当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170221

漏洞标题:飞流下载某站注入大量信息泄露

相关厂商:北京飞流九天科技有限公司

漏洞作者: 头晕脑壳疼

提交时间:2016-01-16 15:15

修复时间:2016-02-27 11:49

公开时间:2016-02-27 11:49

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-01-16: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-02-27: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

注入点
http://flgm.feiliu.com/qianghaoqi/wx.php?id=2284

1.png


Database: pm
+---------------------------------+---------+
| Table | Entries |
+---------------------------------+---------+
| gm_stat_login | 2415505 |
| gamebi_oplog | 1692198 |
| gamebi_giving_code | 1626703 |
| wx_packagecode | 1415759 |
| gm_stat_charge | 230301 |
| pm_oplog | 226215 |
| sso_signs | 113801 |
| gm_player_statistics | 97976 |
| crm_answer | 83573 |
| crm_question | 71147 |
| csc_admin_order_log | 65452 |
| csc_admin_order | 46051 |
| pm_loginhistory | 32572 |
| gamebi_loginhistory | 27773 |
| flht_userlog | 11351 |
| pm_ghzcdata | 6719 |
| pm_ghzcdata_20121219back | 3981 |
| sso_sessions | 3820 |
| iosadm_oplog | 3096 |
| csc_admin_vip | 3016 |
| dsg_emailsend | 2802 |
| dsg_modify_info | 2700 |
| gm_player_strength | 2189 |
| tbl_dim_date | 2084 |
| gamebi_userproduct | 2033 |
| csc_admin_serverlist | 1881 |
| kf_admin_oplog | 1705 |
| pm_pushjob | 1675 |
| crm_serverlist | 1547 |
| gm_reward_file | 1512 |
| wx_content | 1333 |
| flht_contract | 1271 |
| gamebi_giving_content | 1267 |
| flht_downrecord | 1243 |
| shenji_adv_count | 999 |
| wx_keywords | 974 |
| gamebi_giving_batch | 918 |
| gamebi_giving_item | 867 |
| pm_cpgameinfo | 849 |
| gamebi_giving_item_bak_20131218 | 669 |
| pm_pushjob20130424back | 542 |
| dsg_publishpost | 538 |
| pm_admin_action | 537 |
| gamebi_giving_item_bak_20130925 | 497 |
| pm_pushjob_back20131022 | 481 |
| jk_error | 419 |
| gamebi_giving | 397 |
| gamebi_menu_product | 382 |
| csc_admin_city | 345 |
| pm_pushjob_back20130811 | 343 |
| gamebi_award | 334 |
| pm_pushjob20131103back | 327 |
| pm_menu | 311 |
| pm_admin_user | 279 |
| gamebi_admin_user | 235 |
| kf_admin_user | 233 |
| kf_admin_user33 | 193 |
| pm_ghzcdata_bak | 182 |
| shenji_adv_count_copy | 182 |
| pm_gamecenterpush | 168 |
| pm_lcpush | 161 |
| pm_wjbdpush | 160 |
| kf_loginhistory | 137 |
| pm_gamecoop | 125 |
| gamebi_menu | 123 |
| pm_channlmanage | 119 |
| pm_pushcertificates | 118 |
| shenji_day_ratio | 118 |
| gm_user | 117 |
| wx_menu | 112 |
| gamebi_admin_action | 111 |
| pm_menu_new | 93 |
| jk_errorCauses | 89 |
| pm_menu_bak | 85 |
| pm_pushjobback20130603 | 82 |
| pm_pushjobback20130511 | 76 |
| pm_iosproduct | 75 |
| csc_admin_user | 73 |
| flht_userright | 73 |
| jk_appphone | 73 |
| pm_product | 70 |
| wx_packagerule | 70 |
| iosadm_loginhistory | 69 |
| gm_menu | 64 |
| gm_menu_20130201 | 62 |
| kf_admin_springgift | 61 |
| pm_pushjob_20130507back | 59 |
| gamebi_products | 58 |
| iosadm_product_columns | 53 |
| gamebi_config | 50 |
| kf_admin_config | 50 |
| pm_config | 48 |
| flht_excelfile | 47 |
| pm_pushonejob | 43 |
| flht_ccategory | 41 |
| diguo_reg | 40 |
| crm_qtype | 37 |
| shenji_adv_count_month | 37 |
| shenji_userright | 35 |
| csc_admin_province | 34 |
| csc_admin_channel | 28 |
| csc_admin_menu | 28 |
| csc_admin_right | 28 |
| gamebi_usermsg | 27 |
| kf_admin_right | 27 |
| flgmsdk_userright | 26 |
| pm_usermsg | 26 |
| csc_admin_qtype | 25 |
| wwwen_wenzhang | 25 |
| kf_admin_menu | 24 |
| wx_accountconfig | 24 |
| wx_replycontent | 24 |
| flht_user | 23 |
| crm_memberinfo | 22 |
| jk_appinfo | 22 |
| shenji_adv_product | 21 |
| flgmsdk_menu | 19 |
| gameghzc_adminuser | 17 |
| shenji_menu | 17 |
| crm_regist | 16 |
| flht_menu | 16 |
| flht_rights | 16 |
| gm_shop_item | 14 |
| kf_admin_user2 | 14 |
| rwqd_menu | 14 |
| rwqd_userright | 14 |
| iosadm_menu | 13 |
| shenji_rights | 13 |
| flgmsdk_rights | 12 |
| qus_items | 11 |
| rwqd_rights | 11 |
| wx_template | 11 |
| ciproj_menu | 10 |
| crm_question_addtion | 10 |
| gm_server | 10 |
| iosadm_admin_user | 9 |
| wx_packagecode_copy | 9 |
| gamebi_user_code | 8 |
| pm_adminmsg | 8 |
| csc_admin_orders | 7 |
| gameghzc_limit | 7 |
| gameghzc_menu | 7 |
| pm_productupdate | 7 |
| csc_admin_vip_server_log | 6 |
| flgmsdk_user | 6 |
| gonglve_relational | 6 |
| iosadm_products | 6 |
| dsg_packsage | 5 |
| qus_subjects | 5 |
| rwqd_user | 5 |
| crm_channel | 4 |
| flht_contracttest | 4 |
| iosadm_adv_product | 4 |
| kf_admin_user11 | 4 |
| pm_role | 4 |
| gamebi_adminmsg | 3 |
| gamebi_role | 3 |
| kf_sdk_faq | 3 |
| sso_source | 3 |
| csc_admin_vip_giftcode | 2 |
| gameghzc_role | 2 |
| gm_thirdchannel_auth | 2 |
| iosadm_adv_position | 2 |
| iosadm_advs | 2 |
| kf_admin_gg | 2 |
| pm_andriodpush | 2 |
| shenji_adv_coop | 2 |
| shenji_user | 2 |
| ciproj_user | 1 |
| crm_ruser | 1 |
| gamebi_giving_clash | 1 |
| gm_player_statistics_config | 1 |
| iosadm_admin_action | 1 |
| iosadm_advtac | 1 |
| qus_lists | 1 |
| sdkdev_users | 1 |
+---------------------------------+---------+

2.png


很多表都是管理的
就不一一举出来了

漏洞证明:

注入点
http://flgm.feiliu.com/qianghaoqi/wx.php?id=2284

1.png


Database: pm
+---------------------------------+---------+
| Table | Entries |
+---------------------------------+---------+
| gm_stat_login | 2415505 |
| gamebi_oplog | 1692198 |
| gamebi_giving_code | 1626703 |
| wx_packagecode | 1415759 |
| gm_stat_charge | 230301 |
| pm_oplog | 226215 |
| sso_signs | 113801 |
| gm_player_statistics | 97976 |
| crm_answer | 83573 |
| crm_question | 71147 |
| csc_admin_order_log | 65452 |
| csc_admin_order | 46051 |
| pm_loginhistory | 32572 |
| gamebi_loginhistory | 27773 |
| flht_userlog | 11351 |
| pm_ghzcdata | 6719 |
| pm_ghzcdata_20121219back | 3981 |
| sso_sessions | 3820 |
| iosadm_oplog | 3096 |
| csc_admin_vip | 3016 |
| dsg_emailsend | 2802 |
| dsg_modify_info | 2700 |
| gm_player_strength | 2189 |
| tbl_dim_date | 2084 |
| gamebi_userproduct | 2033 |
| csc_admin_serverlist | 1881 |
| kf_admin_oplog | 1705 |
| pm_pushjob | 1675 |
| crm_serverlist | 1547 |
| gm_reward_file | 1512 |
| wx_content | 1333 |
| flht_contract | 1271 |
| gamebi_giving_content | 1267 |
| flht_downrecord | 1243 |
| shenji_adv_count | 999 |
| wx_keywords | 974 |
| gamebi_giving_batch | 918 |
| gamebi_giving_item | 867 |
| pm_cpgameinfo | 849 |
| gamebi_giving_item_bak_20131218 | 669 |
| pm_pushjob20130424back | 542 |
| dsg_publishpost | 538 |
| pm_admin_action | 537 |
| gamebi_giving_item_bak_20130925 | 497 |
| pm_pushjob_back20131022 | 481 |
| jk_error | 419 |
| gamebi_giving | 397 |
| gamebi_menu_product | 382 |
| csc_admin_city | 345 |
| pm_pushjob_back20130811 | 343 |
| gamebi_award | 334 |
| pm_pushjob20131103back | 327 |
| pm_menu | 311 |
| pm_admin_user | 279 |
| gamebi_admin_user | 235 |
| kf_admin_user | 233 |
| kf_admin_user33 | 193 |
| pm_ghzcdata_bak | 182 |
| shenji_adv_count_copy | 182 |
| pm_gamecenterpush | 168 |
| pm_lcpush | 161 |
| pm_wjbdpush | 160 |
| kf_loginhistory | 137 |
| pm_gamecoop | 125 |
| gamebi_menu | 123 |
| pm_channlmanage | 119 |
| pm_pushcertificates | 118 |
| shenji_day_ratio | 118 |
| gm_user | 117 |
| wx_menu | 112 |
| gamebi_admin_action | 111 |
| pm_menu_new | 93 |
| jk_errorCauses | 89 |
| pm_menu_bak | 85 |
| pm_pushjobback20130603 | 82 |
| pm_pushjobback20130511 | 76 |
| pm_iosproduct | 75 |
| csc_admin_user | 73 |
| flht_userright | 73 |
| jk_appphone | 73 |
| pm_product | 70 |
| wx_packagerule | 70 |
| iosadm_loginhistory | 69 |
| gm_menu | 64 |
| gm_menu_20130201 | 62 |
| kf_admin_springgift | 61 |
| pm_pushjob_20130507back | 59 |
| gamebi_products | 58 |
| iosadm_product_columns | 53 |
| gamebi_config | 50 |
| kf_admin_config | 50 |
| pm_config | 48 |
| flht_excelfile | 47 |
| pm_pushonejob | 43 |
| flht_ccategory | 41 |
| diguo_reg | 40 |
| crm_qtype | 37 |
| shenji_adv_count_month | 37 |
| shenji_userright | 35 |
| csc_admin_province | 34 |
| csc_admin_channel | 28 |
| csc_admin_menu | 28 |
| csc_admin_right | 28 |
| gamebi_usermsg | 27 |
| kf_admin_right | 27 |
| flgmsdk_userright | 26 |
| pm_usermsg | 26 |
| csc_admin_qtype | 25 |
| wwwen_wenzhang | 25 |
| kf_admin_menu | 24 |
| wx_accountconfig | 24 |
| wx_replycontent | 24 |
| flht_user | 23 |
| crm_memberinfo | 22 |
| jk_appinfo | 22 |
| shenji_adv_product | 21 |
| flgmsdk_menu | 19 |
| gameghzc_adminuser | 17 |
| shenji_menu | 17 |
| crm_regist | 16 |
| flht_menu | 16 |
| flht_rights | 16 |
| gm_shop_item | 14 |
| kf_admin_user2 | 14 |
| rwqd_menu | 14 |
| rwqd_userright | 14 |
| iosadm_menu | 13 |
| shenji_rights | 13 |
| flgmsdk_rights | 12 |
| qus_items | 11 |
| rwqd_rights | 11 |
| wx_template | 11 |
| ciproj_menu | 10 |
| crm_question_addtion | 10 |
| gm_server | 10 |
| iosadm_admin_user | 9 |
| wx_packagecode_copy | 9 |
| gamebi_user_code | 8 |
| pm_adminmsg | 8 |
| csc_admin_orders | 7 |
| gameghzc_limit | 7 |
| gameghzc_menu | 7 |
| pm_productupdate | 7 |
| csc_admin_vip_server_log | 6 |
| flgmsdk_user | 6 |
| gonglve_relational | 6 |
| iosadm_products | 6 |
| dsg_packsage | 5 |
| qus_subjects | 5 |
| rwqd_user | 5 |
| crm_channel | 4 |
| flht_contracttest | 4 |
| iosadm_adv_product | 4 |
| kf_admin_user11 | 4 |
| pm_role | 4 |
| gamebi_adminmsg | 3 |
| gamebi_role | 3 |
| kf_sdk_faq | 3 |
| sso_source | 3 |
| csc_admin_vip_giftcode | 2 |
| gameghzc_role | 2 |
| gm_thirdchannel_auth | 2 |
| iosadm_adv_position | 2 |
| iosadm_advs | 2 |
| kf_admin_gg | 2 |
| pm_andriodpush | 2 |
| shenji_adv_coop | 2 |
| shenji_user | 2 |
| ciproj_user | 1 |
| crm_ruser | 1 |
| gamebi_giving_clash | 1 |
| gm_player_statistics_config | 1 |
| iosadm_admin_action | 1 |
| iosadm_advtac | 1 |
| qus_lists | 1 |
| sdkdev_users | 1 |
+---------------------------------+---------+

2.png


很多表都是管理的
就不一一举出来了

修复方案:

版权声明:转载请注明来源 头晕脑壳疼@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝