当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0126738

漏洞标题:oppo某分站设计不当可撞库用户(账号主站通用)

相关厂商:广东欧珀移动通讯有限公司

漏洞作者: Lava

提交时间:2015-07-15 10:11

修复时间:2015-08-31 12:58

公开时间:2015-08-31 12:58

漏洞类型:设计缺陷/逻辑错误

危害等级:低

自评Rank:5

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-15: 细节已通知厂商并且等待厂商处理中
2015-07-17: 厂商已经确认,细节仅向厂商公开
2015-07-27: 细节向核心白帽子及相关领域专家公开
2015-08-06: 细节向普通白帽子公开
2015-08-16: 细节向实习白帽子公开
2015-08-31: 细节向公众公开

简要描述:

求个邀请码。。

详细说明:

上次提交了一个yun登陆接口的,没有通过,后来又发现了一个

http://uc.nearme.com.cn/usercenter/login.jsp?backurl=http%3A%2F%2Fpan.nearme.com.cn&u=http%3A%2F%2Fyun.baidu.com%2Fxcloud%2Fnearme%2Fpan%2F


也是欧珀旗下的一个,这个登陆接口和yun登陆接口很像

3.png


但是抓包后发现其实不一样,yun登陆接口密码是cmd5加密传输,这个直接就是明文传输,这个接口也有验证码,但是和yun登陆接口一样输入一次之后一直正确。。

1.png


然后就撞库,部分用户证明:

[email protected]	111111	
[email protected]	zc3588	
[email protected]	22336495	
[email protected]	88603273	
[email protected]	420380542	
[email protected]	zhuyuaijia	
[email protected]	770328	
[email protected]	123123	
[email protected]	178771	
[email protected]	123456	
[email protected]	7500282	
[email protected]	629788	
[email protected]	5099888	
[email protected]	950115	
[email protected]	123456	
[email protected]	9680728	
[email protected]	801022	
[email protected]	lgjj0308	
[email protected]	liaojiangtao	
[email protected]	123hhh	
[email protected]	963ggg	
[email protected]	870905	
[email protected]	2598780	
[email protected]	521wxgo	
[email protected]	dayo5480563	
[email protected]	13065320006	
[email protected]	73748096	
[email protected]	19881129	
[email protected]	78965123	
[email protected]	15934582886	
[email protected]	abc25881	
[email protected]	583399109	
[email protected]	lihuan123	
[email protected]	wanlinqian	
[email protected]	1995511	
[email protected]	1995511	
[email protected]	hytlxy2000	
[email protected]	5360751	
[email protected]	6166968qaz	
[email protected]	2041535	
[email protected]	asahina	
[email protected]	252592021	
[email protected]	li811230	
[email protected]	8600263	
[email protected]	2699487	
[email protected]	571688	
[email protected]	1986510
[email protected]	123456	
[email protected]	410202552	
[email protected]	2233032	
[email protected]	13829603350	
[email protected]	di12AFt	
[email protected]	3370890	
[email protected]	258258369	
[email protected]	2859777	
[email protected]	181800	
[email protected]	471775	
[email protected]	881207	
[email protected]	84359369	
[email protected]	mm584201314	
[email protected]	124819975	
[email protected]	123456	
[email protected]	1234567	
[email protected]	906243703	
[email protected]	chen0806	
[email protected]	71749463	
[email protected]	20198088	
[email protected]	199107310a	
[email protected]	651316013	
[email protected]	880815mark
[email protected]	2562678
[email protected]	730622


这里账号主站通用的,直接去主站登陆也可以的,用户详细信息,订单之类的全部可以看到:

2.png


漏洞证明:

上次提交了一个yun登陆接口的,没有通过,后来又发现了一个

http://uc.nearme.com.cn/usercenter/login.jsp?backurl=http%3A%2F%2Fpan.nearme.com.cn&u=http%3A%2F%2Fyun.baidu.com%2Fxcloud%2Fnearme%2Fpan%2F


也是欧珀旗下的一个,这个登陆接口和yun登陆接口很像

3.png


但是抓包后发现其实不一样,yun登陆接口密码是cmd5加密传输,这个直接就是明文传输,这个接口也有验证码,但是和yun登陆接口一样输入一次之后一直正确。。

1.png


然后就撞库,部分用户证明:

[email protected]	111111	
[email protected]	zc3588	
[email protected]	22336495	
[email protected]	88603273	
[email protected]	420380542	
[email protected]	zhuyuaijia	
[email protected]	770328	
[email protected]	123123	
[email protected]	178771	
[email protected]	123456	
[email protected]	7500282	
[email protected]	629788	
[email protected]	5099888	
[email protected]	950115	
[email protected]	123456	
[email protected]	9680728	
[email protected]	801022	
[email protected]	lgjj0308	
[email protected]	liaojiangtao	
[email protected]	123hhh	
[email protected]	963ggg	
[email protected]	870905	
[email protected]	2598780	
[email protected]	521wxgo	
[email protected]	dayo5480563	
[email protected]	13065320006	
[email protected]	73748096	
[email protected]	19881129	
[email protected]	78965123	
[email protected]	15934582886	
[email protected]	abc25881	
[email protected]	583399109	
[email protected]	lihuan123	
[email protected]	wanlinqian	
[email protected]	1995511	
[email protected]	1995511	
[email protected]	hytlxy2000	
[email protected]	5360751	
[email protected]	6166968qaz	
[email protected]	2041535	
[email protected]	asahina	
[email protected]	252592021	
[email protected]	li811230	
[email protected]	8600263	
[email protected]	2699487	
[email protected]	571688	
[email protected]	1986510
[email protected]	123456	
[email protected]	410202552	
[email protected]	2233032	
[email protected]	13829603350	
[email protected]	di12AFt	
[email protected]	3370890	
[email protected]	258258369	
[email protected]	2859777	
[email protected]	181800	
[email protected]	471775	
[email protected]	881207	
[email protected]	84359369	
[email protected]	mm584201314	
[email protected]	124819975	
[email protected]	123456	
[email protected]	1234567	
[email protected]	906243703	
[email protected]	chen0806	
[email protected]	71749463	
[email protected]	20198088	
[email protected]	199107310a	
[email protected]	651316013	
[email protected]	880815mark
[email protected]	2562678
[email protected]	730622


这里账号主站通用的,直接去主站登陆也可以的,用户详细信息,订单之类的全部可以看到:

2.png


修复方案:

不知道。。

版权声明:转载请注明来源 Lava@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-07-17 12:57

厂商回复:

thks

最新状态:

暂无