当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112510

漏洞标题:点点博客某接口设计不当可撞库(大量博客账号证明)

相关厂商:点点网

漏洞作者: 路人甲

提交时间:2015-05-07 10:26

修复时间:2015-05-12 10:28

公开时间:2015-05-12 10:28

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:14

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-07: 细节已通知厂商并且等待厂商处理中
2015-05-12: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

挖洞最苦逼的事莫过于编辑了半天的漏洞最后发现竟然不存在。。

详细说明:

http://www.diandian.com/login这个接口,也就是点点博客的主站登陆接口,可以看到这个登陆接口是没有任何限制的

1.png


然后直接抓包,发现用户名和密码全部明文传输

2.png


直接intruder开始撞库,可以看到结果

3.png


随便登陆几个看看,发现有很多活跃用户的哦:

6.png


5.png


4.png


博客撞库也不是小事哦~我登陆别人博客拥有别人博客的所有权利,发广告,找隐私,改信息之类的都可以哦,批量的话肯定影响很大。。

漏洞证明:

大量账号证明:

[email protected]	920321	751
[email protected]	ruguo0716	751
[email protected]	qaz5989126	751
[email protected]	1564335	751
[email protected]	19871008	751
[email protected]	890605	751
[email protected]	3881600	751
[email protected]	zxc123	751
[email protected]	30122248	751
[email protected]	5201314	751
[email protected]	527505643	751
[email protected]	2814971	751
[email protected]	liaokang	751
[email protected]	111306117	751
[email protected]	870530	751
[email protected]	880815mark	751
[email protected]	19840716	751
[email protected]	zhangjiji	751
[email protected]	8901349	751
[email protected]	shangshuo	751
[email protected]	987536	751
[email protected]	nesta13ac	751
[email protected]	249039454	751
[email protected]	225227	751
[email protected]	86223223	751
[email protected]	19451314	751
[email protected]	ll40251528	751
[email protected]	lsmhwjcl	751
[email protected]	84981987	751
[email protected]	1234567	751
[email protected]	8596630	751
[email protected]	1988528mn	751
[email protected]	904478	751
[email protected]	999999999	751
[email protected]	13676385	751
[email protected]	5252420	751
[email protected]	14091409	751
[email protected]	yhb054790	751
[email protected]	yuacce	751
[email protected]	197368425	751
[email protected]	3171768	751
[email protected]	111111	751
[email protected]	2676269	751
[email protected]	8965243	751
[email protected]	199011	751
[email protected]	linwehao	751
[email protected]	5205899	751
[email protected]	houshun	751
[email protected]	5319673	751
[email protected]	566512	751
[email protected]	216422	751
[email protected]	26305873	751
[email protected]	19910829	751
[email protected]	1987429	751
[email protected]	6524861	751
[email protected]	chengrui	751
[email protected]	7399390	751
[email protected]	liuting1986	751
[email protected]	7931129	751
[email protected]	yjitxxkj	751
[email protected]	8180355	751
[email protected]	495596323	751
[email protected]	371234151	751
[email protected]	liuxinqi	751
[email protected]	123456	751
[email protected]	jianhu	751
[email protected]	fenghen	751
[email protected]	3951332	751
[email protected]	332503	751
[email protected]	8187520	751
[email protected]	aaron112345	751
[email protected]	7715243	751
[email protected]	123123	751
[email protected]	csllovevicky	751
[email protected]	584121314	751
[email protected]	su00000119	751
[email protected]	198781	751
[email protected]	520520	751
[email protected]	366337575	751
[email protected]	myshow1993216	751
[email protected]	yecjun123	751
[email protected]	789632145	751
[email protected]	chy199494	751
[email protected]	55881798	751
[email protected]	880502	751
[email protected]	891225	751
[email protected]	17671581	751
[email protected]	261315	751
[email protected]	6868535	751
[email protected]	444444	751
[email protected]	870129	751
[email protected]	3991654	751
[email protected]	sun923	751
[email protected]	66860062110	751
[email protected]	smile88	751
[email protected]	134679	751
[email protected]	1988712	751
[email protected]	1995824	751
[email protected]	2550326	751
[email protected]	456852	751
[email protected]	1370958	751
[email protected]	wangpeng	751
[email protected]	mjj1114	751
[email protected]	zcy163f	751
[email protected]	w42278hw	751
[email protected]	wzl1988	751
[email protected]	cwisme	751
[email protected]	417238288	751
[email protected]	w2e3r4t5	751
[email protected]	2855736	751
[email protected]	qjwskln	751
[email protected]	5312900	751
[email protected]	ck2426	751
[email protected]	fog056	751
[email protected]	123321	751
[email protected]	remix1786	751
[email protected]	6200174	751
[email protected]	2585990	751
[email protected]	1313xw	751
[email protected]	61367230	751
[email protected]	caojun	751
[email protected]	13478134615	751
[email protected]	gujiazhi	751
[email protected]	wangkeke	751
[email protected]	aa1987	751
[email protected]	235813	751
[email protected]	522522	751
[email protected]	20080426	751
[email protected]	taxili888	751
[email protected]	liuqing	751
[email protected]	22301991	751
[email protected]	880103	751
[email protected]	xiaoxin	751
[email protected]	780329	751
[email protected]	6716576	751
[email protected]	lichen2006	751
[email protected]	jiayu520	751
[email protected]	87756445	751
[email protected]	123456	751
[email protected]	zengling	751
[email protected]	418520	751
[email protected]	123456	751
[email protected]	woainiyy	751
[email protected]	chenhao521	751
[email protected]	huawei	751
[email protected]	flora0506	751
[email protected]	87765143	751
[email protected]	9119105	751
[email protected]	3712562	751
[email protected]	lovingltt	751
[email protected]	198546	751
[email protected]	13972704549	751
[email protected]	jw19871028	751
[email protected]	19881123	751
[email protected]	haibing	751
[email protected]	666666	751
[email protected]	8041995	751
[email protected]	2320518	751
[email protected]	dogoodjod	751
[email protected]	860722	751
[email protected]	814117	751
[email protected]	jikenku1991	751
[email protected]	19900223	751
[email protected]	9871242426	751
[email protected]	951973441	751
[email protected]	panjiaqi	751
[email protected]	520520	751
[email protected]	13149726	751
[email protected]	499210305	751
[email protected]	370784	751
[email protected]	zz5344140	751
[email protected]	boy123	751
[email protected]	kuaileshenghuo	751
[email protected]	7491635	751
[email protected]	5623690	751
[email protected]	4269833353	751
[email protected]	123456	751
[email protected]	7758521	751
[email protected]	830620	751
[email protected]	321083	751
[email protected]	3631304	751
[email protected]	xuxiao1989	751
[email protected]	111111	751
[email protected]	880113	751
[email protected]	515286	751
[email protected]	123456	751
[email protected]	desare	751
[email protected]	123456q	751
[email protected]	yiyao1992	751
[email protected]	123123	751
[email protected]	dingzeyu1990	751
[email protected]	545089372	751
[email protected]	11507624	751
[email protected]	123456	751
[email protected]	4064060	751
[email protected]	shmily8884	751
[email protected]	wy2311545	751
[email protected]	6460770	751
[email protected]	123456	751
[email protected]	8219525	751
[email protected]	435513	751
[email protected]	668899	751
[email protected]	477623879	751
[email protected]	dsws5921	751
[email protected]	790512	751
[email protected]	269266	751
[email protected]	zhangcheng	751
[email protected]	zst19881014	751
[email protected]	110120	751
[email protected]	311217	751
[email protected]	520ljx1219	751
[email protected]	691106	751
[email protected]	791382465	751
[email protected]	198991820	751
[email protected]	681805	751
[email protected]	831124	751
[email protected]	6902252s	751
[email protected]	87502088	751
[email protected]	3994486	751
[email protected]	1485702155	751
[email protected]	hongbing	751
[email protected]	321458	751
[email protected]	zz000000	751
[email protected]	dcq19910812	751
[email protected]	3690217666	751
[email protected]	lixuehan	751
[email protected]	alxsislove	751
[email protected]	894242	751
[email protected]	wchenchen	751
[email protected]	hjh93127	751
[email protected]	fir110	751
[email protected]	qinchao581321	751
[email protected]	871231	751
[email protected]	zhouxudong	751
[email protected]	1989111	751
[email protected]	fujian43	751
[email protected]	223311	751
[email protected]	12090477	751
[email protected]	aptx4869	751
[email protected]	820120	751
[email protected]	xt1986415	751
[email protected]	yuanjuan	751
[email protected]	84207952	751
[email protected]	wfnh001	751
[email protected]	wangtaotz1	751
[email protected]	855854	751
[email protected]	mazeqing123	751
[email protected]	0709wjy	751
[email protected]	95736484	751
[email protected]	900718	751
[email protected]	zhangyu	751
[email protected]	47725812	751
[email protected]	112290	751
[email protected]	Sevenup4	751
[email protected]	8841166	751
[email protected]	58607506	751
[email protected]	ykqykq	751
[email protected]	420400705	751
[email protected]	87588413	751
[email protected]	19870627y	751
[email protected]	wangjie	751
[email protected]	2320518	751
[email protected]	alonealone	751
[email protected]	19877679	751
[email protected]	7454119	751
[email protected]	635241	751
[email protected]	fy2wjh1314	751
[email protected]	35689zn	751
[email protected]	123321	751
[email protected]	19830315	751
[email protected]	wearethebest	751
[email protected]	7353279	751
[email protected]	37077813	751
[email protected]	1412kid	751
[email protected]	wsndxlg	751
[email protected]	123456	751
[email protected]	wu198979	751
[email protected]	142422868	751
[email protected]	5392711	751
[email protected]	19871215	751
[email protected]	393977	751
[email protected]	314232583	751
[email protected]	cityboy	751
[email protected]	summermomo520	751
[email protected]	1122344	751
[email protected]	woaitc	751
[email protected]	19891018	751
[email protected]	8561231179	751
[email protected]	880410	751
[email protected]	asd411611	751
[email protected]	5879576	751
[email protected]	3649589	751
[email protected]	xishun	751
[email protected]	7931129	751
[email protected]	1982529	751
[email protected]	19890601	751
[email protected]	199556	751
[email protected]	8911604130	751
[email protected]	815726562	751
[email protected]	278821	751
[email protected]	19911020zwj	751
[email protected]	7236492	751
[email protected]	111111	751
[email protected]	15074720	751
[email protected]	12301230	751
[email protected]	4497999	751
[email protected]	19860309	751
[email protected]	ted12345	751
[email protected]	68483557	751
[email protected]	100200	751
[email protected]	xmzxmz890804	751
[email protected]	841224	751
[email protected]	15973632160	751
[email protected]	123321	751
[email protected]	3420938	751
[email protected]	yangbogao	751
[email protected]	19851515	751
[email protected]	123456	751
[email protected]	3465865	751
[email protected]	131421	751
[email protected]	756888	751
[email protected]	woainiya	751
[email protected]	791016	751
[email protected]	qq195510	751
[email protected]	routaishan	751
[email protected]	wq3013783	751
[email protected]	king9458	751
[email protected]	515200	751
[email protected]	530031	751
[email protected]	123456	751
[email protected]	111111	751
[email protected]	2008211043	751
[email protected]	ting111	751
[email protected]	123456	751
[email protected]	3171768	751
[email protected]	lijian513	751
[email protected]	2155099	751
[email protected]	475378948	751
[email protected]	5352096	751
[email protected]	wzl1988	751
[email protected]	19890525	751
[email protected]	sumingqin	751
[email protected]	12345678	751
[email protected]	123456789	751
[email protected]	3573754	751
[email protected]	3401582	751
[email protected]	9689192	751
[email protected]	58545256	751
[email protected]	f271228	751
[email protected]	111111	751
[email protected]	23367230	751
[email protected]	9110056	751
[email protected]	hao142753	751
[email protected]	1983424	751
[email protected]	111111	751

修复方案:

加验证码+给高rank=完美修复策略

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-05-12 10:28

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无