当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112625

漏洞标题:中石化森美“车e族”APP客户端xss漏洞盲打后台可登陆

相关厂商:cncert国家互联网应急中心

漏洞作者: j2ck3r

提交时间:2015-05-07 14:43

修复时间:2015-06-25 18:52

公开时间:2015-06-25 18:52

漏洞类型:xss跨站脚本攻击

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-07: 细节已通知厂商并且等待厂商处理中
2015-05-11: 厂商已经确认,细节仅向厂商公开
2015-05-21: 细节向核心白帽子及相关领域专家公开
2015-05-31: 细节向普通白帽子公开
2015-06-10: 细节向实习白帽子公开
2015-06-25: 细节向公众公开

简要描述:

中石化森美手机APP客户端xss漏洞盲打后台

详细说明:

中石化森美“车e族”APP客户端xss漏洞盲打后台

漏洞证明:

在安卓版本和苹果版本的手机客户端中都存在XSS漏洞

11.jpg


等了一天,XSS平台就收到COOKIE了

1.jpg


伪造COOKIE登录

2.jpg


3.jpg


cookies代码

ff911a88cc5c46ac9185aa1e2d241864=923ae76f129f459077bcde1d2483c5ce213adb0fa%3A4%3A%7Bi%3A0%3Bs%3A32%3A%22kefuzhongxin%40sinopecsenmeifj.com%22%3Bi%3A1%3Bs%3A32%3A%22kefuzhongxin%40sinopecsenmeifj.com%22%3Bi%3A2%3Bi%3A2592000%3Bi%3A3%3Ba%3A3%3A%7Bs%3A2%3A%22id%22%3Bs%3A5%3A%2238005%22%3Bs%3A4%3A%22name%22%3Bs%3A19%3A%22cy_1420506874_37498%22%3Bs%3A4%3A%22user%22%3Ba%3A17%3A%7Bs%3A6%3A%22userId%22%3Bs%3A5%3A%2238005%22%3Bs%3A4%3A%22name%22%3Bs%3A19%3A%22cy_1420506874_37498%22%3Bs%3A3%3A%22pwd%22%3Bs%3A32%3A%227fadd3ede5b968bd6505905b1342b23c%22%3Bs%3A3%3A%22mob%22%3Bs%3A19%3A%22cy_1421903480601123%22%3Bs%3A5%3A%22alias%22%3Bs%3A12%3A%22%E5%AE%A2%E6%9C%8D%E4%B8%AD%E5%BF%83%22%3Bs%3A6%3A%22imgKey%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22status%22%3Bs%3A1%3A%220%22%3Bs%3A7%3A%22addTime%22%3Bs%3A19%3A%222015-01-06 09%3A14%3A34%22%3Bs%3A7%3A%22modTime%22%3Bs%3A19%3A%222015-04-19 15%3A16%3A21%22%3Bs%3A5%3A%22email%22%3Bs%3A32%3A%22kefuzhongxin%40sinopecsenmeifj.com%22%3Bs%3A9%3A%22loginTime%22%3Bs%3A19%3A%222015-04-19 20%3A22%3A47%22%3Bs%3A4%3A%22type%22%3Bs%3A1%3A%221%22%3Bs%3A9%3A%22companyId%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22client%22%3Bs%3A1%3A%220%22%3Bs%3A11%3A%22deviceToken%22%3Bs%3A0%3A%22%22%3Bs%3A10%3A%22modPwdTime%22%3Bs%3A19%3A%222015-01-06 09%3A19%3A22%22%3Bs%3A4%3A%22role%22%3Bs%3A1%3A%221%22%3B%7D%7D%7D; USERSESSID=cd489caca7192f5b69e71e4163d70e6c;


解码后

ff911a88cc5c46ac9185aa1e2d241864=923ae76f129f459077bcde1d2483c5ce213adb0fa:4:{i:0;s:32:"[email protected]";i:1;s:32:"[email protected]";i:2;i:2592000;i:3;a:3:{s:2:"id";s:5:"38005";s:4:"name";s:19:"cy_1420506874_37498";s:4:"user";a:17:{s:6:"userId";s:5:"38005";s:4:"name";s:19:"cy_1420506874_37498";s:3:"pwd";s:32:"7fadd3ede5b968bd65**********";s:3:"mob";s:19:"cy_1421903480601123";s:5:"alias";s:12:"客服中心";s:6:"imgKey";s:0:"";s:6:"status";s:1:"0";s:7:"addTime";s:19:"2015-01-06 09:14:34";s:7:"modTime";s:19:"2015-04-19 15:16:21";s:5:"email";s:32:"[email protected]";s:9:"loginTime";s:19:"2015-04-19 20:22:47";s:4:"type";s:1:"1";s:9:"companyId";s:1:"2";s:6:"client";s:1:"0";s:11:"deviceToken";s:0:"";s:10:"modPwdTime";s:19:"2015-01-06 09:19:22";s:4:"role";s:1:"1";}}}; USERSESSID=cd489caca7192f5b69e71e4163d70e6c;


后台地址:http://sinopecsenmeifj.o2obest.cn/shop/user/login?redirect=%2Fshop%2Fadvice%2Fadvicelist%3Fpage%3D11
直接可看到用户名和密码
后台权限很大可查看订单数据还可对客户端进行操作~~

修复方案:

危害很大,建议立刻处理~~~~

版权声明:转载请注明来源 j2ck3r@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2015-05-11 18:51

厂商回复:

CNVD未复现所述情况,已经转由CNCERT向能源行业信息化主管部门通报,由其后续协调网站管理单位处置.

最新状态:

暂无