全友家私某系统漏洞（涉及上千万订单信息/涉及大量的个人详细身份证件地址订单信息/涉及十几库Sa权限）

2017年4月12日17:08:26评论363 views字数 253阅读0分50秒阅读模式

摘要

2016-03-31：细节已通知厂商并且等待厂商处理中
2016-04-04：厂商已经确认，细节仅向厂商公开
2016-04-14：细节向核心白帽子及相关领域专家公开
2016-04-24：细节向普通白帽子公开
2016-05-04：细节向实习白帽子公开
2016-05-19：细节向公众公开

漏洞概要关注数(14) 关注此漏洞

缺陷编号： WooYun-2016-190973

漏洞标题：全友家私某系统漏洞（涉及上千万订单信息/涉及大量的个人详细身份证件地址订单信息/涉及十几库Sa权限）

漏洞作者：路人甲

提交时间： 2016-03-31 12:00

公开时间： 2016-05-19 22:40

漏洞类型：命令执行

危害等级：高

自评Rank： 20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：无

3人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

http://**.**.**.** 存在jboss反序列命令执行，只能用jspx或者写shell 到jmx-console里，策略禁止在default下执行jsp脚本。

通过查找配置数据库发现大量数据，

近千万的订单详情，以及几百万的个人详细的身份证信息以及收货地址信息，危害极大

数据库涉及内网多台主机。

截取部分数据已证明危害，

漏洞证明：

code 区域

<local-tx-datasource>
   <jndi-name>TBMPKDataSource</jndi-name>
   <connection-url>jdbc:sqlserver**.**.**.**:1433;DatabaseName=cop_tbm;SelectMethod=Cursor</connection-url>
   <driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
   <connection-property name="user">tbmsql</connection-property>
   <connection-property name="password">tbm123</connection-property>
   <min-pool-size>1</min-pool-size>
   <max-pool-size>10</max-pool-size>
  </local-tx-datasource>
 </datasources>
  <local-tx-datasource>
   <jndi-name>TOSADDataSource</jndi-name>
   <connection-url>jdbc:sqlserver**.**.**.**:1433;DatabaseName=QuanYou-DB;SelectMethod=Cursor</connection-url>
   <driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
   <connection-property name="user">sa</connection-property>
   <connection-property name="password">!123</connection-property>
   <min-pool-size>5</min-pool-size>
   <max-pool-size>100</max-pool-size>
  </local-tx-datasource>

数据库配置

code 区域

Query#0 : select rows,OBJECT_NAME(id) as TABLENAME from sysindexes where indid=0
 
 rows
 int TABLENAME
 nvarchar
 2 sysfiles1
 90 T_TBM_SALE_TASK
 553033 T_TBM_CHECK_DETAIL_A201506
 0 F_STOCK_APPLY
 12 temp_1
 559465 T_MDM_CHAN_DIS_SERIES_INFO
 17894 T_TBM_SIGN_IN_A201506
 0 T_TBM_PRICE_PROGRAM
 356 T_TBM_STOCK_ADJUST_DETAIL_PRICE_20160122
 38208 T_TBM_STAFF
 173 T_TBM_SALE_TASK_DETAIL
 877126 T_TBM_SIGN_IN_DETAIL_A201506
 4 CAP_USER_20150611
 5889333 T_TBM_SHOP_PRICE_SAD
 7592 T_MDM_CHAN_DIS_STORE
 1504117 T_TBM_STOCK_TERM_STATISTICS_A201506
 0 T_TBM_PRICE_PROGRAM_DETAIL
 1 T_TEMP_ACCOUNT_IMP
 3244130 T_MDM_PRO_REL_PRO_SALE_ORG
 5530807 T_TBM_MY_PRODUCT_SAD
 10592442 T_TBM_STOCK_OUTIN_DETAIL
 29 T_MDM_CHAN_OFFICE_INFO
 1070627 T_TBM_STOCK_TERM_STATISTICS_A201505
 0 T_TBM_STOCK_BATCH_A201505
 418 tmp_dis_info
 3868975 T_TBM_PURBILL_DETAIL
 7301 T_TBM_PATCH_PIC_20150808_BAK
 0 T_MDM_CHAN_SHOP_DECORATION
 97 tmp_shop_info
 1891850 T_TBM_STOCK_BATCH_A201506
 9827 T_TBM_SP_REDACT_20150724_BAK
 421 T_TBM_STOCK_ADJUST_DETAIL_CAL_IN_20160122
 1327 tmp_store_info
 825824 T_TBM_STOCK_OUTIN
 3617 T_MDM_CHAN_SHOP_INFO
 1509690 T_TBM_STOCK_TERM_STATISTICS_B201506
 167115 T_TBM_CHECK_DETAIL_PRICE_OUT_20160122
 66390 T_TBM_SAMPLE_UP_DETAIL
 102682 T_TBM_PATCH_PLATE_20150807_bak
 0 FV_INFO_STRUCT
 919749 T_TBM_STOCK_TERM_STATISTICS_B201505
 532 T_TBM_CHECK_DETAIL_PRICE_CAL_OUT_20160122
 1160 T_TBM_CHECK_DETAIL_CAL_OUT_20160122
 356 T_TBM_STOCK_ADJUST_DETAIL_PRICE_CAL_OUT_20160122
 1600497 T_TBM_PICK_DETAIL
 11279 CAP_USER_20150815_BAK
 47557 T_MDM_ORG_ADMIN_REGION
 2127 T_TBM_SIGN_IN_DETAIL_CAL_IN_20160122
 45438 T_TBM_PATCH_SIGN_DETAIL_20150810_BAK
 5 T_MDM_ORG_CHANNEL_DISTR
 1160 TEMP_2016
 37395 cust_bak
 1160 T_TBM_CHECK_DETAIL_CAL_IN_20160122
 17 T_MDM_ORG_SALE_DEPT
 42021 T_TBM_SP_REDACT_CUSTOM
 0 T_TBM_SALE_BILL_DETAIL_PACK_PRICE_20160122
 559710 T_TBM_PICK
 10996018 T_TBM_STOCK_HIS
 308 T_MDM_ORG_SALE_GROUP
 131 T_TBM_STOCK_BATCH_TOTAL_FEE_OFFICE_1001
 5831456 T_TBM_STOCK_BATCH_HIS
 560 T_TBM_SP_REDACT_NUM
 44046 T_TBM_SALE_BILL_DETAIL_QUANTITY_OUT_20160123
 96409 T_TBM_STOCK_OUTIN_RECORD_HIS
 33 T_MDM_ORG_SALE_ORG
 44046 T_TBM_SALE_BILL_DETAIL_RETURN_20160123
 45 T_TBM_FEEDBACK
 557332 T_TBM_STOCK_OUTIN_HIS
 41289 T_TBM_SP_REDACT_OLD_PRODUCT
 74 T_TBM_STOCK_ALLOT
 1648476 T_TBM_STOCK_OUTIN_DETAIL_HIS
 68410 T_TBM_SIGN_IN_20150904
 1748 T_TBM_STOCK_TERM_STATISTICS_HIS
 1353 T_TBM_STOCK_ALLOT_DETAIL
 11284 cap_user_20150811_bak
 80341 customer_bak_6_19
 809 T_TBM_OPTION_INFO
 771735 T_TBM_SALE_BILL_DETAIL_SEND_PACK_20160123
 18 TMP005
 3518245 T_TBM_STOCK
 28531 T_TBM_ECBILL_DETAIL_BAK
 1 T_ACCOUNT_IMP
 336 T_TBM_QUESTION_INFO
 0 T_ACCOUNT_IMP_BAK
 4780 T_TBM_SALE_BILL_DETAIL_SEND_20160123
 11 T_TBM_QUESTION_BANK
 291288 T_TBM_STOCK_ADJUST_DETAIL
 81 T_MDM_PRO_CATEGORY
 27317 T_TBM_SALE_BILL_DETAIL_ERROR_PACK_20160123
 219590 T_TBM_SIGN_IN                                     20W+车辆信息
 10816 CAP_USER_20150714_BAK
 34360 T_TBM_SALE_BILL_M1_20160123
 1 ANHUIBAN
 734 T_MDM_PRO_COLOR_NUM
 34360 T_TBM_SALE_BILL_OUT_M1_20160123
 0 F_HANDSET_GET_PACK
 86559 customer_bak_6_22
 62097 T_MDM_PRO_PRODUCT_MODEL
 0 T_TBM_HANDLE_LOG
 464 tmp3
 1698 T_MDM_PRO_REL_MATERIAL_MATCH
 197513 T_TBM_STOCK_OCCUPY
 208 T_MDM_PRO_PRODUCT_SERIES
 247 tmp31
 0 T_TBM_SYS_LOGIN_LOG
 18 tmp32
 157274 T_TBM_SALE_BILL_BAK_20150727
 11752326 T_TBM_SIGN_IN_DETAIL
 95 T_TBM_SALE_BILL_DETAIL_20160104
 357666 T_MDM_PRO_PRODUCT_INFO_20150814_BAK
 9 T_MDM_PRO_PRODUCT_STYLE
 4 T_TBM_EC_LOGISTIC20160106
 0 T_MDM_PRI_NO_SALES_PRICE_TOTAL_BAK
 295 T_TBM_PURBILL_1000695
 853527 T_TBM_POLICY_PUR
 2206 T_MDM_PRI_SALES_PRICE_TOTAL_BAK
 13082943 T_TBM_STOCK_OUTIN_RECORD
 9547 T_TBM_SAMPLE_DOWN
 0 T_MDM_PRO_REL_PRO_GROUP_SALE_ORG
 4534 T_TBM_PURBILL_DETAIL_1000695
 446 T_TBM_SIGN_IN_20150707
 441429 T_TBM_SYNC_NO_SALES_PRICE_TOTAL
 23 T_TBM_SP_REDACT_1000695
 0 T_TBM_SURVEY
 7123 T_TBM_PATCH_PIC_20150814_BAK
 102 T_MDM_PRO_SALE_SERIES
 2457 T_TBM_STOCK_1000695
 775 T_TBM_STOCK_OUTIN_1000695
 46651 tmp2
 20 T_MDM_ZONE_SALE_COMM
 8378 T_TBM_STOCK_OUTIN_DETAIL_1000695
 1508071 T_MDM_PRI_NO_SALES_PRICE_TOTAL_151012
 63 T_TBM_SIGN_IN_20150613
 174 T_TBM_PATCH_RESTRICT_BAK
 731 T_TBM_DELIVERY_1000695
 487 T_TBM_STORE_PACKAGE
 36 T_MDM_ZONE_SALE_AREA
 19729 T_TBM_SEQUENCE_bak20150728
 15182 T_TBM_SIGN_IN_20150613_ALL
 695 T_TBM_PICK_1000695
 1 T_TBM_PURBILL20160112
 710 T_TBM_PICK_DETAIL_1000695
 149 TMP_SIGN
 38399 T_TBM_IMP_EXCEL
 1652537 tmp1                                 160W+ 家私订单
 1329 T_TBM_STORE_PACKAGE_DETAIL
 1055 T_TBM_STOCK_WARN
 36 T_MDM_ZONE_SALE_MARKET
 41224 T_TBM_SP_REDACT
 2 T_TBM_CHECK_1000695
 40269 T_TBM_STOCK_ADJUST
 4313 T_TBM_PATCH_BILL_20150729_BAK
 106 T_MDM_PRO_FACTORY_INFO
 2 T_MDM_ZONE_SALE_RANGE
 0 T_TBM_IMP_RESULT
 0 T_TBM_ECBILL20160113
 5 T_MDM_ZONE_SALE_REGION
 11 T_TBM_SIGN_IN_TMP
 0 T_TBM_SIGN_IN_DETAIL_20150707
 0 T_TBM_ECBILL_DETAIL20160113
 2063 ypr_test_01
 0 T_TBM_CHECK_DETAIL_TEMP
 20 T_MDM_ZONE_SALE_ZONE
 260310 T_TBM_PATCH_PLATE_STRUCT_20150816_BAK
 2748363 tmp_sale_price
 2950 T_TBM_PATCH_BILL_20160114_BAK
 2569187 tmp_sale_price_bak
 277327 T_TBM_PATCH_PLATE_STRUCT_20160115_BAK
 36 T_SAP_OFFICE_TO_CUSCODE
 260 T_TBM_CARPOOL
 150 T_TBM_SIGN_IN_20151014
 7607 T_TBM_PATCH_PIC_20160115_BAK
 53638 tmp_sale_price_no
 108006 T_TBM_PATCH_PLATE_20160115_BAK
 530 T_TBM_CARPOOL_DETAIL
 5889333 T_TBM_SHOP_PRICE_SAD_BAK
 10742 CAP_USER_20150707
 0 T_IMP_PLATE
 10832 cap_user_bak_20150717
 2633 T_IMP_PLATE_STR
 2 t_notice
 0 T_IMP_PIC
 21122 T_TBM_PATCH_BILL_20150819_BAK
 2896752 T_TBM_CHECK_DETAIL
 28 CAP_ROLE_20150707_BAK
 0 F_STOCK_SALE_HEAD
 7123732 T_MDM_PRI_NO_SALES_PRICE_TOTAL_tmp
 49 T_TBM_COMPLAINT
 294335 tmp_zlfl
 7659508 T_MDM_PRI_SALES_PRICE_TOTAL_tmp                 700W家私订单
 0 T_TBM_STOCK_OUTIN_RECORD_201505
 47 T_TBM_CUSCHEST_DEMAND_BAK
 967366 T_TBM_STOCK_OUTIN_RECORD_B201505
 6856 T_MDM_PRI_SALES_PRICE_TOTAL_tmp01
 1005 T_TBM_CUSCHEST_DEMAND
 0 F_STOCK_INSEND
 24742 T_TBM_STOCK_OUTIN_B201505
 0 T_TBM_PUR_CHECK
 910619 T_TBM_STOCK_OUTIN_DETAIL_B201505
 0 T_TBM_CHECK_PACK_DETAIL_REPEAT
 0 F_STOCK_INWAY
 12150 T_TBM_PICK_B201505
 0 T_TBM_CHECK_PACK_DETAIL
 1241310 tmp_STOCK_BATCH
 33709 T_TBM_PICK_DETAIL_B201505
 7 T_TBM_PURBILL_20150908
 6859 T_MDM_PRI_SALES_PRICE_TOTAL_tmp02
 853790 T_TBM_DELIVERY
 311 T_TBM_SAMPLE_UP_B201505
 7 T_TBM_PURBILL_DETAIL_20150908
 1267 T_TBM_SAMPLE_UP_DETAIL_B201505
 120 app_menu20160117
 0 T_TBM_DISTRIBUTOR_ACCOUNT
 259 T_TBM_SAMPLE_DOWN_B201505
 622 CAP_RESAUTH_20160117_BAK
 1939 T_TBM_SAMPLE_DOWN_DETAIL_B201505
 3 T_TBM_STOCK_ALLOT_B201505
 1228 CAP_USER20160223
 33 T_TBM_INFO
 19912 T_TBM_STAFF_BAK
 2187 T_TBM_CUSCHEST_DEMAND_DETAIL
 45570 T_TEMP_DIS_SERIES_IMP
 6724 T_MDM_CHAN_DIS_STORE_151126
 591 tmp001
 11 T_TBM_STOCK_ALLOT_DETAIL_B201505
 2 app_menu_bak
 167 tmp_mgr_error
 9965 T_TBM_CHECK_B201505
 39262 T_TBM_PUR_DRAFT_TMP
 770777 T_TBM_CUSTOMER
 937780 T_TBM_CHECK_DETAIL_B201505
 150 tmp_mgr_error_2
 39262 T_TBM_PUR_DRAFT_TMP2
 704 T_TBM_SIGN_IN_B201505
 150 tmp_mgr_error_3
 39262 T_TBM_PUR_DRAFT_TMP3
 57268 T_TBM_SIGN_IN_DETAIL_B201505
 10577 CAP_USER_BAK_20150601
 243 TEMP1
 967366 T_TBM_STOCK_OUTIN_RECORD_A201505
 586034 T_TBM_REFUND
 1574982 tmp_STOCK_BATCH_TYPE1
 25933 T_TBM_STOCK_OUTIN_A201505
 129513 tmp_STOCK_BATCH_TYPE2
 919955 T_TBM_STOCK_OUTIN_DETAIL_A201505
 17114 T_TBM_CACHE_PUR_PRO
 277326 T_TBM_PATCH_PLATE_STRUCT_151130
 622 tmp002
 13255249 T_TBM_STOCK_TERM_STATISTICS
 1249 T_TBM_INFO_HISTORY
 13156 T_TBM_PICK_A201505
 255 STOCK_SAMPLE_DOWN_TEMP
 46577 T_TBM_PATCH_PLATE_STRUCT_BAK_151130
 37523 T_TBM_PICK_DETAIL_A201505
 10 T_MDM_CHAN_DISTRIBUTOR_INFO_20150602
 622 签收单物料编码异常信息表
 323518 tmp_STOCK_BATCH_TYPE3
 421 T_TBM_SAMPLE_UP_A201505
 786553 T_TBM_SALE_BILL
 51049 T_TBM_RETURN
 648 tmp003
 85 tmp_STOCK_PROBLEM
 1604 T_TBM_SAMPLE_UP_DETAIL_A201505
 1 T_TBM_ECBILL_DETAIL20160118
 11 tmp004
 1574982 T_TBM_STOCK_BATCH_bak
 74991 T_TBM_MESSAGE_DETAIL_20150731_BAK
 338 T_TBM_SAMPLE_DOWN_A201505
 1 T_TBM_ECBILL20160118
 169763 T_TBM_SALE_BILL_BAK_20150730
 2128 T_TBM_SAMPLE_DOWN_DETAIL_A201505
 8752264 T_TBM_MY_PRODUCT
 75449 T_TBM_MESSAGE_DETAIL_150731_1530_bak
 4 T_TBM_STOCK_ALLOT_A201505
 44 T_TBM_ASSIGN_BAK
 14 T_TBM_STOCK_ALLOT_DETAIL_A201505
 4 T_TBM_PATCH_PLATE_STRUCT_20150825_BAK
 10852 T_TBM_CHECK_A201505
 1033569 TMP_TBM_SIGN_IN_COPY
 1199105 T_TBM_CHECK_DETAIL_A201505
 0 F_STOCK_SALE_UNSEND
 181727 T_TBM_SYNC_SHOP_PRICE
 165380 TMP_TBM_SIGN_IN_COPY_1
 7380 T_TBM_SIGN_IN_A201505
 11550 T_TBM_CHECK_DETAIL20160302
 332198 T_TBM_PURBILL
 1354 T_TBM_COMMUNITY_SAD
 0 F_PUR_PACK_CHOICE
 75320 t_tbm_customer_bak
 350387 T_TBM_SIGN_IN_DETAIL_A201505
 80 T_TBM_PUR_DRAFT_BAK_001
 55 T_TBM_PUR_DRAFT_BAK_002
 1428794 T_TBM_STOCK_OUTIN_RECORD_B201506
 1 T_TBM_SIGN_IN_20151208
 73061 T_TBM_STOCK_OUTIN_B201506
 2 T_TBM_SIGN_IN_DETAIL20151208
 801882 TMP_TBM_SIGN_IN_COPY_2
 1216594 T_TBM_STOCK_OUTIN_DETAIL_B201506
 618 TEMP_STOCK2
 387973 T_TBM_MESSAGE
 825411 T_TBM_PATCH_RECORD_151027
 43668 T_TBM_PICK_B201506
 0 F_STOCK_NEED
 1657 T_TBM_SAMPLE_UP_B201506
 15181 T_TBM_SAMPLE_UP
 419864 T_TBM_MESSAGE_DETAIL
 6479 T_TBM_SAMPLE_UP_DETAIL_B201506
 162553 T_TBM_EC_LOGISTIC
 13 T_MDM_PRO_PRODUCT_GROUP
 532 T_TBM_STOCK_PROBLEM
 25215 T_MDM_CHAN_SHOP_DEC_DETAIL
 966 T_TBM_SAMPLE_DOWN_B201506
 313806 T_TBM_ECBILL
 2 CAP_RESAUTH20160119
 2840 T_TBM_SAMPLE_DOWN_DETAIL_B201506
 745046 T_TBM_ECBILL_DETAIL
 1084 T_MDM_PRO_MATERIAL_GROUP
 7975 T_TBM_SALE_BILL_20151214
 165380 TMP_TBM_SIGN_IN_COPY_3
 5 T_TBM_STOCK_ALLOT_B201506
 720 T_TBM_SALE_BILL_20151215
 2868 T_MDM_CHAN_SHOP_DEC_MAIN
 49 T_TBM_STOCK_ALLOT_DETAIL_B201506
 40804 T_TBM_WARCARD_bak
 5 T_MDM_PRO_SPACE_INFO
 0 F_SBILL_SALEORG
 1996 T_TBM_PUR_DRAFT
 81134 T_TBM_MESSAGE_DETAIL_20150803_bak
 9613 T_TBM_CHECK_B201506
 9480145 T_TBM_STOCK_BATCH
 555014 T_TBM_CHECK_DETAIL_B201506
 139900 BASE_PRODUCTINFO_BAK
 42200 T_TBM_PUR_DRAFT_DETAIL
 11451 T_TBM_SIGN_IN_B201506
 35817 T_MDM_PRO_PRODUCT_INFO_chayi
 579873 T_TBM_SIGN_IN_DETAIL_B201506
 0 T_TBM_CUSTOMER_FILE
 1428794 T_TBM_STOCK_OUTIN_RECORD_A201506
 2983 T_TBM_DIS_STORE_TEMP
 75485 T_TBM_STOCK_OUTIN_A201506
 422 T_TBM_DIS_STORE_TEMP1
 1222711 T_TBM_STOCK_OUTIN_DETAIL_A201506
 45682 T_TBM_PICK_A201506
 284 T_TEMP_1
 54849 T_TBM_CHECK
 96840 T_TBM_RETURN_DETAIL
 130733 T_TBM_PICK_DETAIL_A201506
 1046 T_TBM_COMMUNITY
 52 T_TEMP_IMP_2
 117931 T_TBM_PURBILL_20150911
 1727 T_TBM_SAMPLE_UP_A201506
 1390504 T_TBM_PURBILL_DETAIL_20150911
 0 T_TBM_SALES_RICE
 6468 T_TBM_SAMPLE_UP_DETAIL_A201506
 201 T_TEMP_2
 691322 T_TBM_WARCARD
 579 T_MDM_CHAN_CUSTOMER_MGR_INFO
 1052 T_TBM_SAMPLE_DOWN_A201506
 417 T_TBM_STAFF_SAD
 1099798 T_TBM_SALE_BILL_DETAIL20160122
 2906 T_TBM_SAMPLE_DOWN_DETAIL_A201506
 2747 T_MDM_CHAN_DISTRIBUTOR_INFO_20150723_BAK
 1526570 T_TBM_SALE_BILL_DETAIL_SUIT20160122
 3029 T_MDM_CHAN_DISTRIBUTOR_INFO
 6 T_TBM_STOCK_ALLOT_A201506
 4045718 T_TBM_SALE_BILL_DETAIL_PACK20160122
 0 F_STOCK_HIS_SALES
 2559330 T_TBM_SALE_BILL_DETAIL
 25659 CAP_PARTYAUTH_BAK
 23136 T_TBM_SAMPLE_DOWN_DETAIL
 50 T_TBM_STOCK_ALLOT_DETAIL_A201506
 4045718 T_TBM_SALE_BILL_DETAIL_PACK_MATYPE_20160122
 4812 T_MDM_CHAN_DIS_SALEORG_INFO
 9622 T_TBM_CHECK_A201506

数据库结构

code 区域

http://**.**.**.**/default/1.jspx 9635789

shell

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：13

确认时间：2016-04-04 22:39

厂商回复：

CNVD确认所述情况，已经由CNVD通过网站公开联系方式向网站管理单位通报。

漏洞评价：

对本漏洞信息进行评价，以更好的反馈信息的价值，包括信息客观性，内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

2016-03-31 12:08 | 带头大哥 ( 普通白帽子 | Rank:879 漏洞数:258 | |任意邮件伪造| |目录遍历| |任意文件读取|...)

1

http://butian.360.cn/vul/info/qid/QTVA-2016-397889

1# 回复此人
2016-03-31 12:43 | 田老板 ( 路人 | Rank:30 漏洞数:13 | 学校杀手)

1

http://butian.360.cn/vul/info/qid/QTVA-2016-397889

2# 回复此人

漏洞概要 关注数(14) 关注此漏洞

缺陷编号： WooYun-2016-190973

漏洞标题： 全友家私某系统漏洞（涉及上千万订单信息/涉及大量的个人详细身份证件地址订单信息/涉及十几库Sa权限）

相关厂商： 全友家私

漏洞作者： 路人甲

提交时间： 2016-03-31 12:00

公开时间： 2016-05-19 22:40

漏洞类型： 命令执行

危害等级： 高

自评Rank： 20

漏洞状态： 已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签： 无

3人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

漏洞评价(共0人评价): 登陆后才能进行评分

评价

发表评论

在线咨询

微信

漏洞概要关注数(14) 关注此漏洞

漏洞标题：全友家私某系统漏洞（涉及上千万订单信息/涉及大量的个人详细身份证件地址订单信息/涉及十几库Sa权限）

相关厂商：全友家私

漏洞作者：路人甲

漏洞类型：命令执行

危害等级：高

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签：无

版权声明：转载请注明来源路人甲@乌云

漏洞评价(共0人评价):

登陆后才能进行评分