当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-07710

漏洞标题:新浪某站配置不当致敏感信息泄露!

相关厂商:新浪

漏洞作者: zeracker

提交时间:2012-05-30 22:23

修复时间:2012-07-14 22:24

公开时间:2012-07-14 22:24

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2012-05-30: 细节已通知厂商并且等待厂商处理中
2012-05-31: 厂商已经确认,细节仅向厂商公开
2012-06-10: 细节向核心白帽子及相关领域专家公开
2012-06-20: 细节向普通白帽子公开
2012-06-30: 细节向实习白帽子公开
2012-07-14: 细节向公众公开

简要描述:

新浪某站配置不当致敏感信息泄露!
各种表,各种报错....

详细说明:

http://snapshot.news.sina.com.cn/subject/adodb/tests/test-datadict.php


sapdb
CREATE DATABASE KUTU;
DROP TABLE KUTU.testtable;
CREATE TABLE KUTU.testtable (
ID INTEGER NOT NULL DEFAULT SERIAL,
FIRSTNAME VARCHAR(30) DEFAULT 'Joan',
LASTNAME VARCHAR(28) NOT NULL DEFAULT 'Chen',
averylonglongfieldname LONG,
price FIXED(7,2) DEFAULT 0.00,
MYDATE DATE DEFAULT DATE,
BIGFELLOW LONG,
TS TIMESTAMP DEFAULT TIMESTAMP,
PRIMARY KEY (ID, LASTNAME)
);
CREATE INDEX idx ON KUTU.testtable (firstname, lastname);
CREATE INDEX idx2 ON KUTU.testtable (price, lastname);
ALTER TABLE KUTU.testtable ADD (height FLOAT(38), weight FLOAT(38));
ALTER TABLE KUTU.testtable MODIFY (height FLOAT(38) NOT NULL, weight FLOAT(38) NOT NULL);
sapdb
ALTER TABLE KUTU.table DROP ("my col", "col2_with_Quotes", A_col3, "col3(10)");
CREATE TABLE KUTU.adoxyz (
LASTNAME VARCHAR(32)
);
sybase
CREATE DATABASE KUTU;
DROP TABLE KUTU.testtable;
CREATE TABLE KUTU.testtable (
ID INT DEFAULT AUTOINCREMENT NOT NULL,
FIRSTNAME VARCHAR(30) DEFAULT 'Joan',
LASTNAME VARCHAR(28) DEFAULT 'Chen' NOT NULL,
averylonglongfieldname TEXT NULL,
price NUMERIC(7,2) DEFAULT 0.00,
MYDATE DATETIME DEFAULT GetDate(),
BIGFELLOW TEXT NULL,
TS DATETIME NULL,
PRIMARY KEY (ID, LASTNAME)
);
CREATE CLUSTERED INDEX idx ON KUTU.testtable (firstname, lastname);
CREATE INDEX idx2 ON KUTU.testtable (price, lastname);
ALTER TABLE KUTU.testtable ADD
height REAL NULL,
weight REAL NULL;
ALTER TABLE KUTU.testtable ALTER COLUMN height REAL NOT NULL;
ALTER TABLE KUTU.testtable ALTER COLUMN weight REAL NOT NULL;
sybase
ALTER TABLE KUTU.table
DROP COLUMN "my col",
DROP COLUMN "col2_with_Quotes",
DROP COLUMN A_col3,
DROP COLUMN "col3(10)";
CREATE TABLE KUTU.adoxyz (
LASTNAME VARCHAR(32) NULL
);
mysqlt
CREATE DATABASE KUTU;
DROP TABLE IF EXISTS KUTU.testtable;
CREATE TABLE KUTU.testtable (
ID INTEGER NOT NULL AUTO_INCREMENT,
FIRSTNAME VARCHAR(30) DEFAULT 'Joan',
LASTNAME VARCHAR(28) NOT NULL DEFAULT 'Chen',
averylonglongfieldname TEXT,
price NUMERIC(7,2) DEFAULT 0.00,
MYDATE TIMESTAMP,
BIGFELLOW TEXT,
TS TIMESTAMP,
PRIMARY KEY (ID, LASTNAME)
)TYPE=INNODB;
ALTER TABLE KUTU.testtable ADD FULLTEXT INDEX idx (firstname, lastname);
ALTER TABLE KUTU.testtable ADD INDEX idx2 (price, lastname);
ALTER TABLE KUTU.testtable ADD height DOUBLE;
ALTER TABLE KUTU.testtable ADD weight DOUBLE;
ALTER TABLE KUTU.testtable MODIFY COLUMN height DOUBLE NOT NULL;
ALTER TABLE KUTU.testtable MODIFY COLUMN weight DOUBLE NOT NULL;
mysql
ALTER TABLE KUTU.table DROP COLUMN `my col`;
ALTER TABLE KUTU.table DROP COLUMN `col2_with_Quotes`;
ALTER TABLE KUTU.table DROP COLUMN A_col3;
ALTER TABLE KUTU.table DROP COLUMN `col3(10)`;
CREATE TABLE KUTU.adoxyz (
LASTNAME VARCHAR(32)
);
access
Warning: Access does not supported DEFAULT values (field FIRSTNAME)
Warning: Access does not supported DEFAULT values (field LASTNAME)
Warning: Access does not supported DEFAULT values (field price)
Warning: Access does not supported DEFAULT values (field MYDATE)
Warning: Access does not supported DEFAULT values (field TS)
AlterColumnSQL not supported
DROP TABLE testtable;
CREATE TABLE testtable (
ID COUNTER,
FIRSTNAME VARCHAR(30),
LASTNAME VARCHAR(28) NOT NULL,
averylonglongfieldname MEMO,
price NUMERIC(7,2),
MYDATE DATETIME,
BIGFELLOW MEMO,
TS DATETIME,
PRIMARY KEY (ID, LASTNAME)
);
CREATE INDEX idx ON testtable (firstname, lastname);
CREATE INDEX idx2 ON testtable (price, lastname);
ALTER TABLE testtable ADD height DOUBLE;
ALTER TABLE testtable ADD weight DOUBLE;
access
DropColumnSQL not supported
CREATE TABLE adoxyz (
LASTNAME VARCHAR(32)
);
oci8
CREATE USER KUTU IDENTIFIED BY tiger;
/
GRANT CREATE SESSION, CREATE TABLE,UNLIMITED TABLESPACE,CREATE SEQUENCE TO KUTU;
/
DROP TABLE KUTU.testtable CASCADE CONSTRAINTS;
/
drop sequence KUTU.seq_testtable;
/
CREATE TABLE KUTU.testtable (
ID DECIMAL(10) NOT NULL,
FIRSTNAME VARCHAR(30) DEFAULT 'Joan',
LASTNAME VARCHAR(28) DEFAULT 'Chen' NOT NULL,
averylonglongfieldname VARCHAR(4000),
price DECIMAL(7,2) DEFAULT 0.00,
MYDATE DATE DEFAULT TRUNC(SYSDATE),
BIGFELLOW VARCHAR(4000),
TS DATE DEFAULT SYSDATE,
PRIMARY KEY (ID, LASTNAME)
)TABLESPACE USERS;
/
DROP SEQUENCE KUTU.SEQ_testtable;
/
CREATE SEQUENCE KUTU.SEQ_testtable ;
/
CREATE OR REPLACE TRIGGER KUTU.TRIG_SEQ_testtable BEFORE insert ON KUTU.testtable FOR EACH ROW WHEN (NEW.ID IS NULL OR NEW.ID = 0) BEGIN select KUTU.SEQ_testtable.nextval into :new.ID from dual; END;;
/
CREATE BITMAP INDEX idx ON KUTU.testtable (firstname, lastname);
/
CREATE INDEX idx2 ON KUTU.testtable (price, lastname);
/
ALTER TABLE testtable ADD (
height DECIMAL,
weight DECIMAL);
/
ALTER TABLE testtable MODIFY(
height DECIMAL NOT NULL,
weight DECIMAL NOT NULL);
/
oci8
ALTER TABLE table DROP("my col", "col2_with_Quotes", A_col3, "col3(10)") CASCADE CONSTRAINTS;
/
CREATE TABLE KUTU.adoxyz (
LASTNAME VARCHAR(32)
);
/
postgres

漏洞证明:

http://rent.house.sina.com.cn/search/search_iframe.php?&key=%E8%AF%B7%E8%BE%93%E5%85%A5%E5%B0%8F%E5%8C%BA%E6%88%96%E5%9C%B0%E6%AE%B5%20...&tags=5&page=7
Warning: mysql_connect() [function.mysql-connect]: Lost connection to MySQL server at 'reading initial communication packet', system error: 110 in /data0/htdocs/www/rentsina/include/mysql_class.php on line 10
连接MYSQL服务器出错
2013
Lost connection to MySQL server at 'reading initial communication packet', system error: 110
http://2006.sina.com.cn/club/
Notice: Use of undefined constant ST_NEVER_LOGIN - assumed 'ST_NEVER_LOGIN' in /data1/apache/iguess/htdocs/include/function.php on line 2
Notice: Constant ROOT_PATH already defined in /data0/guess_log/include/path.php on line 2
Notice: Use of undefined constant pageft - assumed 'pageft' in /data1/apache/iguess/htdocs/include/pageft.php on line 3
Notice: Undefined variable: result in /data1/apache/iguess/htdocs/include/stand_lib.php on line 188
Warning: mysql_connect(): Lost connection to MySQL server during query in /data1/apache/iguess/htdocs/include/db_connx.php on line 42
http://fj.sina.com.cn/xm/auto/2011-08-04/075011503.html
Warning:mysql_pconnect() [function.mysql-pconnect]: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) in /data2/che/www/lib/db.php on line 2
  "> "> Warning:mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /data2/che/www/lib/db.php on line 3
  "> "> Warning:mysql_query(): supplied argument is not a valid MySQL-Link resource in /data2/che/www/lib/db.php on line 4

修复方案:

加强监督管理。重视用户体验!

版权声明:转载请注明来源 zeracker@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:4

确认时间:2012-05-31 10:19

厂商回复:

感谢提供,我们尽快处理。

最新状态:

暂无


漏洞评价:

评论

  1. 2012-05-31 04:37 | momo ( 实习白帽子 | Rank:91 漏洞数:24 | ★精华漏洞数:24 | WooYun认证√)

    膜拜洞主。