当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0199607

漏洞标题:新浪某服务器svn源码泄露 可SQL 影响海量用户数据

相关厂商:新浪

漏洞作者: sysALong

提交时间:2016-04-23 12:28

修复时间:2016-06-09 11:30

公开时间:2016-06-09 11:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-04-23: 细节已通知厂商并且等待厂商处理中
2016-04-25: 厂商已经确认,细节仅向厂商公开
2016-05-05: 细节向核心白帽子及相关领域专家公开
2016-05-15: 细节向普通白帽子公开
2016-05-25: 细节向实习白帽子公开
2016-06-09: 细节向公众公开

简要描述:

通过SVN源码 找到SQL 通过SQL 。。。。 你懂得。

详细说明:

http://202.108.43.241:8080/.svn/entries
这是SVN地址,下载完源码后看到正好是个某数据库接口服务器。
通过源码我们看到

ddd.png


默认这个地址无法访问,做了IP限制,但是通过源码,知道了 允许某个IP可以访问,我们直接伪装就可以访问了 如图

2.png


漏洞证明:

1.png


3.png


上图是数据库信息。。。

Database: weidealer
[133 tables]
+---------------------------+
| _bizcar_askprice_new      |
| askprice_api_log          |
| bizcar_400_agent_list     |
| bizcar_400_assign_list    |
| bizcar_400_blacklist      |
| bizcar_400_calllist       |
| bizcar_400_group_station  |
| bizcar_400_number_list    |
| bizcar_400_soaplog        |
| bizcar_400_statistic      |
| bizcar_400_statistic_area |
| bizcar_400_workgroup      |
| bizcar_400_workstation    |
| bizcar_4s_apply           |
| bizcar_500_blacklist      |
| bizcar_500_calllist       |
| bizcar_500_group_station  |
| bizcar_500_soaplog        |
| bizcar_500_statistic_area |
| bizcar_500_workgroup      |
| bizcar_500_workstation    |
| bizcar_account_manager    |
| bizcar_action_log         |
| bizcar_admin_group_push   |
| bizcar_admin_info         |
| bizcar_admin_news_push    |
| bizcar_admin_price_push   |
| bizcar_admin_push_history |
| bizcar_all_kv             |
| bizcar_apply_collect      |
| bizcar_askprice           |
| bizcar_askprice_reply     |
| bizcar_biz_auth           |
| bizcar_biz_avatar         |
| bizcar_biz_brandcar_order |
| bizcar_biz_customer       |
| bizcar_biz_info           |
| bizcar_biz_weibo_feeds    |
| bizcar_car_favorite       |
| bizcar_car_report         |
| bizcar_comments           |
| bizcar_cron_log           |
| bizcar_data_statistic     |
| bizcar_drive_applies      |
| bizcar_drive_apply        |
| bizcar_group              |
| bizcar_group_applies      |
| bizcar_group_favorite     |
| bizcar_kv                 |
| bizcar_longweibo          |
| bizcar_maintain_applies   |
| bizcar_maintain_comments  |
| bizcar_maintain_info      |
| bizcar_news               |
| bizcar_news_latest        |
| bizcar_news_subbrand_tag  |
| bizcar_points_info        |
| bizcar_points_log         |
| bizcar_price              |
| bizcar_price_approve      |
| bizcar_price_enquire      |
| bizcar_price_ext          |
| bizcar_price_favorite     |
| bizcar_price_history      |
| bizcar_push_counter       |
| bizcar_questions          |
| bizcar_repair_applies     |
| bizcar_repair_comments    |
| bizcar_repair_info        |
| bizcar_saler_message      |
| bizcar_saler_order        |
| bizcar_salesmen           |
| bizcar_service_set        |
| bizcar_show               |
| bizcar_show_comments      |
| bizcar_sms_authcode       |
| bizcar_statistic          |
| bizcar_stop_production_kv |
| bizcar_subscribe_car      |
| bizcar_subscribe_user     |
| bizcar_user_trace         |
| bizcar_user_trace_log     |
| cron_task_cycle           |
| cron_task_timely          |
| mall_car_item             |
| mall_car_item_sku         |
| mall_fuwuquan_item        |
| mall_order                |
| mall_order_notify_history |
| mall_yongpin_item         |
| mall_yongpin_item_sku     |
| message_upstream_log      |
| miaoche_price             |
| new_biz_400               |
| new_biz_400_2016_03_28    |
| new_biz_400_bak           |
| new_biz_400_log           |
| new_biz_400_see_plat      |
| new_biz_brand             |
| new_biz_brand_2016_03_28  |
| new_biz_carinfo           |
| new_biz_info              |
| new_biz_info_2016_03_28   |
| new_biz_info_bak          |
| new_biz_info_del          |
| new_temp_2015_vote        |
| pahaoche_order            |
| roeve_inquiry_data        |
| send_message_log          |
| tmp_store_picture         |
| uc_assess                 |
| uc_assess_viewed          |
| uc_auto_conf              |
| uc_biz_avatar             |
| uc_biz_info               |
| uc_brand_auto             |
| uc_car_kv                 |
| uc_com_apply              |
| uc_data_account           |
| uc_news                   |
| uc_price                  |
| uc_price_enquire          |
| uc_price_ext              |
| uc_price_imgs             |
| uc_price_onsale           |
| uc_statistic              |
| uc_user_trace             |
| uc_user_trace_log         |
| weixin_brand_index        |
| weixin_orders             |
| weixin_subscribe_car      |
| weixin_userinfo           |
| yh_car_oilcost            |
+---------------------------+


d.png


d.png


back-end DBMS: MySQL 5.0
Database: weidealer
+-------------------+---------+
| Table | Entries |
+-------------------+---------+
| bizcar_user_trace | 3672849 |
| weixin_userinfo | 90723 |
| bizcar_admin_info | 46 |
+-------------------+---------+
bizcar_user_trace | 3672849 。。。。。。

修复方案:

版权声明:转载请注明来源 sysALong@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-04-25 11:25

厂商回复:

感谢关注新浪安全,问题修复中。

最新状态:

暂无

漏洞评价:

评价