Some security problems and resolutions of Sina

 

Brief description:

Tested late at night, Environment google + Manual

 

Sina shows many non-main businesses in google. Different businesses use different scripting languages and environments, resulting in many minor security problems, does it feel that there is no standard for vulnerability awareness? Some Opinions, forgive me :)

Detailed description:

Information Leakage:

 

Php error:

Http://college.sina.com/notice/upload_list.php? Page = '% 3E % 3 Cscript % 3 Ealert () % 3C/script % 3E

Http://bbs.youxi.sina.com/

Http://s3.sxd.wanwan.sina.com/api/sina/login_api_sina.php

 

Phpinfo:

Http://devmatch.sina.com/

 

Index

Http://www.google.com.hk/search? Hl = zh-CN & lr = & newwindow = 1 & safe = strict & biw = 1365 & bih = 670 & q = site % 3Asina.com ++ index + of & oq = site % 3Asina.com ++ index + of & aq = f & aqi = & aql = 1 & gs_sm = e & gs_upl = 3886l6577l0l6816l11l8l0l0l0l0l0l658l658l5-1l1l

 

Tomcat Management page

Http://s3.xyj.wanwan.sina.com/manager/html

Http://s1.qc.wanwan.sina.com/manager/html

Http://s3.xyj.wanwan.sina.com/examples/jsp/dates/date.jsp

 

Logic class:

 

Send anonymously

Http://ikongzi.edu.sina.com/do/job.php? Job = recommend & fid = 101 & id = 8983

 

Jump:

Http://m.us.sina.com/script/redirect.php? Class = china & action = http://www.baidu.com

 

The above is just a classification of the problem. The detection coverage is limited and you can check it yourself. For example, you can use http://s3.xyj.wanwan.sina.com/to view the cgiaddress of the game.

 

The problem is not big, and it is limited to capabilities and energy. I hope sina can check the problem by itself. In large scenarios, it may not just be as simple as a hidden risk :)

Proof of vulnerability:

Information Leakage:

 

Php error:

Http://college.sina.com/notice/upload_list.php? Page = '% 3E % 3 Cscript % 3 Ealert () % 3C/script % 3E

Http://bbs.youxi.sina.com/

Http://s3.sxd.wanwan.sina.com/api/sina/login_api_sina.php

 

Phpinfo:

Http://devmatch.sina.com/

 

Index

Http://www.google.com.hk/search? Hl = zh-CN & lr = & newwindow = 1 & safe = strict & biw = 1365 & bih = 670 & q = site % 3Asina.com ++ index + of & oq = site % 3Asina.com ++ index + of & aq = f & aqi = & aql = 1 & gs_sm = e & gs_upl = 3886l6577l0l6816l11l8l0l0l0l0l0l658l658l5-1l1l

 

Tomcat Management page

Http://s3.xyj.wanwan.sina.com/manager/html

Http://s1.qc.wanwan.sina.com/manager/html

Http://s3.xyj.wanwan.sina.com/examples/jsp/dates/date.jsp

 

Logic class:

 

Send anonymously

Http://ikongzi.edu.sina.com/do/job.php? Job = recommend & fid = 101 & id = 8983

 

Jump:

Http://m.us.sina.com/script/redirect.php? Class = china & action = http://www.baidu.com

 

The above is just a classification of the problem. The detection coverage is limited and you can check it yourself. For example, you can use http://s3.xyj.wanwan.sina.com/to view the cgiaddress of the game.

 

The problem is not big, and it is limited to capabilities and energy. I hope sina can check the problem by itself. In large scenarios, it may not just be as simple as a hidden risk :)

Solution:

Information Leakage:

 

Php error:

Http://college.sina.com/notice/upload_list.php? Page = '% 3E % 3 Cscript % 3 Ealert () % 3C/script % 3E

Http://bbs.youxi.sina.com/

Http://s3.sxd.wanwan.sina.com/api/sina/login_api_sina.php

 

Phpinfo:

Http://devmatch.sina.com/

 

Index

Http://www.google.com.hk/search? Hl = zh-CN & lr = & newwindow = 1 & safe = strict & biw = 1365 & bih = 670 & q = site % 3Asina.com ++ index + of & oq = site % 3Asina.com ++ index + of & aq = f & aqi = & aql = 1 & gs_sm = e & gs_upl = 3886l6577l0l6816l11l8l0l0l0l0l0l658l658l5-1l1l

 

Tomcat Management page

Http://s3.xyj.wanwan.sina.com/manager/html

Http://s1.qc.wanwan.sina.com/manager/html

Http://s3.xyj.wanwan.sina.com/examples/jsp/dates/date.jsp

 

Logic class:

 

Send anonymously

Http://ikongzi.edu.sina.com/do/job.php? Job = recommend & fid = 101 & id = 8983

 

Jump:

Http://m.us.sina.com/script/redirect.php? Class = china & action = http://www.baidu.com

 

The above is just a classification of the problem. The detection coverage is limited and you can check it yourself. For example, you can use http://s3.xyj.wanwan.sina.com/to view the cgiaddress of the game.

 

The problem is not big, and it is limited to capabilities and energy. I hope sina can check the problem by itself. In large scenarios, it may not just be as simple as a hidden risk :)

 

 

Author Leng Yan @ wooyun