当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0110993

漏洞标题:中华英才网某接口撞库泄露用户登录凭据(有批量账号证明)

相关厂商:中华英才网

漏洞作者: 路人甲

提交时间:2015-04-29 19:08

修复时间:2015-06-11 20:47

公开时间:2015-06-11 20:47

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:18

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-29: 细节已通知厂商并且等待厂商处理中
2015-04-30: 厂商已经确认,细节仅向厂商公开
2015-05-10: 细节向核心白帽子及相关领域专家公开
2015-05-20: 细节向普通白帽子公开
2015-05-30: 细节向实习白帽子公开
2015-06-11: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

撞库扫号攻击已经是Top 10 Security Risks for 2014之一.撞库以大量的用户数据为基础,利用用户相同的注册习惯(相同的用户名和密码),尝试登陆其它的网站。2011年,互联网泄密事件引爆了整个信息安全界,导致传统的用户+密码认证的方式已无法满足现有安全需求。泄露数据包括:天涯:31,758,468条,CSDN:6,428,559条,微博:4,442,915条,人人网:4,445,047条,猫扑:2,644,726条,178:9,072,819条,嘟嘟牛:13,891,418条,7K7K:18,282,404条,共1.2亿条。不管你的网站密码保护的多好,但是面对已经泄露的账号密码,撞库扫号防御还是一个相当重要的环节。

详细说明:

mobile的登录接口没有防御撞库。对登录接口的调用没有进行限制。经过测试发现,使用某泄露数据库可以碰撞获得大量有效的登录账号。 登录接口抓包如下:

POST /login_ajax.php HTTP/1.1
Host: m.chinahr.com
Proxy-Connection: keep-alive
Content-Length: 122
Accept: */*
Origin: http://m.chinahr.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://m.chinahr.com/login.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: _ga=GA1.2.1351244397.1430104208; _gat=1; ipgoto_fixurl=http%3A//www.chinahr.com/; currentCityId=; __utmt=1; __utma=162484963.1351244397.1430104208.1430104208.1430216122.2; __utmb=162484963.3.10.1430216122; __utmc=162484963; __utmz=162484963.1430104208.1.1.utmcsr=baidu|utmccn=(organic)|utmcmd=organic|utmctr=%E5%8C%97%E4%BA%AC%20%E5%A8%9C%E8%BF%A6
RA-Ver: 2.10.0
RA-Sid: 7B9DD012-20150303-080129-82895f-fb68a9
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alxg-3.3
Connection: close
json=login.json&param=%7B%22uName%22%3A%22koudingnan@163%2ecom%22%2C%22pw%22%3A%22koudingnan%22%2C%22openid%22%3A%22%22%7D

漏洞证明:

经过测试发现,使用某泄露数据库可以碰撞获得大量有效的登录账号.
泄露个人隐私信息。

[email protected]	229229114v
[email protected] 369741258
[email protected] hasfun1988
[email protected] 9001nihaott
[email protected] aoe147852369
[email protected] 19881025
[email protected] 13401301391
[email protected] fujian0725
[email protected] chenxin8758
[email protected] jiakanzheng
[email protected] jiahong436
[email protected] chinaren
[email protected] wangwei1989
[email protected] ww2532219qq
[email protected] gy750310
[email protected] cgbagua971612
[email protected] 320061327
[email protected] danitou922
[email protected] zhanghang
[email protected] 98830358
[email protected] MaToJIM2
[email protected] alixon1973
[email protected] 19840330
[email protected] 19841984
[email protected] 11916741
[email protected] leier119
[email protected] daguai521
[email protected] nana820921
[email protected] ilid1988
[email protected] rs791004
[email protected] 1811800225
[email protected] 2007iloveu
[email protected] cw861217
[email protected] qw19860826
[email protected] 13688125494
[email protected] 13051505676
[email protected] 19820826
[email protected] ylj10231115
[email protected] pa88word
[email protected] wh19881022
[email protected] 92738123456
[email protected] 15155110944
[email protected] dreamsky12
[email protected] 84713105
[email protected] wang302698025
[email protected] 4456766abc
[email protected] hu3212482
[email protected] xiluzai1989
[email protected] 123456789
[email protected] 278897298
[email protected] sineysoft
[email protected] 1125007
[email protected] kissme
[email protected] zxszmxsyy
[email protected] 6811268112
[email protected] rikky998
[email protected] 39041851
[email protected] 05063022.x
[email protected] znjgxsim
[email protected] w232310j
[email protected] ccrr19880827
[email protected] sha543DAN521
[email protected] firstlove123
[email protected] 811215qq
[email protected] 19841226
[email protected] 13086835821
[email protected] aaa3812751
[email protected] tfl6353213
[email protected] jhua8810
[email protected] zhen198849
[email protected] qpp86875838
[email protected] ma2312251
[email protected] 61224you
[email protected] 2007changbl
[email protected] 19850416
[email protected] 910108jiayou
[email protected] tangkai3
[email protected] XN07533392363
[email protected] alex1117
[email protected] 550326053
[email protected] ytmsk7224782
[email protected] bao243124
[email protected] 19861229
[email protected] 13644219106
[email protected] liuwei66
[email protected] wushanjian
[email protected] Davide1984
[email protected] 7322861asd
[email protected] 61405069
[email protected] deadrubbish
[email protected] 47689873cx
[email protected] 85825260
[email protected] jin5211314
[email protected] 84457495
[email protected] 19780612
[email protected] 198808302415
[email protected] 56944013
[email protected] wsjitao5211314
[email protected] wangzheng
[email protected] manleer92
[email protected] 616521929
[email protected] wl1314521
[email protected] hh5023066
[email protected] 2826466159
[email protected] 0208020135
[email protected] 19890123
[email protected] jamie118
[email protected] xiaoxiao
[email protected] zengxin19870904
[email protected] zhaoke123
[email protected] LXB518CN
[email protected] lee8562878
[email protected] 19830612
[email protected] 87191118
[email protected] 19880109
[email protected] xiaohui6899
[email protected] 8243882zhq
[email protected] yhaoguang0211
[email protected] 02061193
[email protected] 8wy2741708
[email protected] zxc110130
[email protected] 19831021
[email protected] dongyh870705
[email protected] gold0814
[email protected] 89897xyz168
[email protected] 22224444
[email protected] zhanghui123qwe
[email protected] wenhao001962
[email protected] 11051105
[email protected] lilei1984
[email protected] 56321161
[email protected] 13208mzy
[email protected] 5060938sp
[email protected] 198728zb
[email protected] 123456789
[email protected] jl780502
[email protected] 1988131li
[email protected] 2354631000
[email protected] 568568568
[email protected] 712515zzj


屏幕快照 2015-04-29 上午9.14.37.png


屏幕快照 2015-04-29 上午9.13.56.png


修复方案:

撞库防御参考资料:http://stayliv3.github.io/2015/04/15/%E6%92%9E%E5%BA%93%E6%94%BB%E5%87%BB%E9%98%B2%E5%BE%A1%E6%96%B9%E6%A1%88/

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-04-30 13:18

厂商回复:

感谢您的关注,我们会尽快修复,谢谢

最新状态:

2015-06-11:漏洞已修复,感谢帮助