漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0144784
漏洞标题:第一波游戏某站存在SQL注入300万信息可跨库查询主站(涉及OA系统)
相关厂商:第一波游戏
漏洞作者: 路人甲
提交时间:2015-10-04 23:14
修复时间:2015-11-18 23:16
公开时间:2015-11-18 23:16
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-10-04: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-11-18: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
第一波游戏某站存在SQL注入300万信息可跨库查询主站(涉及OA系统)
详细说明:
注入点:
http://bbs.ebogame.com/rss.php?forumid=0&tagname=
slqmap截图:
【论坛数据库 23w+8w】
Database: 5ebo_ucenter
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| uc_members | 230374 |
| uc_memberfields | 142469 |
| uc_notelist | 1217 |
| uc_pm_members | 77 |
| uc_pm_indexes | 54 |
| uc_pm_lists | 40 |
| uc_settings | 26 |
| uc_newpm | 15 |
| uc_pm_messages_0 | 7 |
| uc_pm_messages_6 | 7 |
| uc_pm_messages_4 | 6 |
| uc_pm_messages_7 | 6 |
| uc_pm_messages_1 | 5 |
| uc_pm_messages_2 | 5 |
| uc_pm_messages_3 | 5 |
| uc_pm_messages_5 | 5 |
| uc_pm_messages_8 | 4 |
| uc_pm_messages_9 | 4 |
| uc_applications | 2 |
| uc_failedlogins | 1 |
| uc_protectedmembers | 1 |
+---------------------------------------+---------+
Database: 5ebo_bbs
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| pre_ucenter_members | 87952 |
| ebogame_member_info | 87798 |
| ebogame_member_info_copy | 83881 |
| pre_common_district | 45051 |
| anhei_activate_num | 43500 |
| pre_forum_post | 27341 |
| anhei_member | 21395 |
| anhei_packs_num | 20000 |
| pre_forum_filter_post | 12427 |
| ebogame_phone_code | 9254 |
| pre_home_notification | 7898 |
| pre_forum_threadpartake | 7626 |
| pre_common_credit_rule_log | 7442 |
| pre_common_member | 7273 |
| pre_common_member_count | 7273 |
| pre_common_member_field_forum | 7273 |
| pre_common_member_field_home | 7273 |
| pre_common_member_profile | 7273 |
| pre_common_member_status | 7273 |
| pre_forum_thread | 5991 |
| ebogame_member_money | 5648 |
| pre_common_onlinetime | 4244 |
| pre_forum_statlog | 3520 |
| pre_forum_threadmod | 3396 |
| ebogame_charge | 2537 |
| pre_forum_sofa | 1490 |
| ebogame_orderhistory | 1400 |
| pre_common_member_newprompt | 1340 |
| pre_forum_attachment | 1296 |
| pre_forum_pollvoter | 1174 |
| pre_forum_threadlog | 1019 |
| pre_ucenter_memberfields | 888 |
| pre_common_member_archive | 706 |
| pre_ucenter_pm_members | 647 |
| ebogame_member_findpass | 588 |
| pre_common_stat | 484 |
| pre_common_setting | 444 |
| pre_forum_threadimage | 424 |
| pre_ucenter_pm_indexes | 420 |
| pre_common_tagitem | 346 |
| pre_ucenter_pm_lists | 329 |
| pre_forum_attachment_8 | 296 |
| pre_forum_postlog | 228 |
| pre_forum_attachment_unused | 221 |
| pre_forum_threadhot | 151 |
| pre_qqy_ltnclog | 143 |
| pre_forum_attachment_1 | 122 |
| pre_forum_attachment_7 | 122 |
| pre_common_member_crime | 121 |
| pre_common_syscache | 121 |
| pre_common_tag | 115 |
| pre_forum_rsscache | 110 |
| pre_common_block_style | 103 |
| pre_common_member_temp___ | 100 |
| pre_forum_attachment_4 | 95 |
| pre_common_stylevar | 90 |
| pre_forum_attachment_6 | 89 |
| pre_common_member_action_log | 88 |
| pre_forum_attachment_0 | 88 |
| ebogame_charge_total | 87 |
| anhei_day_received | 85 |
| pre_common_smiley | 85 |
| pre_security_evilpost | 75 |
| pre_forum_attachment_5 | 73 |
| pre_common_connect_guest | 69 |
| pre_common_admincp_perm | 68 |
| pre_forum_newthread | 68 |
| pre_ucenter_newpm | 65 |
| pre_forum_attachment_2 | 64 |
| pre_forum_attachment_3 | 63 |
| pre_forum_threadcalendar | 57 |
| pre_ucenter_pm_messages_2 | 55 |
| ebogame_charge_copy | 53 |
| pre_common_nav | 52 |
| pre_common_member_profile_setting | 51 |
| pre_forum_attachment_9 | 49 |
| pre_ucenter_pm_messages_3 | 47 |
| pre_connect_memberbindlog | 44 |
| pre_ucenter_pm_messages_7 | 44 |
| pre_forum_forumfield | 43 |
| pre_ucenter_pm_messages_4 | 43 |
| pre_forum_forum | 42 |
| pre_ucenter_pm_messages_9 | 41 |
| pre_ucenter_pm_messages_5 | 40 |
| pre_ucenter_pm_messages_6 | 39 |
| pre_ucenter_pm_messages_1 | 38 |
| pre_common_member_connect | 37 |
| pre_ucenter_pm_messages_0 | 37 |
| pre_home_friend_request | 36 |
| pre_ucenter_pm_messages_8 | 36 |
| pre_connect_postfeedlog | 35 |
| pre_common_optimizer | 34 |
| pre_common_credit_rule | 32 |
| pre_home_favorite | 32 |
| pre_forum_polloption | 31 |
| pre_ucenter_notelist | 31 |
| pre_forum_modwork | 29 |
| pre_ucenter_settings | 27 |
| pre_common_magic | 24 |
| ebogame_media_page_detail | 23 |
| anhei_activate_record | 21 |
| pre_forum_hotreply_member | 21 |
| pre_common_cron | 20 |
| pre_forum_hotreply_number | 19 |
| pre_forum_post_tableid | 18 |
| ebogame_media_page | 16 |
| pre_common_myapp | 16 |
| pre_common_usergroup | 16 |
| pre_common_usergroup_field | 16 |
| pre_home_click | 15 |
| pre_home_pokearchive | 15 |
| pre_common_plugin | 14 |
| pre_home_friend | 14 |
| pre_home_poke | 14 |
| pre_security_eviluser | 13 |
| pre_common_statuser | 11 |
| pre_forum_postcomment | 11 |
| pre_connect_feedlog | 10 |
| pre_forum_medal | 10 |
| pre_common_report | 8 |
| pre_home_friendlog | 8 |
| ebogame_media_partners | 7 |
| pre_common_admincp_cmenu | 7 |
| pre_common_pluginvar | 7 |
| pre_common_admincp_member | 6 |
| pre_forum_typeoption | 6 |
| pre_common_admincp_group | 5 |
| pre_forum_poll | 5 |
| pre_forum_poststick | 5 |
| pre_forum_bbcode | 4 |
| pre_forum_onlinelist | 4 |
| pre_common_admingroup | 3 |
| pre_common_friendlink | 3 |
| pre_forum_grouplevel | 3 |
| pre_forum_imagetype | 3 |
| pre_forum_postcache | 3 |
| pre_forum_warning | 3 |
| pre_security_failedlog | 3 |
| pre_common_advertisement | 2 |
| pre_common_block | 2 |
| pre_common_cache | 2 |
| pre_common_patch | 2 |
| pre_common_style | 2 |
| pre_common_template | 2 |
| pre_common_template_block | 2 |
| pre_common_word_type | 2 |
| pre_mobile_setting | 2 |
| anhei_day_received_limited | 1 |
| ebogame_media_anomalydata | 1 |
| ebogame_media_setting | 1 |
| pre_common_admincp_session | 1 |
| pre_common_banned | 1 |
| pre_common_diy_data | 1 |
| pre_common_failedip | 1 |
| pre_common_failedlogin | 1 |
| pre_common_invite | 1 |
| pre_common_regip | 1 |
| pre_forum_thread_moderate | 1 |
| pre_forum_threadprofile | 1 |
| pre_forum_threadprofile_group | 1 |
| pre_ucenter_admins | 1 |
| pre_ucenter_applications | 1 |
| pre_ucenter_failedlogins | 1 |
+---------------------------------------+---------+
跨库查询:
【主站数据库 ebogame_member_info 33w+ 】
Database: ebogame_1
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| ebogame_member_integral | 490201 |
| ebogame_member_login | 433668 |
| ebogame_activation | 400446 |
| ebogame_member_serv | 334756 |
| ebogame_member_info | 334038 |
| ebogame_member | 333889 |
| ebogame_advertising_click | 50020 |
| ebogame_charge | 39157 |
| ebogame_game_gift_code_17173 | 20000 |
| ebogame_member_char | 10680 |
| ebogame_game_code | 6210 |
| ebogame_game_gift_code | 5000 |
| ebogame_member_price | 3442 |
| ebogame_game_gift_code_ | 3000 |
| ebogame_content | 1793 |
| ebogame_news | 1588 |
| ebogame_extension_member | 1586 |
| ebogame_question_reply | 755 |
| ebogame_charge_heepay | 591 |
| ebogame_questions | 505 |
| ebogame_game_areas | 221 |
| ebogame_advertising | 73 |
| ebogame_category | 33 |
| ebogame_price | 33 |
| ebogame_extension_percent | 22 |
| ebogame_extension_settlemen | 21 |
| ebogame_games | 18 |
| ebogame_game_gift_info_17173 | 10 |
| ebogame_integral | 9 |
| ebogame_extension | 6 |
| ebogame_game_gift_info_ | 3 |
+---------------------------------------+---------+
【主站另一数据库 ebogame_member 233w+】
Database: ebogame
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| ebogame_member_login | 4024633 |
| ebogame_member | 2336075 |
| ebogame_activation | 826828 |
| ebogame_member_integral | 674280 |
| pre_ucenter_members | 387637 |
| bbs_userlist | 326338 |
| ebogame_member_info | 277802 |
| ebogame_member_serv | 277792 |
| ebogame_member_char | 238784 |
| ebogame_charge | 169756 |
| api_send_mail | 61235 |
| ebogame_advertising_click | 51794 |
| pre_common_district | 45051 |
| ebogame_charge_copy | 43282 |
| pre_forum_post | 27728 |
| ebogame_game_gift_code_17173 | 20000 |
| pre_home_notification | 14233 |
| pre_common_credit_rule_log | 13011 |
| pre_forum_thread | 12229 |
| pre_forum_threadpartake | 10744 |
| pre_forum_threadmod | 9011 |
| pre_common_member_count | 8179 |
| pre_common_member_field_forum | 8179 |
| pre_common_member_field_home | 8179 |
| pre_common_member_profile | 8179 |
| pre_common_member_status | 8179 |
| pre_common_member | 8171 |
| pre_common_onlinetime | 6443 |
| ebogame_game_code | 6210 |
| bbs_posts | 5153 |
| ebogame_game_gift_code | 5000 |
| pre_ucenter_memberfields | 4808 |
| pre_forum_statlog | 4266 |
| ebogame_member_price | 3442 |
| ebogame_game_gift_code_ | 3000 |
| ebogame_content | 2638 |
| ebogame_extension_member | 2555 |
| ebogame_news | 2288 |
| bbs_apclog | 2054 |
| ebogame_question_reply | 1668 |
| pre_forum_attachment | 1566 |
| pre_forum_pollvoter | 1455 |
| bbs_actlogs | 1449 |
| pre_common_member_crime | 1239 |
| pre_forum_modwork | 1003 |
| pre_common_stat | 892 |
| bbs_threads | 870 |
| ebogame_questions | 779 |
| pre_forum_thread_moderate | 653 |
| ebogame_charge_heepay | 591 |
| bbs_primsg | 517 |
| pre_common_member_action_log | 496 |
| pre_ucenter_pm_indexes | 419 |
| pre_forum_threadimage | 405 |
| pre_common_setting | 392 |
| ebogame_game_areas | 358 |
| pre_forum_polloption | 273 |
| pre_forum_threaddisablepos | 244 |
| pre_ucenter_pm_members | 244 |
| pre_forum_attachment_1 | 222 |
| pre_forum_attachment_3 | 212 |
| pre_forum_attachment_4 | 180 |
| pre_forum_post_tableid | 174 |
| pre_forum_attachment_9 | 168 |
| pre_forum_attachment_5 | 161 |
| sglj_extension | 154 |
| ebogame_advertising | 151 |
| pre_ucenter_pm_lists | 129 |
| pre_forum_attachment_7 | 124 |
| pre_common_tagitem | 118 |
| bbs_ugoptlist | 115 |
| pre_ucenter_pm_messages_0 | 114 |
| pre_forum_attachment_6 | 106 |
| pre_common_block_style | 103 |
| pre_forum_attachment_unused | 103 |
| pre_forum_attachment_0 | 102 |
| pre_forum_attachment_2 | 102 |
| pre_common_syscache | 95 |
| pre_ucenter_notelist | 90 |
| pre_common_smiley | 85 |
| pre_forum_attachment_8 | 85 |
| pre_forum_rsscache | 80 |
| pre_ucenter_pm_messages_3 | 70 |
| pre_common_admincp_perm | 67 |
| pre_common_member_profile_setting | 51 |
| pre_forum_poll | 49 |
| pre_ucenter_pm_messages_7 | 49 |
| pre_common_tag | 48 |
| pre_common_nav | 47 |
| pre_common_stylevar | 45 |
| pre_ucenter_newpm | 40 |
| pre_forum_forumfield | 38 |
| pre_forum_forum | 37 |
| pre_common_credit_log | 36 |
| pre_ucenter_pm_messages_5 | 35 |
| ebogame_category | 33 |
| ebogame_price | 33 |
| pre_home_friend | 32 |
| pre_common_credit_rule | 31 |
| pre_ucenter_failedlogins | 31 |
| pre_ucenter_pm_messages_2 | 31 |
| pre_home_friend_request | 30 |
| pre_ucenter_pm_messages_6 | 29 |
| pre_ucenter_settings | 26 |
| bbs_emoticons | 25 |
| ebogame_games | 25 |
| pre_ucenter_pm_messages_4 | 25 |
| bbs_search | 23 |
| pre_ucenter_pm_messages_8 | 23 |
| ebogame_extension_percent | 22 |
| pre_ucenter_pm_messages_9 | 22 |
| ebogame_extension_settlemen | 21 |
| pre_ucenter_pm_messages_1 | 21 |
| pre_common_cron | 18 |
| pre_common_failedlogin | 17 |
| pre_common_usergroup | 16 |
| pre_common_usergroup_field | 16 |
| pre_home_friendlog | 16 |
| bbs_forumdata | 15 |
| bbs_tags | 15 |
| pre_home_click | 15 |
| pre_common_report | 14 |
| pre_forum_threadclosed | 14 |
| bbs_contacts | 13 |
| pre_forum_replycredit | 13 |
| bbs_levels | 12 |
| pre_common_banned | 12 |
| pre_common_session | 12 |
| pre_forum_poststick | 11 |
| ebogame_game_gift_info_17173 | 10 |
| pre_forum_medal | 10 |
| ebogame_integral | 9 |
| pre_common_plugin | 9 |
| pre_home_favorite | 9 |
| bbs_usergroup | 8 |
| bbs_polls | 7 |
| pre_forum_warning | 7 |
| ebogame_extension | 6 |
| pre_common_pluginvar | 6 |
| pre_forum_moderator | 6 |
| pre_forum_typeoption | 6 |
| pre_common_admincp_group | 5 |
| pre_common_friendlink | 5 |
| pre_common_admingroup | 4 |
| pre_common_advertisement | 4 |
| pre_forum_bbcode | 4 |
| pre_forum_onlinelist | 4 |
| ebogame_game_gift_info_ | 3 |
| pre_common_admincp_member | 3 |
| pre_forum_grouplevel | 3 |
| pre_forum_imagetype | 3 |
| pre_common_admincp_cmenu | 2 |
| pre_common_block | 2 |
| pre_common_credit_rule_log_field | 2 |
| pre_common_diy_data | 2 |
| pre_common_patch | 2 |
| pre_common_regip | 2 |
| pre_common_template_block | 2 |
| pre_common_word_type | 2 |
| pre_home_poke | 2 |
| pre_home_pokearchive | 2 |
| pre_mobile_setting | 2 |
| bbs_favorites | 1 |
| bbs_lastest | 1 |
| pre_common_admincp_session | 1 |
| pre_common_cache | 1 |
| pre_common_statuser | 1 |
| pre_common_style | 1 |
| pre_common_template | 1 |
| pre_ucenter_admins | 1 |
| pre_ucenter_applications | 1 |
【同时OA和分站数据库】
20w+
【总计大约300w]
漏洞证明:
【sqlmap全过程】
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)