卡赛欧官网SQL注射可泄漏大量数据信息

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-037436

漏洞标题：卡赛欧官网SQL注射可泄漏大量数据信息

漏洞作者：花非雾

提交时间：2013-09-18 11:55

修复时间：2013-11-02 11:56

公开时间：2013-11-02 11:56

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2013-09-18：积极联系厂商并且等待厂商认领中，细节不对外公开
2013-11-02：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

详细说明：

测试注入点：

数据信息：
available databases [5]:
[*] casal
[*] cwun
[*] information_schema
[*] test
[*] winepf

某表信息：
Database: casal
[419 tables]
+------------------------------------------------+
| admin_assert                                   |
| admin_role                                     |
| admin_rule                                     |
| admin_user                                     |
| adminnotification_inbox                        |
| api2_acl_attribute                             |
| api2_acl_role                                  |
| api2_acl_rule                                  |
| api2_acl_user                                  |
| api_assert                                     |
| api_role                                       |
| api_rule                                       |
| api_session                                    |
| api_user                                       |
| aw_blog                                        |
| aw_blog_cat                                    |
| aw_blog_cat_store                              |
| aw_blog_comment                                |
| aw_blog_post_cat                               |
| aw_blog_store                                  |
| aw_blog_tags                                   |
| captcha_log                                    |
| catalog_category_anc_categs_index_idx          |
| catalog_category_anc_categs_index_tmp          |
| catalog_category_anc_products_index_idx        |
| catalog_category_anc_products_index_tmp        |
| catalog_category_entity                        |
| catalog_category_entity_datetime               |
| catalog_category_entity_decimal                |
| catalog_category_entity_int                    |
| catalog_category_entity_text                   |
| catalog_category_entity_varchar                |
| catalog_category_flat_store_1                  |
| catalog_category_flat_store_2                  |
| catalog_category_flat_store_3                  |
| catalog_category_flat_store_4                  |
| catalog_category_product                       |
| catalog_category_product_index                 |
| catalog_category_product_index_enbl_idx        |
| catalog_category_product_index_enbl_tmp        |
| catalog_category_product_index_idx             |
| catalog_category_product_index_tmp             |
| catalog_compare_item                           |
| catalog_eav_attribute                          |
| catalog_product_bundle_option                  |
| catalog_product_bundle_option_value            |
| catalog_product_bundle_price_index             |
| catalog_product_bundle_selection               |
| catalog_product_bundle_selection_price         |
| catalog_product_bundle_stock_index             |
| catalog_product_enabled_index                  |
| catalog_product_entity                         |
| catalog_product_entity_datetime                |
| catalog_product_entity_decimal                 |
| catalog_product_entity_gallery                 |
| catalog_product_entity_group_price             |
| catalog_product_entity_int                     |
| catalog_product_entity_media_gallery           |
| catalog_product_entity_media_gallery_value     |
| catalog_product_entity_text                    |
| catalog_product_entity_tier_price              |
| catalog_product_entity_varchar                 |
| catalog_product_flat_1                         |
| catalog_product_flat_2                         |
| catalog_product_flat_3                         |
| catalog_product_flat_4                         |
| catalog_product_index_eav                      |
| catalog_product_index_eav_decimal              |
| catalog_product_index_eav_decimal_idx          |
| catalog_product_index_eav_decimal_tmp          |
| catalog_product_index_eav_idx                  |
| catalog_product_index_eav_tmp                  |
| catalog_product_index_group_price              |
| catalog_product_index_price                    |
| catalog_product_index_price_bundle_idx         |
| catalog_product_index_price_bundle_opt_idx     |
| catalog_product_index_price_bundle_opt_tmp     |
| catalog_product_index_price_bundle_sel_idx     |
| catalog_product_index_price_bundle_sel_tmp     |
| catalog_product_index_price_bundle_tmp         |
| catalog_product_index_price_cfg_opt_agr_idx    |
| catalog_product_index_price_cfg_opt_agr_tmp    |
| catalog_product_index_price_cfg_opt_idx        |
| catalog_product_index_price_cfg_opt_tmp        |
| catalog_product_index_price_downlod_idx        |
| catalog_product_index_price_downlod_tmp        |
| catalog_product_index_price_final_idx          |
| catalog_product_index_price_final_tmp          |
| catalog_product_index_price_idx                |
| catalog_product_index_price_opt_agr_idx        |
| catalog_product_index_price_opt_agr_tmp        |
| catalog_product_index_price_opt_idx            |
| catalog_product_index_price_opt_tmp            |
| catalog_product_index_price_tmp                |
| catalog_product_index_tier_price               |
| catalog_product_index_website                  |
| catalog_product_link                           |
| catalog_product_link_attribute                 |
| catalog_product_link_attribute_decimal         |
| catalog_product_link_attribute_int             |
| catalog_product_link_attribute_varchar         |
| catalog_product_link_type                      |
| catalog_product_option                         |
| catalog_product_option_price                   |
| catalog_product_option_title                   |
| catalog_product_option_type_price              |
| catalog_product_option_type_title              |
| catalog_product_option_type_value              |
| catalog_product_relation                       |
| catalog_product_super_attribute                |
| catalog_product_super_attribute_label          |
| catalog_product_super_attribute_pricing        |
| catalog_product_super_link                     |
| catalog_product_website                        |
| cataloginventory_stock                         |
| cataloginventory_stock_item                    |
| cataloginventory_stock_status                  |
| cataloginventory_stock_status_idx              |
| cataloginventory_stock_status_tmp              |
| catalogrule                                    |
| catalogrule_affected_product                   |
| catalogrule_customer_group                     |
| catalogrule_group_website                      |
| catalogrule_product                            |
| catalogrule_product_price                      |
| catalogrule_website                            |
| catalogsearch_fulltext                         |
| catalogsearch_query                            |
| catalogsearch_result                           |
| checkout_agreement                             |
| checkout_agreement_store                       |
| cms_block                                      |
| cms_block_store                                |
| cms_page                                       |
| cms_page_store                                 |
| core_cache                                     |
| core_cache_option                              |
| core_cache_tag                                 |
| core_config_data                               |
| core_email_template                            |
| core_flag                                      |
| core_layout_link                               |
| core_layout_update                             |
| core_resource                                  |
| core_session                                   |
| core_store                                     |
| core_store_group                               |
| core_translate                                 |
| core_url_rewrite                               |
| core_variable                                  |
| core_variable_value                            |
| core_website                                   |
| coupon_aggregated                              |
| coupon_aggregated_order                        |
| coupon_aggregated_updated                      |
| cron_schedule                                  |
| customer_address_entity                        |
| customer_address_entity_datetime               |
| customer_address_entity_decimal                |
| customer_address_entity_int                    |
| customer_address_entity_text                   |
| customer_address_entity_varchar                |
| customer_eav_attribute                         |
| customer_eav_attribute_website                 |
| customer_entity                                |
| customer_entity_datetime                       |
| customer_entity_decimal                        |
| customer_entity_int                            |
| customer_entity_text                           |
| customer_entity_varchar                        |
| customer_form_attribute                        |
| customer_group                                 |
| dataflow_batch                                 |
| dataflow_batch_export                          |
| dataflow_batch_import                          |
| dataflow_import_data                           |
| dataflow_profile                               |
| dataflow_profile_history                       |
| dataflow_session                               |
| design_change                                  |
| directory_country                              |
| directory_country_format                       |
| directory_country_region                       |
| directory_country_region_name                  |
| directory_currency_rate                        |
| downloadable_link                              |
| downloadable_link_price                        |
| downloadable_link_purchased                    |
| downloadable_link_purchased_item               |
| downloadable_link_title                        |
| downloadable_sample                            |
| downloadable_sample_title                      |
| eav_attribute                                  |
| eav_attribute_group                            |
| eav_attribute_label                            |
| eav_attribute_option                           |
| eav_attribute_option_value                     |
| eav_attribute_set                              |
| eav_entity                                     |
| eav_entity_attribute                           |
| eav_entity_datetime                            |
| eav_entity_decimal                             |
| eav_entity_int                                 |
| eav_entity_store                               |
| eav_entity_text                                |
| eav_entity_type                                |
| eav_entity_varchar                             |
| eav_form_element                               |
| eav_form_fieldset                              |
| eav_form_fieldset_label                        |
| eav_form_type                                  |
| eav_form_type_entity                           |
| find_feed_import_codes                         |
| gift_message                                   |
| googlebase_attributes                          |
| googlebase_items                               |
| googlebase_types                               |
| googlecheckout_notification                    |
| googleoptimizer_code                           |
| importexport_importdata                        |
| index_event                                    |
| index_process                                  |
| index_process_event                            |
| log_customer                                   |
| log_quote                                      |
| log_summary                                    |
| log_summary_type                               |
| log_url                                        |
| log_url_info                                   |
| log_visitor                                    |
| log_visitor_info                               |
| log_visitor_online                             |
| magecommerce_admin_passwords                   |
| magecommerce_catalogevent_event                |
| magecommerce_catalogevent_event_image          |
| magecommerce_catalogpermissions                |
| magecommerce_catalogpermissions_index          |
| magecommerce_catalogpermissions_index_product  |
| magecommerce_cms_hierarchy_lock                |
| magecommerce_cms_hierarchy_metadata            |
| magecommerce_cms_hierarchy_node                |
| magecommerce_cms_increment                     |
| magecommerce_cms_page_revision                 |
| magecommerce_cms_page_version                  |
| magecommerce_customer_sales_flat_order         |
| magecommerce_customer_sales_flat_order_address |
| magecommerce_customer_sales_flat_quote         |
| magecommerce_customer_sales_flat_quote_address |
| magecommerce_customerbalance                   |
| magecommerce_customerbalance_history           |
| magecommerce_giftcard_amount                   |
| magecommerce_giftcardaccount                   |
| magecommerce_giftcardaccount_history           |
| magecommerce_giftcardaccount_pool              |
| magecommerce_giftregistry_data                 |
| magecommerce_giftregistry_entity               |
| magecommerce_giftregistry_item                 |
| magecommerce_giftregistry_item_option          |
| magecommerce_giftregistry_label                |
| magecommerce_giftregistry_person               |
| magecommerce_giftregistry_type                 |
| magecommerce_giftregistry_type_info            |
| magecommerce_giftwrapping                      |
| magecommerce_giftwrapping_store_attributes     |
| magecommerce_giftwrapping_website              |
| magecommerce_invitation                        |
| magecommerce_invitation_status_history         |
| magecommerce_invitation_track                  |
| magecommerce_logging_event                     |
| magecommerce_logging_event_changes             |
| magecommerce_reminder_rule                     |
| magecommerce_reminder_rule_coupon              |
| magecommerce_reminder_rule_log                 |
| magecommerce_reminder_rule_website             |
| magecommerce_reminder_template                 |
| magecommerce_rma                               |
| magecommerce_rma_grid                          |
| magecommerce_rma_item_eav_attribute            |
| magecommerce_rma_item_eav_attribute_website    |
| magecommerce_rma_item_entity                   |
| magecommerce_rma_item_entity_datetime          |
| magecommerce_rma_item_entity_decimal           |
| magecommerce_rma_item_entity_int               |
| magecommerce_rma_item_entity_text              |
| magecommerce_rma_item_entity_varchar           |
| magecommerce_rma_item_form_attribute           |
| magecommerce_rma_shipping_label                |
| magecommerce_rma_status_history                |
| magecommerce_sales_creditmemo_grid_archive     |
| magecommerce_sales_invoice_grid_archive        |
| magecommerce_sales_order_grid_archive          |
| magecommerce_sales_shipment_grid_archive       |
| magecommerce_scheduled_operations              |
| newsletter_problem                             |
| newsletter_queue                               |
| newsletter_queue_link                          |
| newsletter_queue_store_link                    |
| newsletter_subscriber                          |
| newsletter_template                            |
| oauth_consumer                                 |
| oauth_nonce                                    |
| oauth_token                                    |
| op_imagecdn_cache                              |
| paypal_cert                                    |
| paypal_payment_transaction                     |
| paypal_settlement_report                       |
| paypal_settlement_report_row                   |
| persistent_session                             |
| poll                                           |
| poll_answer                                    |
| poll_store                                     |
| poll_vote                                      |
| product_alert_price                            |
| product_alert_stock                            |
| rating                                         |
| rating_entity                                  |
| rating_option                                  |
| rating_option_vote                             |
| rating_option_vote_aggregated                  |
| rating_store                                   |
| rating_title                                   |
| remarketing                                    |
| report_compared_product_index                  |
| report_event                                   |
| report_event_types                             |
| report_viewed_product_aggregated_daily         |
| report_viewed_product_aggregated_monthly       |
| report_viewed_product_aggregated_yearly        |
| report_viewed_product_index                    |
| review                                         |
| review_detail                                  |
| review_entity                                  |
| review_entity_summary                          |
| review_status                                  |
| review_store                                   |
| sales_bestsellers_aggregated_daily             |
| sales_bestsellers_aggregated_monthly           |
| sales_bestsellers_aggregated_yearly            |
| sales_billing_agreement                        |
| sales_billing_agreement_order                  |
| sales_flat_creditmemo                          |
| sales_flat_creditmemo_comment                  |
| sales_flat_creditmemo_grid                     |
| sales_flat_creditmemo_item                     |
| sales_flat_invoice                             |
| sales_flat_invoice_comment                     |
| sales_flat_invoice_grid                        |
| sales_flat_invoice_item                        |
| sales_flat_order                               |
| sales_flat_order_address                       |
| sales_flat_order_grid                          |
| sales_flat_order_item                          |
| sales_flat_order_payment                       |
| sales_flat_order_status_history                |
| sales_flat_quote                               |
| sales_flat_quote_address                       |
| sales_flat_quote_address_item                  |
| sales_flat_quote_item                          |
| sales_flat_quote_item_option                   |
| sales_flat_quote_payment                       |
| sales_flat_quote_shipping_rate                 |
| sales_flat_shipment                            |
| sales_flat_shipment_comment                    |
| sales_flat_shipment_grid                       |
| sales_flat_shipment_item                       |
| sales_flat_shipment_track                      |
| sales_invoiced_aggregated                      |
| sales_invoiced_aggregated_order                |
| sales_order_aggregated_created                 |
| sales_order_aggregated_updated                 |
| sales_order_status                             |
| sales_order_status_label                       |
| sales_order_status_state                       |
| sales_order_tax                                |
| sales_order_tax_item                           |
| sales_payment_transaction                      |
| sales_recurring_profile                        |
| sales_recurring_profile_order                  |
| sales_refunded_aggregated                      |
| sales_refunded_aggregated_order                |
| sales_shipping_aggregated                      |
| sales_shipping_aggregated_order                |
| salesrule                                      |
| salesrule_coupon                               |
| salesrule_coupon_usage                         |
| salesrule_customer                             |
| salesrule_customer_group                       |
| salesrule_label                                |
| salesrule_product_attribute                    |
| salesrule_website                              |
| sendfriend_log                                 |
| shipping_tablerate                             |
| sitemap                                        |
| smtppro_email_log                              |
| tag                                            |
| tag_properties                                 |
| tag_relation                                   |
| tag_summary                                    |
| tax_calculation                                |
| tax_calculation_rate                           |
| tax_calculation_rate_title                     |
| tax_calculation_rule                           |
| tax_class                                      |
| tax_order_aggregated_created                   |
| tax_order_aggregated_updated                   |
| weee_discount                                  |
| weee_tax                                       |
| widget                                         |
| widget_instance                                |
| widget_instance_page                           |
| widget_instance_page_layout                    |
| wishlist                                       |
| wishlist_item                                  |
| wishlist_item_option                           |
| xmlconnect_application                         |
| xmlconnect_config_data                         |
| xmlconnect_history                             |
| xmlconnect_notification_template               |
| xmlconnect_queue                               |
+------------------------------------------------+

PS：不进一步测试了，网商，黑产的最爱呀，可惜哥不搞黑产：（

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-037436

漏洞标题：卡赛欧官网SQL注射可泄漏大量数据信息

相关厂商：卡赛欧（大连）酒业有限公司

漏洞作者：花非雾

提交时间：2013-09-18 11:55

修复时间：2013-11-02 11:56

公开时间：2013-11-02 11:56

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源花非雾@乌云

漏洞回应

厂商回应：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-037436

漏洞标题：卡赛欧官网SQL注射可泄漏大量数据信息

相关厂商：卡赛欧（大连）酒业有限公司

漏洞作者： 花非雾

提交时间：2013-09-18 11:55

修复时间：2013-11-02 11:56

公开时间：2013-11-02 11:56

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2013-037436"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 花非雾@乌云

漏洞回应

厂商回应：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：花非雾

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源花非雾@乌云