记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

07073某站某漏洞泄露22036611名用户数据

2015-04-30 23:35

news.07073.com/plus/digg_ajax9.php?type=&id=1071264

参数:type

1.jpg



2.jpg



3.jpg



所有的服务器,其中bbs073应该就是你们的论坛主库了,用户库肯定就是这里

4.jpg



5.jpg



附上列表:

code 区域
Database: bbs073

+---------------------------+---------+

| Table | Entries |

+---------------------------+---------+

| uc_members | 22036611 |

| uchome_gift_ram | 17379539 |

| uc_memberfields | 16793530 |

| uc_members_ext | 7251715 |

| uc_pms | 2353528 |

| uchome_gift_id_10 | 1207151 |

| uchome_gift_id_copy | 730931 |

| uc_newpm | 613770 |

| uc_oauth | 332137 |

| uchome_gift_id_count | 177474 |

| uchome_gift_user_post | 121288 |

| uc_friends | 116129 |

| uchome_gift | 96724 |

| uchome_space | 76331 |

| uchome_spacefield | 76331 |

| uchome_friend | 63957 |

| uchome_com_slave_history | 50141 |

| uc_members_mailask | 49999 |

| uc_pm_indexes | 43431 |

| uchome_myinvite | 43312 |

| uchome_notification | 42099 |

| uchome_gift_use | 39448 |

| uc_pm_members | 37395 |

| uchome_gift_request_email | 30766 |

| uchome_creditlog | 22581 |

| uc_pm_lists | 19762 |

| uchome_userapp | 17536 |

| uchome_member | 15322 |

| uchome_spaceinfo | 11429 |

| uchome_userappfield | 11229 |

| uchome_pic | 8506 |

| uc_tags | 8257 |

| uchome_gift_get | 6495 |

| uchome_usertask | 5144 |

| uchome_gift_qiu | 5033 |

| uchome_park_record | 4647 |

| uc_pm_messages_0 | 4626 |

| uc_pm_messages_7 | 4598 |

| uc_pm_messages_6 | 4508 |

| uc_pm_messages_3 | 4460 |

| uc_pm_messages_1 | 4355 |

| uc_pm_messages_2 | 4316 |

| uc_pm_messages_5 | 4172 |

| uc_pm_messages_9 | 4141 |

| uc_pm_messages_8 | 4136 |

| uc_pm_messages_4 | 4054 |

| uc_members_weibo | 3193 |

| uchome_tag | 3062 |

| uchome_gift_qiu_old | 2635 |

| tmp2 | 1801 |

| uchome_blogfield | 1696 |

| uchome_blog | 1656 |

| uchome_gift_email | 1631 |

| uchome_doing | 1603 |

| uchome_comment | 1547 |

| uchome_tagblog | 1339 |

| uchome_feed | 1288 |

| uc_notelist | 1252 |

| uchome_picfield | 1215 |

| uchome_invite | 1080 |

| uchome_gift_special | 1030 |

| uchome_poke | 971 |

| tmp | 864 |

| uchome_magicinlog | 651 |

| uchome_park_warn | 544 |

| uchome_album | 542 |

| uchome_stat | 539 |

| uchome_tagspace | 525 |

| uchome_usermagic | 443 |

| uchome_park_carinfo | 428 |

| uchome_spacelog | 419 |

| uchome_park_mycar | 349 |

| uchome_docomment | 312 |

| uchome_post | 300 |

| uchome_share | 300 |

| uchome_polluser | 292 |

| uc_members_ext1 | 264 |

| uchome_park_member | 260 |

| uchome_park_memberset | 259 |

| uchome_magicuselog | 258 |

| uchome_myapp | 233 |

| uc_members_avatar | 209 |

| uchome_com_slave_main | 197 |

| uchome_class | 194 |

| uchome_thread | 182 |

| uc_members_blogapi | 135 |

| uchome_gift_yyterrace | 132 |

| uchome_config | 117 |

| uchome_mtaginvite | 104 |

| uchome_polloption | 91 |

| uchome_app_fgamelist | 84 |

| uchome_gift_friendlink | 77 |

| uchome_data | 72 |

| uchome_gift_request | 62 |

| uchome_mtag | 49 |

| uchome_creditrule | 47 |

| uchome_com_slave_task | 33 |

| uc_settings | 30 |

| uchome_gift_huandeng | 28 |

| uchome_gift_qiu_pingtai | 28 |

| uchome_magic | 25 |

| uchome_eventfield | 24 |

| uchome_magicstore | 24 |

| uchome_gift_advance | 23 |

| uchome_show | 23 |

| uchome_topicuser | 20 |

| vote_num | 19 |

| vote_url | 19 |

| uchome_blacklist | 16 |

| uchome_park_stage | 16 |

| uchome_click | 15 |

| uc_applications | 14 |

| uc_protectedmembers | 14 |

| uchome_poll | 12 |

| uchome_pollfield | 12 |

| uchome_gift_baidu_test | 11 |

| uchome_com_slave_luck | 10 |

| uchome_gift_id | 10 |

| uchome_usergroup | 10 |

| uchome_gift_baidu | 9 |

| uchome_profield | 8 |

| uchome_com_slave_taskcat | 7 |

| uchome_gift_test | 7 |

| uchome_task | 7 |

| uchome_cron | 6 |

| uchome_eventclass | 6 |

| uchome_app_wajin | 5 |

| uchome_gift_terrace | 5 |

| uchome_userevent | 5 |

| uc_admins | 4 |

| uchome_event | 4 |

| uchome_eventpic | 4 |

| uc_connect_baidu | 3 |

| uchome_gift_var | 2 |

| uchome_park_mystage | 2 |

| uchome_report | 2 |

| uc_failedlogins | 1 |

| uc_guest | 1 |

| uc_special_index | 1 |

| uc_special_list | 1 |

| uchome_ad | 1 |

| uchome_gift_special_test | 1 |

| uchome_gift_use_cp | 1 |

| uchome_plugins | 1 |

| uchome_statuser | 1 |

| uchome_topic | 1 |

+---------------------------+---------+

漏洞证明:

修复方案:


知识来源: www.wooyun.org/bugs/wooyun-2015-0101704

阅读:128167 | 评论:0 | 标签:漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“07073某站某漏洞泄露22036611名用户数据”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

❤人人都能成为掌握黑客技术的英雄❤

ADS

标签云

本页关键词