当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144659

漏洞标题:紫金岛游戏主站root权限SQL注入200w用户信息千万用户订单信息泄露

相关厂商:91zjd.com

漏洞作者: 路人甲

提交时间:2015-10-03 16:44

修复时间:2015-10-13 09:00

公开时间:2015-10-13 09:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-03: 细节已通知厂商并且等待厂商处理中
2015-10-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

紫金岛游戏主站root权限SQL注入200w用户信息千万用户订单信息泄露

详细说明:

注入点:http://www.91zjd.com/checkusername.aspx?name=
name参数加单引号直接报错,如图:

1.jpg


sqlmap截图:

2.jpg


当前数据库信息:

3.jpg


DBA权限:

4.jpg


数据库信息
dbo.UserMemberOrder | 10342305 为1000w用户订单信息
dbo.View_Userinfo_ME | 2172389 为200w+用户信息 

Database: QPGameUserDB
+----------------------------------+---------+
| Table                            | Entries |
+----------------------------------+---------+
| dbo.View_UserALLLogo_bySpid      | 116799666
| dbo.View_UserALLLogo_bySpid      | 116799666
| dbo.UserMemberOrder              | 10342305
| dbo.View_UserFristLogo           | 7304127 |
| dbo.View_VWUserFristLogo         | 7200557 |
| dbo.View_UserLogoNew             | 7010453 |
| dbo.View_UserLogoNew             | 7010453 |
| dbo.GoldEggsLog2012              | 3307940 |
| dbo.View_Userinfo_ME             | 2172389 |
| dbo.IndividualDatumScore         | 2142378 |
| dbo.GoldEggsLog20110             | 540730  |
| dbo.GoldEggsLog20110             | 540730  |
| dbo.GoldEggsLog20110             | 540730  |
| dbo.Yjt_accounts                 | 500000  |
| dbo.View_CZK_TG                  | 357304  |
| dbo.Rechargeable_Card_TEST       | 356249  |
| dbo.Rechargeable_Card_TEST       | 356249  |
| dbo.DailyLogonPrize              | 307370  |
| dbo.ShortUrlLink                 | 178294  |
| dbo.accountsinfo20110101         | 117381  |
| dbo.QQcdkey                      | 99694   |
| dbo.IndividualDatumFirend        | 78305   |
| dbo.AccountsInfo0821             | 76835   |
| dbo.AccountsInfo_temp1           | 54253   |
| dbo.AccountsInfo_temp1           | 54253   |
| dbo.View_Rechargeable_Card_tg    | 14130   |
| dbo.AccountsInfo_emailbak        | 11156   |
| dbo.AccountsInfo_emailbak        | 11156   |
| dbo.GameIdentifier               | 10001   |
| dbo.UserWincountlogo             | 8250    |
| dbo.iphonetemp1                  | 6195    |
| dbo.iphonetemp1                  | 6195    |
| dbo.iphonetemp2                  | 4774    |
| dbo.AccountsInfo1121             | 4569    |
| dbo.dxuserall                    | 3148    |
| dbo.dxuserall                    | 3148    |
| dbo.GameUserBang_TYBLogo         | 2358    |
| dbo.SystemStreamInfo             | 2325    |
| dbo.AccountsInfo_regtj           | 2253    |
| dbo.View_AccountsInfo_regtjNew   | 2253    |
| dbo.View_AccountsInfo_regtjNew   | 2253    |
| dbo.tempUsername                 | 2079    |
| dbo.dxUserbak                    | 1651    |
| dbo.GameUserBang_abestLogo       | 1465    |
| dbo.GameUserBang_abest_view      | 748     |
| dbo.GameUserBang_abest_view      | 748     |
| dbo.AccountsInfobak              | 736     |
| dbo.IndividualDatumbak           | 550     |
| dbo.IndividualDatumbak           | 550     |
| dbo.PK_SOURCE_IP_POOL            | 541     |
| dbo.LuckUser                     | 393     |
| dbo.AccountsInfo_xt              | 352     |
| dbo.UserAddScoreLogo             | 325     |
| dbo.VW_Charge_List               | 300     |
| dbo.dxuserlist                   | 209     |
| dbo.S3_Tmp                       | 156     |
| dbo.GameUserBang_New_tyb         | 93      |
| dbo.GameUserBang_TYB_WEEKLY_view | 93      |
| dbo.GameUserBang_TYB_WEEKLY_view | 93      |
| dbo.View_t1                      | 47      |
| dbo.test_0801                    | 46      |
| dbo.tempcity                     | 41      |
| dbo.we                           | 35      |
| dbo.View_t320                    | 29      |
| dbo.comd_list                    | 26      |
| dbo.ConfineContent               | 26      |
| dbo.D99_CMD                      | 24      |
| dbo.D99_Tmp                      | 22      |
| dbo.PK_GameDownloadCount         | 19      |
| dbo.View_t500                    | 17      |
| dbo.View_t310                    | 14      |
| dbo.ConfineAddress               | 3       |
| dbo.PK_WebPage_Click_Count       | 3       |
| dbo.SystemStatusInfo             | 2       |
| dbo.D99_REG                      | 1       |
| dbo.DIY_TEMPCOMMAND_TABLE        | 1       |
+----------------------------------+---------+


漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-10-13 09:00

厂商回复:

漏洞Rank:20 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论