漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0140070
漏洞标题:p2p安全之融贝网SQL注入漏洞(大量用户信息泄露)
相关厂商:irongbei.com
漏洞作者: onpu
提交时间:2015-09-11 10:05
修复时间:2015-10-26 10:30
公开时间:2015-10-26 10:30
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-09-11: 细节已通知厂商并且等待厂商处理中
2015-09-11: 厂商已经确认,细节仅向厂商公开
2015-09-21: 细节向核心白帽子及相关领域专家公开
2015-10-01: 细节向普通白帽子公开
2015-10-11: 细节向实习白帽子公开
2015-10-26: 细节向公众公开
简要描述:
SQL注入漏洞
详细说明:
主站SQL注入一枚,导致大量用户信息泄露
注入点:
注入参数:type
漏洞证明:
数据库
available databases [5]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] vvt
[*] vvt_xiaofu
83张表
Database: vvt
[83 tables]
+---------------------------+
| vvt_admin_funcs |
| vvt_admin_role_funcs |
| vvt_admin_roles |
| vvt_admin_user |
| vvt_areas |
| vvt_assign |
| vvt_assign_audit |
| vvt_bankinfo |
| vvt_banks |
| vvt_banks_branch |
| vvt_banner |
| vvt_cautioner |
| vvt_cautioner_property |
| vvt_charge |
| vvt_charge_company |
| vvt_check_user_account |
| vvt_checkmobile |
| vvt_chinapnr_bankinfo |
| vvt_cms_category |
| vvt_company |
| vvt_company_loan |
| vvt_company_property |
| vvt_crontab |
| vvt_csai_push |
| vvt_discharge |
| vvt_discharge_company |
| vvt_flink_partner |
| vvt_illegalusername |
| vvt_income |
| vvt_invest |
| vvt_invitation |
| vvt_invite_reward |
| vvt_log |
| vvt_message |
| vvt_messagesend |
| vvt_move_statistics |
| vvt_newcms |
| vvt_payment |
| vvt_payment_copy |
| vvt_personal_approveinfo |
| vvt_personal_property |
| vvt_petition |
| vvt_platform |
| vvt_project |
| vvt_project_copy |
| vvt_project_othergain |
| vvt_project_pregain |
| vvt_project_property |
| vvt_project_schedule |
| vvt_project_schedule_copy |
| vvt_promote_summary |
| vvt_property |
| vvt_question |
| vvt_repayment |
| vvt_repayment_copy |
| vvt_reviewsinfo |
| vvt_role |
| vvt_spread_award |
| vvt_spread_duanwu |
| vvt_spread_times |
| vvt_survey_options |
| vvt_survey_questions |
| vvt_sys_company_pay |
| vvt_sys_profit |
| vvt_user |
| vvt_user_cash |
| vvt_user_gain |
| vvt_user_gain_copy |
| vvt_user_integral |
| vvt_user_integral_flow |
| vvt_user_log |
| vvt_user_money_log |
| vvt_user_property |
| vvt_user_property_copy |
| vvt_user_rebate |
| vvt_user_repayment |
| vvt_user_reward |
| vvt_user_service_log |
| vvt_user_suggestion |
| vvt_user_survey_log |
| vvt_user_voucher |
| vvt_voucher |
| vvt_wx_push |
+---------------------------+
19张表
Database: vvt_xiaofu
[19 tables]
+------------------------+
| vvt_admin_funcs |
| vvt_admin_role_funcs |
| vvt_admin_roles |
| vvt_admin_user |
| vvt_nbb_cashback |
| vvt_nbb_charge |
| vvt_nbb_checkphone |
| vvt_nbb_discharge |
| vvt_nbb_invest |
| vvt_nbb_invite |
| vvt_nbb_message |
| vvt_nbb_messagesend |
| vvt_nbb_project |
| vvt_nbb_pushlist |
| vvt_nbb_repayment_plan |
| vvt_nbb_user |
| vvt_nbb_user_money |
| vvt_nbb_user_property |
| vvt_nbb_user_repayment |
+------------------------+
user表
Database: vvt_xiaofu
Table: vvt_nbb_user
[10 columns]
+-------------+------------------+
| Column | Type |
+-------------+------------------+
| add_time | timestamp |
| id | int(11) unsigned |
| invitecode | char(50) |
| password | char(32) |
| status | tinyint(4) |
| update_time | timestamp |
| username | char(100) |
| wxcode | varchar(200) |
| wximg | varchar(400) |
| wxname | varchar(200) |
+-------------+------------------+
用户量:
Database: vvt_xiaofu
+--------------+---------+
| Table | Entries |
+--------------+---------+
| vvt_nbb_user | 162668 |
+--------------+---------+
修复方案:
加强过滤
版权声明:转载请注明来源 onpu@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2015-09-11 10:29
厂商回复:
已修复完成
最新状态:
2015-10-26:谢谢您我们对我公司的支持,我们已经修复此漏洞,没有对用户造成损失