漏洞标题 APP安全一个彩票存在SQL注入（220W +用户信息泄露/名称/城市/银行） 相关制造商 彩票 漏洞作者 利用数据库 提交时间 2016-04-30 12: 40 公共时间 2016-06-19 19: 50 漏洞类型 SQL注入漏洞 危险等级 高 自我评估等级 20 漏洞状态 已提交给第三方合作机构（cncert National Internet Emergency Center） 标签标签 漏洞详细信息 http://**。**。**。**/news/newslist.php？categoryId=15

可用数据库[7]: [*] bbs [*] caiso [*] information_schema [*] mysql [*] performance_schema [*]测试 [*] tubiao 数据库: caiso [86表] + ------------------------------ + |帐户| | accountlog | | activity_activities | | activity_activity_detail | | admin_channel | | admin_class | | admin_permissions | | admin_role | | admin_role_function | | admin_sendsomething_template | | admin_syslogs | | admin_user | | admin_winprize | |代理商| | bankcardInfo | | business_activity_partner | | business_article | | business_article_category | | business_article_inlink | | business_article_partner | | business_back_money_request | | business_chase | | business_chaseitem | | business_city_no | | business_community | | business_company | | business_cps_day_report | | business_customer | | business_customer_commission | | business_email | | business_email_log | | business_feedback | | business_filedownlod | | business_friendly_link | | business_league | | business_league_rank | | business_match_arrange | | business_match_history | | business_match_mapping | | business_match_team_mapping | | business_mobile | | business_odd | | business_order | | business_order_queue | | business_order_temp | | business_part | | business_partner | | business_pay | | business_pay_out_request | | business_payment_request | | business_plan | | business_plan_item | | business_print_term | | business_prize_level | | business_recharge_gift | | business_restricted | | business_sms_log | | business_sms_mo_log | | business_sms_partner | | business_soft_update | | business_spread_channel | | business_supplier | | business_sys_account | | business_sys_account_log | | business_system_param | | business_team | | business_term | | business_term_type_config | | business_ticket | | business_wallet | | business_wallet_log | | business_win_describe_order | | business_win_describe_ticket | | business_win_prize | | business_you_hui_ma | |会员| | memberinfo | | memberlog | | membershare | | mibaoinfo | |赔率| |点| | pointlog | Failure when receiving data from the peer Customer_ip | varchar（255）| Customer_type | int（11）| |电子邮件| varchar（255）| | email_accept | varchar（255）| | id | bigint（20）| | is_apply |位（1）| | is_pass | int（11）| | last_login_time | datetime | | login_num | int（11）| | mobile_no | varchar（255）| | nick_name | varchar（255）| |老| int（11）| | open_id | varchar（255）| |密码| varchar（255）| | ploy_accur | bigint（20）| | ploy_consumed | bigint（20）| |省| varchar（255）| |问题| varchar（255）| | real_name | varchar（255）| | reg_channel | int（11）| | reg_source | int（11）| | register_time | datetime | |备注| varchar（255）| | sms_accept | varchar（255）| | sssuper_commission |小数（19,2）| | sssuper_ratio |小数（19,2）| | sssuperior | bigint（20）| | ssuper_commission |小数（19,2）| | ssuper_ratio |小数（19,2）| | ssuperior_id | bigint（20）| |状态| int（11）| |支管| varchar（255）| | super_commission |小数（19,2）| | super_ratio |小数（19,2）| | superior_id | bigint（20）| | user3_id | varchar（255）| | usr_type | int（11）| | wake_up_email_num | int（11）| | wallet_id | bigint（20）| | yanzhenma | varchar（255）| + -------------------- + --------------- + 时间问题不会继续深入〜 漏洞证明： 修理计划： 版权声明：请注明出处Exploit DB @乌云