当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0157554

漏洞标题:港云科技www主站SQL注射漏洞(泄露千万级装机信息)

相关厂商:港云科技

漏洞作者: goubuli

提交时间:2015-12-03 23:34

修复时间:2016-01-22 11:14

公开时间:2016-01-22 11:14

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-03: 细节已通知厂商并且等待厂商处理中
2015-12-08: 厂商已经确认,细节仅向厂商公开
2015-12-18: 细节向核心白帽子及相关领域专家公开
2015-12-28: 细节向普通白帽子公开
2016-01-07: 细节向实习白帽子公开
2016-01-22: 细节向公众公开

简要描述:

RT

详细说明:

主站地址:

http://**.**.**.**/pc/index.aspx


注入地址:

http://**.**.**.**/pc/productlist.aspx?productid=2
参数productid可注入


1202-1.png


数据库Back_Database的数据量证明

1202-2.png


60张表:

Database: Back_Database
[60 tables]
+-----------------------------+
| City                        |
| Push_Summary                |
| gy_ControlService           |
| gy_NeedWriteAppLog          |
| gy_UserInstalledApp         |
| gy_cacheimsirule            |
| gy_cacheimsirule_tmp        |
| lian_temp                   |
| lian_temprule               |
| sysdiagrams                 |
| td_ActiveUser               |
| td_ActiveUser_select        |
| td_AlbumUserData            |
| td_ApkFile                  |
| td_ApkInfo                  |
| td_Bug                      |
| td_ChannleApkSet            |
| td_City                     |
| td_ErrorLog                 |
| td_Event                    |
| td_Feedback                 |
| td_Firm                     |
| td_IPListNew                |
| td_IPSource                 |
| td_Installed                |
| td_PackName                 |
| td_Page                     |
| td_PhoneModel               |
| td_Project                  |
| td_PushApk                  |
| td_PushInstalled            |
| td_PushInstalledBak         |
| td_PushOutCount             |
| td_PushOutCountBak          |
| td_PushOutCount_Success     |
| td_PushRecord_Count         |
| td_PushRole                 |
| td_RecordApk                |
| td_Role                     |
| td_Role_Page                |
| td_TotalEvent               |
| td_User                     |
| td_UserApk                  |
| td_UserGroup                |
| td_UserGroup_Role           |
| td_UserInstalled            |
| td_apkbigtype               |
| td_apkofName                |
| td_apksmalltype             |
| td_feedback_send            |
| td_icontrolrealbeauty       |
| td_icontrolrealbeautyRecord |
| td_imgtxtpush               |
| td_imgtxtpush_record        |
| td_imgtxtpush_recordBak     |
| td_isCreateXJBHIcon         |
| td_toolupdate               |
| vw_PushInstalled            |
| vw_UserInstalledApp         |
| vw_pushrule                 |
+-----------------------------+


sa权限可以跨库,DB_ComunityBack_online表信息

Database: DB_ComunityBack_online
[129 tables]
+---------------------------------+
| CareAbout                       |
| GY_ArticleKind                  |
| GY_Articles                     |
| GY_Books                        |
| GY_ClickLike_Detail             |
| GY_Comment_ClickLike            |
| GY_Comments                     |
| GY_Download                     |
| GY_FAQ                          |
| GY_FAQAllInfo                   |
| GY_IsShowRecommandApp           |
| GY_RecommandAPK                 |
| GY_ZhuangSuCai                  |
| Gameinfo                        |
| NTV_FriendDetail                |
| NTV_FriendDetailStat            |
| NT_AD                           |
| NT_ADCategory                   |
| NT_Admin                        |
| NT_AdminLog                     |
| NT_Ads                          |
| NT_Album                        |
| NT_Blog                         |
| NT_BlogComment                  |
| NT_BlogDraft                    |
| NT_C_Usered                     |
| NT_CarATC                       |
| NT_CarATCCal                    |
| NT_CarATCComment                |
| NT_CarATCMember                 |
| NT_CarClub                      |
| NT_CarClubAreaIntro             |
| NT_CarClubUser                  |
| NT_Co_Action                    |
| NT_Co_Area                      |
| NT_Co_Car                       |
| NT_Co_Company                   |
| NT_Co_Crash                     |
| NT_Co_Object                    |
| NT_Co_OilStation                |
| NT_Co_Order                     |
| NT_Co_Products                  |
| NT_Co_Task                      |
| NT_Co_UserInfo                  |
| NT_Co_Usered                    |
| NT_Company                      |
| NT_Constellation                |
| NT_Dict_Academy                 |
| NT_Dict_Area                    |
| NT_Dict_MovieSort               |
| NT_Dict_School                  |
| NT_Dict_Vocation                |
| NT_EmailNotify                  |
| NT_Family                       |
| NT_Financial                    |
| NT_FinancialType                |
| NT_FootPrint                    |
| NT_Friend                       |
| NT_FriendDesc                   |
| NT_FriendInvite                 |
| NT_Game                         |
| NT_GameClass                    |
| NT_Greet                        |
| NT_GroupDiscuss                 |
| NT_GroupInvite                  |
| NT_GroupMember                  |
| NT_Help                         |
| NT_Inbox                        |
| NT_LeaveWord                    |
| NT_Letter                       |
| NT_MakeupGoods                  |
| NT_MiniBlog                     |
| NT_MiniBlogComment              |
| NT_Notepad                      |
| NT_Notice                       |
| NT_OhterWords                   |
| NT_OnlineUser                   |
| NT_OpensocialActivities         |
| NT_OpensocialApi                |
| NT_Order                        |
| NT_Outbox                       |
| NT_Photo                        |
| NT_PhotoComment                 |
| NT_PhotoLasso                   |
| NT_Props                        |
| NT_Request                      |
| NT_RetrievePwd                  |
| NT_SayUs                        |
| NT_Sell_Action                  |
| NT_Sell_Dongzuo                 |
| NT_Sell_Profit                  |
| NT_SendMobile                   |
| NT_SendStatue                   |
| NT_Share                        |
| NT_ShareComment                 |
| NT_SourceMaterial               |
| NT_SpaceTemplate                |
| NT_SpareEmail                   |
| NT_SysNotepad                   |
| NT_Table                        |
| NT_User                         |
| NT_UserCareer                   |
| NT_UserEducation                |
| NT_UserGroup                    |
| NT_UserInfo                     |
| NT_UserLog                      |
| NT_UserPointHistory             |
| NT_UserProps                    |
| NT_UserSetting                  |
| NT_UserVersion                  |
| NT_Visit                        |
| NT_Vote                         |
| Nt_BookShelf                    |
| Nt_DisVote                      |
| Nt_GroupType                    |
| Nt_GroupVisit                   |
| Nt_Sell_Property                |
| Nt_ToVote                       |
| Nt_VoteComm                     |
| Nt_VoteOption                   |
| Opensocial_activity_media_items |
| Sucai                           |
| Sucai_Ftype                     |
| Viw_FAQAllInfo                  |
| Viw_GetMakeupGoodsForShiZhuang  |
| YZNum                           |
| GY_FAQ_en-us                    |
| sysdiagrams                     |
| temp                            |
+---------------------------------+


漏洞证明:

已证明,未深入

修复方案:

版权声明:转载请注明来源 goubuli@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-12-08 11:10

厂商回复:

CNVD确认所述情况,已经由CNVD通过网站公开联系方式向网站管理单位通报。

最新状态:

暂无

漏洞评价:

评价