAIL_2ND | 353 |
| INTERFACE_PIAOZHIJIA_LOG | 338 |
| INTERFACE_PROD_SYNC_LOG | 314 |
| RECE_STATEMENT_LIST | 314 |
| INFO_NEWS | 291 |
| SETTLE_PAYAPP_DETAIL | 279 |
| USR_INTERFACE_INFO | 271 |
| INTERFACE_SYNC_LOG | 268 |
| INTERFACE_DDRT_LOG | 260 |
| INTERFACE_MEITUAN_DETAIL | 259 |
| USR_GETPASS_LOG | 250 |
| SAAS_BUY_LOG | 241 |
| INTERFACE_XIECHENG_LOG | 240 |
| USR_GRADE | 236 |
| GROUP_INFO_2ND | 199 |
| B2B_TICKET_COND | 198 |
| USR_PRINT_TEMP | 179 |
| XIECHENG_HOTEL_STATE | 155 |
| CM_USER_INFO | 154 |
| INFO_VISA | 154 |
| INTERFACE_YYJQ_LOG | 146 |
| RECE_PAYMENT_LIST | 138 |
| SAAS_DATAMAN | 133 |
| USR_DEPT | 125 |
| INFO_QUNAR_VIEW | 124 |
| INTERFACE_YINLVTONG_LOG | 124 |
| AD_SEAT_LINK | 121 |
| SETTLE_STATEMENT_LIST | 116 |
| EXPCODE_LIST | 113 |
| USR_BALANCE_LOG | 105 |
| INFO_MEITUAN | 103 |
| ORDER_CHANGE_LOG | 98 |
| USR_VIEW_MSG_HIS | 90 |
| ALITRIP_MENPIAO_RECEIVE | 86 |
| ALITRIP_MENPIAO_ORDER | 84 |
| CM_USER | 77 |
| INFO_FREETRAVEL_TREE | 75 |
| USR_INFO_B2C | 74 |
| B2B_FREETRAVEL | 65 |
| USR_INFO_EXPRESS | 56 |
| SETTLE_PAYABLE_LIST | 48 |
| WX_AD_DETAIL | 48 |
| USR_DOCUMENT_TEMP | 41 |
| STOCK_ADD_LOG | 40 |
| SETTLE_PAYAPP | 38 |
| ORDER_RELATION_LOG | 34 |
| WX_AD | 33 |
| INFO_CAR | 32 |
| GROUP_YY_ORDER_COND | 28 |
| INTERFACE_KUIYUAN_LOG | 28 |
| INTERFACE_KUIYUAN_LOG | 28 |
| PAY_DRAWMONEY | 28 |
| INTERFACE_YUANFAN_LOG | 27 |
| WX_SCENE | 25 |
| USR_ATTENTION | 21 |
| INTERFACE_HOTEL_SYR_ORDER_LOG | 18 |
| INTERFACE_QUNAR | 17 |
| B2B_TICKET_CONFIRM_LOG | 15 |
| INFO_PLAN_PRICE | 15 |
| INFO_TRA
修复方案:
你们更专业!
PS:证明漏洞存在,未深入挖掘,应该还是蛮严重的!
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:20
确认时间:2015-06-18 16:43
厂商回复:
非常感谢您的报告,问题已处理,十分感谢您对中国国旅的支持。
最新状态:
暂无
漏洞评价:
评论
-
2015-06-18 17:01 |
harbour_bin ( 普通白帽子 | Rank:358 漏洞数:47 | 向TOP200进军!)
果不其然,走了小厂商流程,那接下来的洞不发了!嘿嘿