新浪某站点SQL注入(支持UNION) | wooyun-2016-0208111| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0208111

漏洞标题：新浪某站点SQL注入(支持UNION)

漏洞作者：荒废的腰子

提交时间：2016-05-13 09:22

修复时间：2016-06-27 10:10

公开时间：2016-06-27 10:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-05-13：细节已通知厂商并且等待厂商处理中
2016-05-13：厂商已经确认，细节仅向厂商公开
2016-05-23：细节向核心白帽子及相关领域专家公开
2016-06-02：细节向普通白帽子公开
2016-06-12：细节向实习白帽子公开
2016-06-27：细节向公众公开

简要描述：

换个姿势再来一次~

详细说明：

http://data.auto.sina.com.cn/car/api/car_detail/car_api_new.php?callback=jQuery17208639282449148595_1463050806467&carid=25180,23528,21542&_=1463050806866
carid参数存在注入

Database: dataauto
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| compare_log_refer           | 20524322 |
| data_match_newdata          | 13858807 |
| koubei_xw                   | 6091127 |
| koubei_xw1                  | 5149397 |
| compare_log                 | 3716639 |
| weibo_log_1108              | 2609526 |
| weibo_log_1110              | 2402870 |
| weibo_log_1109              | 2320824 |
| weibo_log_1107              | 2235056 |
| weibo_log_1111              | 2220058 |
| weibo_log_1112              | 2118673 |
| auto_dealer                 | 1923399 |
| koubei_score_new            | 1348322 |
| koubei_new_total            | 1315863 |
| koubei                      | 1244248 |
| hot_seo_new                 | 1100088 |
| bitauto_news                | 832393  |
| hot_seo                     | 791646  |
| yh_avgconsumptionall        | 685094  |
| bitauto_price_bak           | 683104  |
| koubei_grab_ts              | 621883  |
| bitauto_price               | 600536  |
| oil_use                     | 546433  |
| auto_clicks_days            | 479265  |
| bitauto_price_bak_20100917  | 468430  |
| bitauto_price_g             | 468430  |
| car_pv                      | 372812  |
| koubei_click_rank           | 357293  |
| bitauto_price_20110130      | 351365  |
| auto_news                   | 337321  |
| weibo_log_1106              | 247716  |
| user_log                    | 244656  |
| koubei_comment              | 232356  |
| oil_use_test                | 222356  |
| koubei_score                | 204772  |
| koubei_grab                 | 200339  |
| user_total                  | 190188  |
| user_score                  | 172119  |
| koubei_tag_sorted           | 163057  |
| yangche_focuscar            | 137321  |
| group_car_votedetail        | 114080  |
| subbrand_month_rank         | 113213  |
| feedback                    | 110822  |
| admin_data_auto_log         | 108228  |
| data_match_65               | 103239  |
| data_match_60               | 102096  |
| data_match_78               | 99207   |
| data_match_68               | 99203   |
| koubei_score_week_avg       | 98534   |
| os_score                    | 97548   |
| koubei_impression           | 95886   |
| koubei_impression_user      | 91516   |
| data_match_84               | 88713   |
| koubei_new_15               | 87298   |
| iauto_trend                 | 85918   |
| data_match_70               | 84112   |
| data_match_71               | 83292   |
| data_match_72               | 82755   |
| data_match_64               | 82644   |
| data_match_90               | 82530   |
| api_log                     | 80733   |
| data_match_56               | 80436   |
| data_match_47               | 79326   |
| data_match_69               | 79022   |
| data_match_93               | 76707   |
| data_match_86               | 75228   |
| data_match_67               | 75019   |
| data_match_53               | 74961   |
| data_match_61               | 74824   |
| data_match_83               | 73499   |
| data_match_92               | 72123   |
| data_match_81               | 72114   |
| data_match_89               | 71457   |
| koubei_new_11               | 71351   |
| xlsjk                       | 70055   |
| data_match_55               | 68170   |
| data_match_66               | 68135   |
| vendor_brand                | 67296   |
| weibo_log_110626            | 67153   |
| weibo_log_110623            | 66868   |
| data_match_77               | 66538   |
| data_match_51               | 65821   |
| data_match_87               | 65645   |
| data_match_76               | 65311   |
| data_match_73               | 65232   |
| data_match_75               | 64944   |
| weibo_log_110625            | 62702   |
| data_match_44               | 62553   |
| data_match_88               | 61893   |
| weibo_log_110624            | 61587   |
| koubei_new_17               | 61515   |
| data_match_82               | 61038   |
| koubei_new_30               | 60576   |
| data_match_58               | 59831   |
| data_match_43               | 59718   |
| data_match_50               | 58274   |
| data_match_79               | 58021   |
| data_match_85               | 57953   |
| data_match_46               | 57840   |
| data_match_63               | 56904   |
| data_match_57               | 55560   |
| koubei_new_12               | 54169   |
| data_match_34               | 53757   |
| koubei_new_6                | 53567   |
| data_match_45               | 52322   |
| koubei_new_13               | 50875   |
| koubei_rank                 | 50165   |
| data_match_62               | 49877   |
| koubei_new_22               | 49709   |
| data_match_80               | 49288   |
| data_match_49               | 48314   |
| koubei_new_24               | 48094   |
| koubei_new_2                | 48056   |
| data_match_52               | 47282   |
| koubei_new_23               | 45513   |
| koubei_new_29               | 45294   |
| koubei_new_9                | 45066   |
| data_match_54               | 44988   |
| koubei_new_16               | 44939   |
| koubei_new_25               | 44939   |
| data_match_101              | 44133   |
| koubei_new_26               | 43061   |
| group_buyers                | 42855   |
| data_match_every_day        | 42700   |
| data_match_98               | 42215   |
| koubei_new_28               | 41971   |
| data_match_40               | 41860   |
| data_match_100              | 41823   |
| data_match_99               | 40694   |
| data_match_102              | 40016   |
| koubei_new_20               | 38938   |
| koubei_new_31               | 37233   |
| data_match_38               | 36824   |
| koubei_new_8                | 36140   |
| data_match_41               | 35787   |
| data_match_35               | 35695   |
| koubei_new_21               | 35630   |
| data_match_59               | 35429   |
| data_match_37               | 35392   |
| koubei_new_5                | 34728   |
| bitauto_price_tmp           | 33468   |
| data_match_74               | 33239   |
| data_match_48               | 32213   |
| data_match_97               | 31830   |
| weibo_log_110622            | 31101   |
| mycar                       | 30243   |
| data_match_36               | 29548   |
| data_match_39               | 29503   |
| koubei_new_7                | 28351   |
| vendor_brand_bak            | 28213   |
| data_match_42               | 28191   |
| koubei_new_19               | 27675   |
| data_match_29               | 27568   |
| data_match_96               | 26816   |
| koubei_new_14               | 25930   |
| data_match_33               | 25526   |
| auto_highlights             | 25481   |
| data_match_31               | 25145   |
| iauto_trend_tmp2            | 24990   |
| auto_car_info_new           | 24572   |
| iwords_new                  | 23732   |
| koubei_new_3                | 23591   |
| koubei_new_18               | 23032   |
| data_match_28               | 22764   |
| koubei_new_4                | 22672   |
| koubei_new_0                | 22618   |
| koubei_new_27               | 22358   |
| koubei_new_1                | 22267   |
| data_match_30               | 21740   |
| koubei_new_10               | 20486   |
| data_match_27               | 20036   |
| data_match_5                | 20023   |
| umnews                      | 19872   |
| data_match_6                | 19591   |
| data_match_32               | 18864   |
| data_match_7                | 18651   |
| data_match_94               | 18638   |
| weibo_log_110627            | 18567   |
| data_match_9                | 18457   |
| data_match_26               | 18334   |
| data_match_20               | 16907   |
| yh_car                      | 16767   |
| data_match_25               | 16639   |
| data_match_16               | 16422   |
| data_match_24               | 16188   |
| data_match_23               | 15903   |
| os_user_addrecord           | 15822   |
| data_match_8                | 15805   |
| data_match_22               | 15610   |
| xlsjk_tmp                   | 15184   |
| data_match_21               | 14418   |
| xlsjk2                      | 14025   |
| data_match_10               | 13519   |
| listcar                     | 13215   |
| mapproject                  | 13197   |
| data_match_18               | 12261   |
| data_match_3                | 11540   |
| news_score                  | 11535   |
| data_match_17               | 11465   |
| data_match_15               | 11099   |
| data_match_146              | 11035   |
| data_match_13               | 10510   |
| bitauto_vendor              | 10489   |
| used_car_info               | 10465   |
| used_car_pic                | 10385   |
| data_match_4                | 10171   |
| data_match_2                | 9954    |
| auto_car                    | 9907    |
| data_match_103              | 9896    |
| data_match_12               | 9800    |
| oilcar                      | 9566    |
| auto_clicks                 | 9489    |
| data_match_95               | 9449    |
| data_match_1                | 9388    |
| data_match_147              | 9038    |
| data_match_143              | 8797    |
| data_match_155              | 8781    |
| data_match_19               | 8777    |
| news_from_so                | 8609    |
| data_match_14               | 8479    |
| anbangbaoxian               | 8044    |
| data_match_11               | 7717    |
| data_match_153              | 7558    |
| auto_color                  | 7554    |
| data_match_148              | 7422    |
| data_match_150              | 7396    |
| data_match_140              | 7354    |
| subbrand_news_forum_comment | 7340    |
| vendor_brand_tmp            | 7106    |
| bitauto_carcontrast         | 6930    |
| data_match_151              | 6771    |
| data_match_139              | 6599    |
| ztmp_bitauto_carcontrast    | 6570    |
| data_match_152              | 6564    |
| auto_car_info               | 6313    |
| data_match_144              | 5502    |
| bitauto_vendor_ne           | 5281    |
| data_match_159              | 5194    |
| bitauto_vendor_bak_20100917 | 5180    |
| bitauto_vendor_g            | 5180    |
| auto_car_new                | 5126    |
| data_match_158              | 5123    |
| data_match_149              | 4962    |
| data_match_154              | 4701    |
| koubei_wap_err              | 4626    |
| data_match_91               | 4567    |
| shareMan                    | 4532    |
| data_match_157              | 4498    |
| data_match_156              | 4399    |
| bitauto_vendor_tmp          | 4082    |
| data_match_145              | 3789    |
| iauto_save                  | 3603    |
| iauto_save_tmp              | 3603    |
| os_ministry_data            | 3586    |
| bitauto_vendor_1122         | 3505    |
| bitauto_vendor_1119         | 3495    |
| bitauto_vendor_bak_1122     | 3495    |
| used_car_linkman            | 3379    |
| koubei_rank_wj              | 3300    |
| iwords_test                 | 2944    |
| data_match_141              | 2903    |
| iwords                      | 2872    |
| iwords_sub                  | 2824    |
| umlike                      | 2762    |
| iauto_trend_tmp             | 2737    |
| auto_subbrands              | 2499    |
| data_match_142              | 2477    |
| new_view_brands             | 2438    |
| new_view_carlist            | 2438    |
| new_view_subbrands          | 2438    |
| Complaints                  | 2407    |
| koubei_score_avg            | 2382    |
| auto_sub_cache              | 2328    |
| data_match_160              | 1946    |
| car_hot_trend               | 1937    |
| maintain                    | 1932    |
| auto_subbrands_price        | 1856    |
| used_car_dealer             | 1821    |
| listcar_total               | 1776    |
| jdpower_car                 | 1758    |
| car_hot_rank                | 1755    |
| group_sellers               | 1755    |
| maintaincar                 | 1618    |
| auto_subbrand_top_info      | 1551    |
| ce_ping                     | 1528    |
| oil_use_v                   | 1500    |
| yh_chexi                    | 1498    |
| luntais                     | 1433    |
| news_info                   | 1421    |
| used_car_honor              | 1267    |
| subbrand_attention          | 1245    |
| shicheMan                   | 1206    |
| subbrand_koubei_reports     | 1183    |
| data_match_newdata_top      | 1160    |
| vedioMan                    | 1056    |
| koubei_view                 | 1000    |
| listperm                    | 980     |
| used_car_news               | 941     |
| koubei_praise               | 869     |
| bitauto_subbrandcontrast    | 808     |
| stopcar                     | 790     |
| os_netizens_data            | 753     |
| news_pop                    | 700     |
| shuyu                       | 655     |
| used_car_appraiser          | 654     |
| index_focus                 | 609     |
| washcar                     | 593     |
| data_match_105              | 527     |
| group_car_vote              | 508     |
| bitauto_city                | 483     |
| refitcar                    | 457     |
| feiyong_xinxi               | 456     |
| data_match_109              | 419     |
| data_match_104              | 399     |
| koubei_report               | 382     |
| koubei_wb_info              | 377     |
| autoxianxing                | 334     |
| data_match_106              | 323     |
| os_param                    | 267     |
| auto_brands                 | 255     |
| auto_newcar                 | 236     |
| auto_market                 | 228     |
| data_match_161              | 226     |
| vin_upload                  | 204     |
| comReplay                   | 188     |
| sub_fav                     | 182     |
| koubei_div_log              | 177     |
| auto_brands_related         | 171     |
| yh_brands                   | 157     |
| auto_groups                 | 143     |
| admin_accounts              | 136     |
| assurecar                   | 129     |
| shiche                      | 120     |
| wom_top_data                | 120     |
| subnameupdate               | 118     |
| beautifycar                 | 117     |
| luntai_subbrands            | 116     |
| finecar                     | 108     |
| buycar                      | 106     |
| buycar_score                | 106     |
| luntai_koubei               | 98      |
| local_price                 | 97      |
| local_price_tmp             | 97      |
| bitauto_adv                 | 93      |
| koubei_view2                | 91      |
| xlsj_month                  | 88      |
| oils                        | 85      |
| used_car_certification      | 69      |
| data_match_117              | 58      |
| koubei_recommend            | 55      |
| data_match_107              | 53      |
| data_match_129              | 53      |
| data_match_114              | 52      |
| data_match_135              | 43      |
| oil_koubei                  | 42      |
| data_match_108              | 40      |
| oil_subbrands               | 38      |
| feiyong_guanxi              | 33      |
| data_match_116              | 32      |
| auto_vote                   | 31      |
| bitauto_province            | 31      |
| feiyong_guanxi_xinru        | 31      |
| jdpower_type                | 31      |
| data_match_122              | 30      |
| data_match_130              | 30      |
| data_match_133              | 30      |
| data_match_123              | 29      |
| data_match_126              | 29      |
| data_match_118              | 28      |
| data_match_127              | 26      |
| data_match_121              | 25      |
| data_match_134              | 24      |
| data_match_138              | 22      |
| group_seller_info           | 22      |
| data_match_113              | 21      |
| data_match_128              | 20      |
| data_match_119              | 19      |
| data_match_131              | 18      |
| data_match_115              | 17      |
| data_match_110              | 16      |
| data_match_124              | 16      |
| data_match_112              | 14      |
| luntai_brands               | 14      |
| admin_project               | 13      |
| data_match_132              | 12      |
| oil_brands                  | 12      |
| temp_bitauto_vendor         | 10      |
| data_match_120              | 8       |
| group_car                   | 7       |
| data_match_125              | 6       |
| os_weight                   | 6       |
| koubei_test                 | 5       |
| os_gasoline_type            | 5       |
| data_match_137              | 4       |
| searchPic                   | 4       |
| user_modle_tree             | 4       |
| data_match_111              | 3       |
| data_match_136              | 3       |
| cachekey                    | 2       |
| feiyong_guanxi_quxiao       | 2       |
| group_city_info             | 2       |
| group_sellers_detail        | 2       |
| photo_api                   | 2       |
| user_admin                  | 2       |
| user_admin_module_map       | 2       |
| auto_module_cache           | 1       |
| compare_log_pic             | 1       |
| dpool_check_db              | 1       |
| koubei_tt                   | 1       |
| news_feedback               | 1       |
| os_gasoline_setting         | 1       |
| os_searchwd                 | 1       |
| permonth_update             | 1       |
| publish_key                 | 1       |
| shichetubiao                | 1       |
| user_type                   | 1       |
+-----------------------------+---------+

漏洞证明：

http://data.auto.sina.com.cn/car/api/car_detail/car_api_new.php?callback=jQuery17208639282449148595_1463050806467&carid=25180,23528,21542&_=1463050806866
carid参数存在注入

Database: dataauto
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| compare_log_refer           | 20524322 |
| data_match_newdata          | 13858807 |
| koubei_xw                   | 6091127 |
| koubei_xw1                  | 5149397 |
| compare_log                 | 3716639 |
| weibo_log_1108              | 2609526 |
| weibo_log_1110              | 2402870 |
| weibo_log_1109              | 2320824 |
| weibo_log_1107              | 2235056 |
| weibo_log_1111              | 2220058 |
| weibo_log_1112              | 2118673 |
| auto_dealer                 | 1923399 |
| koubei_score_new            | 1348322 |
| koubei_new_total            | 1315863 |
| koubei                      | 1244248 |
| hot_seo_new                 | 1100088 |
| bitauto_news                | 832393  |
| hot_seo                     | 791646  |
| yh_avgconsumptionall        | 685094  |
| bitauto_price_bak           | 683104  |
| koubei_grab_ts              | 621883  |
| bitauto_price               | 600536  |
| oil_use                     | 546433  |
| auto_clicks_days            | 479265  |
| bitauto_price_bak_20100917  | 468430  |
| bitauto_price_g             | 468430  |
| car_pv                      | 372812  |
| koubei_click_rank           | 357293  |
| bitauto_price_20110130      | 351365  |
| auto_news                   | 337321  |
| weibo_log_1106              | 247716  |
| user_log                    | 244656  |
| koubei_comment              | 232356  |
| oil_use_test                | 222356  |
| koubei_score                | 204772  |
| koubei_grab                 | 200339  |
| user_total                  | 190188  |
| user_score                  | 172119  |
| koubei_tag_sorted           | 163057  |
| yangche_focuscar            | 137321  |
| group_car_votedetail        | 114080  |
| subbrand_month_rank         | 113213  |
| feedback                    | 110822  |
| admin_data_auto_log         | 108228  |
| data_match_65               | 103239  |
| data_match_60               | 102096  |
| data_match_78               | 99207   |
| data_match_68               | 99203   |
| koubei_score_week_avg       | 98534   |
| os_score                    | 97548   |
| koubei_impression           | 95886   |
| koubei_impression_user      | 91516   |
| data_match_84               | 88713   |
| koubei_new_15               | 87298   |
| iauto_trend                 | 85918   |
| data_match_70               | 84112   |
| data_match_71               | 83292   |
| data_match_72               | 82755   |
| data_match_64               | 82644   |
| data_match_90               | 82530   |
| api_log                     | 80733   |
| data_match_56               | 80436   |
| data_match_47               | 79326   |
| data_match_69               | 79022   |
| data_match_93               | 76707   |
| data_match_86               | 75228   |
| data_match_67               | 75019   |
| data_match_53               | 74961   |
| data_match_61               | 74824   |
| data_match_83               | 73499   |
| data_match_92               | 72123   |
| data_match_81               | 72114   |
| data_match_89               | 71457   |
| koubei_new_11               | 71351   |
| xlsjk                       | 70055   |
| data_match_55               | 68170   |
| data_match_66               | 68135   |
| vendor_brand                | 67296   |
| weibo_log_110626            | 67153   |
| weibo_log_110623            | 66868   |
| data_match_77               | 66538   |
| data_match_51               | 65821   |
| data_match_87               | 65645   |
| data_match_76               | 65311   |
| data_match_73               | 65232   |
| data_match_75               | 64944   |
| weibo_log_110625            | 62702   |
| data_match_44               | 62553   |
| data_match_88               | 61893   |
| weibo_log_110624            | 61587   |
| koubei_new_17               | 61515   |
| data_match_82               | 61038   |
| koubei_new_30               | 60576   |
| data_match_58               | 59831   |
| data_match_43               | 59718   |
| data_match_50               | 58274   |
| data_match_79               | 58021   |
| data_match_85               | 57953   |
| data_match_46               | 57840   |
| data_match_63               | 56904   |
| data_match_57               | 55560   |
| koubei_new_12               | 54169   |
| data_match_34               | 53757   |
| koubei_new_6                | 53567   |
| data_match_45               | 52322   |
| koubei_new_13               | 50875   |
| koubei_rank                 | 50165   |
| data_match_62               | 49877   |
| koubei_new_22               | 49709   |
| data_match_80               | 49288   |
| data_match_49               | 48314   |
| koubei_new_24               | 48094   |
| koubei_new_2                | 48056   |
| data_match_52               | 47282   |
| koubei_new_23               | 45513   |
| koubei_new_29               | 45294   |
| koubei_new_9                | 45066   |
| data_match_54               | 44988   |
| koubei_new_16               | 44939   |
| koubei_new_25               | 44939   |
| data_match_101              | 44133   |
| koubei_new_26               | 43061   |
| group_buyers                | 42855   |
| data_match_every_day        | 42700   |
| data_match_98               | 42215   |
| koubei_new_28               | 41971   |
| data_match_40               | 41860   |
| data_match_100              | 41823   |
| data_match_99               | 40694   |
| data_match_102              | 40016   |
| koubei_new_20               | 38938   |
| koubei_new_31               | 37233   |
| data_match_38               | 36824   |
| koubei_new_8                | 36140   |
| data_match_41               | 35787   |
| data_match_35               | 35695   |
| koubei_new_21               | 35630   |
| data_match_59               | 35429   |
| data_match_37               | 35392   |
| koubei_new_5                | 34728   |
| bitauto_price_tmp           | 33468   |
| data_match_74               | 33239   |
| data_match_48               | 32213   |
| data_match_97               | 31830   |
| weibo_log_110622            | 31101   |
| mycar                       | 30243   |
| data_match_36               | 29548   |
| data_match_39               | 29503   |
| koubei_new_7                | 28351   |
| vendor_brand_bak            | 28213   |
| data_match_42               | 28191   |
| koubei_new_19               | 27675   |
| data_match_29               | 27568   |
| data_match_96               | 26816   |
| koubei_new_14               | 25930   |
| data_match_33               | 25526   |
| auto_highlights             | 25481   |
| data_match_31               | 25145   |
| iauto_trend_tmp2            | 24990   |
| auto_car_info_new           | 24572   |
| iwords_new                  | 23732   |
| koubei_new_3                | 23591   |
| koubei_new_18               | 23032   |
| data_match_28               | 22764   |
| koubei_new_4                | 22672   |
| koubei_new_0                | 22618   |
| koubei_new_27               | 22358   |
| koubei_new_1                | 22267   |
| data_match_30               | 21740   |
| koubei_new_10               | 20486   |
| data_match_27               | 20036   |
| data_match_5                | 20023   |
| umnews                      | 19872   |
| data_match_6                | 19591   |
| data_match_32               | 18864   |
| data_match_7                | 18651   |
| data_match_94               | 18638   |
| weibo_log_110627            | 18567   |
| data_match_9                | 18457   |
| data_match_26               | 18334   |
| data_match_20               | 16907   |
| yh_car                      | 16767   |
| data_match_25               | 16639   |
| data_match_16               | 16422   |
| data_match_24               | 16188   |
| data_match_23               | 15903   |
| os_user_addrecord           | 15822   |
| data_match_8                | 15805   |
| data_match_22               | 15610   |
| xlsjk_tmp                   | 15184   |
| data_match_21               | 14418   |
| xlsjk2                      | 14025   |
| data_match_10               | 13519   |
| listcar                     | 13215   |
| mapproject                  | 13197   |
| data_match_18               | 12261   |
| data_match_3                | 11540   |
| news_score                  | 11535   |
| data_match_17               | 11465   |
| data_match_15               | 11099   |
| data_match_146              | 11035   |
| data_match_13               | 10510   |
| bitauto_vendor              | 10489   |
| used_car_info               | 10465   |
| used_car_pic                | 10385   |
| data_match_4                | 10171   |
| data_match_2                | 9954    |
| auto_car                    | 9907    |
| data_match_103              | 9896    |
| data_match_12               | 9800    |
| oilcar                      | 9566    |
| auto_clicks                 | 9489    |
| data_match_95               | 9449    |
| data_match_1                | 9388    |
| data_match_147              | 9038    |
| data_match_143              | 8797    |
| data_match_155              | 8781    |
| data_match_19               | 8777    |
| news_from_so                | 8609    |
| data_match_14               | 8479    |
| anbangbaoxian               | 8044    |
| data_match_11               | 7717    |
| data_match_153              | 7558    |
| auto_color                  | 7554    |
| data_match_148              | 7422    |
| data_match_150              | 7396    |
| data_match_140              | 7354    |
| subbrand_news_forum_comment | 7340    |
| vendor_brand_tmp            | 7106    |
| bitauto_carcontrast         | 6930    |
| data_match_151              | 6771    |
| data_match_139              | 6599    |
| ztmp_bitauto_carcontrast    | 6570    |
| data_match_152              | 6564    |
| auto_car_info               | 6313    |
| data_match_144              | 5502    |
| bitauto_vendor_ne           | 5281    |
| data_match_159              | 5194    |
| bitauto_vendor_bak_20100917 | 5180    |
| bitauto_vendor_g            | 5180    |
| auto_car_new                | 5126    |
| data_match_158              | 5123    |
| data_match_149              | 4962    |
| data_match_154              | 4701    |
| koubei_wap_err              | 4626    |
| data_match_91               | 4567    |
| shareMan                    | 4532    |
| data_match_157              | 4498    |
| data_match_156              | 4399    |
| bitauto_vendor_tmp          | 4082    |
| data_match_145              | 3789    |
| iauto_save                  | 3603    |
| iauto_save_tmp              | 3603    |
| os_ministry_data            | 3586    |
| bitauto_vendor_1122         | 3505    |
| bitauto_vendor_1119         | 3495    |
| bitauto_vendor_bak_1122     | 3495    |
| used_car_linkman            | 3379    |
| koubei_rank_wj              | 3300    |
| iwords_test                 | 2944    |
| data_match_141              | 2903    |
| iwords                      | 2872    |
| iwords_sub                  | 2824    |
| umlike                      | 2762    |
| iauto_trend_tmp             | 2737    |
| auto_subbrands              | 2499    |
| data_match_142              | 2477    |
| new_view_brands             | 2438    |
| new_view_carlist            | 2438    |
| new_view_subbrands          | 2438    |
| Complaints                  | 2407    |
| koubei_score_avg            | 2382    |
| auto_sub_cache              | 2328    |
| data_match_160              | 1946    |
| car_hot_trend               | 1937    |
| maintain                    | 1932    |
| auto_subbrands_price        | 1856    |
| used_car_dealer             | 1821    |
| listcar_total               | 1776    |
| jdpower_car                 | 1758    |
| car_hot_rank                | 1755    |
| group_sellers               | 1755    |
| maintaincar                 | 1618    |
| auto_subbrand_top_info      | 1551    |
| ce_ping                     | 1528    |
| oil_use_v                   | 1500    |
| yh_chexi                    | 1498    |
| luntais                     | 1433    |
| news_info                   | 1421    |
| used_car_honor              | 1267    |
| subbrand_attention          | 1245    |
| shicheMan                   | 1206    |
| subbrand_koubei_reports     | 1183    |
| data_match_newdata_top      | 1160    |
| vedioMan                    | 1056    |
| koubei_view                 | 1000    |
| listperm                    | 980     |
| used_car_news               | 941     |
| koubei_praise               | 869     |
| bitauto_subbrandcontrast    | 808     |
| stopcar                     | 790     |
| os_netizens_data            | 753     |
| news_pop                    | 700     |
| shuyu                       | 655     |
| used_car_appraiser          | 654     |
| index_focus                 | 609     |
| washcar                     | 593     |
| data_match_105              | 527     |
| group_car_vote              | 508     |
| bitauto_city                | 483     |
| refitcar                    | 457     |
| feiyong_xinxi               | 456     |
| data_match_109              | 419     |
| data_match_104              | 399     |
| koubei_report               | 382     |
| koubei_wb_info              | 377     |
| autoxianxing                | 334     |
| data_match_106              | 323     |
| os_param                    | 267     |
| auto_brands                 | 255     |
| auto_newcar                 | 236     |
| auto_market                 | 228     |
| data_match_161              | 226     |
| vin_upload                  | 204     |
| comReplay                   | 188     |
| sub_fav                     | 182     |
| koubei_div_log              | 177     |
| auto_brands_related         | 171     |
| yh_brands                   | 157     |
| auto_groups                 | 143     |
| admin_accounts              | 136     |
| assurecar                   | 129     |
| shiche                      | 120     |
| wom_top_data                | 120     |
| subnameupdate               | 118     |
| beautifycar                 | 117     |
| luntai_subbrands            | 116     |
| finecar                     | 108     |
| buycar                      | 106     |
| buycar_score                | 106     |
| luntai_koubei               | 98      |
| local_price                 | 97      |
| local_price_tmp             | 97      |
| bitauto_adv                 | 93      |
| koubei_view2                | 91      |
| xlsj_month                  | 88      |
| oils                        | 85      |
| used_car_certification      | 69      |
| data_match_117              | 58      |
| koubei_recommend            | 55      |
| data_match_107              | 53      |
| data_match_129              | 53      |
| data_match_114              | 52      |
| data_match_135              | 43      |
| oil_koubei                  | 42      |
| data_match_108              | 40      |
| oil_subbrands               | 38      |
| feiyong_guanxi              | 33      |
| data_match_116              | 32      |
| auto_vote                   | 31      |
| bitauto_province            | 31      |
| feiyong_guanxi_xinru        | 31      |
| jdpower_type                | 31      |
| data_match_122              | 30      |
| data_match_130              | 30      |
| data_match_133              | 30      |
| data_match_123              | 29      |
| data_match_126              | 29      |
| data_match_118              | 28      |
| data_match_127              | 26      |
| data_match_121              | 25      |
| data_match_134              | 24      |
| data_match_138              | 22      |
| group_seller_info           | 22      |
| data_match_113              | 21      |
| data_match_128              | 20      |
| data_match_119              | 19      |
| data_match_131              | 18      |
| data_match_115              | 17      |
| data_match_110              | 16      |
| data_match_124              | 16      |
| data_match_112              | 14      |
| luntai_brands               | 14      |
| admin_project               | 13      |
| data_match_132              | 12      |
| oil_brands                  | 12      |
| temp_bitauto_vendor         | 10      |
| data_match_120              | 8       |
| group_car                   | 7       |
| data_match_125              | 6       |
| os_weight                   | 6       |
| koubei_test                 | 5       |
| os_gasoline_type            | 5       |
| data_match_137              | 4       |
| searchPic                   | 4       |
| user_modle_tree             | 4       |
| data_match_111              | 3       |
| data_match_136              | 3       |
| cachekey                    | 2       |
| feiyong_guanxi_quxiao       | 2       |
| group_city_info             | 2       |
| group_sellers_detail        | 2       |
| photo_api                   | 2       |
| user_admin                  | 2       |
| user_admin_module_map       | 2       |
| auto_module_cache           | 1       |
| compare_log_pic             | 1       |
| dpool_check_db              | 1       |
| koubei_tt                   | 1       |
| news_feedback               | 1       |
| os_gasoline_setting         | 1       |
| os_searchwd                 | 1       |
| permonth_update             | 1       |
| publish_key                 | 1       |
| shichetubiao                | 1       |
| user_type                   | 1       |
+-----------------------------+---------+

修复方案：

参数过滤

版权声明：转载请注明来源荒废的腰子@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：6

确认时间：2016-05-13 10:08

厂商回复：

感谢关注新浪安全，问题修复中。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0208111

漏洞标题：新浪某站点SQL注入(支持UNION)

相关厂商：新浪

漏洞作者：荒废的腰子

提交时间：2016-05-13 09:22

修复时间：2016-06-27 10:10

公开时间：2016-06-27 10:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源荒废的腰子@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0208111

漏洞标题：新浪某站点SQL注入(支持UNION)

相关厂商：新浪

漏洞作者： 荒废的腰子

提交时间：2016-05-13 09:22

修复时间：2016-06-27 10:10

公开时间：2016-06-27 10:10

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0208111"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 荒废的腰子@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：荒废的腰子

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源荒废的腰子@乌云