海尔旗下某产品网站存SQL注入漏洞，可获取管理员信息

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-026874

漏洞标题：海尔旗下某产品网站存SQL注入漏洞，可获取管理员信息

漏洞作者： lucky

提交时间：2013-06-25 16:08

修复时间：2013-06-25 18:00

公开时间：2013-06-25 18:00

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：10

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2013-06-25：细节已通知厂商并且等待厂商处理中
2013-06-25：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

海尔旗下某产品网站存SQL注入漏洞，可获取管理员信息

详细说明：

http://www.casarte.cn/ksd/list.php?city=%E5%8C%97%E4%BA%AC

漏洞证明：

back-end DBMS: MySQL 5.0.11
[03:59:56] [INFO] fetching tables for database: 'ultrax'
Database: ultrax
[500 tables]
+---------------------------------------+
| chat_admin                            |
| chat_anwser                           |
| chat_anwservalue                      |
| chat_customgroup                      |
| chat_ele                              |
| chat_keywords                         |
| chat_kfanswer                         |
| chat_log                              |
| chat_pals                             |
| chat_session                          |
| chat_transfer_fileinfo                |
| chat_txt                              |
| chat_users                            |
| ecs_account_log                       |
| ecs_ad                                |
| ecs_ad_custom                         |
| ecs_ad_position                       |
| ecs_admin_action                      |
| ecs_admin_log                         |
| ecs_admin_message                     |
| ecs_admin_user                        |
| ecs_adsense                           |
| ecs_affiliate_log                     |
| ecs_agency                            |
| ecs_area_region                       |
| ecs_article                           |
| ecs_article_cat                       |
| ecs_attribute                         |
| ecs_auction_log                       |
| ecs_auto_manage                       |
| ecs_back_goods                        |
| ecs_back_order                        |
| ecs_bonus_type                        |
| ecs_booking_goods                     |
| ecs_brand                             |
| ecs_card                              |
| ecs_cart                              |
| ecs_cat_recommend                     |
| ecs_cate_seo                          |
| ecs_category                          |
| ecs_collect_goods                     |
| ecs_comment                           |
| ecs_comment_evaluate                  |
| ecs_comment_extend                    |
| ecs_comment_goods_category            |
| ecs_comment_result                    |
| ecs_comment_tag                       |
| ecs_comment_user_tag                  |
| ecs_crons                             |
| ecs_delivery_goods                    |
| ecs_delivery_order                    |
| ecs_email_list                        |
| ecs_email_sendlist                    |
| ecs_error_log                         |
| ecs_exchange_goods                    |
| ecs_favourable_activity               |
| ecs_feedback                          |
| ecs_friend_link                       |
| ecs_goods                             |
| ecs_goods_activity                    |
| ecs_goods_article                     |
| ecs_goods_attr                        |
| ecs_goods_cat                         |
| ecs_goods_gallery                     |
| ecs_goods_recommend                   |
| ecs_goods_type                        |
| ecs_group_goods                       |
| ecs_keywords                          |
| ecs_link_goods                        |
| ecs_mail_templates                    |
| ecs_member_price                      |
| ecs_nav                               |
| ecs_order_action                      |
| ecs_order_goods                       |
| ecs_order_info                        |
| ecs_pack                              |
| ecs_package_goods                     |
| ecs_pay_log                           |
| ecs_payment                           |
| ecs_plugins                           |
| ecs_products                          |
| ecs_reg_extend_info                   |
| ecs_reg_fields                        |
| ecs_region                            |
| ecs_role                              |
| ecs_searchengine                      |
| ecs_sessions                          |
| ecs_sessions_copy                     |
| ecs_sessions_data                     |
| ecs_shipping                          |
| ecs_shipping_area                     |
| ecs_shop_config                       |
| ecs_snatch_log                        |
| ecs_stats                             |
| ecs_suppliers                         |
| ecs_tag                               |
| ecs_template                          |
| ecs_topic                             |
| ecs_user_account                      |
| ecs_user_address                      |
| ecs_user_bonus                        |
| ecs_user_feed                         |
| ecs_user_goods_views                  |
| ecs_user_rank                         |
| ecs_users                             |
| ecs_virtual_card                      |
| ecs_volume_price                      |
| ecs_vote                              |
| ecs_vote_log                          |
| ecs_vote_option                       |
| ecs_wholesale                         |
| k_feedback                            |
| k_ip                                  |
| k_originality                         |
| piwik_access                          |
| piwik_archive_blob_2012_01            |
| piwik_archive_blob_2012_08            |
| piwik_archive_blob_2012_09            |
| piwik_archive_blob_2012_10            |
| piwik_archive_numeric_2012_01         |
| piwik_archive_numeric_2012_08         |
| piwik_archive_numeric_2012_09         |
| piwik_archive_numeric_2012_10         |
| piwik_goal                            |
| piwik_log_action                      |
| piwik_log_conversion                  |
| piwik_log_conversion_item             |
| piwik_log_link_visit_action           |
| piwik_log_profiling                   |
| piwik_log_visit                       |
| piwik_logger_api_call                 |
| piwik_logger_error                    |
| piwik_logger_exception                |
| piwik_logger_message                  |
| piwik_option                          |
| piwik_report                          |
| piwik_session                         |
| piwik_site                            |
| piwik_site_url                        |
| piwik_user                            |
| piwik_user_dashboard                  |
| piwik_user_language                   |
| piwik_userlist                        |
| pre_ac_gift                           |
| pre_ac_info                           |
| pre_ac_prize_log                      |
| pre_ac_prize_log_bf                   |
| pre_ac_rule                           |
| pre_ac_statistics                     |
| pre_ac_survey                         |
| pre_common_addon                      |
| pre_common_admincp_group              |
| pre_common_admincp_member             |
| pre_common_admincp_perm               |
| pre_common_admincp_session            |
| pre_common_admingroup                 |
| pre_common_adminnote                  |
| pre_common_adminsession               |
| pre_common_advertisement              |
| pre_common_advertisement_custom       |
| pre_common_banned                     |
| pre_common_block                      |
| pre_common_block_item                 |
| pre_common_block_item_archive         |
| pre_common_block_permission           |
| pre_common_block_style                |
| pre_common_cache                      |
| pre_common_credit_log                 |
| pre_common_credit_rule                |
| pre_common_credit_rule_log            |
| pre_common_credit_rule_log_field      |
| pre_common_cron                       |
| pre_common_district                   |
| pre_common_diy_data                   |
| pre_common_edm_log                    |
| pre_common_failedlogin                |
| pre_common_friendlink                 |
| pre_common_invite                     |
| pre_common_magic                      |
| pre_common_magiclog                   |
| pre_common_mailcron                   |
| pre_common_mailqueue                  |
| pre_common_member                     |
| pre_common_member_count               |
| pre_common_member_emailstatuslog      |
| pre_common_member_field_forum         |
| pre_common_member_field_home          |
| pre_common_member_log                 |
| pre_common_member_loginlog            |
| pre_common_member_magic               |
| pre_common_member_profile             |
| pre_common_member_profile_setting     |
| pre_common_member_security            |
| pre_common_member_source              |
| pre_common_member_stat_field          |
| pre_common_member_stat_fieldcache     |
| pre_common_member_stat_search         |
| pre_common_member_stat_searchcache    |
| pre_common_member_status              |
| pre_common_member_validate            |
| pre_common_myapp                      |
| pre_common_myinvite                   |
| pre_common_mytask                     |
| pre_common_nav                        |
| pre_common_plugin                     |
| pre_common_pluginvar                  |
| pre_common_process                    |
| pre_common_regip                      |
| pre_common_report                     |
| pre_common_searchindex                |
| pre_common_searchindex_bf             |
| pre_common_secquestion                |
| pre_common_session                    |
| pre_common_setting                    |
| pre_common_smiley                     |
| pre_common_sphinxcounter              |
| pre_common_stat                       |
| pre_common_statuser                   |
| pre_common_style                      |
| pre_common_stylevar                   |
| pre_common_syscache                   |
| pre_common_task                       |
| pre_common_taskvar                    |
| pre_common_template                   |
| pre_common_template_block             |
| pre_common_usergroup                  |
| pre_common_usergroup_field            |
| pre_common_word                       |
| pre_custom_doodle_formula             |
| pre_custom_doodle_idear               |
| pre_custom_doodle_survey              |
| pre_custom_doodle_vote                |
| pre_custom_gongmao                    |
| pre_custom_gongmao_dist               |
| pre_custom_gongmao_user               |
| pre_customer_admin                    |
| pre_customer_problem                  |
| pre_customer_reply                    |
| pre_customer_reportadmin              |
| pre_customer_reportvote               |
| pre_dec_design                        |
| pre_dsu_paulsign                      |
| pre_dsu_paulsignset                   |
| pre_dsu_postfate                      |
| pre_dsu_postfate_stat                 |
| pre_eg_gift_address                   |
| pre_eg_gift_config                    |
| pre_eg_gift_creditconfig              |
| pre_eg_gift_feed                      |
| pre_eg_gift_goods                     |
| pre_eg_gift_message                   |
| pre_eg_gift_notify                    |
| pre_eg_gift_orders                    |
| pre_eg_gift_sort                      |
| pre_eg_goods_log                      |
| pre_expert_type                       |
| pre_forum_access                      |
| pre_forum_activity                    |
| pre_forum_activityapply               |
| pre_forum_announcement                |
| pre_forum_attachment                  |
| pre_forum_attachmentfield             |
| pre_forum_attachtype                  |
| pre_forum_bbcode                      |
| pre_forum_creditslog                  |
| pre_forum_debate                      |
| pre_forum_debatepost                  |
| pre_forum_faq                         |
| pre_forum_forum                       |
| pre_forum_forum_threadtable           |
| pre_forum_forumfield                  |
| pre_forum_forumrecommend              |
| pre_forum_groupcreditslog             |
| pre_forum_groupfield                  |
| pre_forum_groupinvite                 |
| pre_forum_grouplevel                  |
| pre_forum_groupranking                |
| pre_forum_groupuser                   |
| pre_forum_imagetype                   |
| pre_forum_medal                       |
| pre_forum_medallog                    |
| pre_forum_memberrecommend             |
| pre_forum_moderator                   |
| pre_forum_modwork                     |
| pre_forum_onlinelist                  |
| pre_forum_optionvalue3                |
| pre_forum_order                       |
| pre_forum_poll                        |
| pre_forum_polloption                  |
| pre_forum_pollvoter                   |
| pre_forum_post                        |
| pre_forum_post_tableid                |
| pre_forum_postcomment                 |
| pre_forum_postlog                     |
| pre_forum_postposition                |
| pre_forum_promotion                   |
| pre_forum_ratelog                     |
| pre_forum_relatedthread               |
| pre_forum_rsscache                    |
| pre_forum_spacecache                  |
| pre_forum_thread                      |
| pre_forum_threadclass                 |
| pre_forum_threadlog                   |
| pre_forum_threadmod                   |
| pre_forum_threadtype                  |
| pre_forum_todaypostcount              |
| pre_forum_trade                       |
| pre_forum_tradecomment                |
| pre_forum_tradelog                    |
| pre_forum_typeoption                  |
| pre_forum_typeoptionvar               |
| pre_forum_typevar                     |
| pre_forum_viewpoint                   |
| pre_forum_viewpoint_identifier        |
| pre_forum_warning                     |
| pre_haier_shop                        |
| pre_haier_shop_relate                 |
| pre_home_album                        |
| pre_home_album_category               |
| pre_home_appcreditlog                 |
| pre_home_blacklist                    |
| pre_home_blog                         |
| pre_home_blog_category                |
| pre_home_blogfield                    |
| pre_home_class                        |
| pre_home_click                        |
| pre_home_clickuser                    |
| pre_home_comment                      |
| pre_home_docomment                    |
| pre_home_doing                        |
| pre_home_favorite                     |
| pre_home_feed                         |
| pre_home_feed_app                     |
| pre_home_friend                       |
| pre_home_friend_request               |
| pre_home_friendlog                    |
| pre_home_notification                 |
| pre_home_pic                          |
| pre_home_picfield                     |
| pre_home_poke                         |
| pre_home_pokearchive                  |
| pre_home_share                        |
| pre_home_show                         |
| pre_home_specialuser                  |
| pre_home_userapp                      |
| pre_home_userappfield                 |
| pre_home_viewlog                      |
| pre_home_visitor                      |
| pre_im_comment                        |
| pre_im_shop                           |
| pre_im_style                          |
| pre_im_suggest                        |
| pre_im_test                           |
| pre_im_test_pic                       |
| pre_im_test_pro                       |
| pre_im_vote                           |
| pre_im_vote_log                       |
| pre_impression                        |
| pre_impression_evaluate               |
| pre_impression_self                   |
| pre_innovate_attachment               |
| pre_innovate_favorite                 |
| pre_innovate_favorite_log             |
| pre_innovate_feed                     |
| pre_innovate_game_user                |
| pre_innovate_game_works               |
| pre_innovate_haier                    |
| pre_innovate_program                  |
| pre_innovate_program_comment          |
| pre_innovate_program_from             |
| pre_innovate_program_type             |
| pre_innovate_program_vote             |
| pre_innovate_recent                   |
| pre_innovate_task                     |
| pre_innovate_task_join                |
| pre_innovate_task_log                 |
| pre_jzxjd_weibo                       |
| pre_member_count_log                  |
| pre_msign_record                      |
| pre_msign_setting                     |
| pre_myrepeats                         |
| pre_plugin_active                     |
| pre_plugin_active_bxvote              |
| pre_plugin_active_fridge              |
| pre_plugin_active_icebar_message      |
| pre_plugin_active_icebar_vote         |
| pre_plugin_active_icebox              |
| pre_plugin_active_icebox2             |
| pre_plugin_active_icebox2_message     |
| pre_plugin_active_life                |
| pre_plugin_active_lovekitchen_message |
| pre_plugin_active_lovekitchen_vote    |
| pre_plugin_active_purifier            |
| pre_plugin_active_purifier_ehaiercode |
| pre_plugin_active_purifier_photo      |
| pre_plugin_active_purifier_spread     |
| pre_plugin_active_thoseyear           |
| pre_plugin_active_voteonline          |
| pre_plugin_active_xiwan               |
| pre_plugin_artstudio_baoming          |
| pre_plugin_artstudio_message          |
| pre_plugin_innovation_adminuser       |
| pre_plugin_innovation_adminuser_power |
| pre_plugin_innovation_awardfrom       |
| pre_plugin_innovation_awardfrom_title |
| pre_plugin_innovation_design          |
| pre_plugin_innovation_power           |
| pre_plugin_innovation_ptype           |
| pre_plugin_innovation_scheme          |
| pre_plugin_innovation_scheme_comment  |
| pre_plugin_innovation_scheme_view     |
| pre_plugin_innovation_usercount       |
| pre_plugin_jiuguizhuanti              |
| pre_plugin_message                    |
| pre_plugin_revelation                 |
| pre_plugin_sentiment                  |
| pre_plugin_topic                      |
| pre_plugin_vipapply                   |
| pre_plugin_wish12                     |
| pre_plugin_year13                     |
| pre_plugin_year13_record              |
| pre_portal_article_content            |
| pre_portal_article_count              |
| pre_portal_article_related            |
| pre_portal_article_title              |
| pre_portal_article_trash              |
| pre_portal_attachment                 |
| pre_portal_category                   |
| pre_portal_category_permission        |
| pre_portal_comment                    |
| pre_portal_topic                      |
| pre_portal_topic_pic                  |
| pre_program_admin                     |
| pre_program_answer                    |
| pre_program_attachtype                |
| pre_program_type                      |
| pre_program_user                      |
| pre_program_user_type                 |
| pre_ques                              |
| pre_quesinfo                          |
| pre_queslog                           |
| pre_quesoption                        |
| pre_questionnaire                     |
| pre_questionnaire_bx                  |
| pre_questionnaire_jg                  |
| pre_renren_connect                    |
| pre_sheet2                            |
| pre_sinaconnect                       |
| pre_skating_baoming                   |
| pre_skating_player                    |
| pre_sncode_applog                     |
| pre_sncode_approve                    |
| pre_sncode_check                      |
| pre_sncode_content                    |
| pre_sncode_content_new                |
| pre_sncode_userinfo                   |
| pre_soufun                            |
| pre_spring_mixeddrinks_group          |
| pre_spring_mixeddrinks_userinfo       |
| pre_spring_skating_userinfo           |
| pre_stopspam_thread                   |
| pre_stopspam_user                     |
| pre_telareacode                       |
| pre_test                              |
| pre_test2                             |
| pre_test3                             |
| pre_testshell                         |
| pre_tqqconnect                        |
| pre_trends_members                    |
| pre_trio_members                      |
| pre_trrconnect                        |
| pre_ucenter_admins                    |
| pre_ucenter_applications              |
| pre_ucenter_badwords                  |
| pre_ucenter_domains                   |
| pre_ucenter_failedlogins              |
| pre_ucenter_feeds                     |
| pre_ucenter_friends                   |
| pre_ucenter_mailqueue                 |
| pre_ucenter_memberfields              |
| pre_ucenter_members                   |
| pre_ucenter_mergemembers              |
| pre_ucenter_newpm                     |
| pre_ucenter_notelist                  |
| pre_ucenter_pms                       |
| pre_ucenter_profile                   |
| pre_ucenter_protectedmembers          |
| pre_ucenter_settings                  |
| pre_ucenter_sqlcache                  |
| pre_ucenter_tags                      |
| pre_ucenter_vars                      |
| pre_user_dept                         |
| pre_vailmobile                        |
| pre_zhuanti_baoming                   |
| pre_zhuanti_jiugui                    |
| price                                 |
| price_old                             |
| price_old201210                       |
| products_combine                      |
| products_xml                          |
+---------------------------------------+

修复方案：

版权声明：转载请注明来源 lucky@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2013-06-25 18:00

厂商回复：

非常感谢lucky的工作，lucky真实提交该问题时间，海尔集团还未成为乌云厂商，因此未完成了解并认领。后海尔集团于6月23日成为乌云厂商，而此漏洞也已于6月19日完善整改。

漏洞Rank：8 (WooYun评价)

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-026874

漏洞标题：海尔旗下某产品网站存SQL注入漏洞，可获取管理员信息

相关厂商：海尔集团

漏洞作者： lucky

提交时间：2013-06-25 16:08

修复时间：2013-06-25 18:00

公开时间：2013-06-25 18:00

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：10

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 lucky@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-026874

漏洞标题：海尔旗下某产品网站存SQL注入漏洞，可获取管理员信息

相关厂商：海尔集团

漏洞作者： lucky

提交时间：2013-06-25 16:08

修复时间：2013-06-25 18:00

公开时间：2013-06-25 18:00

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：10

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2013-026874"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 lucky@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：