匹克某站点站多处SQL注入(泄露300w敏感信息/等)

admin
admin
admin
139803
文章
114
评论
2017年4月19日12:55:14评论337 views字数 233阅读0分46秒阅读模式
摘要

2016-04-06: 细节已通知厂商并且等待厂商处理中
2016-04-06: 厂商已查看当前漏洞内容,细节仅向厂商公开
2016-04-11: 厂商已经主动忽略漏洞,细节向公众公开

漏洞概要 关注数(5) 关注此漏洞

缺陷编号: WooYun-2016-193268

漏洞标题: 匹克某站点站多处SQL注入(泄露300w敏感信息/等)

相关厂商: epeaksport.com

漏洞作者: DeadSea

提交时间: 2016-04-06 21:00

公开时间: 2016-04-11 21:10

漏洞类型: SQL注射漏洞

危害等级: 高

自评Rank: 20

漏洞状态: 漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: 无

0人收藏

漏洞详情

披露状态:

2016-04-06: 细节已通知厂商并且等待厂商处理中
2016-04-06: 厂商已查看当前漏洞内容,细节仅向厂商公开
2016-04-11: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

最近喜欢上了打篮球,想买一双篮球鞋的。然后顺带测试下

详细说明:

code 区域 
http://info.peaksport.com/UpdateLog/UpdateList.aspx?UpdateYearMonth=201307
code 区域 
http://info.peaksport.com/UpdateLog/UpdateList.aspx?ModuleID=1
 <code>http://info.peaksport.com/UpdateLog/UpdateList.aspx?LogID=174

都存在注入

匹克某站点站多处SQL注入(泄露300w敏感信息/等)

匹克某站点站多处SQL注入(泄露300w敏感信息/等)

</code>

匹克某站点站多处SQL注入(泄露300w敏感信息/等)

影响数据。

code 区域 
Database: Peak
 +----------------------------------------+---------+
 | Table                                  | Entries |
 +----------------------------------------+---------+
 | dbo.Peak_Saleroom_tmp                  | 3088501 |
 | dbo.Peak_Saleroom_tmp                  | 3088501 |
 | dbo.Peak_SMS_History                   | 1165101 |
 | dbo.dnt_posts1                         | 309261  |
 | dbo.Peak_ShopRelations                 | 261382  |
 | dbo.BI_Shop                            | 103959  |
 | dbo.temp                               | 31037   |
 | dbo.VW_Shop                            | 29157   |
 | dbo.Peak_BI_LiJin                      | 20772   |
 | dbo.dnt_myposts                        | 20142   |
 | dbo.dnt_posts2                         | 18466   |
 | dbo.Peak_Picture                       | 17651   |
 | dbo.Peak_Product_Picture               | 17651   |
 | dbo.VW_QD_Shop                         | 16974   |
 | dbo.vw_EAS_LJ_SHOP                     | 16291   |
 | dbo.TMP150                             | 15303   |
 | dbo.Peak_BI_QuDao                      | 14930   |
 | dbo.TMP159                             | 14758   |
 | dbo.dnt_topics                         | 12519   |
 | dbo.TMP158                             | 12401   |
 | dbo.TMP135                             | 11780   |
 | dbo.dnt_attachments                    | 9370    |
 | dbo.TMP187                             | 9179    |
 | dbo.TMP151                             | 8482    |
 | dbo.VW_ShopRelations                   | 8468    |
 | dbo.Peak_BI_EAS                        | 8385    |
 | dbo.TMP136                             | 7340    |
 | dbo.Peak_Discount                      | 6708    |
 | dbo.TMP139                             | 6355    |
 | dbo.dnt_scheduledevents                | 6298    |
 | dbo.Peak_UserRole                      | 5776    |
 | dbo.TMP137                             | 5481    |
 | dbo.dnt_userfields                     | 5120    |
 | dbo.dnt_users                          | 5120    |
 | dbo.dnt_pms                            | 4826    |
 | dbo.TMP188                             | 4807    |
 | dbo.TMP182                             | 4373    |
 | dbo.Peak_CorrivalShop                  | 4173    |
 | dbo.TMP138                             | 3277    |
 | dbo.Peak_User                          | 2692    |
 | dbo.Peak_City                          | 2556    |
 | dbo.dnt_statvars                       | 1521    |
 | dbo.dnt_mytopics                       | 1253    |
 | dbo.dnt_myattachments                  | 1009    |
 | dbo.dnt_words                          | 690     |
 | dbo.dnt_trendstat                      | 669     |
 | dbo.dnt_onlinetime                     | 506     |
 | dbo.Peak_SaleQuotiety                  | 498     |
 | dbo.Peak_RolePermission                | 496     |
 | dbo.Peak_RolePermission                | 496     |
 | dbo.Peak_Customers                     | 365     |
 | dbo.T_lijintemp                        | 324     |
 | dbo.dnt_creditslog                     | 224     |
 | dbo.sys_RolePermission                 | 220     |
 | dbo.dnt_adminvisitlog                  | 210     |
 | dbo.Peak_UpdateLog_ModuleList          | 197     |
 | dbo.Peak_UpdateLog_ModuleList          | 197     |
 | dbo.Peak_UpdateLog_ModuleList          | 197     |
 | dbo.Peak_ReceiptMessage                | 187     |
 | dbo.dnt_moderatormanagelog             | 118     |
 | dbo.Peak_EasAgent_temp                 | 112     |
 | dbo.dnt_stats                          | 103     |
 | dbo.dnt_medalslog                      | 102     |
 | dbo.dnt_medalslog                      | 102     |
 | dbo.Peak_SendMessage                   | 100     |
 | dbo.Peak_EasAgent_his                  | 90      |
 | dbo.Peak_EasAgent_his                  | 90      |
 | dbo.dnt_smilies                        | 88      |
 | dbo.Peak_Agent                         | 87      |
 | dbo.VW_WareHouseAgent                  | 85      |
 | dbo.Peak_PositionOrOrgExplainsHis      | 81      |
 | dbo.Peak_Shop                          | 70      |
 | dbo.Peak_Menu                          | 64      |
 | dbo.dnt_topictags                      | 58      |
 | dbo.dnt_tags                           | 52      |
 | dbo.Peak_Module                        | 52      |
 | dbo.Peak_Bidding_Material_Detail       | 48      |
 | dbo.Peak_Bidding_Material_Detail       | 48      |
 | dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
 | dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
 | dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
 | dbo.dnt_polloptions                    | 32      |
 | dbo.dnt_favorites                      | 30      |
 | dbo.dnt_help                           | 29      |
 | dbo.dnt_paymentlog                     | 28      |
 | dbo.Peak_Map                           | 27      |
 | dbo.dnt_forumfields                    | 26      |
 | dbo.dnt_forums                         | 26      |
 | dbo.dnt_moderators                     | 26      |
 | dbo.dnt_topictagcaches                 | 26      |
 | dbo.WCRTEMP00006                       | 24      |
 | dbo.dnt_debatediggs                    | 23      |
 | dbo.S3_Tmp                             | 22      |
 | dbo.dnt_postdebatefields               | 21      |
 | dbo.Peak_AllowAccessPerson             | 18      |
 | dbo.dnt_topicidentify                  | 17      |
 | dbo.dnt_onlinelist                     | 16      |
 | dbo.dnt_onlinelist                     | 16      |
 | dbo.Peak_Bidding_Discuss               | 16      |
 | dbo.dnt_usergroups                     | 15      |
 | dbo.Peak_PayStubNotDisplayItem         | 15      |
 | dbo.dnt_spacemoduledefs                | 12      |
 | dbo.dnt_spacethemes                    | 12      |
 | dbo.Peak_Base                          | 12      |
 | dbo.dnt_photos                         | 11      |
 | dbo.dnt_polls                          | 10      |
 | dbo.Peak_LiJinServerDatabase           | 10      |
 | dbo.Peak_LiJinServerDatabase           | 10      |
 | dbo.Peak_ReceiveMessage                | 10      |
 | dbo.dnt_albumcategories                | 9       |
 | dbo.Peak_Bidding_Batch                 | 9       |
 | dbo.dnt_attachtypes                    | 8       |
 | dbo.Peak_Auction                       | 7       |
 | dbo.dnt_navs                           | 6       |
 | dbo.dnt_spacemodules                   | 6       |
 | dbo.dnt_templates                      | 6       |
 | dbo.Peak_SendLeadMobile                | 6       |
 | dbo.dnt_spacetabs                      | 5       |
 | dbo.dnt_admingroups                    | 3       |
 | dbo.dnt_albums                         | 3       |
 | dbo.dnt_phototags                      | 3       |
 | dbo.dnt_searchcaches                   | 3       |
 | dbo.Peak_Leader                        | 3       |
 | dbo.Peak_Scheduling                    | 3       |
 | dbo.dnt_bbcodes                        | 2       |
 | dbo.dnt_spaceconfigs                   | 2       |
 | dbo.dnt_spaceposts                     | 2       |
 | dbo.dnt_tablelist                      | 2       |
 | dbo.D99_Tmp                            | 1       |
 | dbo.dnt_announcements                  | 1       |
 | dbo.dnt_attachpaymentlog               | 1       |
 | dbo.dnt_debates                        | 1       |
 | dbo.dnt_forumlinks                     | 1       |
 | dbo.dnt_postid                         | 1       |
 | dbo.dnt_statistics                     | 1       |
 | dbo.Peak_SMS_SendQueue                 | 1       |
 +----------------------------------------+---------+

匹克某站点站多处SQL注入(泄露300w敏感信息/等)

漏洞证明:

code 区域 
Database: Peak
 +----------------------------------------+---------+
 | Table                                  | Entries |
 +----------------------------------------+---------+
 | dbo.Peak_Saleroom_tmp                  | 3088501 |
 | dbo.Peak_Saleroom_tmp                  | 3088501 |
 | dbo.Peak_SMS_History                   | 1165101 |
 | dbo.dnt_posts1                         | 309261  |
 | dbo.Peak_ShopRelations                 | 261382  |
 | dbo.BI_Shop                            | 103959  |
 | dbo.temp                               | 31037   |
 | dbo.VW_Shop                            | 29157   |
 | dbo.Peak_BI_LiJin                      | 20772   |
 | dbo.dnt_myposts                        | 20142   |
 | dbo.dnt_posts2                         | 18466   |
 | dbo.Peak_Picture                       | 17651   |
 | dbo.Peak_Product_Picture               | 17651   |
 | dbo.VW_QD_Shop                         | 16974   |
 | dbo.vw_EAS_LJ_SHOP                     | 16291   |
 | dbo.TMP150                             | 15303   |
 | dbo.Peak_BI_QuDao                      | 14930   |
 | dbo.TMP159                             | 14758   |
 | dbo.dnt_topics                         | 12519   |
 | dbo.TMP158                             | 12401   |
 | dbo.TMP135                             | 11780   |
 | dbo.dnt_attachments                    | 9370    |
 | dbo.TMP187                             | 9179    |
 | dbo.TMP151                             | 8482    |
 | dbo.VW_ShopRelations                   | 8468    |
 | dbo.Peak_BI_EAS                        | 8385    |
 | dbo.TMP136                             | 7340    |
 | dbo.Peak_Discount                      | 6708    |
 | dbo.TMP139                             | 6355    |
 | dbo.dnt_scheduledevents                | 6298    |
 | dbo.Peak_UserRole                      | 5776    |
 | dbo.TMP137                             | 5481    |
 | dbo.dnt_userfields                     | 5120    |
 | dbo.dnt_users                          | 5120    |
 | dbo.dnt_pms                            | 4826    |
 | dbo.TMP188                             | 4807    |
 | dbo.TMP182                             | 4373    |
 | dbo.Peak_CorrivalShop                  | 4173    |
 | dbo.TMP138                             | 3277    |
 | dbo.Peak_User                          | 2692    |
 | dbo.Peak_City                          | 2556    |
 | dbo.dnt_statvars                       | 1521    |
 | dbo.dnt_mytopics                       | 1253    |
 | dbo.dnt_myattachments                  | 1009    |
 | dbo.dnt_words                          | 690     |
 | dbo.dnt_trendstat                      | 669     |
 | dbo.dnt_onlinetime                     | 506     |
 | dbo.Peak_SaleQuotiety                  | 498     |
 | dbo.Peak_RolePermission                | 496     |
 | dbo.Peak_RolePermission                | 496     |
 | dbo.Peak_Customers                     | 365     |
 | dbo.T_lijintemp                        | 324     |
 | dbo.dnt_creditslog                     | 224     |
 | dbo.sys_RolePermission                 | 220     |
 | dbo.dnt_adminvisitlog                  | 210     |
 | dbo.Peak_UpdateLog_ModuleList          | 197     |
 | dbo.Peak_UpdateLog_ModuleList          | 197     |
 | dbo.Peak_UpdateLog_ModuleList          | 197     |
 | dbo.Peak_ReceiptMessage                | 187     |
 | dbo.dnt_moderatormanagelog             | 118     |
 | dbo.Peak_EasAgent_temp                 | 112     |
 | dbo.dnt_stats                          | 103     |
 | dbo.dnt_medalslog                      | 102     |
 | dbo.dnt_medalslog                      | 102     |
 | dbo.Peak_SendMessage                   | 100     |
 | dbo.Peak_EasAgent_his                  | 90      |
 | dbo.Peak_EasAgent_his                  | 90      |
 | dbo.dnt_smilies                        | 88      |
 | dbo.Peak_Agent                         | 87      |
 | dbo.VW_WareHouseAgent                  | 85      |
 | dbo.Peak_PositionOrOrgExplainsHis      | 81      |
 | dbo.Peak_Shop                          | 70      |
 | dbo.Peak_Menu                          | 64      |
 | dbo.dnt_topictags                      | 58      |
 | dbo.dnt_tags                           | 52      |
 | dbo.Peak_Module                        | 52      |
 | dbo.Peak_Bidding_Material_Detail       | 48      |
 | dbo.Peak_Bidding_Material_Detail       | 48      |
 | dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
 | dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
 | dbo.Peak_PositionOrOrgExplainsEntryHis | 44      |
 | dbo.dnt_polloptions                    | 32      |
 | dbo.dnt_favorites                      | 30      |
 | dbo.dnt_help                           | 29      |
 | dbo.dnt_paymentlog                     | 28      |
 | dbo.Peak_Map                           | 27      |
 | dbo.dnt_forumfields                    | 26      |
 | dbo.dnt_forums                         | 26      |
 | dbo.dnt_moderators                     | 26      |
 | dbo.dnt_topictagcaches                 | 26      |
 | dbo.WCRTEMP00006                       | 24      |
 | dbo.dnt_debatediggs                    | 23      |
 | dbo.S3_Tmp                             | 22      |
 | dbo.dnt_postdebatefields               | 21      |
 | dbo.Peak_AllowAccessPerson             | 18      |
 | dbo.dnt_topicidentify                  | 17      |
 | dbo.dnt_onlinelist                     | 16      |
 | dbo.dnt_onlinelist                     | 16      |
 | dbo.Peak_Bidding_Discuss               | 16      |
 | dbo.dnt_usergroups                     | 15      |
 | dbo.Peak_PayStubNotDisplayItem         | 15      |
 | dbo.dnt_spacemoduledefs                | 12      |
 | dbo.dnt_spacethemes                    | 12      |
 | dbo.Peak_Base                          | 12      |
 | dbo.dnt_photos                         | 11      |
 | dbo.dnt_polls                          | 10      |
 | dbo.Peak_LiJinServerDatabase           | 10      |
 | dbo.Peak_LiJinServerDatabase           | 10      |
 | dbo.Peak_ReceiveMessage                | 10      |
 | dbo.dnt_albumcategories                | 9       |
 | dbo.Peak_Bidding_Batch                 | 9       |
 | dbo.dnt_attachtypes                    | 8       |
 | dbo.Peak_Auction                       | 7       |
 | dbo.dnt_navs                           | 6       |
 | dbo.dnt_spacemodules                   | 6       |
 | dbo.dnt_templates                      | 6       |
 | dbo.Peak_SendLeadMobile                | 6       |
 | dbo.dnt_spacetabs                      | 5       |
 | dbo.dnt_admingroups                    | 3       |
 | dbo.dnt_albums                         | 3       |
 | dbo.dnt_phototags                      | 3       |
 | dbo.dnt_searchcaches                   | 3       |
 | dbo.Peak_Leader                        | 3       |
 | dbo.Peak_Scheduling                    | 3       |
 | dbo.dnt_bbcodes                        | 2       |
 | dbo.dnt_spaceconfigs                   | 2       |
 | dbo.dnt_spaceposts                     | 2       |
 | dbo.dnt_tablelist                      | 2       |
 | dbo.D99_Tmp                            | 1       |
 | dbo.dnt_announcements                  | 1       |
 | dbo.dnt_attachpaymentlog               | 1       |
 | dbo.dnt_debates                        | 1       |
 | dbo.dnt_forumlinks                     | 1       |
 | dbo.dnt_postid                         | 1       |
 | dbo.dnt_statistics                     | 1       |
 | dbo.Peak_SMS_SendQueue                 | 1       |
 +----------------------------------------+---------+

匹克某站点站多处SQL注入(泄露300w敏感信息/等)

修复方案:

版权声明:转载请注明来源 DeadSea@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-04-11 21:10

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(少于3人评价):

登陆后才能进行评分

100%

0%

0%

0%

0%

评价

  1. 2016-04-07 01:34 | Mr.li ( 普通白帽子 | Rank:106 漏洞数:36 | 爱萌妹子的骚年~)

    2

    突然想把自己用户名改成某厂商。/是不是很邪恶~

  2. 2016-04-12 14:58 | 1993* ( 实习白帽子 | Rank:34 漏洞数:10 | hacked by 菜菜(H))

    1

    这个可以有!

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin