当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2014-084912
漏洞标题:
药房网某站敏感信息泄露
相关厂商:
yaofang.cn
漏洞作者:
BMa
提交时间:
2014-11-28 16:26
修复时间:
2015-01-12 16:28
公开时间:
2015-01-12 16:28
漏洞类型:
敏感信息泄露
危害等级:
自评Rank:
9
漏洞状态:
厂商已经确认
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2014-11-28: 细节已通知厂商并且等待厂商处理中
2014-11-29: 厂商已经确认,细节仅向厂商公开
2014-12-09: 细节向核心白帽子及相关领域专家公开
2014-12-19: 细节向普通白帽子公开
2014-12-29: 细节向实习白帽子公开
2015-01-12: 细节向公众公开

简要描述:

药房网某站敏感信息泄露

详细说明:

共三处:
1,

URL:http://m.yaofang.cn/user/doLogin
POST:btnRegister=%E7%99%BB%E9%99%86&go=&logintype=0&password=bma123&username[]=493639943@@qq.com


A Database Error Occurred
Error Number: 1054
Unknown column 'Array' in 'where clause'
SELECT * FROM (`user`) WHERE `username` = Array AND `password` = '2da20caab7a8937b9a3bc85a079a193e'
Filename: /apache/htdocs/yfsite_wap/n/application/wap/models/usersmodel.php
Line Number: 97


2,

URL:http://m.yaofang.cn/user/doRecoverpass 
POST:btnRegister=%e8%8e%b7%e5%8f%96%e6%96%b0%e5%af%86%e7%a0%81&email=sample%40email.tst&username[]=apbxgyxh


A Database Error Occurred
Error Number: 1054
Unknown column 'Array' in 'where clause'
SELECT * FROM (`user`) WHERE `username` = Array
Filename: /apache/htdocs/yfsite_wap/n/application/wap/models/usersmodel.php
Line Number: 32


3,

URL:http://m.yaofang.cn//cart/add_Cart_info 
post:goods_id=1%00%c0%a7%c0%a2&r=0.9506772535387427


A Database Error Occurred
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , 0, ,'' ,'' , ,0 ,1 ,'' ,'' ,'' , ,42000 ,'2014-11-27 09:39:12',0,,0,0,'4166cd' at line 1
INSERT INTO ecs_cart (cur_integral, get_integral, user_id, goods_id, goods_sn, goods_name, market_price, goods_price, goods_number, product_unit, guige, company, is_real, shop_id, add_cart_time,flag,dealer_id,groupId,is_edit,session_id,fromId)VALUES(, , 0, ,'' ,'' , ,0 ,1 ,'' ,'' ,'' , ,42000 ,'2014-11-27 09:39:12',0,,0,0,'4166cd0c08d57efa204731985c313ab9',0);
Filename: /apache/htdocs/yfsite_wap/n/application/wap/models/cart_model.php
Line Number: 102


上图:

SQL.png


错误1.png


错误2.png


漏洞证明:

你要问我怎么不跑数据,我能说我不会么?

修复方案:

版权声明:转载请注明来源 BMa@乌云

>

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-11-29 16:28

厂商回复:

非常感谢!我们会尽快修复此漏洞。

最新状态:

暂无