天语手机支付漏洞+SQL注入 | wooyun-2012-011383| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-011383

漏洞标题：天语手机支付漏洞+SQL注入

漏洞作者： zhk

提交时间：2012-08-26 22:09

修复时间：2012-10-10 22:10

公开时间：2012-10-10 22:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2012-08-26：细节已通知厂商并且等待厂商处理中
2012-08-29：厂商已经确认，细节仅向厂商公开
2012-09-08：细节向核心白帽子及相关领域专家公开
2012-09-18：细节向普通白帽子公开
2012-09-28：细节向实习白帽子公开
2012-10-10：细节向公众公开
简要描述：

天语手机支付漏洞+SQL注入
我相信在乌云，不止我知道
支付漏洞现在一般是利用不成了，看数据库里早在11年就有人下0.01元的订单了
主要是还有个付款金额会显示0.01，不过加上SQL注入可以把它改掉。
详细说明：

注入点:http://www.k-touch.cn/product/detail?prod_id=39
这里只列一个，其它的自己排查
这里付款的我不想再付，就用之前的截图了
漏洞证明：

Database: kt_system                                                                                                                                  
[7 tables]
+---------------------------------------+
| kt_admin                              |
| kt_category                           |
| kt_cms                                |
| kt_feedback                           |
| kt_mem_login                          |
| kt_region                             |
| kt_setting                            |
+---------------------------------------+
Database: ivy_tianyu
[30 tables]
+---------------------------------------+
| ivy_active_info                       |
| ivy_ad_info                           |
| ivy_admin_info                        |
| ivy_card_info                         |
| ivy_card_log                          |
| ivy_cart                              |
| ivy_cat_info                          |
| ivy_city                              |
| ivy_county                            |
| ivy_download_info                     |
| ivy_faq_info                          |
| ivy_image_info                        |
| ivy_news_info                         |
| ivy_order_info                        |
| ivy_order_info_0814                   |
| ivy_order_log                         |
| ivy_order_product                     |
| ivy_order_product_0817                |
| ivy_order_refund                      |
| ivy_package_info                      |
| ivy_product_info                      |
| ivy_province                          |
| ivy_service                           |
| ivy_shop_info                         |
| ivy_shop_info_0812                    |
| ivy_spec_info                         |
| ivy_user_address                      |
| ivy_user_order                        |
| ivy_user_order_0814                   |
| ivy_works                             |
+---------------------------------------+
Database: nagios
[1 table]
+---------------------------------------+
| test                                  |
+---------------------------------------+
Database: kt_order
[9 tables]
+---------------------------------------+
| kt_address                            |
| kt_at_product                         |
| kt_at_store                           |
| kt_cart                               |
| kt_lsxx_copy                          |
| kt_order                              |
| kt_order_detail                       |
| kt_refunddetail                       |
| kt_refundinfo                         |
+---------------------------------------+
Database: kt_store
[17 tables]
+---------------------------------------+
| kt_attrib                             |
| kt_category                           |
| kt_interests                          |
| kt_interests_detail                   |
| kt_lsxx                               |
| kt_product                            |
| kt_product_attrib                     |
| kt_product_comment                    |
| kt_product_content                    |
| kt_product_details                    |
| kt_product_photo                      |
| kt_product_tag                        |
| kt_store                              |
| kt_store_comment                      |
| kt_store_image                        |
| kt_store_log                          |
| kt_store_logistics                    |
+---------------------------------------+
Database: kt_user
[15 tables]
+---------------------------------------+
| kt_cart                               |
| kt_comment                            |
| kt_mobile                             |
| kt_mobile_imei                        |
| kt_msg                                |
| kt_msg_content                        |
| kt_user_basic                         |
| kt_user_basic_test                    |
| kt_user_count                         |
| kt_user_forget                        |
| kt_user_getpwd                        |
| kt_user_log                           |
| kt_user_online                        |
| kt_user_profile                       |
| kt_user_redpackage                    |
+---------------------------------------+
Database: mysql
[25 tables]
+---------------------------------------+
| columns_priv                          |
| db                                    |
| event                                 |
| func                                  |
| general_log                           |
| ghost                                 |
| help_category                         |
| help_keyword                          |
| help_relation                         |
| help_topic                            |
| host                                  |
| ndb_binlog_index                      |
| plugin                                |
| proc                                  |
| procs_priv                            |
| servers                               |
| slow_log                              |
| tables_priv                           |
| tempMix4                              |
| time_zone                             |
| time_zone_leap_second                 |
| time_zone_name                        |
| time_zone_transition                  |
| time_zone_transition_type             |
| user                                  |
+---------------------------------------+
Database: test
[1 table]
+---------------------------------------+
| test                                  |
+---------------------------------------+
Database: kt_cms
[4 tables]
+---------------------------------------+
| kt_ads                                |
| kt_cms                                |
| kt_cms_module                         |
| kt_cms_module_detail                  |
+---------------------------------------+
Database: ivy_bbs
[250 tables]
+---------------------------------------+
| pre_common_addon                      |
| pre_common_admincp_cmenu              |
| pre_common_admincp_group              |
| pre_common_admincp_member             |
| pre_common_admincp_perm               |
| pre_common_admincp_session            |
| pre_common_admingroup                 |
| pre_common_adminnote                  |
| pre_common_advertisement              |
| pre_common_advertisement_custom       |
| pre_common_banned                     |
| pre_common_block                      |
| pre_common_block_favorite             |
| pre_common_block_item                 |
| pre_common_block_item_data            |
| pre_common_block_permission           |
| pre_common_block_pic                  |
| pre_common_block_style                |
| pre_common_block_xml                  |
| pre_common_cache                      |
| pre_common_card                       |
| pre_common_card_log                   |
| pre_common_card_type                  |
| pre_common_credit_log                 |
| pre_common_credit_rule                |
| pre_common_credit_rule_log            |
| pre_common_credit_rule_log_field      |
| pre_common_cron                       |
| pre_common_district                   |
| pre_common_diy_data                   |
| pre_common_domain                     |
| pre_common_failedlogin                |
| pre_common_friendlink                 |
| pre_common_grouppm                    |
| pre_common_invite                     |
| pre_common_magic                      |
| pre_common_magiclog                   |
| pre_common_mailcron                   |
| pre_common_mailqueue                  |
| pre_common_member                     |
| pre_common_member_action_log          |
| pre_common_member_connect             |
| pre_common_member_count               |
| pre_common_member_field_forum         |
| pre_common_member_field_home          |
| pre_common_member_grouppm             |
| pre_common_member_log                 |
| pre_common_member_magic               |
| pre_common_member_profile             |
| pre_common_member_profile_setting     |
| pre_common_member_security            |
| pre_common_member_stat_field          |
| pre_common_member_stat_fieldcache     |
| pre_common_member_stat_search         |
| pre_common_member_stat_searchcache    |
| pre_common_member_status              |
| pre_common_member_validate            |
| pre_common_member_verify              |
| pre_common_member_verify_info         |
| pre_common_moderate                   |
| pre_common_myapp                      |
| pre_common_myinvite                   |
| pre_common_mytask                     |
| pre_common_nav                        |
| pre_common_onlinetime                 |
| pre_common_plugin                     |
| pre_common_pluginvar                  |
| pre_common_process                    |
| pre_common_regip                      |
| pre_common_relatedlink                |
| pre_common_report                     |
| pre_common_searchindex                |
| pre_common_secquestion                |
| pre_common_session                    |
| pre_common_setting                    |
| pre_common_smiley                     |
| pre_common_sphinxcounter              |
| pre_common_stat                       |
| pre_common_statuser                   |
| pre_common_style                      |
| pre_common_stylevar                   |
| pre_common_syscache                   |
| pre_common_tag                        |
| pre_common_tagitem                    |
| pre_common_task                       |
| pre_common_taskvar                    |
| pre_common_template                   |
| pre_common_template_block             |
| pre_common_template_permission        |
| pre_common_uin_black                  |
| pre_common_usergroup                  |
| pre_common_usergroup_field            |
| pre_common_word                       |
| pre_common_word_type                  |
| pre_connect_feedlog                   |
| pre_connect_memberbindlog             |
| pre_connect_tlog                      |
| pre_dsu_paulsign                      |
| pre_dsu_paulsignset                   |
| pre_forum_access                      |
| pre_forum_activity                    |
| pre_forum_activityapply               |
| pre_forum_announcement                |
| pre_forum_attachment                  |
| pre_forum_attachment_0                |
| pre_forum_attachment_1                |
| pre_forum_attachment_2                |
| pre_forum_attachment_3                |
| pre_forum_attachment_4                |
| pre_forum_attachment_5                |
| pre_forum_attachment_6                |
| pre_forum_attachment_7                |
| pre_forum_attachment_8                |
| pre_forum_attachment_9                |
| pre_forum_attachment_unused           |
| pre_forum_attachtype                  |
| pre_forum_bbcode                      |
| pre_forum_creditslog                  |
| pre_forum_debate                      |
| pre_forum_debatepost                  |
| pre_forum_faq                         |
| pre_forum_forum                       |
| pre_forum_forum_threadtable           |
| pre_forum_forumfield                  |
| pre_forum_forumrecommend              |
| pre_forum_groupcreditslog             |
| pre_forum_groupfield                  |
| pre_forum_groupinvite                 |
| pre_forum_grouplevel                  |
| pre_forum_groupranking                |
| pre_forum_groupuser                   |
| pre_forum_imagetype                   |
| pre_forum_medal                       |
| pre_forum_medallog                    |
| pre_forum_memberrecommend             |
| pre_forum_moderator                   |
| pre_forum_modwork                     |
| pre_forum_onlinelist                  |
| pre_forum_order                       |
| pre_forum_poll                        |
| pre_forum_polloption                  |
| pre_forum_pollvoter                   |
| pre_forum_post                        |
| pre_forum_post_tableid                |
| pre_forum_postcomment                 |
| pre_forum_postlog                     |
| pre_forum_postposition                |
| pre_forum_poststick                   |
| pre_forum_promotion                   |
| pre_forum_ratelog                     |
| pre_forum_relatedthread               |
| pre_forum_replycredit                 |
| pre_forum_rsscache                    |
| pre_forum_spacecache                  |
| pre_forum_statlog                     |
| pre_forum_thread                      |
| pre_forum_threadclass                 |
| pre_forum_threadimage                 |
| pre_forum_threadlog                   |
| pre_forum_threadmod                   |
| pre_forum_threadpartake               |
| pre_forum_threadrush                  |
| pre_forum_threadtype                  |
| pre_forum_trade                       |
| pre_forum_tradecomment                |
| pre_forum_tradelog                    |
| pre_forum_typeoption                  |
| pre_forum_typeoptionvar               |
| pre_forum_typevar                     |
| pre_forum_warning                     |
| pre_home_album                        |
| pre_home_album_category               |
| pre_home_appcreditlog                 |
| pre_home_blacklist                    |
| pre_home_blog                         |
| pre_home_blog_category                |
| pre_home_blogfield                    |
| pre_home_class                        |
| pre_home_click                        |
| pre_home_clickuser                    |
| pre_home_comment                      |
| pre_home_docomment                    |
| pre_home_doing                        |
| pre_home_favorite                     |
| pre_home_feed                         |
| pre_home_feed_app                     |
| pre_home_friend                       |
| pre_home_friend_request               |
| pre_home_friendlog                    |
| pre_home_notification                 |
| pre_home_pic                          |
| pre_home_picfield                     |
| pre_home_poke                         |
| pre_home_pokearchive                  |
| pre_home_share                        |
| pre_home_show                         |
| pre_home_specialuser                  |
| pre_home_userapp                      |
| pre_home_userappfield                 |
| pre_home_visitor                      |
| pre_portal_article_content            |
| pre_portal_article_count              |
| pre_portal_article_related            |
| pre_portal_article_title              |
| pre_portal_article_trash              |
| pre_portal_attachment                 |
| pre_portal_category                   |
| pre_portal_category_permission        |
| pre_portal_comment                    |
| pre_portal_rsscache                   |
| pre_portal_topic                      |
| pre_portal_topic_pic                  |
| pre_ucenter_admins                    |
| pre_ucenter_applications              |
| pre_ucenter_badwords                  |
| pre_ucenter_domains                   |
| pre_ucenter_failedlogins              |
| pre_ucenter_feeds                     |
| pre_ucenter_friends                   |
| pre_ucenter_mailqueue                 |
| pre_ucenter_memberfields              |
| pre_ucenter_members                   |
| pre_ucenter_mergemembers              |
| pre_ucenter_newpm                     |
| pre_ucenter_notelist                  |
| pre_ucenter_pm_indexes                |
| pre_ucenter_pm_lists                  |
| pre_ucenter_pm_members                |
| pre_ucenter_pm_messages_0             |
| pre_ucenter_pm_messages_1             |
| pre_ucenter_pm_messages_2             |
| pre_ucenter_pm_messages_3             |
| pre_ucenter_pm_messages_4             |
| pre_ucenter_pm_messages_5             |
| pre_ucenter_pm_messages_6             |
| pre_ucenter_pm_messages_7             |
| pre_ucenter_pm_messages_8             |
| pre_ucenter_pm_messages_9             |
| pre_ucenter_protectedmembers          |
| pre_ucenter_settings                  |
| pre_ucenter_sqlcache                  |
| pre_ucenter_tags                      |
| pre_ucenter_vars                      |
| pre_xwb_bind_info                     |
| pre_xwb_bind_thread                   |
| pre_xwb_session                       |
| temp2                                 |
| temp3                                 |
| test2                                 |
| udf_temp                              |
+---------------------------------------+
Database: tianyu
[316 tables]
+---------------------------------------+
| ivy_ad_info                           |
| ivy_admin_info                        |
| ivy_download_info                     |
| ivy_image_info                        |
| ivy_news_info                         |
| pre_common_addon                      |
| pre_common_admincp_cmenu              |
| pre_common_admincp_group              |
| pre_common_admincp_member             |
| pre_common_admincp_perm               |
| pre_common_admincp_session            |
| pre_common_admingroup                 |
| pre_common_adminnote                  |
| pre_common_advertisement              |
| pre_common_advertisement_custom       |
| pre_common_banned                     |
| pre_common_block                      |
| pre_common_block_favorite             |
| pre_common_block_item                 |
| pre_common_block_item_data            |
| pre_common_block_permission           |
| pre_common_block_pic                  |
| pre_common_block_style                |
| pre_common_block_xml                  |
| pre_common_cache                      |
| pre_common_card                       |
| pre_common_card_log                   |
| pre_common_card_type                  |
| pre_common_credit_log                 |
| pre_common_credit_rule                |
| pre_common_credit_rule_log            |
| pre_common_credit_rule_log_field      |
| pre_common_cron                       |
| pre_common_district                   |
| pre_common_diy_data                   |
| pre_common_domain                     |
| pre_common_failedlogin                |
| pre_common_friendlink                 |
| pre_common_grouppm                    |
| pre_common_invite                     |
| pre_common_magic                      |
| pre_common_magiclog                   |
| pre_common_mailcron                   |
| pre_common_mailqueue                  |
| pre_common_member                     |
| pre_common_member_action_log          |
| pre_common_member_connect             |
| pre_common_member_count               |
| pre_common_member_field_forum         |
| pre_common_member_field_home          |
| pre_common_member_grouppm             |
| pre_common_member_log                 |
| pre_common_member_magic               |
| pre_common_member_profile             |
| pre_common_member_profile_setting     |
| pre_common_member_security            |
| pre_common_member_stat_field          |
| pre_common_member_stat_fieldcache     |
| pre_common_member_stat_search         |
| pre_common_member_stat_searchcache    |
| pre_common_member_status              |
| pre_common_member_validate            |
| pre_common_member_verify              |
| pre_common_member_verify_info         |
| pre_common_moderate                   |
| pre_common_myapp                      |
| pre_common_myinvite                   |
| pre_common_mytask                     |
| pre_common_nav                        |
| pre_common_onlinetime                 |
| pre_common_plugin                     |
| pre_common_pluginvar                  |
| pre_common_process                    |
| pre_common_regip                      |
| pre_common_relatedlink                |
| pre_common_report                     |
| pre_common_searchindex                |
| pre_common_secquestion                |
| pre_common_session                    |
| pre_common_setting                    |
| pre_common_smiley                     |
| pre_common_sphinxcounter              |
| pre_common_stat                       |
| pre_common_statuser                   |
| pre_common_style                      |
| pre_common_stylevar                   |
| pre_common_syscache                   |
| pre_common_tag                        |
| pre_common_tagitem                    |
| pre_common_task                       |
| pre_common_taskvar                    |
| pre_common_template                   |
| pre_common_template_block             |
| pre_common_template_permission        |
| pre_common_uin_black                  |
| pre_common_usergroup                  |
| pre_common_usergroup_field            |
| pre_common_word                       |
| pre_common_word_type                  |
| pre_connect_feedlog                   |
| pre_connect_memberbindlog             |
| pre_connect_tlog                      |
| pre_dsu_paulsign                      |
| pre_dsu_paulsignset                   |
| pre_forum_access                      |
| pre_forum_activity                    |
| pre_forum_activityapply               |
| pre_forum_announcement                |
| pre_forum_attachment                  |
| pre_forum_attachment_0                |
| pre_forum_attachment_1                |
| pre_forum_attachment_2                |
| pre_forum_attachment_3                |
| pre_forum_attachment_4                |
| pre_forum_attachment_5                |
| pre_forum_attachment_6                |
| pre_forum_attachment_7                |
| pre_forum_attachment_8                |
| pre_forum_attachment_9                |
| pre_forum_attachment_unused           |
| pre_forum_attachtype                  |
| pre_forum_bbcode                      |
| pre_forum_creditslog                  |
| pre_forum_debate                      |
| pre_forum_debatepost                  |
| pre_forum_faq                         |
| pre_forum_forum                       |
| pre_forum_forum_threadtable           |
| pre_forum_forumfield                  |
| pre_forum_forumrecommend              |
| pre_forum_groupcreditslog             |
| pre_forum_groupfield                  |
| pre_forum_groupinvite                 |
| pre_forum_grouplevel                  |
| pre_forum_groupranking                |
| pre_forum_groupuser                   |
| pre_forum_imagetype                   |
| pre_forum_medal                       |
| pre_forum_medallog                    |
| pre_forum_memberrecommend             |
| pre_forum_moderator                   |
| pre_forum_modwork                     |
| pre_forum_onlinelist                  |
| pre_forum_order                       |
| pre_forum_poll                        |
| pre_forum_polloption                  |
| pre_forum_pollvoter                   |
| pre_forum_post                        |
| pre_forum_post_tableid                |
| pre_forum_postcomment                 |
| pre_forum_postlog                     |
| pre_forum_postposition                |
| pre_forum_poststick                   |
| pre_forum_promotion                   |
| pre_forum_ratelog                     |
| pre_forum_relatedthread               |
| pre_forum_replycredit                 |
| pre_forum_rsscache                    |
| pre_forum_spacecache                  |
| pre_forum_statlog                     |
| pre_forum_thread                      |
| pre_forum_threadclass                 |
| pre_forum_threadimage                 |
| pre_forum_threadlog                   |
| pre_forum_threadmod                   |
| pre_forum_threadpartake               |
| pre_forum_threadrush                  |
| pre_forum_threadtype                  |
| pre_forum_trade                       |
| pre_forum_tradecomment                |
| pre_forum_tradelog                    |
| pre_forum_typeoption                  |
| pre_forum_typeoptionvar               |
| pre_forum_typevar                     |
| pre_forum_warning                     |
| pre_home_album                        |
| pre_home_album_category               |
| pre_home_appcreditlog                 |
| pre_home_blacklist                    |
| pre_home_blog                         |
| pre_home_blog_category                |
| pre_home_blogfield                    |
| pre_home_class                        |
| pre_home_click                        |
| pre_home_clickuser                    |
| pre_home_comment                      |
| pre_home_docomment                    |
| pre_home_doing                        |
| pre_home_favorite                     |
| pre_home_feed                         |
| pre_home_feed_app                     |
| pre_home_friend                       |
| pre_home_friend_request               |
| pre_home_friendlog                    |
| pre_home_notification                 |
| pre_home_pic                          |
| pre_home_picfield                     |
| pre_home_poke                         |
| pre_home_pokearchive                  |
| pre_home_share                        |
| pre_home_show                         |
| pre_home_specialuser                  |
| pre_home_userapp                      |
| pre_home_userappfield                 |
| pre_home_visitor                      |
| pre_portal_article_content            |
| pre_portal_article_count              |
| pre_portal_article_related            |
| pre_portal_article_title              |
| pre_portal_article_trash              |
| pre_portal_attachment                 |
| pre_portal_category                   |
| pre_portal_category_permission        |
| pre_portal_comment                    |
| pre_portal_rsscache                   |
| pre_portal_topic                      |
| pre_portal_topic_pic                  |
| pre_ucenter_admins                    |
| pre_ucenter_applications              |
| pre_ucenter_badwords                  |
| pre_ucenter_domains                   |
| pre_ucenter_failedlogins              |
| pre_ucenter_feeds                     |
| pre_ucenter_friends                   |
| pre_ucenter_mailqueue                 |
| pre_ucenter_memberfields              |
| pre_ucenter_members                   |
| pre_ucenter_mergemembers              |
| pre_ucenter_newpm                     |
| pre_ucenter_notelist                  |
| pre_ucenter_pm_indexes                |
| pre_ucenter_pm_lists                  |
| pre_ucenter_pm_members                |
| pre_ucenter_pm_messages_0             |
| pre_ucenter_pm_messages_1             |
| pre_ucenter_pm_messages_2             |
| pre_ucenter_pm_messages_3             |
| pre_ucenter_pm_messages_4             |
| pre_ucenter_pm_messages_5             |
| pre_ucenter_pm_messages_6             |
| pre_ucenter_pm_messages_7             |
| pre_ucenter_pm_messages_8             |
| pre_ucenter_pm_messages_9             |
| pre_ucenter_protectedmembers          |
| pre_ucenter_settings                  |
| pre_ucenter_sqlcache                  |
| pre_ucenter_tags                      |
| pre_ucenter_vars                      |
| pre_xwb_bind_info                     |
| pre_xwb_bind_thread                   |
| pre_xwb_session                       |
| temp2                                 |
| temp3                                 |
| test2                                 |
| ty_access                             |
| ty_adlink                             |
| ty_admin                              |
| ty_application                        |
| ty_article                            |
| ty_asort                              |
| ty_card_info                          |
| ty_card_log                           |
| ty_charge                             |
| ty_city                               |
| ty_comment                            |
| ty_county                             |
| ty_deli_pay                           |
| ty_delive                             |
| ty_departments                        |
| ty_depletion                          |
| ty_dictionary                         |
| ty_down_info                          |
| ty_elec_coupon                        |
| ty_formodels                          |
| ty_help                               |
| ty_inventory                          |
| ty_job                                |
| ty_logistics                          |
| ty_mobile_info                        |
| ty_node                               |
| ty_notice                             |
| ty_order                              |
| ty_order_detail                       |
| ty_order_info                         |
| ty_order_log                          |
| ty_orderinfo_log                      |
| ty_ordetail                           |
| ty_product                            |
| ty_products_income                    |
| ty_promotion                          |
| ty_property                           |
| ty_propertyval                        |
| ty_province                           |
| ty_recommend                          |
| ty_refund                             |
| ty_resetpwd                           |
| ty_role                               |
| ty_role_user                          |
| ty_shop                               |
| ty_shouce_info                        |
| ty_sort                               |
| ty_spec                               |
| ty_syslog                             |
| ty_tech_cat                           |
| ty_type                               |
| ty_typeval                            |
| ty_uploadimg                          |
| ty_user                               |
| ty_user_info                          |
| ty_user_login                         |
| ty_user_points                        |
| ty_user_pointslog                     |
| ty_video_info                         |
| ty_xchg_order                         |
| ty_xchg_order_detail                  |
| udf_temp                              |
+---------------------------------------+
Database: information_schema
[54 tables]
+---------------------------------------+
| CHARACTER_SETS                        |
| CLIENT_STATISTICS                     |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_TEMPORARY_TABLES               |
| GLOBAL_VARIABLES                      |
| INDEX_STATISTICS                      |
| INNODB_BUFFER_POOL_PAGES              |
| INNODB_BUFFER_POOL_PAGES_BLOB         |
| INNODB_BUFFER_POOL_PAGES_INDEX        |
| INNODB_CMP                            |
| INNODB_CMPMEM                         |
| INNODB_CMPMEM_RESET                   |
| INNODB_CMP_RESET                      |
| INNODB_INDEX_STATS                    |
| INNODB_LOCKS                          |
| INNODB_LOCK_WAITS                     |
| INNODB_RSEG                           |
| INNODB_SYS_INDEXES                    |
| INNODB_SYS_STATS                      |
| INNODB_SYS_TABLES                     |
| INNODB_TABLE_STATS                    |
| INNODB_TRX                            |
| KEY_COLUMN_USAGE                      |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| QUERY_RESPONSE_TIME                   |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
| TABLES                                |
| TABLE_CONSTRAINTS                     |
| TABLE_PRIVILEGES                      |
| TABLE_STATISTICS                      |
| TEMPORARY_TABLES                      |
| THREAD_STATISTICS                     |
| TRIGGERS                              |
| USER_PRIVILEGES                       |
| USER_STATISTICS                       |
| VIEWS                                 |
| XTRADB_ADMIN_COMMAND                  |
| XTRADB_ENHANCEMENTS                   |
+---------------------------------------+
修复方案：

改吧
版权声明：转载请注明来源 zhk@乌云

漏洞回应

厂商回应：

危害等级：高
漏洞Rank：15
确认时间：2012-08-29 23:54
厂商回复：

CNVD确认漏洞情况（未直接复现支付漏洞，复现SQL注入情况），已由CNVD直接联系网站管理方进行处置。
按丙个漏洞累计计分，其中，SQL注入按完全影响机密性进行评分，支付漏洞按部分影响完整性、可用性进行评分,rank=7.79*1.0*1.0+6.42*1.0*1.2=15.494
WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-011383

漏洞标题：天语手机支付漏洞+SQL注入

相关厂商：天语手机

漏洞作者： zhk

提交时间：2012-08-26 22:09

修复时间：2012-10-10 22:10

公开时间：2012-10-10 22:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 zhk@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-011383

漏洞标题：天语手机支付漏洞+SQL注入

相关厂商：天语手机

漏洞作者： zhk

提交时间：2012-08-26 22:09

修复时间：2012-10-10 22:10

公开时间：2012-10-10 22:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2012-011383"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 zhk@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：
