当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112837

漏洞标题:豆丁网某接口设计不当可撞库用户(可消耗用户积分下载文档)

相关厂商:豆丁网

漏洞作者: 路人甲

提交时间:2015-05-08 16:05

修复时间:2015-05-13 16:06

公开时间:2015-05-13 16:06

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-08: 细节已通知厂商并且等待厂商处理中
2015-05-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

挖洞最苦逼的事莫过于编辑了半天的漏洞最后发现竟然不存在。。

详细说明:

http://www.docin.com/jsp_cn/login/docincon.jsp这个接口可以看到接口没有任何限制的

1.png


然后想直接抓包的,怕是js本地登陆框抓不到包,没想到竟然可以抓到,而且用户名和密码全部是明文传输的

2.png


接下来开始撞库,成功

3.png


随便登陆几个用户,如果用户有积分可以用用户的积分下载收费文档

5.png


4.png

漏洞证明:

rs,部分账号证明:

[email protected]	1686549	525
[email protected]	Bin880930	525
[email protected]	nakata008	526
[email protected]	kiss520	526
[email protected]	zhangyu	527
[email protected]	135792468	527
[email protected]	101765	527
[email protected]	8218968	527
[email protected]	myqboo	527
[email protected]	791105228	527
[email protected]	198808109	527
[email protected]	3303855	527
[email protected]	19880123	527
[email protected]	963258963	527
[email protected]	129511	527
[email protected]	13145200	527
[email protected]	easyma	527
[email protected]	s19881126	527
[email protected]	362323242	527
[email protected]	5631402	527
[email protected]	3024908	527
[email protected]	200115	527
[email protected]	6543221	527
[email protected]	tanfuzhen	527
[email protected]	88518081	527
[email protected]	chenbing	527
[email protected]	66227491	528
[email protected]	33340505	528
[email protected]	fhzx5168	528
[email protected]	zhjh1123	528
[email protected]	12227933	528
[email protected]	5663287	529
[email protected]	950204	529
[email protected]	56184728	529
[email protected]	37809265	529
[email protected]	ggggflfl	529
[email protected]	87350049	529
[email protected]	jingsiwei	529
[email protected]	xixihaha.	529
[email protected]	5879576	529
[email protected]	hanxiao	529
[email protected]	yan520510	529
[email protected]	198718	529
[email protected]	19881223	529
[email protected]	870530	529
[email protected]	123321	529
[email protected]	5553996	529
[email protected]	yy262201	529
[email protected]	8036989	529
[email protected]	sunyanzi	529
[email protected]	198957	529
[email protected]	binbin123	529
[email protected]	1478520	529
[email protected]	8617865	529
[email protected]	z0671896	529
[email protected]	fantasy	529
[email protected]	q123456	529
[email protected]	393552359	529
[email protected]	111111	529
[email protected]	41580265	530
[email protected]	5601573	530
[email protected]	zcwhyf	530
[email protected]	851206	530
[email protected]	262400	530
[email protected]	xingren	530
[email protected]	6160945	530
[email protected]	828500	530
[email protected]	14754761	530
[email protected]	7782414	531
[email protected]	318006344	531
[email protected]	ilike44	531
[email protected]	52117140	531
[email protected]	adaqbuxx	531
[email protected]	558558	531
[email protected]	2820166	531
[email protected]	890214	531
[email protected]	2922666	531
[email protected]	b147852	531
[email protected]	199367	531
[email protected]	qwe123	531
[email protected]	aaa111	531
[email protected]	a19901208	531
[email protected]	62920196	531
[email protected]	19870310	531
[email protected]	dir5421t	531
[email protected]	123456	531
[email protected]	524712	531
[email protected]	fnhmft	532
[email protected]	20567029	532
[email protected]	3303153	532
[email protected]	sxqtc1991	533
[email protected]	1988712	533
[email protected]	87953747	533
[email protected]	2320518	533
[email protected]	2805503	533
[email protected]	880608	533
[email protected]	123456	533
[email protected]	fhqihmqb	533
[email protected]	63228665	533
[email protected]	2664620	533
[email protected]	860628qw	534
[email protected]	408547	534
[email protected]	410q321	534
[email protected]	871100	535
[email protected]	389351782	535
[email protected]	8631220	535
[email protected]	86906006	535
[email protected]	hx31820	535
[email protected]	7418695	535
[email protected]	4426185	535
[email protected]	123456	535
[email protected]	19890322	535
[email protected]	19900312	537
[email protected]	19890803	537
[email protected]	234156	537
[email protected]	123456	538
[email protected]	8084910	539
[email protected]	yh5201224	539
[email protected]	123123	539
[email protected]	19871234yy	545
[email protected]	2007041137	545
[email protected]	891015zhang	545
[email protected]	1982818235	547
[email protected]	jz01192513	547
[email protected]	4020095601	547
[email protected]	1153320521	547
[email protected]	3118108034	547
[email protected]	1397417421	548
[email protected]	woaijiaoer	549
[email protected]	shihanxi10	549
[email protected]	wyh9115241	549
[email protected]	chouxiaozi	549
[email protected]	15809915995	549
[email protected]	5101500618	549
[email protected]	8008208820abc	549
[email protected]	jiaomei132	550
[email protected]	baobei1027	550
[email protected]	marcia19880504	550
[email protected]	13720906065	551
[email protected]	wanghanren	551
[email protected]	1357924680	551
[email protected]	woshixiaoyu	551
[email protected]	1357924680	551
[email protected]	9113113227	551
[email protected]	13885389797	552
[email protected]	hbj19880913	555
[email protected]	13031788688	555
[email protected]	19901213636	563

修复方案:

发放20rank获取完美修复方案

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-05-13 16:06

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无