当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0158337

漏洞标题:U周刊官方存漏洞#泄漏3万+用户信息(香港地區)

相关厂商:香港经济日报

漏洞作者: 面具

提交时间:2015-12-05 03:35

修复时间:2016-01-21 18:22

公开时间:2016-01-21 18:22

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(hkcert香港互联网应急协调中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-05: 细节已通知厂商并且等待厂商处理中
2015-12-09: 厂商已经确认,细节仅向厂商公开
2015-12-19: 细节向核心白帽子及相关领域专家公开
2015-12-29: 细节向普通白帽子公开
2016-01-08: 细节向实习白帽子公开
2016-01-21: 细节向公众公开

简要描述:

U周刊官方存漏洞#泄漏3万+用户信息

详细说明:


#SQL(2处)
http://**.**.**.**/page.php?pkey=9 参数pkey可控
http://**.**.**.**/event_result.php?event_pkey=17 参数event_pkey可控
泄露3万+用户信息!

漏洞证明:

#SQL(2处)
http://**.**.**.**/page.php?pkey=9 参数pkey可控
http://**.**.**.**/event_result.php?event_pkey=17 参数event_pkey可控
#SQL(2处)
http://**.**.**.**/page.php?pkey=9 参数pkey可控
http://**.**.**.**/event_result.php?event_pkey=17 参数event_pkey可控
泄露3万+用户信息!
附数据量:
Database: umagazine_v3
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| tbl_gift_result | 894445 |
| tbl_member_forum | 35859 |
| tbl_member | 35855 |
| tbl_member_forum_20080709 | 27195 |
| tbl_member_20080709 | 27193 |
| tbl_contents_book_pages | 26265 |
| tbl_member_20071026 | 24796 |
| tbl_event_result | 17181 |
| tbl_contents_book_pages_bak2 | 8083 |
| tbl_contents_book_desc_photo | 5067 |
| tbl_contents_book_pages_bak3 | 4755 |
| tbl_cms_photo | 1848 |
| tbl_contents_book_desc_photo_bak2 | 1652 |
| tbl_contents_book_desc_photo_bak3 | 1578 |
| tbl_contents_book | 1479 |
| tbl_gift_option | 1176 |
| tbl_gift | 776 |
| tbl_wallpaper | 524 |
| tbl_contents_book_bak2 | 484 |
| tbl_contents_book_bak3 | 484 |
| tbl_photo_sharing | 484 |
| tbl_home | 435 |
| tbl_banner1_item | 330 |
| tbl_contents_book_pages_bak | 288 |
| tbl_event_option | 285 |
| tbl_event | 237 |
| tbl_cms_doc | 222 |
| tbl_story | 145 |
| tbl_forum_topic | 124 |
| tbl_tips | 90 |
| tbl_banner3_item | 85 |
| tbl_banner4_item | 78 |
| tbl_photo_sharing_country | 76 |
| tbl_contents_book_desc_photo_bak | 73 |
| tbl_forum_reply | 70 |
| tbl_event_question | 68 |
| tbl_video_item | 62 |
| tbl_page_content | 61 |
| tbl_story_country | 61 |
| tbl_banner2_item | 58 |
| tbl_wallpaper_country | 55 |
| tbl_member_bookmark | 53 |
| tbl_member_bak | 43 |
| tbl_left_menu | 37 |
| tbl_photo_poll_photo | 36 |
| tbl_video | 34 |
| tbl_forum_user_upload_photo | 24 |
| tbl_page | 24 |
| tbl_contents_section | 18 |
| tbl_video_country | 16 |
| tbl_vote_photo | 15 |
| tbl_experts | 13 |
| tbl_photo_album_photo | 13 |
| tbl_photo_poll_photo_old | 13 |
| tbl_doclist_item | 11 |
| tbl_eventphoto | 10 |
| tbl_member_old | 9 |
| tbl_forum | 8 |
| tbl_photo_sharing_country_group | 8 |
| tbl_qna | 8 |
| tbl_story_country_group | 8 |
| tbl_video_country_group | 8 |
| tbl_wallpaper_country_group | 8 |
| tbl_gameresult | 7 |
| tbl_vote | 7 |
| tbl_forum_group | 6 |
| tbl_vote_photo_old | 5 |
| tbl_ad | 4 |
| tbl_badwords_bak | 4 |
| tbl_photo | 4 |
| tbl_poll | 4 |
| tbl_test | 4 |
| tbl_badwords | 3 |
| tbl_doclist | 3 |
| tbl_photo_album_photo_cat | 3 |
| tbl_photo_poll | 3 |
| tbl_photo_rte | 3 |
| tbl_video_album_video | 3 |
| tbl_video_album_video_cat | 3 |
| tbl_vote_ite | 3 |
| tbl_eventalbum | 2 |
| tbl_photo_poll_old | 2 |
| tbl_vote_topic | 2 |
| tbl_admin | 1 |
| tbl_banner1 | 1 |
| tbl_banner2 | 1 |
| tbl_banner3 | 1 |
| tbl_banner4 | 1 |
| tbl_banner5 | 1 |
| tbl_contact | 1 |
| tbl_content | 1 |
| tbl_eventcontent | 1 |
| tbl_forum_setting | 1 |
| tbl_game | 1 |
| tbl_link | 1 |
| tbl_photo_sharing_index | 1 |
| tbl_photo_sharing_setup | 1 |
| tbl_pollingcontent | 1 |
| tbl_story_setup | 1 |
| tbl_tipscontent | 1 |
| tbl_uclub_promote | 1 |
| tbl_vote_main | 1 |
| tbl_vote_option | 1 |
| tbl_wallpaper_setup | 1 |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| COLUMNS | 1751 |
| GLOBAL_STATUS | 291 |
| SESSION_STATUS | 291 |
| GLOBAL_VARIABLES | 277 |
| SESSION_VARIABLES | 277 |
| PARTITIONS | 135 |
| TABLES | 135 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 130 |
| COLLATIONS | 129 |
| STATISTICS | 120 |
| KEY_COLUMN_USAGE | 106 |
| TABLE_CONSTRAINTS | 106 |
| CHARACTER_SETS | 36 |
| SCHEMA_PRIVILEGES | 18 |
| PLUGINS | 7 |
| ENGINES | 5 |
| SCHEMATA | 3 |
| PROCESSLIST | 1 |
| USER_PRIVILEGES | 1 |
+---------------------------------------+---------+

member.jpg

修复方案:

这个你们你们懂得! 

版权声明:转载请注明来源 面具@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2015-12-09 16:00

厂商回复:

Referred to related parties.

最新状态:

暂无


漏洞评价:

评价

  1. 2015-12-12 22:02 | AuGe ( 普通白帽子 | Rank:107 漏洞数:16 | I'm coming)

    路过看到熟悉的洞~

  2. 2016-01-17 16:37 | lanyan ( 路人 | Rank:1 漏洞数:1 | 啦啦啦啦啦 k哥成功和我混)

    胸残。可怕