当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2011-02796

漏洞标题:搜狐旗下爽歪歪活动网站用户信息泄露

相关厂商:搜狐

漏洞作者: VIP

提交时间:2011-09-07 17:07

修复时间:2011-09-07 17:35

公开时间:2011-09-07 17:35

漏洞类型:用户资料大量泄漏

危害等级:低

自评Rank:3

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2011-09-07: 积极联系厂商并且等待厂商认领中,细节不对外公开
2011-09-07: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

泄露不解释

详细说明:

http://wahaha.sohu.com/aa.php

漏洞证明:

INSERT INTO `whh4_vote_sum` set resource_id =7, vote_month= 10, name="孙耀阳" , votes =41;
INSERT INTO `whh4_vote_sum` set resource_id =14, vote_month= 10, name="王垚" , votes =25;
INSERT INTO `whh4_vote_sum` set resource_id =21, vote_month= 10, name="崔子涵" , votes =41;
INSERT INTO `whh4_vote_sum` set resource_id =28, vote_month= 10, name="张锦泽" , votes =39;
INSERT INTO `whh4_vote_sum` set resource_id =35, vote_month= 10, name="王帝景" , votes =19;
INSERT INTO `whh4_vote_sum` set resource_id =42, vote_month= 10, name="翟君卿" , votes =27;
INSERT INTO `whh4_vote_sum` set resource_id =49, vote_month= 10, name="王彦栋" , votes =43;
INSERT INTO `whh4_vote_sum` set resource_id =56, vote_month= 10, name="叶寒琪" , votes =46;
INSERT INTO `whh4_vote_sum` set resource_id =63, vote_month= 10, name="张靖曼" , votes =12;
INSERT INTO `whh4_vote_sum` set resource_id =70, vote_month= 10, name="邹子航" , votes =48;
INSERT INTO `whh4_vote_sum` set resource_id =77, vote_month= 10, name="王彤彤" , votes =46;
INSERT INTO `whh4_vote_sum` set resource_id =84, vote_month= 10, name="陈泽智" , votes =41;
INSERT INTO `whh4_vote_sum` set resource_id =91, vote_month= 10, name="吴晨越" , votes =17;
INSERT INTO `whh4_vote_sum` set resource_id =98, vote_month= 10, name="林政宇" , votes =38;
INSERT INTO `whh4_vote_sum` set resource_id =105, vote_month= 10, name="黎志丽" , votes =45;
INSERT INTO `whh4_vote_sum` set resource_id =112, vote_month= 10, name="耿天灿" , votes =45;
INSERT INTO `whh4_vote_sum` set resource_id =119, vote_month= 10, name="孟令屹" , votes =35;
INSERT INTO `whh4_vote_sum` set resource_id =126, vote_month= 10, name="郑芷琳" , votes =45;
………………………………


http://wahaha.sohu.com/aa.php

修复方案:

限制访问

版权声明:转载请注明来源 VIP@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:1 (WooYun评价)


漏洞评价:

评论