漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0141035
漏洞标题:酷狗旗下某站登陆位置可撞库用户(成功账号证明)
相关厂商:酷狗
漏洞作者: 路人甲
提交时间:2015-09-14 12:16
修复时间:2015-11-02 16:26
公开时间:2015-11-02 16:26
漏洞类型:设计缺陷/逻辑错误
危害等级:低
自评Rank:3
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-09-14: 细节已通知厂商并且等待厂商处理中
2015-09-18: 厂商已经确认,细节仅向厂商公开
2015-09-28: 细节向核心白帽子及相关领域专家公开
2015-10-08: 细节向普通白帽子公开
2015-10-18: 细节向实习白帽子公开
2015-11-02: 细节向公众公开
简要描述:
酷狗旗下某站登陆位置可撞库用户(成功账号证明)
详细说明:
http://5sing.kugou.com/zc/login这个登陆接口是酷狗旗下5sing的登陆接口,登陆位置没有做出任何限制
抓包发现用户名和密码都是明文
测试后发现可以成功撞库,部分撞库成功账号证明:
[email protected] nicholas 1449
[email protected] shlovely1 1449
[email protected] 7451920 1449
[email protected] 54788245 1449
[email protected] 200311 1449
[email protected] wjy0418qq 1449
[email protected] jay88888 1449
[email protected] 5788578 1449
[email protected] 8445182 1449
[email protected] 2693388 1449
[email protected] 2242562 1449
[email protected] 111111 1449
[email protected] 870306 1449
[email protected] ying821130 1449
[email protected] 123123 1449
[email protected] duv4lang 1449
[email protected] 7451920 1449
[email protected] 11221122 1449
[email protected] 123longcht 1449
[email protected] 234452148 1449
[email protected] bh19861029 1449
[email protected] 558811 1449
[email protected] 100283 1449
[email protected] jason27 1449
[email protected] 55542549789 1449
[email protected] yefeng1992 1449
[email protected] 871222 1449
[email protected] 1231516 1449
[email protected] 19861006z 1449
[email protected] zlpz5115 1449
[email protected] irene630416 1449
[email protected] dengpeng 1449
[email protected] aaaaaaa 1449
[email protected] 19871025 1449
[email protected] 11251107 1449
[email protected] plpop1991 1450
[email protected] 52zhangshaohan 1450
[email protected] lx0034811 1450
[email protected] wojiushiwo 1450
[email protected] 208213 1450
[email protected] 123456 1450
[email protected] 8692265 1450
[email protected] liangying1011 1450
[email protected] james6212 1450
[email protected] 87651234 1450
[email protected] 77402982 1450
[email protected] 726913 1450
[email protected] 851106 1450
[email protected] 666666 1450
[email protected] 7113041 1450
[email protected] wx8232535 1450
[email protected] 123456 1450
[email protected] 6782667 1450
[email protected] zhang4572903 1450
[email protected] 950204 1450
[email protected] 123456 1450
[email protected] pinosayi 1450
[email protected] 5099888 1450
[email protected] 123456 1450
[email protected] 112234 1450
[email protected] 830323 1450
[email protected] 753210321 1450
[email protected] shmily 1450
[email protected] 112234 1450
[email protected] a121417988 1450
[email protected] welcome 1450
[email protected] hym19931130 1450
[email protected] 2570279 1450
[email protected] mojing816 1450
[email protected] 6158153 1450
[email protected] 1989236 1451
[email protected] 456852 1451
[email protected] 484012 1451
[email protected] 891003 1451
[email protected] 7721910 1452
[email protected] 1987918 1452
[email protected] 1010410 1452
[email protected] 62310991 1452
[email protected] 321671215x 1452
[email protected] ay521ty 1452
[email protected] wangtianyun1 1452
[email protected] jinzi763 1452
[email protected] 15031777028 1452
[email protected] jiekexun12 1452
[email protected] 497578595 1452
[email protected] 28622145 1452
[email protected] 13795866525 1452
[email protected] wxh19820209 1452
[email protected] yjxmpzu9 1452
[email protected] wodemima00oo 1452
[email protected] 619215523 1452
[email protected] 111111 1452
[email protected] 890317 1452
[email protected] myclair 1452
[email protected] 123456 1452
[email protected] asdasd 1452
[email protected] z2186822 1452
[email protected] 403098489 1452
[email protected] ihqcqtye 1452
[email protected] 3132195 1452
[email protected] 111111 1452
[email protected] wg19891029 1452
[email protected] 3753442 1452
[email protected] q7758521 1452
[email protected] 350387536 1452
[email protected] qwe123 1452
[email protected] 349478121 1452
[email protected] qq463089576 1452
[email protected] guojiuling 1452
[email protected] 7814518 1452
[email protected] 784512 1452
[email protected] xihuanni12 1452
[email protected] s19890828 1452
[email protected] 11990908 1452
[email protected] 19870801 1452
[email protected] andylau 1452
[email protected] 20386642 1452
[email protected] wb2254017 1452
[email protected] 2572889 1453
[email protected] sibeisi 1453
[email protected] 19891026 1453
[email protected] lwsj8129 1453
[email protected] 548946 1453
[email protected] 19911214 1453
[email protected] 2079075941 1453
[email protected] 1987824 1453
[email protected] liyu1989214 1453
[email protected] bingxias 1453
[email protected] 59579802 1453
[email protected] 19851207 1453
[email protected] youxiyuki123 1453
[email protected] binbin321 1453
[email protected] 37216379 1453
[email protected] 123456 1453
[email protected] 285002 1453
[email protected] 19921025 1453
[email protected] 123456 1453
[email protected] 890425zc 1453
[email protected] 98837308 1453
[email protected] fantasy0 1453
[email protected] peter1986 1453
[email protected] 123456 1453
[email protected] 123456 1453
[email protected] Nintendo 1453
[email protected] 123456 1453
[email protected] czq35618284 1453
[email protected] 23267714 1453
[email protected] 131420 1453
[email protected] 59189936 1453
[email protected] 6866515 1453
[email protected] 454710508 1453
[email protected] 025689hh 1453
[email protected] 19870811 1453
登陆撞库账号证明:
漏洞证明:
http://5sing.kugou.com/zc/login这个登陆接口是酷狗旗下5sing的登陆接口,登陆位置没有做出任何限制
抓包发现用户名和密码都是明文
测试后发现可以成功撞库,部分撞库成功账号证明:
[email protected] nicholas 1449
[email protected] shlovely1 1449
[email protected] 7451920 1449
[email protected] 54788245 1449
[email protected] 200311 1449
[email protected] wjy0418qq 1449
[email protected] jay88888 1449
[email protected] 5788578 1449
[email protected] 8445182 1449
[email protected] 2693388 1449
[email protected] 2242562 1449
[email protected] 111111 1449
[email protected] 870306 1449
[email protected] ying821130 1449
[email protected] 123123 1449
[email protected] duv4lang 1449
[email protected] 7451920 1449
[email protected] 11221122 1449
[email protected] 123longcht 1449
[email protected] 234452148 1449
[email protected] bh19861029 1449
[email protected] 558811 1449
[email protected] 100283 1449
[email protected] jason27 1449
[email protected] 55542549789 1449
[email protected] yefeng1992 1449
[email protected] 871222 1449
[email protected] 1231516 1449
[email protected] 19861006z 1449
[email protected] zlpz5115 1449
[email protected] irene630416 1449
[email protected] dengpeng 1449
[email protected] aaaaaaa 1449
[email protected] 19871025 1449
[email protected] 11251107 1449
[email protected] plpop1991 1450
[email protected] 52zhangshaohan 1450
[email protected] lx0034811 1450
[email protected] wojiushiwo 1450
[email protected] 208213 1450
[email protected] 123456 1450
[email protected] 8692265 1450
[email protected] liangying1011 1450
[email protected] james6212 1450
[email protected] 87651234 1450
[email protected] 77402982 1450
[email protected] 726913 1450
[email protected] 851106 1450
[email protected] 666666 1450
[email protected] 7113041 1450
[email protected] wx8232535 1450
[email protected] 123456 1450
[email protected] 6782667 1450
[email protected] zhang4572903 1450
[email protected] 950204 1450
[email protected] 123456 1450
[email protected] pinosayi 1450
[email protected] 5099888 1450
[email protected] 123456 1450
[email protected] 112234 1450
[email protected] 830323 1450
[email protected] 753210321 1450
[email protected] shmily 1450
[email protected] 112234 1450
[email protected] a121417988 1450
[email protected] welcome 1450
[email protected] hym19931130 1450
[email protected] 2570279 1450
[email protected] mojing816 1450
[email protected] 6158153 1450
[email protected] 1989236 1451
[email protected] 456852 1451
[email protected] 484012 1451
[email protected] 891003 1451
[email protected] 7721910 1452
[email protected] 1987918 1452
[email protected] 1010410 1452
[email protected] 62310991 1452
[email protected] 321671215x 1452
[email protected] ay521ty 1452
[email protected] wangtianyun1 1452
[email protected] jinzi763 1452
[email protected] 15031777028 1452
[email protected] jiekexun12 1452
[email protected] 497578595 1452
[email protected] 28622145 1452
[email protected] 13795866525 1452
[email protected] wxh19820209 1452
[email protected] yjxmpzu9 1452
[email protected] wodemima00oo 1452
[email protected] 619215523 1452
[email protected] 111111 1452
[email protected] 890317 1452
[email protected] myclair 1452
[email protected] 123456 1452
[email protected] asdasd 1452
[email protected] z2186822 1452
[email protected] 403098489 1452
[email protected] ihqcqtye 1452
[email protected] 3132195 1452
[email protected] 111111 1452
[email protected] wg19891029 1452
[email protected] 3753442 1452
[email protected] q7758521 1452
[email protected] 350387536 1452
[email protected] qwe123 1452
[email protected] 349478121 1452
[email protected] qq463089576 1452
[email protected] guojiuling 1452
[email protected] 7814518 1452
[email protected] 784512 1452
[email protected] xihuanni12 1452
[email protected] s19890828 1452
[email protected] 11990908 1452
[email protected] 19870801 1452
[email protected] andylau 1452
[email protected] 20386642 1452
[email protected] wb2254017 1452
[email protected] 2572889 1453
[email protected] sibeisi 1453
[email protected] 19891026 1453
[email protected] lwsj8129 1453
[email protected] 548946 1453
[email protected] 19911214 1453
[email protected] 2079075941 1453
[email protected] 1987824 1453
[email protected] liyu1989214 1453
[email protected] bingxias 1453
[email protected] 59579802 1453
[email protected] 19851207 1453
[email protected] youxiyuki123 1453
[email protected] binbin321 1453
[email protected] 37216379 1453
[email protected] 123456 1453
[email protected] 285002 1453
[email protected] 19921025 1453
[email protected] 123456 1453
[email protected] 890425zc 1453
[email protected] 98837308 1453
[email protected] fantasy0 1453
[email protected] peter1986 1453
[email protected] 123456 1453
[email protected] 123456 1453
[email protected] Nintendo 1453
[email protected] 123456 1453
[email protected] czq35618284 1453
[email protected] 23267714 1453
[email protected] 131420 1453
[email protected] 59189936 1453
[email protected] 6866515 1453
[email protected] 454710508 1453
[email protected] 025689hh 1453
[email protected] 19870811 1453
登陆撞库账号证明:
修复方案:
加上验证码
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:低
漏洞Rank:4
确认时间:2015-09-18 16:25
厂商回复:
谢谢
最新状态:
暂无