59互联主站存在SQL漏洞 | wooyun-2016-0169186

漏洞概要关注数(24) 关注此漏洞

缺陷编号：

wooyun-2016-0169186

漏洞标题：

59互联主站存在SQL漏洞

漏洞详情

披露状态：

2016-01-11：细节已通知厂商并且等待厂商处理中
2016-01-12：厂商已经确认，细节仅向厂商公开
2016-01-22：细节向核心白帽子及相关领域专家公开
2016-02-01：细节向普通白帽子公开
2016-02-11：细节向实习白帽子公开
2016-02-22：细节向公众公开

简要描述：

sql注入

详细说明：

存在漏洞：http://59.cn/service/serLogin/w_service_chkLogin.asp?action=chklogin&auser=1

+-------------------------+---------+
| Table                   | Entries |
+-------------------------+---------+
| dbo.userlogin_log       | 1861273 |
| dbo.A_User_Account      | 1470922 |
| dbo.x59_Account         | 1083543 |
| dbo.integral            | 489171  |
| dbo.points              | 489171  |
| dbo.A_Indent_Domain     | 357630  |
| dbo.adminop_log         | 269537  |
| dbo.A_User_Main         | 92310   |
| dbo.A_User_Level_Price  | 91845   |
| dbo.A_FAQ               | 87660   |
| dbo.Area_View           | 79624   |
| dbo.ProductRemind       | 66018   |
| dbo.B_IPay              | 45804   |
| dbo.A_Domain_ConTact    | 26471   |
| dbo.x59_RegDomain_Log   | 19772   |
| dbo.A_Indent_Host       | 18476   |
| dbo.A_API_UserRecord    | 16907   |
| dbo.tbl_UserAccount     | 12647   |
| dbo.Admin_Log           | 10638   |
| dbo.A_Indent_VPS        | 10628   |
| dbo.w_CheckDomainList   | 9049    |
| dbo.cre_tmp_all         | 7722    |
| dbo.x59_RenDomain_Log   | 7627    |
| dbo.user_log            | 7612    |
| dbo.A_WebHost           | 4938    |
| dbo.A_domain_template   | 3985    |
| dbo.B_CorpMail          | 2799    |
| dbo.aa                  | 2797    |
| dbo.A_Indent_SQL        | 2640    |
| dbo.A_Web_Whois         | 2292    |
| dbo.A_Indent_Plat       | 2189    |
| dbo.qk_customer         | 1279    |
| dbo.Agent_sys_config    | 1206    |
| dbo.A_Web_ShopCart      | 1159    |
| dbo.A_Product_Main      | 831     |
| dbo.DomainRemind        | 707     |
| dbo.ShopOrder           | 617     |
| dbo.UserPaFa            | 534     |
| dbo.B_News              | 400     |
| dbo.B_Domain_Contacts   | 384     |
| dbo.HostEfangStopList   | 300     |
| dbo.B_Country           | 239     |
| dbo.ProCard             | 206     |
| dbo.COR_Tmp             | 187     |
| dbo.Agent_FAQ           | 176     |
| dbo.B_AppPool           | 166     |
| dbo.changeHost          | 100     |
| dbo.A_Indent_Email      | 75      |
| dbo.SelectIP            | 64      |
| dbo.Agent_Adv           | 61      |
| dbo.UserPaFaMemo        | 60      |
| dbo.cre_tmp_id_bak      | 43      |
| dbo.A_ICP_Type          | 37      |
| dbo.A_ICP_News          | 29      |
| dbo.nok                 | 29      |
| dbo.Administrator       | 26      |
| dbo.qk_codeMap          | 26      |
| dbo.opr_log             | 22      |
| dbo.A_Indent_DNS        | 18      |
| dbo.B_Log_Delete        | 18      |
| dbo.RemindContent       | 18      |
| dbo.w_CheckTotalAccount | 16      |
| dbo.partner59_info      | 15      |
| dbo.w_CheckDomList      | 14      |
| dbo.A_Indent_API        | 13      |
| dbo.qk_ip               | 12      |
| dbo.W_FAQ               | 7       |
| dbo.knot_log            | 6       |
| dbo.qk_agent            | 4       |
| dbo.A_Indent_Search     | 3       |
| dbo.ICPAccout           | 3       |
| dbo.messages            | 3       |
| dbo.cre_tmp_id          | 2       |
| dbo.x59_Domain_Expied   | 2       |
| dbo.B_Credence_Count    | 1       |
+-------------------------+---------+
Database: vcp
Table: dbo.A_User_Account
[25 columns]
+----------------+----------+
| Column         | Type     |
+----------------+----------+
| aa             | decimal  |
| balance        | money    |
| bankDate       | datetime |
| buynum         | tinyint  |
| CheckTime      | datetime |
| Credence       | nvarchar |
| DoDate         | datetime |
| estate         | nvarchar |
| Extend         | nvarchar |
| Handle         | nvarchar |
| id             | bigint   |
| isknot         | char     |
| MoneyDate      | datetime |
| MoneyPayFor    | nvarchar |
| MoneyWay       | nvarchar |
| ParentID       | nvarchar |
| parentPartner  | varchar  |
| PartnerProfits | money    |
| remark2        | varchar  |
| source         | varchar  |
| TrueId         | varchar  |
| TrueName       | nvarchar |
| txtPartner     | varchar  |
| UserID         | nvarchar |
| wise           | nvarchar |
+----------------+----------+
Database: vcp
Table: dbo.x59_Account
[25 columns]
+----------------+----------+
| Column         | Type     |
+----------------+----------+
| aa             | decimal  |
| balance        | money    |
| bankDate       | datetime |
| buynum         | tinyint  |
| CheckTime      | datetime |
| Credence       | nvarchar |
| DoDate         | datetime |
| estate         | nvarchar |
| Extend         | nvarchar |
| Handle         | nvarchar |
| id             | bigint   |
| isknot         | char     |
| MoneyDate      | datetime |
| MoneyPayFor    | nvarchar |
| MoneyWay       | nvarchar |
| ParentID       | nvarchar |
| parentPartner  | varchar  |
| PartnerProfits | money    |
| remark2        | varchar  |
| source         | varchar  |
| TrueId         | varchar  |
| TrueName       | nvarchar |
| txtPartner     | varchar  |
| UserID         | nvarchar |
| wise           | nvarchar |
+----------------+----------+

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：18

确认时间：2016-01-12 11:59

厂商回复：

感谢提供

WooYun.org

漏洞概要关注数(24) 关注此漏洞

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

版权声明：转载请注明来源路人甲@乌云