漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-065985
漏洞标题:金山快盘无限制撞库(个人隐私信息侧漏)
相关厂商:金山软件集团
漏洞作者: 郭斯特
提交时间:2014-06-23 22:55
修复时间:2014-08-07 22:56
公开时间:2014-08-07 22:56
漏洞类型:设计缺陷/逻辑错误
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-06-23: 细节已通知厂商并且等待厂商处理中
2014-06-24: 厂商已经确认,细节仅向厂商公开
2014-07-04: 细节向核心白帽子及相关领域专家公开
2014-07-14: 细节向普通白帽子公开
2014-07-24: 细节向实习白帽子公开
2014-08-07: 细节向公众公开
简要描述:
test~
详细说明:
之前在
http://www.kuaipan.cn/ 这里登录可以直接抓包的 但是今天发现username password 加密了。。
继续找到
http://www.kuaipan.cn/account_login.htm 这个接口没有做任何验证
果断撞库之~
漏洞证明:
发票 合同 私人照片 短信记录 通话记录 联系人 一览无余...这里就不多上图了
测试通过的部分人账号密码
k***@163.com rabbit
x***@126.com xuqingyu
z***[email protected] mjjzzy
w***[email protected] wsh168
z***[email protected] 1qazxsw2
hu***[email protected] 800615
bi***[email protected] dxrdxr
wi***[email protected] 337115vs
s***[email protected] 720801
ja***[email protected] xuejunxj
k***[email protected] jiqjiq
q***[email protected] tan1978
y***[email protected] yhaoli78
n***@21cn.com 686640
yy***[email protected] qazwsx
g***[email protected] badseed
t***[email protected] ts0315
t***[email protected] 19831210
m***[email protected] 19811103
wu***[email protected] wz760722
d***[email protected] 32226
da***[email protected] 19800717
ch***[email protected] 2885292
cq***[email protected] cqg1111111
lo***[email protected] fendouceo
84***[email protected] navy1981690
94***[email protected] zw8112151
p***[email protected] 11111111
fr***[email protected] 3424253131
m***[email protected] 959001112
lh***[email protected] shing297064862
Mi***[email protected] 13025425937
ru***[email protected] 204631fsl
zh***[email protected] 87154689
zh***[email protected] 759919888abcd
yy***[email protected] gao1989722
40***[email protected] 3281250
yin***[email protected] 1033cygz
tb***[email protected] 19851031
gb***@163.com 1363916038
4***[email protected] ccrr19880827
i***[email protected] 82615881
xc***[email protected] 820719123
zh***[email protected] jdobz7448
lz***[email protected] liuzaizhe
lx***[email protected] lx19891029
su***[email protected] hy1976109
g***[email protected] gyt19890101
t***[email protected] tingyu13
zi***[email protected] zihuanmayan2007
yu***[email protected] aaa3812751
87***[email protected] lizhen19910717
f***[email protected] 119vs911
zh***[email protected] 946926yy
12***[email protected] zhoujinshan
a***@163.com 19810401
c***[email protected] chenzhan
BA***[email protected] BW760420
52***[email protected] kaaiqkwmmo
nz***@163.com 19851114
l***[email protected] 429131222
y***[email protected] 304154554
a***@163.com joy2251131
be***[email protected] iloveyou
3***[email protected] 6967446sky
r***[email protected] cheng1119
p***[email protected] 22882288
l***[email protected] dangerous
7***[email protected] limuyang
a***[email protected] 6060606
p***[email protected] 85798579
l***@qq.com 19880818
hu***[email protected] 53286566
s***[email protected] 19861128
***[email protected] 55555com
z***@126.com znyfhljs
w***[email protected] WJ19860713
a***[email protected] passwordkm
7***[email protected] 4408821988
d***@126.com dxlzj0513
l***[email protected] fox165910
t***[email protected] abcd1234
s***[email protected] seayellow
j***[email protected] 30567392y3
yy***[email protected] yyf466893
c***[email protected] cs5169801
h***[email protected] 1033286hao
5***[email protected] 73366227
su***[email protected] 784170183
a***[email protected] 422828598
c***[email protected] 3310954.hf
s***[email protected] jack2003
2***[email protected] wyqyxf1988
1***[email protected] becky362329
17***[email protected] qiaolin911
go***[email protected] 19841210
z***[email protected] zqs6781376
h***[email protected] up369com
7***[email protected] azrael2276622
3***[email protected] 32783784
***[email protected] timikeita
HX***[email protected] 19740705
ni***[email protected] wonaikuang
3***[email protected] 83030545
1***[email protected] chuanqicn
3***[email protected] wdqq19870618
w***[email protected] 32201937
c***[email protected] 19840330
6***[email protected] Jay261012
c***[email protected] cheng911
ve***[email protected] 1598753624
52***[email protected] xiangxiujia
d***[email protected] dsl900119
77***[email protected] qq000000
w***[email protected] wht7224396
ni***[email protected] 62200889
7***[email protected] wxy3844989
c***[email protected] 86202928
da***[email protected] 32164499
m***@qq.com 669805604
s***[email protected] juventus
ha***[email protected] lww20050108
42***[email protected] poell555
59***[email protected] kele0628
1***[email protected] zzh65888
l***[email protected] zhongyi1985
c***[email protected] 66363940
z***[email protected] senvenzhua
di***[email protected] DINGLINET9495
y***[email protected] liliangS
c***[email protected] 19881018
lp***[email protected] 369258174
***[email protected] bixiang19@
ac***[email protected] hexiufang
c***[email protected] woaimama
ji***[email protected] jingjing
v***[email protected] 2007iloveu
du***[email protected] dusonghao
wm***[email protected] wm100086
r***[email protected] 19880519rj
zx***[email protected] 13564143501
y***[email protected] 5103211982
***[email protected] 19831210
1***[email protected] 19880807
y***[email protected] 13760499615
W6***[email protected] gafjgafj
b***[email protected] 06392692ok
20***[email protected] zwwczx060817
ji***[email protected] tx015155
8***[email protected] xwf147258
修复方案:
为了你我他 登录处限制下~~
求不忽略 求高rank~
版权声明:转载请注明来源 郭斯特@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:14
确认时间:2014-06-24 09:46
厂商回复:
非常感谢,我们将尽快跟进确认与修复。
最新状态:
暂无