WooYun.org

使用几个弱口令 发现以下用户
------------pass 123456 begin
null [email protected]
null [email protected]
null [email protected]
null [email protected]
null [email protected]
null [email protected]
null [email protected]
null [email protected]
null [email protected]
null [email protected]
null [email protected]
------------pass 123456 end
* ------------pass 111111 begin
null [email protected]
null [email protected]
null [email protected]
------------pass 111111 end
* ------------pass 000000 begin
null [email protected]
------------pass 000000 end
* ------------pass 123123 begin
null [email protected]
null [email protected]
------------pass 123123 end
{"data":{"code":0,"createTime":1388984078000,"email":"[email protected]","mobile":null,"msg":null,"nick":"vicroad","sessionId":"C7395399AA198E74BD459E0780782912","snsId":11368777,"snsName":"[email protected]","status":"1","type":"0","userId":173956414,"password":"CD5B83B4316436A8B73347A6BD9D4A72","userType":1,"emailStatus":1,"mojiForum":0,"face":"http:\/\/ugcface.moji001.com\/images\/sns_user_face\/2014\/1\/6\/face_113687778233173463481587298.jpg"},"code":0}
{"data":{"code":0,"createTime":1385866116000,"email":"[email protected]","mobile":null,"msg":null,"nick":"yangyang002","sessionId":"E1AA141A81634531A007CAE4D914E3D1","snsId":10102361,"snsName":"[email protected]","status":"1","type":"0","userId":146437603,"password":"CD5B83B4316436A8B73347A6BD9D4A72","userType":1,"emailStatus":1,"mojiForum":0,"face":""},"code":0}
密码虽然是hash值 但是在登陆的时候可以无限尝试 得到明文对应的hash值
{"data":{"code":3,"createTime":null,"email":null,"mobile":null,"msg":"\u5bc6\u7801\u9519\u8bef","nick":null,"sessionId":null,"snsId":null,"snsName":null,"status":null,"type":null,"userId":null,"password":"CD5B83B4316436A8B73347A6BD9D4A72","loginErrNum":93178},"code":0}