当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0187025

漏洞标题:药到病除某漏洞涉及330万账号信息\400多万客户订单信息\310淘宝货物订单信息

相关厂商:药到病除

漏洞作者: 小菜果子

提交时间:2016-03-21 10:00

修复时间:2016-05-08 16:27

公开时间:2016-05-08 16:27

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-03-21: 细节已通知厂商并且等待厂商处理中
2016-03-24: 厂商已经确认,细节仅向厂商公开
2016-04-03: 细节向核心白帽子及相关领域专家公开
2016-04-13: 细节向普通白帽子公开
2016-04-23: 细节向实习白帽子公开
2016-05-08: 细节向公众公开

简要描述:

货真价实的超过千万信息泄露,求头条,求rank爆表
有用户订单详情、实名、手机号码、座机、住址等

详细说明:

http://**.**.**.**/index.php/Home/Index/goodslist2?pagetext=%E8%8A%B1%E8%8A%B1%E5%85%AC%E5%AD%90


available databases [11]:
[*] cleverbak
[*] clevercms
[*] dtsnsold
[*] ftpusers
[*] information_schema
[*] mysql
[*] performance_schema
[*] petct
[*] test
[*] weixinqiang
[*] zhzy


dba权限.jpg


看看是否是千万级别,最下面有详细证明

Database: clevercms
+----------------------------+---------+
| Table                      | Entries |
+----------------------------+---------+
| app_visitor                | 14642042 |
| shop_order_goods           | 5428707 |
| app_users                  | 3303875 |
| shop_order_taobaogoods     | 3155809 |
| shop_order                 | 2801376 |
| shop_systemlog             | 2685484 |
| shop_comments              | 1489085 |
| app_login_log              | 1457270 |
| shop_goods_amount          | 1338729 |
| shop_order_taobao_201511   | 1222323 |
| shop_order_taobao          | 819538  |
| shop_searchcache           | 801129  |
| shop_searchkeywords        | 589598  |
| cms_hits                   | 468659  |
| cms_contenttag             | 424520  |
| shop_xiaozhang             | 420995  |
| cms_contentindex           | 416153  |
| app_yuyue                  | 304433  |
| xzd_orderCreate            | 264570  |
| shop_qinghuo               | 209744  |
| app_doctor                 | 202395  |
| cms_collection             | 196849  |
| cms_tags                   | 189849  |
| app_disease                | 162770  |
| app_login                  | 114414  |
| shop_order_taobao_201408   | 113830  |
| shop_order_taobao_201407   | 106150  |
| shop_order_taobao_201406   | 105093  |
| shop_order_taobao_201311   | 104852  |
| shop_order_taobao_201409   | 97479   |
| app_mydoctor               | 87409   |
| shop_order_taobao_201405   | 86808   |
| shop_order_taobao_201312   | 85074   |
| cms_content31              | 84058   |
| app_pay_log                | 80362   |
| cms_content23              | 79929   |
| shop_order_taobao_201307   | 78798   |
| shop_order_taobao_201404   | 77390   |
| shop_shippingclear         | 77305   |
| shop_order_taobao_201403   | 77112   |
| shop_order_taobao_201310   | 76670   |
| shop_order_taobao_201402   | 76318   |
| shop_order_taobao_201212   | 75573   |
| shop_order_taobao_201308   | 74133   |
| shop_order_taobao_201207   | 73837   |
| shop_order_taobao_201401   | 71355   |
| shop_order_taobao_201305   | 70524   |
| shop_order_taobao_201306   | 69520   |
| shop_order_taobao_201309   | 67553   |
| shop_order_taobao_201303   | 65976   |
| shop_writeoff_goods        | 64061   |
| shop_order_taobao_201304   | 63860   |
| shop_order_taobao_201301   | 63649   |
| shop_order_action          | 62502   |
| shop_order_taobao_201211   | 59482   |
| shop_order_taobao_201209   | 51601   |
| shop_order_taobao_201208   | 51252   |
| app_caseassign             | 48695   |
| shop_order_notice          | 42868   |
| shop_order_taobao_201210   | 41451   |
| shop_order_taobao_201302   | 38901   |
| cms_content11              | 32870   |
| cms_content30              | 32395   |
| cms_content18              | 29794   |
| cms_content99              | 28809   |
| shop_inventory             | 26848   |
| cms_content22              | 26310   |
| cms_content13              | 24456   |
| shop_receiver_address      | 20501   |
| cms_content17              | 16926   |
| tmp_goods_amount           | 16688   |
| shop_goods                 | 14692   |
| app_doctorurl              | 14670   |
| cms_content12              | 14653   |
| cms_content15              | 13823   |
| shop_shippingarea          | 12335   |
| cms_content20              | 11842   |
| dt_service                 | 10426   |
| cms_content16              | 9356    |
| cms_content19              | 9265    |
| shop_store_data            | 8868    |
| app_card                   | 7737    |
| shop_collect               | 7090    |
| cms_content21              | 6811    |
| shop_direct_order          | 6341    |
| shop_purchase              | 5559    |
| shop_goods_article         | 5385    |
| cms_comment                | 4757    |
| cms_content14              | 4641    |
| shop_producer              | 4554    |
| shop_taobao_area           | 4440    |
| shop_goods_position        | 4079    |
| shop_goods_subhost         | 3720    |
| cms_content1               | 3370    |
| bas_region                 | 3361    |
| shop_region                | 3248    |
| app_hospital_ext           | 3238    |
| app_hospital               | 3237    |
| app_sessions               | 3167    |
| app_hosnews                | 2910    |
| bas_disease                | 2703    |
| cms_category               | 2369    |
| cms_recycle                | 2264    |
| shop_user_coupon           | 2143    |
| shop_inventory_tmp         | 2050    |
| shop_goods_category_goods  | 1893    |
| shop_brand                 | 1849    |
| shop_goods_maintain        | 1797    |
| shop_extend_category       | 1778    |
| shop_article               | 1335    |
| cms_components             | 1284    |
| app_hostjtc                | 1258    |
| shop_askanswer             | 1075    |
| shop_shippingtemplate_area | 855     |
| shop_yiqifa                | 838     |
| cms_gather                 | 796     |
| shop_webcontent            | 727     |
| shop_goodssku              | 586     |
| shop_package_goods         | 522     |
| shop_suppliergoods         | 478     |
| shop_city                  | 429     |
| app_hospital_comments      | 413     |
| app_partner                | 396     |
| cms_advert                 | 385     |
| shop_goods_deleted         | 372     |
| bas_project                | 370     |
| shop_goods_category        | 339     |
| shop_opinion               | 336     |
| dt_casehistory             | 319     |
| xzd_jiading2daoda          | 307     |
| dt_order                   | 290     |
| shop_goods_category_bak2   | 287     |
| cms_adposition             | 277     |
| cms_articlelevel           | 265     |
| cms_comclass               | 247     |
| shop_order_package         | 240     |
| shop_package               | 233     |
| system_role                | 204     |
| shop_case_category         | 186     |
| bas_symptom                | 175     |
| cms_selectvalue            | 161     |
| system_node                | 157     |
| shop_supplier              | 144     |
| shop_webposition           | 139     |
| bas_dept                   | 133     |
| app_yingxiao               | 125     |
| z_ruimei_goods             | 104     |
| cms_adclass                | 98      |
| cms_field                  | 95      |
| cms_admin                  | 81      |
| shop_collocation           | 64      |
| cms_config                 | 63      |
| z_ruimei_dorder_dose       | 61      |
| app_email                  | 55      |
| cms_polls                  | 49      |
| cms_kword_url              | 42      |
| shop_writeoff              | 41      |
| shop_order_taobao_youxian  | 40      |
| shop_opinion_log           | 39      |
| shop_active                | 33      |
| z_ruimei_goods_sn          | 33      |
| shop_province              | 31      |
| cms_commentface            | 30      |
| cms_const                  | 22      |
| cms_module                 | 19      |
| shop_importorder_log       | 19      |
| dt_company                 | 18      |
| shop_shippers              | 16      |
| shop_express_taobao        | 15      |
| system_department          | 15      |
| shop_editor_order          | 14      |
| app_service                | 12      |
| cms_help                   | 12      |
| shop_coupon                | 12      |
| shop_shippingcompany       | 12      |
| app_user_share             | 11      |
| shop_feedback              | 11      |
| shop_shippingtemplate      | 9       |
| shop_shipping              | 8       |
| cms_class                  | 7       |
| app_report                 | 6       |
| tumor_survey               | 6       |
| app_report_comment         | 5       |
| app_service_comment        | 5       |
| cms_nav                    | 5       |
| shop_article_category      | 4       |
| system_company             | 3       |
| z_ruimei_doctor            | 3       |
| cms_attach                 | 2       |
| cms_select                 | 2       |
| shop_gift                  | 2       |
| z_ruimei_user              | 2       |
| cms_extension              | 1       |
| cms_schcache               | 1       |
| shop_storeroom             | 1       |
| z_ruimei_dorder            | 1       |
+----------------------------+---------+


330万登录账号信息

330万账号信息jpg.jpg


310万淘宝货物订单

310万淘宝货物订单.jpg


280万 shop 客户订单信息

280万客户信息订单信息.jpg


120万的淘宝订单客户信息

201511_120万淘宝客户信息订单.jpg


早期的81万淘宝订单信息

shop_taobao订单.jpg


过千万了吧!!!

漏洞证明:

http://**.**.**.**/index.php/Home/Index/goodslist2?pagetext=%E8%8A%B1%E8%8A%B1%E5%85%AC%E5%AD%90


330万账号信息jpg.jpg


310万淘宝货物订单.jpg


280万客户信息订单信息.jpg


201511_120万淘宝客户信息订单.jpg

修复方案:

你懂得

版权声明:转载请注明来源 小菜果子@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2016-03-24 16:27

厂商回复:

CNVD未直接复现所述情况,暂未建立与网站管理单位的直接处置渠道,待认领。

最新状态:

暂无

漏洞评价:

评价