当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0147937

漏洞标题:北京风行网官方网站某处因设计缺陷可实施撞库攻击

相关厂商:北京风行在线技术有限公司

漏洞作者: 指尖上的故事

提交时间:2015-10-20 10:15

修复时间:2015-12-04 10:20

公开时间:2015-12-04 10:20

漏洞类型:网络设计缺陷/逻辑错误

危害等级:中

自评Rank:8

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-20: 细节已通知厂商并且等待厂商处理中
2015-10-20: 厂商已经确认,细节仅向厂商公开
2015-10-30: 细节向核心白帽子及相关领域专家公开
2015-11-09: 细节向普通白帽子公开
2015-11-19: 细节向实习白帽子公开
2015-12-04: 细节向公众公开

简要描述:

.......

详细说明:

http://www.fun.tv/风行网-官方网站..

POST /account/login_funshion?isajax=1&dtime=1445276427699 HTTP/1.1
Host: api1.fun.tv
Content-Length: 82
Origin: http://www.fun.tv
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
Content-type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.fun.tv/account/login?location=http://cp.fun.tv/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: padTagClose=0; fck=1443292834e4833; _irsip=eke52v; stp=; cookieguid=2E8D6B78-DCCF-48DF-CC0D-10AC6B1DFA49; mick=144140498870f3c; pvsid=144527578567c30; pvsid_cunv=1; ucs=24; PHPSESSID=nsrqqobtr4ksu9236870l9ppd7; _fck=97A8368A5505F5271825C1582A742B09; olduser=1445276296660; pvcount=17%7C3%7C8; Hm_lvt_87b5d6fa7fd32834c5bc556153a89ca5=1445275787,1445276140,1445276230; Hm_lpvt_87b5d6fa7fd32834c5bc556153a89ca5=1445276297; alliance_id=1024; accinfo=%7Buid%3A0%2Cg%3A%27%27%2Cs%3A%27%27%2Cn%3A%27%27%2Caccid%3A0%7D; _pvlog=%5B%5B%22pgclick%22%2C%7B%22rprotocol%22%3A%224%22%2C%22clientFlag%22%3A%225%22%2C%22fck%22%3A%221443292834e4833%22%2C%22mac%22%3A%22%22%2C%22userid%22%3A%220%22%2C%22fpc%22%3A%22%22%2C%22version%22%3A%22%22%2C%22sid%22%3A%22144527578567c30%22%2C%22pvid%22%3A%225175f74f-988b-9e72-0b41-0e137735ff3e%22%2C%22config%22%3A%22account_login%22%2C%22url%22%3A%22http%253A%252F%252Fwww.fun.tv%252Faccount%252Flogin%253Flocation%253Dhttp%253A%252F%252Fcp.fun.tv%252F%22%2C%22referurl%22%3A%22https%253A%252F%252Fwww.baidu.com%252Flink%253Furl%253DDmUr6QTd8GVBxoE1yZxkjCH2f8n7MW8VpNkmt112rmS%2526wd%253D%2526eqid%253Dd7d029c9000459fe00000004562529db%22%2C%22channelid%22%3A%221024%22%2C%22block%22%3A%225%214%7E5%7E5%7E5%212%7E9%7EP%215%7E4%212%22%2C%22screenw%22%3A%221280%22%2C%22screenh%22%3A%22800%22%2C%22browserw%22%3A%221263%22%2C%22browserh%22%3A%22627%22%2C%22browserpx%22%3A%22251%22%2C%22browserpy%22%3A%22340%22%2C%22pagepx%22%3A%22251%22%2C%22pagepy%22%3A%22340%22%2C%22ext%22%3A%22turnurl%253D%22%2C%22mediatype%22%3A%22%257C%257C%257C%257C%22%7D%2C%22website%22%5D%5D
username=11111111&password=7c4a8d09ca3762a&location=http://cp.fun.tv/&autologin=on


从上面抓包获取的信息看到username=明文 password=MD5加密 并没有设置验证码和登录次数限制,而主站登录用户名为(用户名/邮箱/手机号)这里用户名可分为个性帐号和姓名,我这里选用姓名+123456来测试爆破攻击...
大规模可在用网上找公开的(用户名/邮箱/手机号)数据库+强力密码...........
被爆破出来的用户可以登录很多个风行的子域名...(随便登录两个看看..其它的管理员自行验证)

漏洞证明:

随便贴几张图证明一下吧..

1.png

2.png

3.png

4.png

5.png

修复方案:

毕竟是官方首页的登录处...还是做好安全措施吧
加验证码 设置登录次数限制

版权声明:转载请注明来源 指尖上的故事@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:3

确认时间:2015-10-20 10:18

厂商回复:

感谢您对风行安全的观注

最新状态:

暂无