当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0101704

漏洞标题:07073某站某漏洞泄露22036611名用户数据

相关厂商:07073.com

漏洞作者: BMa

提交时间:2015-03-16 16:26

修复时间:2015-04-30 18:48

公开时间:2015-04-30 18:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-16: 细节已通知厂商并且等待厂商处理中
2015-03-16: 厂商已经确认,细节仅向厂商公开
2015-03-26: 细节向核心白帽子及相关领域专家公开
2015-04-05: 细节向普通白帽子公开
2015-04-15: 细节向实习白帽子公开
2015-04-30: 细节向公众公开

简要描述:

07073某站某漏洞泄露22036611名用户库 2000多万 厂商给力哟
无论认不认识我的人都知道,我从不乱脱人家裤子

详细说明:

news.07073.com/plus/digg_ajax9.php?type=&id=1071264
参数:type

1.jpg


2.jpg


3.jpg


所有的服务器,其中bbs073应该就是你们的论坛主库了,用户库肯定就是这里

4.jpg


5.jpg


附上列表:

Database: bbs073
+---------------------------+---------+
| Table | Entries |
+---------------------------+---------+
| uc_members | 22036611 |
| uchome_gift_ram | 17379539 |
| uc_memberfields | 16793530 |
| uc_members_ext | 7251715 |
| uc_pms | 2353528 |
| uchome_gift_id_10 | 1207151 |
| uchome_gift_id_copy | 730931 |
| uc_newpm | 613770 |
| uc_oauth | 332137 |
| uchome_gift_id_count | 177474 |
| uchome_gift_user_post | 121288 |
| uc_friends | 116129 |
| uchome_gift | 96724 |
| uchome_space | 76331 |
| uchome_spacefield | 76331 |
| uchome_friend | 63957 |
| uchome_com_slave_history | 50141 |
| uc_members_mailask | 49999 |
| uc_pm_indexes | 43431 |
| uchome_myinvite | 43312 |
| uchome_notification | 42099 |
| uchome_gift_use | 39448 |
| uc_pm_members | 37395 |
| uchome_gift_request_email | 30766 |
| uchome_creditlog | 22581 |
| uc_pm_lists | 19762 |
| uchome_userapp | 17536 |
| uchome_member | 15322 |
| uchome_spaceinfo | 11429 |
| uchome_userappfield | 11229 |
| uchome_pic | 8506 |
| uc_tags | 8257 |
| uchome_gift_get | 6495 |
| uchome_usertask | 5144 |
| uchome_gift_qiu | 5033 |
| uchome_park_record | 4647 |
| uc_pm_messages_0 | 4626 |
| uc_pm_messages_7 | 4598 |
| uc_pm_messages_6 | 4508 |
| uc_pm_messages_3 | 4460 |
| uc_pm_messages_1 | 4355 |
| uc_pm_messages_2 | 4316 |
| uc_pm_messages_5 | 4172 |
| uc_pm_messages_9 | 4141 |
| uc_pm_messages_8 | 4136 |
| uc_pm_messages_4 | 4054 |
| uc_members_weibo | 3193 |
| uchome_tag | 3062 |
| uchome_gift_qiu_old | 2635 |
| tmp2 | 1801 |
| uchome_blogfield | 1696 |
| uchome_blog | 1656 |
| uchome_gift_email | 1631 |
| uchome_doing | 1603 |
| uchome_comment | 1547 |
| uchome_tagblog | 1339 |
| uchome_feed | 1288 |
| uc_notelist | 1252 |
| uchome_picfield | 1215 |
| uchome_invite | 1080 |
| uchome_gift_special | 1030 |
| uchome_poke | 971 |
| tmp | 864 |
| uchome_magicinlog | 651 |
| uchome_park_warn | 544 |
| uchome_album | 542 |
| uchome_stat | 539 |
| uchome_tagspace | 525 |
| uchome_usermagic | 443 |
| uchome_park_carinfo | 428 |
| uchome_spacelog | 419 |
| uchome_park_mycar | 349 |
| uchome_docomment | 312 |
| uchome_post | 300 |
| uchome_share | 300 |
| uchome_polluser | 292 |
| uc_members_ext1 | 264 |
| uchome_park_member | 260 |
| uchome_park_memberset | 259 |
| uchome_magicuselog | 258 |
| uchome_myapp | 233 |
| uc_members_avatar | 209 |
| uchome_com_slave_main | 197 |
| uchome_class | 194 |
| uchome_thread | 182 |
| uc_members_blogapi | 135 |
| uchome_gift_yyterrace | 132 |
| uchome_config | 117 |
| uchome_mtaginvite | 104 |
| uchome_polloption | 91 |
| uchome_app_fgamelist | 84 |
| uchome_gift_friendlink | 77 |
| uchome_data | 72 |
| uchome_gift_request | 62 |
| uchome_mtag | 49 |
| uchome_creditrule | 47 |
| uchome_com_slave_task | 33 |
| uc_settings | 30 |
| uchome_gift_huandeng | 28 |
| uchome_gift_qiu_pingtai | 28 |
| uchome_magic | 25 |
| uchome_eventfield | 24 |
| uchome_magicstore | 24 |
| uchome_gift_advance | 23 |
| uchome_show | 23 |
| uchome_topicuser | 20 |
| vote_num | 19 |
| vote_url | 19 |
| uchome_blacklist | 16 |
| uchome_park_stage | 16 |
| uchome_click | 15 |
| uc_applications | 14 |
| uc_protectedmembers | 14 |
| uchome_poll | 12 |
| uchome_pollfield | 12 |
| uchome_gift_baidu_test | 11 |
| uchome_com_slave_luck | 10 |
| uchome_gift_id | 10 |
| uchome_usergroup | 10 |
| uchome_gift_baidu | 9 |
| uchome_profield | 8 |
| uchome_com_slave_taskcat | 7 |
| uchome_gift_test | 7 |
| uchome_task | 7 |
| uchome_cron | 6 |
| uchome_eventclass | 6 |
| uchome_app_wajin | 5 |
| uchome_gift_terrace | 5 |
| uchome_userevent | 5 |
| uc_admins | 4 |
| uchome_event | 4 |
| uchome_eventpic | 4 |
| uc_connect_baidu | 3 |
| uchome_gift_var | 2 |
| uchome_park_mystage | 2 |
| uchome_report | 2 |
| uc_failedlogins | 1 |
| uc_guest | 1 |
| uc_special_index | 1 |
| uc_special_list | 1 |
| uchome_ad | 1 |
| uchome_gift_special_test | 1 |
| uchome_gift_use_cp | 1 |
| uchome_plugins | 1 |
| uchome_statuser | 1 |
| uchome_topic | 1 |
+---------------------------+---------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 BMa@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-03-16 16:34

厂商回复:

感谢发现BUG,请联系PM我有礼物!谢谢

最新状态:

暂无


漏洞评价:

评论