当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0140856

漏洞标题:纽曼shop某漏洞致所有用户账号/密码等敏感信息曝光

相关厂商:纽曼电子

漏洞作者: 路人甲

提交时间:2015-09-13 20:51

修复时间:2015-09-18 20:52

公开时间:2015-09-18 20:52

漏洞类型:服务弱口令

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-13: 细节已通知厂商并且等待厂商处理中
2015-09-18: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

woman designer !

详细说明:

http://www.newsmyshop.com
对,就是她,我的朋友就是笑了扎!~ 纽曼的! 看前人案例。

漏洞证明:

http://www.newsmyshop.com ->
phopmyadmin 弱口令:
http://www.newsmyshop.com/phpMyAdmin/ |user:root pass:root
http://www.kingswin.top/phpmyadmin/ |user:root pass:root
如图:

1.png


http://www.newsmyshop.com
http://www.kingswin.top ——> 一样的,点击上面的登陆,自然跳!
随便选了一个登陆测试:

KOMA-高玛设计	581ddc163f57e7034af1920f3b40033f
查询结果:                  68ca10c9


1.png


随便复制一段member信息:

完整文字	uid	group_id	uname	passwd	from	mail	mobile	credits	gold	gender	city_id	realname	face	face_80	face_32	Y	M	D	verify	uc_uid	cart	lastlogin	loginip	closed	regip	dateline
	编辑	删除	1	2	汀凡装饰工程公司	978c5a10e91fce68b8468596cb7f1147	designer	faf551437d@ijh.cc	 	0	0	woman	7	 	demo/face/C4C/180/C4CA4238A0B923820DCC509A6F75849B...	demo/face/C4C/80/C4CA4238A0B923820DCC509A6F75849B....	demo/face/C4C/32/C4CA4238A0B923820DCC509A6F75849B....	0	0	0	0	0	 	1423884803	127.0.0.1	0	127.0.0.1	1423884803
	编辑	删除	2	2	徐志傑	3b79e8fee9183c8b4be3502b75bbc700	designer	4ae320a3e4@ijh.cc	 	0	0	woman	7	 	demo/face/C81/180/C81E728D9D4C2F636F067F89CC14862C...	demo/face/C81/80/C81E728D9D4C2F636F067F89CC14862C....	demo/face/C81/32/C81E728D9D4C2F636F067F89CC14862C....	0	0	0	0	0	 	1423884803	127.0.0.1	0	127.0.0.1	1423884803
	编辑	删除	3	2	一筑良品	3191c259560548819ce52efb68531f1f	designer	9e4db99003@ijh.cc	 	0	0	woman	7	 	demo/face/ECC/180/ECCBC87E4B5CE2FE28308FD9F2A7BAF3...	demo/face/ECC/80/ECCBC87E4B5CE2FE28308FD9F2A7BAF3....	demo/face/ECC/32/ECCBC87E4B5CE2FE28308FD9F2A7BAF3....	0	0	0	0	0	 	1423884804	127.0.0.1	0	127.0.0.1	1423884804
	编辑	删除	4	2	龚德成	ba75458648c291e5ea0162272e9d5ea0	designer	5a6fb57109@ijh.cc	 	0	0	woman	7	 	demo/face/A87/180/A87FF679A2F3E71D9181A67B7542122C...	demo/face/A87/80/A87FF679A2F3E71D9181A67B7542122C....	demo/face/A87/32/A87FF679A2F3E71D9181A67B7542122C....	0	0	0	0	0	 	1423884804	127.0.0.1	0	127.0.0.1	1423884804
	编辑	删除	5	2	刘志雷	ed82715d461a199d2352d1011f6ba148	designer	7565434c5e@ijh.cc	 	0	0	woman	7	 	demo/face/E4D/180/E4DA3B7FBBCE2345D7772B0674A318D5...	demo/face/E4D/80/E4DA3B7FBBCE2345D7772B0674A318D5....	demo/face/E4D/32/E4DA3B7FBBCE2345D7772B0674A318D5....	0	0	0	0	0	 	1423884804	127.0.0.1	0	127.0.0.1	1423884804
	编辑	删除	6	2	胭脂设计事务所	405f820df9f4a7ed07b177a03fd7318b	designer	910de7bdce@ijh.cc	 	0	0	woman	7	 	demo/face/167/180/1679091C5A880FAF6FB5E6087EB1B2DC...	demo/face/167/80/1679091C5A880FAF6FB5E6087EB1B2DC....	demo/face/167/32/1679091C5A880FAF6FB5E6087EB1B2DC....	0	0	0	0	0	 	1423884804	127.0.0.1	0	127.0.0.1	1423884804
	编辑	删除	7	2	KOMA-高玛设计	581ddc163f57e7034af1920f3b40033f	designer	0c53dc7a1c@ijh.cc	 	0	0	woman	7	 	demo/face/8F1/180/8F14E45FCEEA167A5A36DEDD4BEA2543...	demo/face/8F1/80/8F14E45FCEEA167A5A36DEDD4BEA2543....	demo/face/8F1/32/8F14E45FCEEA167A5A36DEDD4BEA2543....	0	0	0	0	0	 	1423884804	127.0.0.1	0	127.0.0.1	1423884804
	编辑	删除	8	2	十方设计机构	ce020aa2c63ea562a33f8c4858fbe3a4	designer	1a51367d40@ijh.cc	 	0	0	woman	7	 	demo/face/C9F/180/C9F0F895FB98AB9159F51FD0297E236D...	demo/face/C9F/80/C9F0F895FB98AB9159F51FD0297E236D....	demo/face/C9F/32/C9F0F895FB98AB9159F51FD0297E236D....	0	0	0	0	0	 	1423884805	127.0.0.1	0	127.0.0.1	1423884805
	编辑	删除	9	2	吴文粒	e029e4467e7e2134abaacb97b0fc5fc5	designer	cb5fb8b086@ijh.cc	 	0	0	woman	7	 	demo/face/45C/180/45C48CCE2E2D7FBDEA1AFC51C7C6AD26...	demo/face/45C/80/45C48CCE2E2D7FBDEA1AFC51C7C6AD26....	demo/face/45C/32/45C48CCE2E2D7FBDEA1AFC51C7C6AD26....	0	0	0	0	0	 	1423884805	127.0.0.1	0	127.0.0.1	1423884805
	编辑	删除	10	2	林昀室内设计	b27bd9d01127ec60a278193852b5be11	designer	c1f4c279cc@ijh.cc	 	0	0	woman	7	 	demo/face/D3D/180/D3D9446802A44259755D38E6D163E820...	demo/face/D3D/80/D3D9446802A44259755D38E6D163E820....	demo/face/D3D/32/D3D9446802A44259755D38E6D163E820....	0	0	0	0	0	 	1423884805	127.0.0.1	0	127.0.0.1	1423884805
	编辑	删除	11	2	孙立荣	f554ab0098a0a2753171e8155c577137	designer	de75dd9158@ijh.cc	 	0	0	woman	7	 	demo/face/651/180/6512BD43D9CAA6E02C990B0A82652DCA...	demo/face/651/80/6512BD43D9CAA6E02C990B0A82652DCA....	demo/face/651/32/6512BD43D9CAA6E02C990B0A82652DCA....	0	0	0	0	0	 	1423884806	127.0.0.1	0	127.0.0.1	1423884806
	编辑	删除	12	2	孔亮	f5c4edef060b18cf008822a9808158e1	designer	a79143e90f@ijh.cc	 	0	0	woman	7	 	demo/face/C20/180/C20AD4D76FE97759AA27A0C99BFF6710...	demo/face/C20/80/C20AD4D76FE97759AA27A0C99BFF6710....	demo/face/C20/32/C20AD4D76FE97759AA27A0C99BFF6710....	0	0	0	0	0	 	1423884806	127.0.0.1	0	127.0.0.1	1423884806
	编辑	删除	13	2	沈玲玲	66334a4c624365e3efc454ca8e8dba59	designer	7e4062d66d@ijh.cc	 	0	0	woman	7	 	demo/face/C51/180/C51CE410C124A10E0DB5E4B97FC2AF39...	demo/face/C51/80/C51CE410C124A10E0DB5E4B97FC2AF39....	demo/face/C51/32/C51CE410C124A10E0DB5E4B97FC2AF39....	0	0	0	0	0	 	1423884806	127.0.0.1	0	127.0.0.1	1423884806
	编辑	删除	14	2	万天高品质效果图	1f544cfeca3069926f7407df3a7e4321	designer	ee91e0b4de@ijh.cc	 	0	0	woman	7	 	demo/face/AAB/180/AAB3238922BCC25A6F606EB525FFDC56...	demo/face/AAB/80/AAB3238922BCC25A6F606EB525FFDC56....	demo/face/AAB/32/AAB3238922BCC25A6F606EB525FFDC56....	0	0	0	0	0	 	1423884806	127.0.0.1	0	127.0.0.1	1423884806
	编辑	删除	15	2	合肥卡乐	e66bf0e3560c43efefe375b4415ae68f	designer	eaa6ef9db0@ijh.cc	 	0	0	woman	7	 	demo/face/9BF/180/9BF31C7FF062936A96D3C8BD1F8F2FF3...	demo/face/9BF/80/9BF31C7FF062936A96D3C8BD1F8F2FF3....	demo/face/9BF/32/9BF31C7FF062936A96D3C8BD1F8F2FF3....	0	0	0	0	0	 	1423884807	127.0.0.1	0	127.0.0.1	1423884807
	编辑	删除	16	2	李发枝	26459357c2e496b9b2000552b5389e32	designer	8fe6befc8d@ijh.cc	 	0	0	woman	7	 	demo/face/C74/180/C74D97B01EAE257E44AA9D5BADE97BAF...	demo/face/C74/80/C74D97B01EAE257E44AA9D5BADE97BAF....	demo/face/C74/32/C74D97B01EAE257E44AA9D5BADE97BAF....	0	0	0	0	0	 	1423884807	127.0.0.1	0	127.0.0.1	1423884807
	编辑	删除	17	2	钟莉	9677fdfec55658467d91afe175b7d02b	designer	0372e05378@ijh.cc	 	0	0	woman	7	 	demo/face/70E/180/70EFDF2EC9B086079795C442636B55FB...	demo/face/70E/80/70EFDF2EC9B086079795C442636B55FB....	demo/face/70E/32/70EFDF2EC9B086079795C442636B55FB....	0	0	0	0	0	 	1423884807	127.0.0.1	0	127.0.0.1	1423884807
	编辑	删除	18	2	MikaLilys	fc26fdec48de3c00538a1094c63571e8	designer	5b400e5865@ijh.cc	 	0	0	woman	7	 	demo/face/6F4/180/6F4922F45568161A8CDF4AD2299F6D23...	demo/face/6F4/80/6F4922F45568161A8CDF4AD2299F6D23....	demo/face/6F4/32/6F4922F45568161A8CDF4AD2299F6D23....	0	0	0	0	0	 	1423884807	127.0.0.1	0	127.0.0.1	1423884807
	编辑	删除	19	2	蒋克勤	269bf23319c7190ed9622348700f145b	designer	cdfa4f1d43@ijh.cc	 	0	0	woman	7	 	demo/face/1F0/180/1F0E3DAD99908345F7439F8FFABDFFC4...	demo/face/1F0/80/1F0E3DAD99908345F7439F8FFABDFFC4....	demo/face/1F0/32/1F0E3DAD99908345F7439F8FFABDFFC4....	0	0	0	0	0	 	1423884808	127.0.0.1	0	127.0.0.1	1423884808
	编辑	删除	20	2	合肥孔亮	ed67c43330180e1026fc424a4754fce0	designer	80d351fd00@ijh.cc	 	0	0	woman	7	 	demo/face/98F/180/98F13708210194C475687BE6106A3B84...	demo/face/98F/80/98F13708210194C475687BE6106A3B84....	demo/face/98F/32/98F13708210194C475687BE6106A3B84....	0	0	0	0	0	 	1423884808	127.0.0.1	0	127.0.0.1	1423884808
	编辑	删除	21	2	胡狸	4c0fe016c7badd6da384ca023ec22b65	designer	0f46c41b80@ijh.cc	 	0	0	woman	7	 	demo/face/3C5/180/3C59DC048E8850243BE8079A5C74D079...	demo/face/3C5/80/3C59DC048E8850243BE8079A5C74D079....	demo/face/3C5/32/3C59DC048E8850243BE8079A5C74D079....	0	0	0	0	0	 	1423884808	127.0.0.1	0	127.0.0.1	1423884808
	编辑	删除	22	2	张浩	16df8a3d1cd6df53135abf926a29623c	designer	5f650ebe8c@ijh.cc	 	0	0	woman	7	 	demo/face/B6D/180/B6D767D2F8ED5D21A44B0E5886680CB9...	demo/face/B6D/80/B6D767D2F8ED5D21A44B0E5886680CB9....	demo/face/B6D/32/B6D767D2F8ED5D21A44B0E5886680CB9....	0	0	0	0	0	 	1423884809	127.0.0.1	0	127.0.0.1	1423884809
	编辑	删除	23	2	微醺小桔	82e3926486807615c96c8c6338fe93f6	designer	c34fc215e4@ijh.cc	 	0	0	woman	7	 	demo/face/376/180/37693CFC748049E45D87B8C7D8B9AACD...	demo/face/376/80/37693CFC748049E45D87B8C7D8B9AACD....	demo/face/376/32/37693CFC748049E45D87B8C7D8B9AACD....	0	0	0	0	0	 	1423884809	127.0.0.1	0	127.0.0.1	1423884809
	编辑	删除	24	2	程诺	1c05994e8c15781feb89993930e5c7f7	designer	05291a5302@ijh.cc	 	0	0	woman	7	 	demo/face/1FF/180/1FF1DE774005F8DA13F42943881C655F...	demo/face/1FF/80/1FF1DE774005F8DA13F42943881C655F....	demo/face/1FF/32/1FF1DE774005F8DA13F42943881C655F....	0	0	0	0	0	 	1423884809	127.0.0.1	0	127.0.0.1	1423884809
	编辑	删除	25	2	洪尧	f41221fc16e1c2b5fa4da10931074600	designer	c8e8d804a1@ijh.cc	 	0	0	woman	7	 	demo/face/8E2/180/8E296A067A37563370DED05F5A3BF3EC...	demo/face/8E2/80/8E296A067A37563370DED05F5A3BF3EC....	demo/face/8E2/32/8E296A067A37563370DED05F5A3BF3EC....	0	0	0	0	0	 	1423884810	127.0.0.1	0	127.0.0.1	1423884810
	编辑	删除	26	2	马远亮	247809127fb8372335e5bca5d74727d6	designer	1dab46d997@ijh.cc	 	0	0	woman	7	 	demo/face/4E7/180/4E732CED3463D06DE0CA9A15B6153677...	demo/face/4E7/80/4E732CED3463D06DE0CA9A15B6153677....	demo/face/4E7/32/4E732CED3463D06DE0CA9A15B6153677....	0	0	0	0	0	 	1423884810	127.0.0.1	0	127.0.0.1	1423884810
	编辑	删除	27	2	李超	e364179e17774deb87c38a89c66eebec	designer	21f1401c80@ijh.cc	 	0	0	woman	7	 	demo/face/02E/180/02E74F10E0327AD868D138F2B4FDD6F0...	demo/face/02E/80/02E74F10E0327AD868D138F2B4FDD6F0....	demo/face/02E/32/02E74F10E0327AD868D138F2B4FDD6F0....	0	0	0	0	0	 	1423884810	127.0.0.1	0	127.0.0.1	1423884810
	编辑	删除	28	2	郝泽伟	6532f3cba465558bfe454d48109fe28d	designer	ca093c8e39@ijh.cc	 	0	0	woman	7	 	demo/face/33E/180/33E75FF09DD601BBE69F351039152189...	demo/face/33E/80/33E75FF09DD601BBE69F351039152189....	demo/face/33E/32/33E75FF09DD601BBE69F351039152189....	0	0	0	0	0	 	1423884811	127.0.0.1	0	127.0.0.1	1423884811
	编辑	删除	29	2	渔翁设计	075fb0cdcbde70a76a80278edaf6270c	designer	b1f2d5f427@ijh.cc	 	0	0	woman	7	 	demo/face/6EA/180/6EA9AB1BAA0EFB9E19094440C317E21B...	demo/face/6EA/80/6EA9AB1BAA0EFB9E19094440C317E21B....	demo/face/6EA/32/6EA9AB1BAA0EFB9E19094440C317E21B....	0	0	0	0	0	 	1423884811	127.0.0.1	0	127.0.0.1	1423884811
	编辑	删除	30	2	A-TM设计	a17404ce68dc79915a8867679b02c3c7	designer	6ea3c57491@ijh.cc	 	0	0	woman	7	 	demo/face/341/180/34173CB38F07F89DDBEBC2AC9128303F...	demo/face/341/80/34173CB38F07F89DDBEBC2AC9128303F....	demo/face/341/32/34173CB38F07F89DDBEBC2AC9128303F....	0	0	0	0	0	 	1423884811	127.0.0.1	0	127.0.0.1	1423884811


修复方案:

我是来找礼物的!

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-09-18 20:52

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论