当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0157554

漏洞标题:港云科技www主站SQL注射漏洞(泄露千万级装机信息)

相关厂商:港云科技

漏洞作者: goubuli

提交时间:2015-12-03 23:34

修复时间:2016-01-22 11:14

公开时间:2016-01-22 11:14

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-03: 细节已通知厂商并且等待厂商处理中
2015-12-08: 厂商已经确认,细节仅向厂商公开
2015-12-18: 细节向核心白帽子及相关领域专家公开
2015-12-28: 细节向普通白帽子公开
2016-01-07: 细节向实习白帽子公开
2016-01-22: 细节向公众公开

简要描述:

RT

详细说明:

主站地址:

http://**.**.**.**/pc/index.aspx


注入地址:

http://**.**.**.**/pc/productlist.aspx?productid=2
参数productid可注入


1202-1.png


数据库Back_Database的数据量证明

1202-2.png


60张表:

Database: Back_Database
[60 tables]
+-----------------------------+
| City |
| Push_Summary |
| gy_ControlService |
| gy_NeedWriteAppLog |
| gy_UserInstalledApp |
| gy_cacheimsirule |
| gy_cacheimsirule_tmp |
| lian_temp |
| lian_temprule |
| sysdiagrams |
| td_ActiveUser |
| td_ActiveUser_select |
| td_AlbumUserData |
| td_ApkFile |
| td_ApkInfo |
| td_Bug |
| td_ChannleApkSet |
| td_City |
| td_ErrorLog |
| td_Event |
| td_Feedback |
| td_Firm |
| td_IPListNew |
| td_IPSource |
| td_Installed |
| td_PackName |
| td_Page |
| td_PhoneModel |
| td_Project |
| td_PushApk |
| td_PushInstalled |
| td_PushInstalledBak |
| td_PushOutCount |
| td_PushOutCountBak |
| td_PushOutCount_Success |
| td_PushRecord_Count |
| td_PushRole |
| td_RecordApk |
| td_Role |
| td_Role_Page |
| td_TotalEvent |
| td_User |
| td_UserApk |
| td_UserGroup |
| td_UserGroup_Role |
| td_UserInstalled |
| td_apkbigtype |
| td_apkofName |
| td_apksmalltype |
| td_feedback_send |
| td_icontrolrealbeauty |
| td_icontrolrealbeautyRecord |
| td_imgtxtpush |
| td_imgtxtpush_record |
| td_imgtxtpush_recordBak |
| td_isCreateXJBHIcon |
| td_toolupdate |
| vw_PushInstalled |
| vw_UserInstalledApp |
| vw_pushrule |
+-----------------------------+


sa权限可以跨库,DB_ComunityBack_online表信息

Database: DB_ComunityBack_online
[129 tables]
+---------------------------------+
| CareAbout |
| GY_ArticleKind |
| GY_Articles |
| GY_Books |
| GY_ClickLike_Detail |
| GY_Comment_ClickLike |
| GY_Comments |
| GY_Download |
| GY_FAQ |
| GY_FAQAllInfo |
| GY_IsShowRecommandApp |
| GY_RecommandAPK |
| GY_ZhuangSuCai |
| Gameinfo |
| NTV_FriendDetail |
| NTV_FriendDetailStat |
| NT_AD |
| NT_ADCategory |
| NT_Admin |
| NT_AdminLog |
| NT_Ads |
| NT_Album |
| NT_Blog |
| NT_BlogComment |
| NT_BlogDraft |
| NT_C_Usered |
| NT_CarATC |
| NT_CarATCCal |
| NT_CarATCComment |
| NT_CarATCMember |
| NT_CarClub |
| NT_CarClubAreaIntro |
| NT_CarClubUser |
| NT_Co_Action |
| NT_Co_Area |
| NT_Co_Car |
| NT_Co_Company |
| NT_Co_Crash |
| NT_Co_Object |
| NT_Co_OilStation |
| NT_Co_Order |
| NT_Co_Products |
| NT_Co_Task |
| NT_Co_UserInfo |
| NT_Co_Usered |
| NT_Company |
| NT_Constellation |
| NT_Dict_Academy |
| NT_Dict_Area |
| NT_Dict_MovieSort |
| NT_Dict_School |
| NT_Dict_Vocation |
| NT_EmailNotify |
| NT_Family |
| NT_Financial |
| NT_FinancialType |
| NT_FootPrint |
| NT_Friend |
| NT_FriendDesc |
| NT_FriendInvite |
| NT_Game |
| NT_GameClass |
| NT_Greet |
| NT_GroupDiscuss |
| NT_GroupInvite |
| NT_GroupMember |
| NT_Help |
| NT_Inbox |
| NT_LeaveWord |
| NT_Letter |
| NT_MakeupGoods |
| NT_MiniBlog |
| NT_MiniBlogComment |
| NT_Notepad |
| NT_Notice |
| NT_OhterWords |
| NT_OnlineUser |
| NT_OpensocialActivities |
| NT_OpensocialApi |
| NT_Order |
| NT_Outbox |
| NT_Photo |
| NT_PhotoComment |
| NT_PhotoLasso |
| NT_Props |
| NT_Request |
| NT_RetrievePwd |
| NT_SayUs |
| NT_Sell_Action |
| NT_Sell_Dongzuo |
| NT_Sell_Profit |
| NT_SendMobile |
| NT_SendStatue |
| NT_Share |
| NT_ShareComment |
| NT_SourceMaterial |
| NT_SpaceTemplate |
| NT_SpareEmail |
| NT_SysNotepad |
| NT_Table |
| NT_User |
| NT_UserCareer |
| NT_UserEducation |
| NT_UserGroup |
| NT_UserInfo |
| NT_UserLog |
| NT_UserPointHistory |
| NT_UserProps |
| NT_UserSetting |
| NT_UserVersion |
| NT_Visit |
| NT_Vote |
| Nt_BookShelf |
| Nt_DisVote |
| Nt_GroupType |
| Nt_GroupVisit |
| Nt_Sell_Property |
| Nt_ToVote |
| Nt_VoteComm |
| Nt_VoteOption |
| Opensocial_activity_media_items |
| Sucai |
| Sucai_Ftype |
| Viw_FAQAllInfo |
| Viw_GetMakeupGoodsForShiZhuang |
| YZNum |
| GY_FAQ_en-us |
| sysdiagrams |
| temp |
+---------------------------------+


漏洞证明:

已证明,未深入

修复方案:

版权声明:转载请注明来源 goubuli@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-12-08 11:10

厂商回复:

CNVD确认所述情况,已经由CNVD通过网站公开联系方式向网站管理单位通报。

最新状态:

暂无


漏洞评价:

评价