匹克某站点站多处SQL注入(泄露300w敏感信息/等)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0193268

漏洞标题：匹克某站点站多处SQL注入(泄露300w敏感信息/等)

漏洞作者： DeadSea

提交时间：2016-04-06 21:00

修复时间：2016-04-11 21:10

公开时间：2016-04-11 21:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-04-06：细节已通知厂商并且等待厂商处理中
2016-04-11：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

最近喜欢上了打篮球，想买一双篮球鞋的。然后顺带测试下

详细说明：

http://info.peaksport.com/UpdateLog/UpdateList.aspx?UpdateYearMonth=201307

http://info.peaksport.com/UpdateLog/UpdateList.aspx?ModuleID=1
<code>http://info.peaksport.com/UpdateLog/UpdateList.aspx?LogID=174

都存在注入

</code>

影响数据。

Database: Peak
+----------------------------------------+---------+
| Table                                  | Entries |
+----------------------------------------+---------+
| dbo.Peak_Saleroom_tmp                  | 3088501 |
| dbo.Peak_Saleroom_tmp                  | 3088501 |
| dbo.Peak_SMS_History                   | 1165101 |
| dbo.dnt_posts1                         | 309261  |
| dbo.Peak_ShopRelations                 | 261382  |
| dbo.BI_Shop                            | 103959  |
| dbo.temp                               | 31037   |
| dbo.VW_Shop                            | 29157   |
| dbo.Peak_BI_LiJin                      | 20772   |
| dbo.dnt_myposts                        | 20142   |
| dbo.dnt_posts2                         | 18466   |
| dbo.Peak_Picture                       | 17651   |
| dbo.Peak_Product_Picture               | 17651   |
| dbo.VW_QD_Shop                         | 16974   |
| dbo.vw_EAS_LJ_SHOP                     | 16291   |
| dbo.TMP150                             | 15303   |
| dbo.Peak_BI_QuDao                      | 14930   |
| dbo.TMP159                             | 14758   |
| dbo.dnt_topics                         | 12519   |
| dbo.TMP158                             | 12401   |
| dbo.TMP135                             | 11780   |
| dbo.dnt_attachments                    | 9370    |
| dbo.TMP187                             | 9179    |
| dbo.TMP151                             | 8482    |
| dbo.VW_ShopRelations                   | 8468    |
| dbo.Peak_BI_EAS                        | 8385    |
| dbo.TMP136                             | 7340    |
| dbo.Peak_Discount                      | 6708    |
| dbo.TMP139                             | 6355    |
| dbo.dnt_scheduledevents                | 6298    |
| dbo.Peak_UserRole                      | 5776    |
| dbo.TMP137                             | 5481    |
| dbo.dnt_userfields                     | 5120    |
| dbo.dnt_users                          | 5120    |
| dbo.dnt_pms                            | 4826    |
| dbo.TMP188                             | 4807    |
| dbo.TMP182                             | 4373    |
| dbo.Peak_CorrivalShop                  | 4173    |
| dbo.TMP138                             | 3277    |
| dbo.Peak_User                          | 2692    |
| dbo.Peak_City                          | 2556    |
| dbo.dnt_statvars                       | 1521    |
| dbo.dnt_mytopics                       | 1253    |
| dbo.dnt_myattachments                  | 1009    |
| dbo.dnt_words                          | 690     |
| dbo.dnt_trendstat                      | 669     |
| dbo.dnt_onlinetime                     | 506     |
| dbo.Peak_SaleQuotiety                  | 498     |
| dbo.Peak_RolePermission                | 496     |
| dbo.Peak_RolePermission                | 496     |
| dbo.Peak_Customers                     | 365     |
| dbo.T_lijintemp                        | 324     |
| dbo.dnt_creditslog                     | 224     |
| dbo.sys_RolePermission                 | 220     |
| dbo.dnt_adminvisitlog                  | 210     |
| dbo.Peak_UpdateLog_ModuleList          | 197     |
| dbo.Peak_UpdateLog_ModuleList          | 197     |
| dbo.Peak_UpdateLog_ModuleList          | 197     |
| dbo.Peak_ReceiptMessage                | 187     |
| dbo.dnt_moderatormanagelog             | 118     |
| dbo.Peak_EasAgent_temp                 | 112     |
| dbo.dnt_stats                          | 103     |
| dbo.dnt_medalslog                      | 102     |
| dbo.dnt_medalslog                      | 102     |
| dbo.Peak_SendMessage                   | 100     |
| dbo.Peak_EasAgent_his                  | 90      |
| dbo.Peak_EasAgent_his                  | 90      |
| dbo.dnt_smilies                        | 88      |
| dbo.Peak_Agent                         | 87      |
| dbo.VW_WareHouseAgent                  | 85      |
| dbo.Peak_PositionOrOrgExplainsHis      | 81      |
| dbo.Peak_Shop                          | 70      |
| dbo.Peak_Menu                          | 64      |
| dbo.dnt_topictags                      | 58      |
| dbo.dnt_tags                           | 52      |
| dbo.Peak_Module                        | 52      |
| dbo.Peak_Bidding_Material_Detail       | 48      |
| dbo.Peak_Bidding_Material_Detail       | 48      |
| dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
| dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
| dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
| dbo.dnt_polloptions                    | 32      |
| dbo.dnt_favorites                      | 30      |
| dbo.dnt_help                           | 29      |
| dbo.dnt_paymentlog                     | 28      |
| dbo.Peak_Map                           | 27      |
| dbo.dnt_forumfields                    | 26      |
| dbo.dnt_forums                         | 26      |
| dbo.dnt_moderators                     | 26      |
| dbo.dnt_topictagcaches                 | 26      |
| dbo.WCRTEMP00006                       | 24      |
| dbo.dnt_debatediggs                    | 23      |
| dbo.S3_Tmp                             | 22      |
| dbo.dnt_postdebatefields               | 21      |
| dbo.Peak_AllowAccessPerson             | 18      |
| dbo.dnt_topicidentify                  | 17      |
| dbo.dnt_onlinelist                     | 16      |
| dbo.dnt_onlinelist                     | 16      |
| dbo.Peak_Bidding_Discuss               | 16      |
| dbo.dnt_usergroups                     | 15      |
| dbo.Peak_PayStubNotDisplayItem         | 15      |
| dbo.dnt_spacemoduledefs                | 12      |
| dbo.dnt_spacethemes                    | 12      |
| dbo.Peak_Base                          | 12      |
| dbo.dnt_photos                         | 11      |
| dbo.dnt_polls                          | 10      |
| dbo.Peak_LiJinServerDatabase           | 10      |
| dbo.Peak_LiJinServerDatabase           | 10      |
| dbo.Peak_ReceiveMessage                | 10      |
| dbo.dnt_albumcategories                | 9       |
| dbo.Peak_Bidding_Batch                 | 9       |
| dbo.dnt_attachtypes                    | 8       |
| dbo.Peak_Auction                       | 7       |
| dbo.dnt_navs                           | 6       |
| dbo.dnt_spacemodules                   | 6       |
| dbo.dnt_templates                      | 6       |
| dbo.Peak_SendLeadMobile                | 6       |
| dbo.dnt_spacetabs                      | 5       |
| dbo.dnt_admingroups                    | 3       |
| dbo.dnt_albums                         | 3       |
| dbo.dnt_phototags                      | 3       |
| dbo.dnt_searchcaches                   | 3       |
| dbo.Peak_Leader                        | 3       |
| dbo.Peak_Scheduling                    | 3       |
| dbo.dnt_bbcodes                        | 2       |
| dbo.dnt_spaceconfigs                   | 2       |
| dbo.dnt_spaceposts                     | 2       |
| dbo.dnt_tablelist                      | 2       |
| dbo.D99_Tmp                            | 1       |
| dbo.dnt_announcements                  | 1       |
| dbo.dnt_attachpaymentlog               | 1       |
| dbo.dnt_debates                        | 1       |
| dbo.dnt_forumlinks                     | 1       |
| dbo.dnt_postid                         | 1       |
| dbo.dnt_statistics                     | 1       |
| dbo.Peak_SMS_SendQueue                 | 1       |
+----------------------------------------+---------+

漏洞证明：

Database: Peak
+----------------------------------------+---------+
| Table                                  | Entries |
+----------------------------------------+---------+
| dbo.Peak_Saleroom_tmp                  | 3088501 |
| dbo.Peak_Saleroom_tmp                  | 3088501 |
| dbo.Peak_SMS_History                   | 1165101 |
| dbo.dnt_posts1                         | 309261  |
| dbo.Peak_ShopRelations                 | 261382  |
| dbo.BI_Shop                            | 103959  |
| dbo.temp                               | 31037   |
| dbo.VW_Shop                            | 29157   |
| dbo.Peak_BI_LiJin                      | 20772   |
| dbo.dnt_myposts                        | 20142   |
| dbo.dnt_posts2                         | 18466   |
| dbo.Peak_Picture                       | 17651   |
| dbo.Peak_Product_Picture               | 17651   |
| dbo.VW_QD_Shop                         | 16974   |
| dbo.vw_EAS_LJ_SHOP                     | 16291   |
| dbo.TMP150                             | 15303   |
| dbo.Peak_BI_QuDao                      | 14930   |
| dbo.TMP159                             | 14758   |
| dbo.dnt_topics                         | 12519   |
| dbo.TMP158                             | 12401   |
| dbo.TMP135                             | 11780   |
| dbo.dnt_attachments                    | 9370    |
| dbo.TMP187                             | 9179    |
| dbo.TMP151                             | 8482    |
| dbo.VW_ShopRelations                   | 8468    |
| dbo.Peak_BI_EAS                        | 8385    |
| dbo.TMP136                             | 7340    |
| dbo.Peak_Discount                      | 6708    |
| dbo.TMP139                             | 6355    |
| dbo.dnt_scheduledevents                | 6298    |
| dbo.Peak_UserRole                      | 5776    |
| dbo.TMP137                             | 5481    |
| dbo.dnt_userfields                     | 5120    |
| dbo.dnt_users                          | 5120    |
| dbo.dnt_pms                            | 4826    |
| dbo.TMP188                             | 4807    |
| dbo.TMP182                             | 4373    |
| dbo.Peak_CorrivalShop                  | 4173    |
| dbo.TMP138                             | 3277    |
| dbo.Peak_User                          | 2692    |
| dbo.Peak_City                          | 2556    |
| dbo.dnt_statvars                       | 1521    |
| dbo.dnt_mytopics                       | 1253    |
| dbo.dnt_myattachments                  | 1009    |
| dbo.dnt_words                          | 690     |
| dbo.dnt_trendstat                      | 669     |
| dbo.dnt_onlinetime                     | 506     |
| dbo.Peak_SaleQuotiety                  | 498     |
| dbo.Peak_RolePermission                | 496     |
| dbo.Peak_RolePermission                | 496     |
| dbo.Peak_Customers                     | 365     |
| dbo.T_lijintemp                        | 324     |
| dbo.dnt_creditslog                     | 224     |
| dbo.sys_RolePermission                 | 220     |
| dbo.dnt_adminvisitlog                  | 210     |
| dbo.Peak_UpdateLog_ModuleList          | 197     |
| dbo.Peak_UpdateLog_ModuleList          | 197     |
| dbo.Peak_UpdateLog_ModuleList          | 197     |
| dbo.Peak_ReceiptMessage                | 187     |
| dbo.dnt_moderatormanagelog             | 118     |
| dbo.Peak_EasAgent_temp                 | 112     |
| dbo.dnt_stats                          | 103     |
| dbo.dnt_medalslog                      | 102     |
| dbo.dnt_medalslog                      | 102     |
| dbo.Peak_SendMessage                   | 100     |
| dbo.Peak_EasAgent_his                  | 90      |
| dbo.Peak_EasAgent_his                  | 90      |
| dbo.dnt_smilies                        | 88      |
| dbo.Peak_Agent                         | 87      |
| dbo.VW_WareHouseAgent                  | 85      |
| dbo.Peak_PositionOrOrgExplainsHis      | 81      |
| dbo.Peak_Shop                          | 70      |
| dbo.Peak_Menu                          | 64      |
| dbo.dnt_topictags                      | 58      |
| dbo.dnt_tags                           | 52      |
| dbo.Peak_Module                        | 52      |
| dbo.Peak_Bidding_Material_Detail       | 48      |
| dbo.Peak_Bidding_Material_Detail       | 48      |
| dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
| dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
| dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
| dbo.dnt_polloptions                    | 32      |
| dbo.dnt_favorites                      | 30      |
| dbo.dnt_help                           | 29      |
| dbo.dnt_paymentlog                     | 28      |
| dbo.Peak_Map                           | 27      |
| dbo.dnt_forumfields                    | 26      |
| dbo.dnt_forums                         | 26      |
| dbo.dnt_moderators                     | 26      |
| dbo.dnt_topictagcaches                 | 26      |
| dbo.WCRTEMP00006                       | 24      |
| dbo.dnt_debatediggs                    | 23      |
| dbo.S3_Tmp                             | 22      |
| dbo.dnt_postdebatefields               | 21      |
| dbo.Peak_AllowAccessPerson             | 18      |
| dbo.dnt_topicidentify                  | 17      |
| dbo.dnt_onlinelist                     | 16      |
| dbo.dnt_onlinelist                     | 16      |
| dbo.Peak_Bidding_Discuss               | 16      |
| dbo.dnt_usergroups                     | 15      |
| dbo.Peak_PayStubNotDisplayItem         | 15      |
| dbo.dnt_spacemoduledefs                | 12      |
| dbo.dnt_spacethemes                    | 12      |
| dbo.Peak_Base                          | 12      |
| dbo.dnt_photos                         | 11      |
| dbo.dnt_polls                          | 10      |
| dbo.Peak_LiJinServerDatabase           | 10      |
| dbo.Peak_LiJinServerDatabase           | 10      |
| dbo.Peak_ReceiveMessage                | 10      |
| dbo.dnt_albumcategories                | 9       |
| dbo.Peak_Bidding_Batch                 | 9       |
| dbo.dnt_attachtypes                    | 8       |
| dbo.Peak_Auction                       | 7       |
| dbo.dnt_navs                           | 6       |
| dbo.dnt_spacemodules                   | 6       |
| dbo.dnt_templates                      | 6       |
| dbo.Peak_SendLeadMobile                | 6       |
| dbo.dnt_spacetabs                      | 5       |
| dbo.dnt_admingroups                    | 3       |
| dbo.dnt_albums                         | 3       |
| dbo.dnt_phototags                      | 3       |
| dbo.dnt_searchcaches                   | 3       |
| dbo.Peak_Leader                        | 3       |
| dbo.Peak_Scheduling                    | 3       |
| dbo.dnt_bbcodes                        | 2       |
| dbo.dnt_spaceconfigs                   | 2       |
| dbo.dnt_spaceposts                     | 2       |
| dbo.dnt_tablelist                      | 2       |
| dbo.D99_Tmp                            | 1       |
| dbo.dnt_announcements                  | 1       |
| dbo.dnt_attachpaymentlog               | 1       |
| dbo.dnt_debates                        | 1       |
| dbo.dnt_forumlinks                     | 1       |
| dbo.dnt_postid                         | 1       |
| dbo.dnt_statistics                     | 1       |
| dbo.Peak_SMS_SendQueue                 | 1       |
+----------------------------------------+---------+

修复方案：

版权声明：转载请注明来源 DeadSea@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2016-04-11 21:10

厂商回复：

漏洞Rank：15 (WooYun评价)

漏洞评价：

评价

2016-04-07 01:34 | Mr.li ( 路人 | Rank:21 漏洞数:9 | 爱萌妹子的骚年~)

突然想把自己用户名改成某厂商。/是不是很邪恶~

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0193268

漏洞标题：匹克某站点站多处SQL注入(泄露300w敏感信息/等)

相关厂商：epeaksport.com

漏洞作者： DeadSea

提交时间：2016-04-06 21:00

修复时间：2016-04-11 21:10

公开时间：2016-04-11 21:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 DeadSea@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0193268

漏洞标题：匹克某站点站多处SQL注入(泄露300w敏感信息/等)

相关厂商：epeaksport.com

漏洞作者： DeadSea

提交时间：2016-04-06 21:00

修复时间：2016-04-11 21:10

公开时间：2016-04-11 21:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0193268"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 DeadSea@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：