当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2011-02728

漏洞标题:新浪分站注入,漏洞好多啊

相关厂商:新浪

漏洞作者: etcat

提交时间:2011-08-26 15:32

修复时间:2011-09-25 15:33

公开时间:2011-09-25 15:33

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2011-08-26: 细节已通知厂商并且等待厂商处理中
2011-08-26: 厂商已经确认,细节仅向厂商公开
2011-09-05: 细节向核心白帽子及相关领域专家公开
2011-09-15: 细节向普通白帽子公开
2011-09-25: 细节向实习白帽子公开
2011-09-25: 细节向公众公开

简要描述:

呵呵

详细说明:

漏洞证明:

http://photo.auto.sina.com.cn/photo/?did=626
2008carpaster_pic
2008carpaster_user
2008carpaster_vote
2008chepai_pic
2008chepai_user
2008chepai_vote
admin_accounts
admin_score
app_head
app_photo
app_user uid username pwd createtime status
auto_brands
auto_brands_related
auto_groups
auto_show_2005_sh
bbs_data
bestmodel_type
bestmodel_vote
bestmodel_vote_19
bestmodel_vote_20
bestmodel_vote_21
bestmodel_vote_22
bestmodel_vote_23
bestmodel_vote_24
bestmodel_vote_25
bestmodel_vote_26
bestmodel_vote_27
bestmodel_vote_28
bestmodel_vote_29
bestmodel_vote_30
bestmodel_vote_31
bestmodel_vote_32
bestmodel_vote_33
bestmodel_vote_34
bestmodel_vote_35
bestmodel_vote_36
bestmodel_vote_37
bestmodel_vote_38
bestmodel_vote_39
bestmodel_vote_40
bit_auto
brand_vote_2008bj
bug_report
buycar_photo
del_photo
deleted_class
dpool_check_db
exhi_subbrand
exhi_subbrand_16
exhi_subbrand_17
exhi_subbrand_18
exhi_subbrand_19
exhi_subbrand_20
exhi_subbrand_21
exhi_subbrand_22
exhi_subbrand_23
exhi_subbrand_24
exhi_subbrand_25
exhi_subbrand_26
exhi_subbrand_27
exhi_subbrand_28
exhi_subbrand_29
exhi_subbrand_30
exhi_subbrand_31
exhi_subbrand_32
exhi_subbrand_33
exhi_subbrand_34
exhi_subbrand_35
exhi_subbrand_36
exhi_subbrand_37
exhi_subbrand_38
exhi_subbrand_39
exhi_subbrand_40
fans_album
fans_cmnt
fans_photo
fans_user id user_name nick_name photo_s sex addr birth hobby resume photo_info createtime status
fans_works
gallery_activity
gallery_car
gallery_cartype
gallery_class
gallery_class_1
gallery_class_10
gallery_class_11
gallery_class_13
gallery_class_14
gallery_class_15
gallery_class_16
gallery_class_17
gallery_class_18
gallery_class_19
gallery_class_2
gallery_class_20
gallery_class_21
gallery_class_22
gallery_class_23
gallery_class_24
gallery_class_25
gallery_class_26
gallery_class_27
gallery_class_28
gallery_class_29
gallery_class_3
gallery_class_30
gallery_class_31
gallery_class_32
gallery_class_33
gallery_class_34
gallery_class_35
gallery_class_36
gallery_class_37
gallery_class_38

修复方案:

版权声明:转载请注明来源 etcat@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2011-08-26 18:42

厂商回复:

已做过简单过滤,无法读取表中数据,感谢提供……

最新状态:

暂无


漏洞评价:

评论

  1. 2011-09-26 11:12 | tenzy ( 普通白帽子 | Rank:176 漏洞数:21 | Need not to know)

    已做过简单过滤,新浪,你们是不是请了菜鸟啊。突然爆那么多注入