当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-018232

漏洞标题:国政通公民身份证信息查询系统漏洞导致公民信息泄漏

相关厂商:国政通

漏洞作者: O.o

提交时间:2013-02-01 14:04

修复时间:2013-03-18 14:05

公开时间:2013-03-18 14:05

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-02-01: 细节已通知厂商并且等待厂商处理中
2013-02-05: 厂商已经确认,细节仅向厂商公开
2013-02-15: 细节向核心白帽子及相关领域专家公开
2013-02-25: 细节向普通白帽子公开
2013-03-07: 细节向实习白帽子公开
2013-03-18: 细节向公众公开

简要描述:

社工必备,能骗过各种上传身份证扫描件的人工审核。或者三次元做代办事务~

详细说明:

今天在对百合网进行挖洞的时候,发现了这个。
百合网和国政通合作的。实名认证
分析数据包。发现实名认证成功的页面返回了这个。
接口页面:http://118.145.4.82:3010/baihe/3

.png


<em>身份通认证系统 V1.0</em>
            </div>
        </div>
        <div class="nav_down"></div>   <div class="sub_main">
        	<div class="frameNav">
            	<h1>03</h1>
                <span class="new"><a>完成认证</a></span>
                <em>验证结果</em>
            </div>
  <div class="sub_c">
            	<h1>****@mobile.baihe.com恭喜!</h1>
                <p>&nbsp;&nbsp;&nbsp;&nbsp;您已经成功通过身份通的认证,为了更好的预防您的身份信息被冒用,请登录身份通网站,修改密码
并设置密码保护答案!</p>
				<div class="userinfo">
                    <div class="userinfo_l">
                            <span><em>*</em>身份通号:15****</span>
                                                        	<span><em>*</em>密码::*****</span>
                                                        <span><em>请妥善保管您的身份通帐号、密码</em></span>
                 </div>
                     <div  class="userinfo_r">
                            <a href="http://www.idtag.cn/userAction.do?method=toUpdateUserInfo&typeint=1" target="_blank"></a>
                    </div>
            	</div>
			<form name="form1" method="POST" action="http://auth.baihe.com/id5/authedId5.action">
				            		<input type='hidden' name="gender" value="*****">
            	            		<input type='hidden' name="mobile" value="*****">
            	            		<input type='hidden' name="addr" value="%E7%B1%B3%E6%B3%89%E5%8E%BF">
            	            		<input type='hidden' name="photo" value="/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDACweISchHCwnJCcyLyw1Qm9IQj09QohhZlBvoY2ppp6Nm5ixx//Ysbzxv5ib3v/g8f//////rNX/////////////2wBDAS8yMkI6QoJISIL/t5u3////////////////////////////////////////////////////////////////////wAARCADcALIDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDXooooAKKKKACiiigAooqOWZYhkgn2AoAkoqo93tB+aM47A1VN7KeQ+Oc8AUAatFZP2uY9X+mKRbqQDHmMQRjGf19aANeiscXEq5IZskd2J/nU8d6y/eDt9cZ/pQBo0VFFOkgBBye+OcflUtABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABTJJFjxkgZ4HvSSMQPlGO5Y9BWZLIsjkgcE5y3WgCxNdkYx0I4GeQfQ4/xqo0jDJJ3A8HJJ/nTDgnn8aRju4yOMUAG/dwPypDu9f0poUgcc05WxgYANMAH4UcdxwB1zRnucYNGfQUAA74GCTSg9utN46A0DIWkBIG5ABIx6HpWjbXYfCPw314NZnTHanrwD0wf0oA26KowXZUhZOR6jtV1WDAEdDQAtFFFABRRRQAUUUUAFFFFABRRTJXEaFm6CgCjeSl22chR0/2qp7s9qkmcu+4gbm9KjzyM+nFACBu/rSA5G44znml6gD+lOVc8YoAbjOBx1zT/KJB6U/y+9LsfsRj0pXKsQCE5OOOaUxEe1WPLfOcLjtyTTlQ9xgii4WKgUjqM560m0j0/Orvl+1MKD0ouFiryOOlAOce3cVM8eOvSo3jPancVhyt9CKt21x5eA33T+lZwJB9qlR+BnkUAbYORkdKWq1pIWTaxzjpVmgQUUUUAFFFFABRRRQAVS1CQ/LGDjuau1lXTF53PocUAV3POeo7UnHBOM49aCf/ANVIOgP4UAKoJOTUyJnpxTIV9Bn8asoDj3pNlJDo1wB3+tP20gp1SUJilxRRQAYNNZc06koGRstRNH+VWMcdKaV9qBFCRSD0waRTtPI4PFTzrioAOp/KrRDL1k537fxrSFYkDFXDdMc1tDkZoELRRRQAUUUUAFFFFAATgVit1Pv3rYc7VJ9BmsZ+vHSgCMjBGRxSquB2NDdakTjPpQND4RlSe2anWoVRmUDIApxjdfutkVJROBSgVXVpV54IqZHyORiiw7j8UY5petITikAmKaWApj73OAQBSCEHgkke9MB3mLnn86d1pPKTA459SaTYU6dKAIp1+XpzVXoeauyfdqkeGP5U0TIfHzj1rYtzmBPpWTGOenHvWrbf6hc+/wDOmSS0UUUAFFFFABRRRQAhGayJ02Sso6DgVqyvsQtWdPy2/HXrSGkVcfMABU8Q9RUS/eHtVtRgmhjQ9RhQPwpajbzNvykD60yRW8sgM27sc9fypFE5FNAxUMSuv3y3pjOf51KpOBkYNAEgpGFKtIaQCU4MKY2cDbj3qu1rucsMLnqAetMC1kUtQeQpA+UAgYBHX86kVSvcn60AJKOKzz97159a0nGVrPYAOcnFNEyJoF3YwBz0zWtGCFANZUPGMda1Im3RqT3pia0H0UUUCCiiigAooooAhuf9X+NUpB+7z71euBmM89OapuflA9qllrYgRcljjgDNWgOaht1yfY/5/rU6fdB9eaGCFwKTFOpelIoj20Yp9NoAKCM4PpS0UAJilxRTqAG4pcUUUAIRxVCRcTEfzrQqlKP3me2cU0SySFcZrQgGIx71UQcEVeQbVA9KaB7C0UUUyAooooAKKKKAEYblI9aouh3Y6EcVfqKWPdyOtJlJ2KEGBg989KsD7o9hUMYIcr71LSGhwopBS5pFBTcZPsKU0xlB4IyDQA/IoyKhWLyzkMxHp6UrxLJgvzjt2pgSYwfY06o0UKMKMAVIKQC02looEFVmydvoW/oasHmkWEsy8cZ60xMfDHlgccDmrVIqhRgUtUS3cKKKKBBRRRQAUUUUAFFFFAFW4UJIJDzkj8KaetWJgCuSeF56ZqDOefXmpZSEooopFAaaWzSMaiMmfuj8aBkh4oHI7VES/XHFHzHtTHYnBNKDUAdlOCMj27VIpzj0oES0UgpaQh0YywqzUEX3uanqkQwooopiCiiigAooooAKKKKACiiigBGAIIPQ1BMuDn1okvIU/i3H/Zqsb0zSBAqqvPXknj9KTGiXNJTA/anZqSwIphUDoKfRjNAEeSOwoGT1GKkAoxTGNCj0pwAoFLSEKKWmk4qKSQhGKnGB1pgTkMsiNgALz7kHr/n3q3WVDePx5p3jOc4xj8vxrRhlSVflPTseoqjMkooooAKKKKACiiigAoopkkgjXJ69h60ANnm8peBlj0FUJJ3kBy3Hp2FEshdiWPNQRty2cZODQAx8n3zTU4dfqKlb1qNuHVvfNMC4RkZpFkwcGhDkUFc1mWShh7Uuar4K/dpPMYCgLlndRuqr5jGk3tmmFy1mhnCiq4Mh5xilVCTyc0AOy0h9BUdyQI8dOeKnxgVVnYEgcUIGMT1xVhW2JuBwcjGKrqckVM4GzPoeKsgv29zvwj/e9fWrNYyt05FaFvcArtfqO9ICzRRRQAUUUUAISB1IFZ08u+QkdO2RURYdlUeppufUGmA1+tMTO/8ACnOfamZw3NAiQnvTGwf8KXdxSjpQAsUmzhunrVgEEZHeqrAZJA/ClikKMQ3Kn07UmikyxTwAeozUYkVzwelPzUFDggPpQVAoDe1BNAxppRSd6iknHRME+p6U0hErVSk+Zz6dM0rFnb5iTRgelUkS3cVeWBxgVI5+Xrj0qPOTQ7fKMetMkVTU0bYNV/51KvbpQBp20gZNueRU1Z8EuxhnirS3KMeQy/UUhk1FM82P++v50UAY/AByrc+opNy44IB9zinH60hY+v60xDTz0OajPLcdcdKfjPJ6U0sARyKAAEd6duppUcYOaT3oAdnnrSjBOeMCmYooAexHUdamhkLfK3Wq3rT7c5kGeuaGNFyhmCqSSBRI4jXJ5+lVJJd/PQdhUJFN2HSSl+FGF7+9MHFGRwcUhJPQ1diRc/ge1ISe4NHHU9fWgnA4piFHHbNNbHanHjjAxRgbecUANQ/LUqnFRIMHOOOlP6jpxQBKrbe9P3sRgk4qDP0pd4pAT7jRUHmex/KigYhI7mmbx9ab1wST1NOAGAcc5oENbJzk00DBw3TrTxyKbjNACr0IPSjkdMUmec96d60wExRjp3FGcHFLjLY9KAEx+VCnB4YDvycUnX8s0v3VyOu4D9D/AIUgHSOxbB/CmcYpgYuCxAHbinE8/SgY4HI6e1L/AJxTTxyKd1PPamIOf/r0oGDkikPANKeDigBRzyaa7Y6dBQTiPI9KYW2EMAD1GD9KQDlJxgjJp/UcdPSiJA+8HPypuH6UdM0AOB4zxSj6CmY4DdycU5TxTAXA9qKM0UAf/9k=">
            	            		<input type='hidden' name="name" value="***%A6%E6%80%9D">
            	            		<input type='hidden' name="birthday" value="19990530">
            	            		<input type='hidden' name="result" value="1">
            	            		<input type='hidden' name="key_code" value="56c5ea4cc63****3f5f2863">
            	            		<input type='hidden' name="user_id" value="781*****">
            	            		<input type='hidden' name="stid" value="15**435*****">
            					<span class="cbtn">
                	<input id="endBtn" class="end" type="submit" value="完成" />
                </span>
			</form>


部分字段人工打码了。
解释下:
gender性别
mobile手机号
addr地址
photo照片
name姓名
birthday生日
result返回结果
key_code某些验证字符串吧
user_id用户ID
stid国政通帐号ID
照片让我觉得很好奇。。看到最后的等号,果断base64解码。给个传送门http://www.vgot.net/test/image2base64.php
[解码后的图片]

.png


获取这个页面的条件需要知道名字、身份证号,这个相信不难,通过这个漏洞可以获取到身份证上其他的信息甚至照片!用于网络上的例如支付宝认证啥的,很好用哦,因为照片和公安那边的公民信息是符合的。这也是一向以来最难伪造的哦~

漏洞证明:

.png

.png

修复方案:

你们比我懂

版权声明:转载请注明来源 O.o@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2013-02-05 22:33

厂商回复:

CNVD未直接复现漏洞情况,至4日,仍未测试复现。暂挂在处置队列中,待复现后协调处置。
rank 7

最新状态:

暂无