药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

admin
admin
admin
140350
文章
117
评论
2017年3月26日18:53:49评论430 views字数 261阅读0分52秒阅读模式
摘要

2016-03-21: 细节已通知厂商并且等待厂商处理中
2016-03-24: 厂商已经确认,细节仅向厂商公开
2016-04-03: 细节向核心白帽子及相关领域专家公开
2016-04-13: 细节向普通白帽子公开
2016-04-23: 细节向实习白帽子公开
2016-05-08: 细节向公众公开

漏洞概要 关注数(11) 关注此漏洞

缺陷编号: WooYun-2016-187025

漏洞标题: 药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

相关厂商: 药到病除

漏洞作者: 小菜果子

提交时间: 2016-03-21 10:00

公开时间: 2016-05-08 16:27

漏洞类型: SQL注射漏洞

危害等级: 高

自评Rank: 20

漏洞状态: 已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: 数据库账户权限过高 Mysql

2人收藏

漏洞详情

披露状态:

2016-03-21: 细节已通知厂商并且等待厂商处理中
2016-03-24: 厂商已经确认,细节仅向厂商公开
2016-04-03: 细节向核心白帽子及相关领域专家公开
2016-04-13: 细节向普通白帽子公开
2016-04-23: 细节向实习白帽子公开
2016-05-08: 细节向公众公开

简要描述:

货真价实的超过千万信息泄露,求头条,求rank爆表

有用户订单详情、实名、手机号码、座机、住址等

详细说明:

code 区域 
http://**.**.**.**/index.php/Home/Index/goodslist2?pagetext=%E8%8A%B1%E8%8A%B1%E5%85%AC%E5%AD%90
code 区域 
available databases [11]:
 [*] cleverbak
 [*] clevercms
 [*] dtsnsold
 [*] ftpusers
 [*] information_schema
 [*] mysql
 [*] performance_schema
 [*] petct
 [*] test
 [*] weixinqiang
 [*] zhzy

药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

看看是否是千万级别,最下面有详细证明

code 区域 
Database: clevercms
 +----------------------------+---------+
 | Table                      | Entries |
 +----------------------------+---------+
 | app_visitor                | 14642042 |
 | shop_order_goods           | 5428707 |
 | app_users                  | 3303875 |
 | shop_order_taobaogoods     | 3155809 |
 | shop_order                 | 2801376 |
 | shop_systemlog             | 2685484 |
 | shop_comments              | 1489085 |
 | app_login_log              | 1457270 |
 | shop_goods_amount          | 1338729 |
 | shop_order_taobao_201511   | 1222323 |
 | shop_order_taobao          | 819538  |
 | shop_searchcache           | 801129  |
 | shop_searchkeywords        | 589598  |
 | cms_hits                   | 468659  |
 | cms_contenttag             | 424520  |
 | shop_xiaozhang             | 420995  |
 | cms_contentindex           | 416153  |
 | app_yuyue                  | 304433  |
 | xzd_orderCreate            | 264570  |
 | shop_qinghuo               | 209744  |
 | app_doctor                 | 202395  |
 | cms_collection             | 196849  |
 | cms_tags                   | 189849  |
 | app_disease                | 162770  |
 | app_login                  | 114414  |
 | shop_order_taobao_201408   | 113830  |
 | shop_order_taobao_201407   | 106150  |
 | shop_order_taobao_201406   | 105093  |
 | shop_order_taobao_201311   | 104852  |
 | shop_order_taobao_201409   | 97479   |
 | app_mydoctor               | 87409   |
 | shop_order_taobao_201405   | 86808   |
 | shop_order_taobao_201312   | 85074   |
 | cms_content31              | 84058   |
 | app_pay_log                | 80362   |
 | cms_content23              | 79929   |
 | shop_order_taobao_201307   | 78798   |
 | shop_order_taobao_201404   | 77390   |
 | shop_shippingclear         | 77305   |
 | shop_order_taobao_201403   | 77112   |
 | shop_order_taobao_201310   | 76670   |
 | shop_order_taobao_201402   | 76318   |
 | shop_order_taobao_201212   | 75573   |
 | shop_order_taobao_201308   | 74133   |
 | shop_order_taobao_201207   | 73837   |
 | shop_order_taobao_201401   | 71355   |
 | shop_order_taobao_201305   | 70524   |
 | shop_order_taobao_201306   | 69520   |
 | shop_order_taobao_201309   | 67553   |
 | shop_order_taobao_201303   | 65976   |
 | shop_writeoff_goods        | 64061   |
 | shop_order_taobao_201304   | 63860   |
 | shop_order_taobao_201301   | 63649   |
 | shop_order_action          | 62502   |
 | shop_order_taobao_201211   | 59482   |
 | shop_order_taobao_201209   | 51601   |
 | shop_order_taobao_201208   | 51252   |
 | app_caseassign             | 48695   |
 | shop_order_notice          | 42868   |
 | shop_order_taobao_201210   | 41451   |
 | shop_order_taobao_201302   | 38901   |
 | cms_content11              | 32870   |
 | cms_content30              | 32395   |
 | cms_content18              | 29794   |
 | cms_content99              | 28809   |
 | shop_inventory             | 26848   |
 | cms_content22              | 26310   |
 | cms_content13              | 24456   |
 | shop_receiver_address      | 20501   |
 | cms_content17              | 16926   |
 | tmp_goods_amount           | 16688   |
 | shop_goods                 | 14692   |
 | app_doctorurl              | 14670   |
 | cms_content12              | 14653   |
 | cms_content15              | 13823   |
 | shop_shippingarea          | 12335   |
 | cms_content20              | 11842   |
 | dt_service                 | 10426   |
 | cms_content16              | 9356    |
 | cms_content19              | 9265    |
 | shop_store_data            | 8868    |
 | app_card                   | 7737    |
 | shop_collect               | 7090    |
 | cms_content21              | 6811    |
 | shop_direct_order          | 6341    |
 | shop_purchase              | 5559    |
 | shop_goods_article         | 5385    |
 | cms_comment                | 4757    |
 | cms_content14              | 4641    |
 | shop_producer              | 4554    |
 | shop_taobao_area           | 4440    |
 | shop_goods_position        | 4079    |
 | shop_goods_subhost         | 3720    |
 | cms_content1               | 3370    |
 | bas_region                 | 3361    |
 | shop_region                | 3248    |
 | app_hospital_ext           | 3238    |
 | app_hospital               | 3237    |
 | app_sessions               | 3167    |
 | app_hosnews                | 2910    |
 | bas_disease                | 2703    |
 | cms_category               | 2369    |
 | cms_recycle                | 2264    |
 | shop_user_coupon           | 2143    |
 | shop_inventory_tmp         | 2050    |
 | shop_goods_category_goods  | 1893    |
 | shop_brand                 | 1849    |
 | shop_goods_maintain        | 1797    |
 | shop_extend_category       | 1778    |
 | shop_article               | 1335    |
 | cms_components             | 1284    |
 | app_hostjtc                | 1258    |
 | shop_askanswer             | 1075    |
 | shop_shippingtemplate_area | 855     |
 | shop_yiqifa                | 838     |
 | cms_gather                 | 796     |
 | shop_webcontent            | 727     |
 | shop_goodssku              | 586     |
 | shop_package_goods         | 522     |
 | shop_suppliergoods         | 478     |
 | shop_city                  | 429     |
 | app_hospital_comments      | 413     |
 | app_partner                | 396     |
 | cms_advert                 | 385     |
 | shop_goods_deleted         | 372     |
 | bas_project                | 370     |
 | shop_goods_category        | 339     |
 | shop_opinion               | 336     |
 | dt_casehistory             | 319     |
 | xzd_jiading2daoda          | 307     |
 | dt_order                   | 290     |
 | shop_goods_category_bak2   | 287     |
 | cms_adposition             | 277     |
 | cms_articlelevel           | 265     |
 | cms_comclass               | 247     |
 | shop_order_package         | 240     |
 | shop_package               | 233     |
 | system_role                | 204     |
 | shop_case_category         | 186     |
 | bas_symptom                | 175     |
 | cms_selectvalue            | 161     |
 | system_node                | 157     |
 | shop_supplier              | 144     |
 | shop_webposition           | 139     |
 | bas_dept                   | 133     |
 | app_yingxiao               | 125     |
 | z_ruimei_goods             | 104     |
 | cms_adclass                | 98      |
 | cms_field                  | 95      |
 | cms_admin                  | 81      |
 | shop_collocation           | 64      |
 | cms_config                 | 63      |
 | z_ruimei_dorder_dose       | 61      |
 | app_email                  | 55      |
 | cms_polls                  | 49      |
 | cms_kword_url              | 42      |
 | shop_writeoff              | 41      |
 | shop_order_taobao_youxian  | 40      |
 | shop_opinion_log           | 39      |
 | shop_active                | 33      |
 | z_ruimei_goods_sn          | 33      |
 | shop_province              | 31      |
 | cms_commentface            | 30      |
 | cms_const                  | 22      |
 | cms_module                 | 19      |
 | shop_importorder_log       | 19      |
 | dt_company                 | 18      |
 | shop_shippers              | 16      |
 | shop_express_taobao        | 15      |
 | system_department          | 15      |
 | shop_editor_order          | 14      |
 | app_service                | 12      |
 | cms_help                   | 12      |
 | shop_coupon                | 12      |
 | shop_shippingcompany       | 12      |
 | app_user_share             | 11      |
 | shop_feedback              | 11      |
 | shop_shippingtemplate      | 9       |
 | shop_shipping              | 8       |
 | cms_class                  | 7       |
 | app_report                 | 6       |
 | tumor_survey               | 6       |
 | app_report_comment         | 5       |
 | app_service_comment        | 5       |
 | cms_nav                    | 5       |
 | shop_article_category      | 4       |
 | system_company             | 3       |
 | z_ruimei_doctor            | 3       |
 | cms_attach                 | 2       |
 | cms_select                 | 2       |
 | shop_gift                  | 2       |
 | z_ruimei_user              | 2       |
 | cms_extension              | 1       |
 | cms_schcache               | 1       |
 | shop_storeroom             | 1       |
 | z_ruimei_dorder            | 1       |
 +----------------------------+---------+

330万登录账号信息

药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

310万淘宝货物订单

药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

280万 shop 客户订单信息

药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

120万的淘宝订单客户信息

药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

早期的81万淘宝订单信息

药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

过千万了吧!!!

漏洞证明:

code 区域 
http://**.**.**.**/index.php/Home/Index/goodslist2?pagetext=%E8%8A%B1%E8%8A%B1%E5%85%AC%E5%AD%90

药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

药到病除某漏洞涉及330万账号信息/400多万客户订单信息/310淘宝货物订单信息

修复方案:

你懂得

版权声明:转载请注明来源 小菜果子@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2016-03-24 16:27

厂商回复:

CNVD未直接复现所述情况,暂未建立与网站管理单位的直接处置渠道,待认领。

最新状态:

暂无

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin