易企秀绕过验证码进行撞库可获取大量秀点账号（极验鼠标拖动验证码的绕过）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0193985

漏洞标题：易企秀绕过验证码进行撞库可获取大量秀点账号（极验鼠标拖动验证码的绕过）

漏洞作者：路人甲

提交时间：2016-04-08 19:12

修复时间：2016-05-26 14:00

公开时间：2016-05-26 14:00

漏洞类型：设计缺陷/逻辑错误

危害等级：高

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-04-08：细节已通知厂商并且等待厂商处理中
2016-04-11：厂商已经确认，细节仅向厂商公开
2016-04-21：细节向核心白帽子及相关领域专家公开
2016-05-01：细节向普通白帽子公开
2016-05-11：细节向实习白帽子公开
2016-05-26：细节向公众公开

简要描述：

详细说明：

网址：http://eqxiu.com/home/login，输入用户名和密码发现两三次错误后就会提示要拖动进行验证，正确进行拖动，然后点击登陆，此时抓包，可以看到只要geetest_validate与geetest_seccode参数处保持一致就能够绕过验证，进行撞库。这里撞库获得1300多个账号，进一步发现登陆后输入http://eqxiu.com/usercenter/member，抓包有一个http://eqxiu.com/m/u/info的包会返回账号秀点值，秀点可是要拿钱买的，用撞库获得的账号，获取JSESSIONID，替换http://eqxiu.com/m/u/info包中的JSESSIONID，从而可知各用户的秀点值。
部分账号：

[email protected]	liyubao521
[email protected]	        xuyida
[email protected]	csy7721420
[email protected]	dwjaukflf
[email protected]	il2619
[email protected]	q228749928
[email protected]	123456
[email protected]	w8599128
[email protected]	j6526263
[email protected]	w3336713
[email protected]	19870130
[email protected]	850808
[email protected]	scq19900911
[email protected]	wang1234
[email protected]	3231267
[email protected]	19851025
[email protected]	cjx6204355
[email protected]	c19751229
[email protected]	7724150
[email protected]	z2318800
[email protected]	iverson
[email protected]	linjie000006
[email protected]	linchang
[email protected]	woshilzh
[email protected]	sl8512956
[email protected]	yanghe0219
[email protected]	renyi516
[email protected]	tkggyvc
[email protected]	small1220
[email protected]	283355166
[email protected]	domo1995
[email protected]	761761
[email protected]	801103
[email protected]	760219
[email protected]	308455
[email protected]	ljhwan
[email protected]	Zu8981015
[email protected]	5610014
[email protected]	ab748596
[email protected]	275875cha
[email protected]	6269899
[email protected]	buguai
[email protected]	w96104216
[email protected]	nishizhu
[email protected]	13701955404
[email protected]	iloveyou1
[email protected]	sc3991308
[email protected]	279363913
[email protected]	xwl1986822
[email protected]	wb745545
[email protected]	1984271620
[email protected]	wei19891001
[email protected]	dp176027
[email protected]	198922zzzz
[email protected]	84551358
[email protected]	tianya520
[email protected]	lirui1190
[email protected]	chyo58796
[email protected]	344755097
[email protected]	wo54108971
[email protected]	lx662716
[email protected]	119119ss
[email protected]	d125906123
[email protected]	z85201180
[email protected]	1234569z
[email protected]	6105286pp
[email protected]	03081523
[email protected]	18981898
[email protected]	abc2457265
[email protected]	andy5267
[email protected]	57640060
[email protected]	keshen1976
[email protected]	meijiaqq
[email protected]	a31513166
[email protected]	123123cj
[email protected]	19861219
[email protected]	19862188a
[email protected]	6842935
[email protected]	e469646950
[email protected]	19910703
[email protected]	yangyang11
[email protected]	wyqq416
[email protected]	1990128pk
[email protected]	mountain
[email protected]	masio1188
[email protected]	shanghai1
[email protected]	w20106980
[email protected]	szh198911
[email protected]	a107896
[email protected]	lfj1989820
[email protected]	jizishuai1
[email protected]	zyj7324080
[email protected]	liush0421l
[email protected]	a8232411
[email protected]	wei325689
[email protected]	nine605116
[email protected]	lf19890811
[email protected]	19911013hu
[email protected]	zmtmh314
[email protected]	weizhe1985
[email protected]	wenjing426
[email protected]	xiaowei12
[email protected]	hbb552200
[email protected]	0zouyang
[email protected]	lzs5128329
[email protected]	caonima123
[email protected]	zxf6413665
[email protected]	a516366392