当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0199607

漏洞标题:新浪某服务器svn源码泄露 可SQL 影响海量用户数据

相关厂商:新浪

漏洞作者: sysALong

提交时间:2016-04-23 12:28

修复时间:2016-06-09 11:30

公开时间:2016-06-09 11:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-23: 细节已通知厂商并且等待厂商处理中
2016-04-25: 厂商已经确认,细节仅向厂商公开
2016-05-05: 细节向核心白帽子及相关领域专家公开
2016-05-15: 细节向普通白帽子公开
2016-05-25: 细节向实习白帽子公开
2016-06-09: 细节向公众公开

简要描述:

通过SVN源码 找到SQL 通过SQL 。。。。 你懂得。

详细说明:

http://202.108.43.241:8080/.svn/entries
这是SVN地址,下载完源码后看到正好是个某数据库接口服务器。
通过源码我们看到

ddd.png


默认这个地址无法访问,做了IP限制,但是通过源码,知道了 允许某个IP可以访问,我们直接伪装就可以访问了 如图

2.png


漏洞证明:

1.png


3.png


上图是数据库信息。。。

Database: weidealer
[133 tables]
+---------------------------+
| _bizcar_askprice_new |
| askprice_api_log |
| bizcar_400_agent_list |
| bizcar_400_assign_list |
| bizcar_400_blacklist |
| bizcar_400_calllist |
| bizcar_400_group_station |
| bizcar_400_number_list |
| bizcar_400_soaplog |
| bizcar_400_statistic |
| bizcar_400_statistic_area |
| bizcar_400_workgroup |
| bizcar_400_workstation |
| bizcar_4s_apply |
| bizcar_500_blacklist |
| bizcar_500_calllist |
| bizcar_500_group_station |
| bizcar_500_soaplog |
| bizcar_500_statistic_area |
| bizcar_500_workgroup |
| bizcar_500_workstation |
| bizcar_account_manager |
| bizcar_action_log |
| bizcar_admin_group_push |
| bizcar_admin_info |
| bizcar_admin_news_push |
| bizcar_admin_price_push |
| bizcar_admin_push_history |
| bizcar_all_kv |
| bizcar_apply_collect |
| bizcar_askprice |
| bizcar_askprice_reply |
| bizcar_biz_auth |
| bizcar_biz_avatar |
| bizcar_biz_brandcar_order |
| bizcar_biz_customer |
| bizcar_biz_info |
| bizcar_biz_weibo_feeds |
| bizcar_car_favorite |
| bizcar_car_report |
| bizcar_comments |
| bizcar_cron_log |
| bizcar_data_statistic |
| bizcar_drive_applies |
| bizcar_drive_apply |
| bizcar_group |
| bizcar_group_applies |
| bizcar_group_favorite |
| bizcar_kv |
| bizcar_longweibo |
| bizcar_maintain_applies |
| bizcar_maintain_comments |
| bizcar_maintain_info |
| bizcar_news |
| bizcar_news_latest |
| bizcar_news_subbrand_tag |
| bizcar_points_info |
| bizcar_points_log |
| bizcar_price |
| bizcar_price_approve |
| bizcar_price_enquire |
| bizcar_price_ext |
| bizcar_price_favorite |
| bizcar_price_history |
| bizcar_push_counter |
| bizcar_questions |
| bizcar_repair_applies |
| bizcar_repair_comments |
| bizcar_repair_info |
| bizcar_saler_message |
| bizcar_saler_order |
| bizcar_salesmen |
| bizcar_service_set |
| bizcar_show |
| bizcar_show_comments |
| bizcar_sms_authcode |
| bizcar_statistic |
| bizcar_stop_production_kv |
| bizcar_subscribe_car |
| bizcar_subscribe_user |
| bizcar_user_trace |
| bizcar_user_trace_log |
| cron_task_cycle |
| cron_task_timely |
| mall_car_item |
| mall_car_item_sku |
| mall_fuwuquan_item |
| mall_order |
| mall_order_notify_history |
| mall_yongpin_item |
| mall_yongpin_item_sku |
| message_upstream_log |
| miaoche_price |
| new_biz_400 |
| new_biz_400_2016_03_28 |
| new_biz_400_bak |
| new_biz_400_log |
| new_biz_400_see_plat |
| new_biz_brand |
| new_biz_brand_2016_03_28 |
| new_biz_carinfo |
| new_biz_info |
| new_biz_info_2016_03_28 |
| new_biz_info_bak |
| new_biz_info_del |
| new_temp_2015_vote |
| pahaoche_order |
| roeve_inquiry_data |
| send_message_log |
| tmp_store_picture |
| uc_assess |
| uc_assess_viewed |
| uc_auto_conf |
| uc_biz_avatar |
| uc_biz_info |
| uc_brand_auto |
| uc_car_kv |
| uc_com_apply |
| uc_data_account |
| uc_news |
| uc_price |
| uc_price_enquire |
| uc_price_ext |
| uc_price_imgs |
| uc_price_onsale |
| uc_statistic |
| uc_user_trace |
| uc_user_trace_log |
| weixin_brand_index |
| weixin_orders |
| weixin_subscribe_car |
| weixin_userinfo |
| yh_car_oilcost |
+---------------------------+


d.png


d.png


back-end DBMS: MySQL 5.0
Database: weidealer
+-------------------+---------+
| Table | Entries |
+-------------------+---------+
| bizcar_user_trace | 3672849 |
| weixin_userinfo | 90723 |
| bizcar_admin_info | 46 |
+-------------------+---------+
bizcar_user_trace | 3672849 。。。。。。

修复方案:

版权声明:转载请注明来源 sysALong@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-04-25 11:25

厂商回复:

感谢关注新浪安全,问题修复中。

最新状态:

暂无


漏洞评价:

评价