漏洞概要 关注数(2) 关注此漏洞
缺陷编号: WooYun-2016-172945
漏洞标题: 翼虎网多处注入涉及130w会员信息含密码
相关厂商: yiihuu.com
漏洞作者: 头晕脑壳疼
提交时间: 2016-03-04 11:55
公开时间: 2016-04-18 12:08
漏洞类型: SQL注射漏洞
危害等级: 高
自评Rank: 15
漏洞状态: 厂商已经确认
漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系
Tags标签: 无
漏洞详情
披露状态:
2016-03-04: 细节已通知厂商并且等待厂商处理中
2016-03-04: 厂商已经确认,细节仅向厂商公开
2016-03-14: 细节向核心白帽子及相关领域专家公开
2016-03-24: 细节向普通白帽子公开
2016-04-03: 细节向实习白帽子公开
2016-04-18: 细节向公众公开
简要描述:
翼虎网是以视频点播为主要特色的艺术在线学习平台,是全球首个案例。翼虎网目前设计多款图片处理相关软件,实用性比较强,堪称第一数字艺术学习社区。
详细说明:
第一处
http://m.yiihuu.com/bc/detail.php?id=32*&f=h
第二处
http://m.yiihuu.com/bc/detail.php?id=34
7个数据库
172个表
Database: yiihuu_db
[172 tables]
+-------------------------+
| 360_token |
| activity |
| admin |
| advertisement |
| album |
| album_chapter |
| album_copy |
| album_copy_chapter |
| album_count |
| album_extend |
| album_project |
| album_rank_month |
| album_rank_week |
| album_video |
| ask |
| ask_answer |
| ask_content |
| ask_zan |
| attention |
| baidu_push |
| book |
| book_art_tag |
| book_article |
| book_article_ext |
| book_article_temp |
| book_tag |
| business_course |
| business_order |
| card_study |
| chips |
| chips_courses |
| comment |
| comment_att |
| comment_content |
| comment_goodlog |
| comment_reply |
| courses |
| courses_attachment |
| courses_count |
| courses_extend |
| courses_homework |
| courses_homework_attr |
| courses_homework_topic |
| courses_info |
| courses_learn_progress |
| courses_live |
| courses_live_need |
| courses_manage_progress |
| courses_notice |
| courses_payback |
| courses_plan |
| courses_progress |
| courses_push |
| courses_qa |
| courses_qa_fav |
| courses_repay |
| courses_section |
| courses_step |
| courses_step_homework |
| courses_student_test |
| courses_student_work |
| courses_task |
| courses_task_comp |
| courses_test_ext |
| courses_video |
| courses_video_attr |
| coursesapply |
| courseslist |
| download |
| download_class |
| download_count |
| download_ext |
| download_log |
| edu_apply |
| email_count |
| error_reason |
| event_0410 |
| event_0421 |
| event_0509 |
| event_bless |
| event_cj |
| event_gift |
| event_gift_list |
| event_jyj |
| event_jyj_ly |
| event_lhb |
| event_lhb_extend |
| event_org |
| event_org_votelist |
| event_prize |
| event_school_msg |
| event_tejia |
| event_vip_wjdc |
| event_wx_hubi |
| event_wx_lhb |
| event_wx_menucount |
| exp_get |
| exp_op |
| fanc |
| favorites |
| filter_keyword |
| help |
| image_content |
| image_count |
| index_show |
| mail_auth |
| mail_notify |
| member |
| member_bind |
| member_bind_token |
| member_extend |
| member_filter |
| member_log |
| member_login_record |
| member_message |
| member_other |
| message |
| message_push |
| meta_custom |
| news |
| news_class |
| news_ext |
| push_action |
| push_content |
| push_msg_qq |
| quan |
| quan_ext |
| say |
| say_content |
| say_count |
| say_log |
| search_syn |
| search_word |
| send_mail |
| share |
| sign |
| sign_extend |
| sort_exp |
| sort_level |
| sort_log |
| sort_theme |
| sort_theme_2 |
| sort_tool |
| sort_tool_industry |
| space_focusimg |
| space_friendlink |
| space_group |
| space_member_info |
| space_org_news |
| space_view |
| study |
| subject |
| subject_column |
| subject_soft_content |
| subscribe |
| sys_message |
| task |
| task_member |
| task_verify_ip |
| tbl_session |
| video |
| video_bigpic |
| video_content |
| video_count |
| words |
| words_rank_month |
| words_rank_week |
| wordsset |
| wordsset_count |
| wordsset_extend |
| wordsset_list |
| wx_keyword |
+-------------------------+
大约130w会员信息
验证一个
漏洞证明:
第一处
http://m.yiihuu.com/bc/detail.php?id=32*&f=h
第二处
http://m.yiihuu.com/bc/detail.php?id=34
7个数据库
172个表
Database: yiihuu_db
[172 tables]
+-------------------------+
| 360_token |
| activity |
| admin |
| advertisement |
| album |
| album_chapter |
| album_copy |
| album_copy_chapter |
| album_count |
| album_extend |
| album_project |
| album_rank_month |
| album_rank_week |
| album_video |
| ask |
| ask_answer |
| ask_content |
| ask_zan |
| attention |
| baidu_push |
| book |
| book_art_tag |
| book_article |
| book_article_ext |
| book_article_temp |
| book_tag |
| business_course |
| business_order |
| card_study |
| chips |
| chips_courses |
| comment |
| comment_att |
| comment_content |
| comment_goodlog |
| comment_reply |
| courses |
| courses_attachment |
| courses_count |
| courses_extend |
| courses_homework |
| courses_homework_attr |
| courses_homework_topic |
| courses_info |
| courses_learn_progress |
| courses_live |
| courses_live_need |
| courses_manage_progress |
| courses_notice |
| courses_payback |
| courses_plan |
| courses_progress |
| courses_push |
| courses_qa |
| courses_qa_fav |
| courses_repay |
| courses_section |
| courses_step |
| courses_step_homework |
| courses_student_test |
| courses_student_work |
| courses_task |
| courses_task_comp |
| courses_test_ext |
| courses_video |
| courses_video_attr |
| coursesapply |
| courseslist |
| download |
| download_class |
| download_count |
| download_ext |
| download_log |
| edu_apply |
| email_count |
| error_reason |
| event_0410 |
| event_0421 |
| event_0509 |
| event_bless |
| event_cj |
| event_gift |
| event_gift_list |
| event_jyj |
| event_jyj_ly |
| event_lhb |
| event_lhb_extend |
| event_org |
| event_org_votelist |
| event_prize |
| event_school_msg |
| event_tejia |
| event_vip_wjdc |
| event_wx_hubi |
| event_wx_lhb |
| event_wx_menucount |
| exp_get |
| exp_op |
| fanc |
| favorites |
| filter_keyword |
| help |
| image_content |
| image_count |
| index_show |
| mail_auth |
| mail_notify |
| member |
| member_bind |
| member_bind_token |
| member_extend |
| member_filter |
| member_log |
| member_login_record |
| member_message |
| member_other |
| message |
| message_push |
| meta_custom |
| news |
| news_class |
| news_ext |
| push_action |
| push_content |
| push_msg_qq |
| quan |
| quan_ext |
| say |
| say_content |
| say_count |
| say_log |
| search_syn |
| search_word |
| send_mail |
| share |
| sign |
| sign_extend |
| sort_exp |
| sort_level |
| sort_log |
| sort_theme |
| sort_theme_2 |
| sort_tool |
| sort_tool_industry |
| space_focusimg |
| space_friendlink |
| space_group |
| space_member_info |
| space_org_news |
| space_view |
| study |
| subject |
| subject_column |
| subject_soft_content |
| subscribe |
| sys_message |
| task |
| task_member |
| task_verify_ip |
| tbl_session |
| video |
| video_bigpic |
| video_content |
| video_count |
| words |
| words_rank_month |
| words_rank_week |
| wordsset |
| wordsset_count |
| wordsset_extend |
| wordsset_list |
| wx_keyword |
+-------------------------+
大约130w会员信息
验证一个
修复方案:
版权声明:转载请注明来源 头晕脑壳疼@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:20
确认时间:2016-03-04 12:08
厂商回复:
确实是个重大漏洞
最新状态:
暂无
漏洞评价:
对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值
漏洞评价(共0人评价):
登陆后才能进行评分
评论