当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112898

漏洞标题:雪球网某接口绕过加密密码撞库(大量账号证明,可查股票交易记录等隐私)

相关厂商:雪球

漏洞作者: 路人甲

提交时间:2015-05-08 17:10

修复时间:2015-06-22 21:40

公开时间:2015-06-22 21:40

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-08: 细节已通知厂商并且等待厂商处理中
2015-05-08: 厂商已经确认,细节仅向厂商公开
2015-05-18: 细节向核心白帽子及相关领域专家公开
2015-05-28: 细节向普通白帽子公开
2015-06-07: 细节向实习白帽子公开
2015-06-22: 细节向公众公开

简要描述:

挖洞最苦逼的事莫过于编辑了半天的漏洞最后发现竟然不存在。。

详细说明:

http://xueqiu.com/login雪球的这个登陆接口是没有任何登陆验证限制的

1.png


然后直接抓包,看到用户名是明文传输,但是密码是密文的,之前也遇到过密文的密码,都是小写的md5加密或者其他的解密不出来,但是这个加密乍然一看好复杂,仔细一看才发现是大写md5加密

2.png


既然知道了加密的方式,就试试可不可以撞库吧,但是由于之前没遇到过大写md5加密的密码,所以手上没有字典啊,郁闷临时写了个脚本生成了字典以后开始撞库,看到了出来了一部分用户就停止了

3.png


随便选几个登陆看看,大部分都是活跃用户,因为这个股票网站,又大部分都是活跃用户,所以用户隐私全部泄露了,什么聊天记录,持仓,交易记录,还有用户的股票组合(这个很重要,如果我暴力破解比较股票大神的用户然后查看他的股票怎么买,我也可以发家致富奔小康了~)

4.png


5.png


6.png


7.png


声明:因为涉及股票等敏感数据,所以没有进行大规模撞库,登陆测试的用户也没有修改任何信息

漏洞证明:

rs,部分账号证明:

[email protected]	E10ADC3949BA59ABBE56E057F20F883E	2000
[email protected] D0214202222536BD4F3A03C0D995A84F 2034
[email protected] 7FAF2AA2F2A107027DFC433DBB3F1294 2042
[email protected] B415372CD01084FD61D99BB7A2E033B3 2044
[email protected] 50AA2E32B770A2F5DC2D3AFFA2784569 2078
[email protected] 41D9ED365D86494A8A10A36B71879156 2088
[email protected] BCBA074DF1564BDA10A7A7B4481AE410 2093
[email protected] E0DA275F6BE6DB793A78256AF289D1FE 2096
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2136
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2136
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2136
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2136
[email protected] 7D8D99B211A6588D5D0595717C32FA69 2137
[email protected] 4D2CEE02DC06C433ADD18DE3BAFED46F 2139
[email protected] ECA02A9E98C1E60459FCDD09F024E84A 2140
[email protected] 3769CB2A9A9EB25A0C6965C9C92947E5 2142
[email protected] 576CC00EA5A6053B0A39B73D38C9841C 2145
[email protected] 09AAD35F9EC3D11CD3CBFFB3D3D4C51E 2155
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2155
[email protected] 3D9188577CC9BFE9291AC66B5CC872B7 2156
[email protected] 98BF51669E7A5552403F3F15F59788C2 2156
[email protected] 96E79218965EB72C92A549DD5A330112 2157
[email protected] 96E79218965EB72C92A549DD5A330112 2157
[email protected] D59630F02E7EB8B56AAD9DA9CC68894F 2157
[email protected] 96E79218965EB72C92A549DD5A330112 2157
[email protected] 640D76DFD4AACF35AD58647E0A199714 2157
[email protected] 96E79218965EB72C92A549DD5A330112 2157
[email protected] 96E79218965EB72C92A549DD5A330112 2158
[email protected] 4446FA02BD27966F72D37E4E8235AAA6 2159
[email protected] F3F574B7E2656E8F2BCFDAC1EC38BDE1 2159
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2160
[email protected] 37C41073D1E13D42E6DC380E30C464AD 2160
[email protected] 83C7F7261C6FD4E1F8420FA53A2EEFDF 2160
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2161
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2161
[email protected] B17D588E2825E49DCA87B49E047B1444 2163
[email protected] FD2897EAD09686FAC70DA7CD944D124C 2164
[email protected] 318C5274E6716E141DD54E10AF813B4D 2168
[email protected] 20C712437A40B01EF39021396A567408 2169
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2171
[email protected] 5B38A533C8388684F5BE4B5E4E4CBC25 2173
[email protected] EAFC53718A5B3CC6DA0CE9509FD093BF 2186
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2187
[email protected] 96E79218965EB72C92A549DD5A330112 2193
[email protected] 0A944983B00AB3C8BD2840C514DEEAE8 2211
[email protected] 1146EE4835BBCFB3E5FDD8B2F13ACE6E 2214
[email protected] EAC348360985271BF4098E776214C4F1 2215
[email protected] D964173DC44DA83EEAFA3AEBBEE9A1A0 2215
[email protected] C8837B23FF8AAA8A2DDE915473CE0991 2215
[email protected] 51BBDDC9C9F64EDC4E17725A455E9B4A 2216
[email protected] 783767FEF88198569CCEF94D34D3888C 2216
[email protected] BA954023E9EE590AB082B65B81B6B93D 2217
[email protected] 322C60D13C392355542DA225BE060545 2217
[email protected] 3E7E1EFF0C445EB3B59E1BFEDDFB01D6 2218
[email protected] DAF0C8513D520DB140D32D671908E01F 2219
[email protected] CEF18AA20FC90B74FB427B01D3F483FD 2219
[email protected] AAF70292C8136EC7C9B328BB96333FDA 2219
[email protected] F379EAF3C831B04DE153469D1BEC345E 2219
[email protected] 8ED6D955859A773C63E8414ACD34C63C 2219
[email protected] D9ADC9AFF96B4C039A894D27749A7CF0 2219
[email protected] DD8F7BD27A698A46DDE4B8C477F9F2BD 2220
[email protected] 9F1B944DF6875CA43B0056F05BB78DCA 2221
[email protected] 7AFD6F74CEC4D6745334650152FDFD95 2222
[email protected] 556A5B972A147593FF99A45D3035AB88 2225
[email protected] 47608C970D27E4BE51B585A88B406E6D 2225
[email protected] 3C82A2B447376C7A73106A38FF71285C 2225
[email protected] 54F5DF9CD7A214C163E5E990470F9DBB 2226
[email protected] 0D53D5E5B33109CD2D2ADA505EB2B6EA 2226
[email protected] 98CD58687B546BE03795C8FE09032FD5 2227
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2228
[email protected] ABC48663EB03F6C72908FD84A4D9B9E0 2228
[email protected] E4DA3D212D113335958762962536A95A 2229
[email protected] B663B3B4AC6EFBE7E8C3FAE7ACB0ADC1 2229
[email protected] FCEA920F7412B5DA7BE0CF42B8C93759 2230
[email protected] 8BD985453DB125E24AD2D117D71B2E54 2231
[email protected] 5FE4570B02150EE5DC876252BAF1A929 2233
[email protected] 0B54AAACEE02644B5C96731A15EF7507 2233
[email protected] 036282447728826C967EECFFA145C2FD 2235
[email protected] 4D450A432E41830D0F19C081402FCE26 2236
[email protected] D08A4A9BF7FE6CDDDFE44D604C2724E7 2239
[email protected] E10ADC3949BA59ABBE56E057F20F883E 2241
[email protected] 42766299157601587DD5FD4493DF0912 2242
[email protected] B6F39A7D7A814F885625A7A8119A0A38 2262
[email protected] 3AE56E9F0C325532222DBA5EF8259B20 2283

修复方案:

发放20rank获取完美修复方案

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-05-08 21:38

厂商回复:

确认是有问题,请教修复方案,谢谢

最新状态:

2015-05-15:已经加入了频率限制和对用户密码修改的提醒

2015-05-15:已经加入了频率限制和对用户密码修改的提醒