oppo主站登录位置设计缺陷可绕过验证码继续撞库用户（成功帐号证明+大量用户的电话薄、短信、网盘）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0148733

漏洞标题：oppo主站登录位置设计缺陷可绕过验证码继续撞库用户（成功帐号证明+大量用户的电话薄、短信、网盘）

漏洞作者： Azazel

提交时间：2015-10-22 23:20

修复时间：2015-12-07 11:18

公开时间：2015-12-07 11:18

漏洞类型：设计缺陷/逻辑错误

危害等级：高

自评Rank：19

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-10-22：细节已通知厂商并且等待厂商处理中
2015-10-23：厂商已经确认，细节仅向厂商公开
2015-11-02：细节向核心白帽子及相关领域专家公开
2015-11-12：细节向普通白帽子公开
2015-11-22：细节向实习白帽子公开
2015-12-07：细节向公众公开

简要描述：

oppo主站登录位置设计缺陷可绕过验证码继续撞库用户（成功帐号证明+大量用户的电话薄、短信、网盘）

详细说明：

 WooYun: oppo某设计不当导致撞库攻击

这个洞中说这个洞

 WooYun: oppo某设计不当导致撞库攻击

的接口修复了
而这个

 WooYun: oppo某设计不当导致撞库攻击

洞说到

登陆处未做限制

然后我来到主站登录位置

http://my.oppo.com/auth/login?callback=http://store.oppo.com/user/orders

发现一开始也是没登录限制的，但是出错几次之后就出来验证码限制了：

经过测试发现，验证码形同虚设的那种，很容易绕过，然后就开始测试撞库用户，这里提供成功帐号证明：

[email protected]	zxc123	919
[email protected]	27733643	919
[email protected]	13597348387	919
[email protected]	12407857	919
[email protected]	350125	919
[email protected]	17263544	919
[email protected]	199022	919
[email protected]	3610992	919
[email protected]	xingmeng	919
[email protected]	818168	920
[email protected]	330165760	920
[email protected]	3038973	920
[email protected]	423182	920
[email protected]	514631	920
[email protected]	8433146	920
[email protected]	4625426	920
[email protected]	111111	920
[email protected]	6331263	920
[email protected]	air1212	920
[email protected]	10109220	920
[email protected]	zc3588	920
[email protected]	283960	920
[email protected]	22336495	920
[email protected]	19880413	920
[email protected]	2589089	920
[email protected]	3850736	920
[email protected]	253271658	920
[email protected]	19901101	920
[email protected]	yuchan	920
[email protected]	262524	920
[email protected]	2898669	920
[email protected]	470088815	920
[email protected]	19840722	920
[email protected]	930708	920
[email protected]	550191437	920
[email protected]	sangkuo1124	920
[email protected]	5125248	920
[email protected]	2898669	920
[email protected]	550220	920
[email protected]	1980112121	920
[email protected]	88967830	920
[email protected]	861116	920
[email protected]	6102171	920
[email protected]	559191	920
[email protected]	li1234567	920
[email protected]	m200333	920
[email protected]	145123	920
[email protected]	ww3323	920
[email protected]	8841166	920
[email protected]	88603273	921
[email protected]	420380542	921
[email protected]	870530	921
[email protected]	770328	921
[email protected]	123123	921
[email protected]	3768268	921
[email protected]	363959631	921
[email protected]	559421	921
[email protected]	cs337571	921
[email protected]	198906271x	921
[email protected]	523997133	921
[email protected]	303826456	921
[email protected]	aaa000	921
[email protected]	19870915	921
[email protected]	878755	921
[email protected]	559421	921
[email protected]	ly20020	921
[email protected]	5243835	921
[email protected]	376210172	921
[email protected]	li123456	921
[email protected]	19931201	921
[email protected]	2855736	921
[email protected]	90307891	921
[email protected]	111111	921
[email protected]	1990817	921
[email protected]	3103681	921
[email protected]	890521	921
[email protected]	123456	921
[email protected]	973913	921
[email protected]	550990572	921
[email protected]	365058574	921
[email protected]	robinlincoln	921
[email protected]	111111	921
[email protected]	19870515	921
[email protected]	123456	921
[email protected]	twtkmlgog	921
[email protected]	663311	921
[email protected]	67771586	921
[email protected]	4565927	921
[email protected]	386660506	921
[email protected]	8778786	921
[email protected]	19870107	921
[email protected]	tq08jpc	921
[email protected]	zhuyuaijia	922
[email protected]	13568209554	922
[email protected]	zhangjiji	922
[email protected]	5262725	922
[email protected]	19890410	922
[email protected]	7412520	922
[email protected]	7515829	922
[email protected]	7782414	922
[email protected]	3474322	922
[email protected]	815158	922
[email protected]	7758521	922
[email protected]	19860727	922
[email protected]	11223345	922
[email protected]	19851124	922
[email protected]	33288112	922
[email protected]	19890403cm	922
[email protected]	881019	922
[email protected]	mm1987313	922
[email protected]	514200	922
[email protected]	5201314258	922
[email protected]	jkl13810520	922
[email protected]	171564723	922
[email protected]	1987425	922
[email protected]	501196185	922
[email protected]	890213	922
[email protected]	6663283	922
[email protected]	8897710	922
[email protected]	ertffer	922
[email protected]	8897710	922
[email protected]	qqqqqq	922
[email protected]	1984104	922
[email protected]	jiandan	922
[email protected]	71258691	922
[email protected]	6396932	922
[email protected]	19830617	922
[email protected]	linlin123	922
[email protected]	saber017	922
[email protected]	3868322000	922
[email protected]	225588	922
[email protected]	840718	922
[email protected]	13543864636	922
[email protected]	178771	923
[email protected]	123456	923
[email protected]	7500282	923
[email protected]	629788	923
[email protected]	5099888	923
[email protected]	123456	923
[email protected]	950115	923
[email protected]	123456	923
[email protected]	9680728	923
[email protected]	801022	923
[email protected]	liaojiangtao	923
[email protected]	123hhh	923
[email protected]	zxl820324	923
[email protected]	963ggg	923
[email protected]	870905	923
[email protected]	woshiren	923
[email protected]	19881121	923
[email protected]	a2400393	923
[email protected]	58403287	923
[email protected]	860908	923
[email protected]	7758521	923
[email protected]	zlt261220	923
[email protected]	123456	923
[email protected]	xtwkhhgd	923
[email protected]	769428	923
[email protected]	988323	923
[email protected]	56775660a	923
[email protected]	258446029	923
[email protected]	578321	923
[email protected]	xieming	923
[email protected]	123456	923
[email protected]	123456	923
[email protected]	34995657	923
[email protected]	810627	923
[email protected]	198617	923
[email protected]	871170	923
[email protected]	19880601	923
[email protected]	8974508	923
[email protected]	123456	923
[email protected]	84221209	923
[email protected]	8973903521	923
[email protected]	6341369	923
[email protected]	1233730553	923
[email protected]	py291301	923
[email protected]	siyuan	923
[email protected]	ly19920324	923
[email protected]	2012149	923
[email protected]	20061609	923
[email protected]	hyj87935297	923
[email protected]	83664923	923
[email protected]	123456	923
[email protected]	797060	923
[email protected]	xiaowangzi	923
[email protected]	goatskin	923
[email protected]	qq11111111	923
[email protected]	2598780	924
[email protected]	521wxgo	924
[email protected]	73748096	924
[email protected]	19881129	924
[email protected]	78965123	924
[email protected]	15934582886	924
[email protected]	abc25881	924
[email protected]	583399109	924
[email protected]	lihuan123	924
[email protected]	wanlinqian	924
[email protected]	1995511	924
[email protected]	1995511	924
[email protected]	hytlxy2000	924
[email protected]	50286016	924
[email protected]	1386284131	924
[email protected]	j5201314y	924
[email protected]	7712462	924
[email protected]	286721647	924
[email protected]	1987416	924
[email protected]	cjx19931007	924
[email protected]	3603617	924
[email protected]	44121819	924
[email protected]	5475121520	924
[email protected]	19950312	924
[email protected]	13462670997	924
[email protected]	huangjian	924
[email protected]	wz19890513	924
[email protected]	2181287	924
[email protected]	19910907	924
[email protected]	82979341	924
[email protected]	cityboy	924
[email protected]	5212199	924
[email protected]	aihang88	924
[email protected]	1314520	924
[email protected]	880120	924
[email protected]	330282241	924
[email protected]	13485375629	924
[email protected]	43574359	924
[email protected]	19921010	924
[email protected]	19871114	924
[email protected]	149675671	924
[email protected]	8305438	924
[email protected]	78174683	924
[email protected]	5360751	925
[email protected]	6166968qaz	925
[email protected]	dayo5480563	925
[email protected]	2041535	925
[email protected]	252592021	925
[email protected]	li811230	925
[email protected]	8600263	925
[email protected]	1358055	925
[email protected]	5201314	925
[email protected]	3037056	925
[email protected]	dxd224366	925
[email protected]	7758258	925
[email protected]	200862132	925
[email protected]	123456	925
[email protected]	3037056	925
[email protected]	123456	925
[email protected]	7092978	925
[email protected]	780807	925
[email protected]	tellme1000	925
[email protected]	810530	925
[email protected]	8698214	925
[email protected]	122327	925
[email protected]	198502	925
[email protected]	dingzeyu1990	925
[email protected]	3632221	925
[email protected]	123456	925
[email protected]	6556278	925
[email protected]	8450632	925
[email protected]	7534226	925
[email protected]	8350552	925
[email protected]	181800	926
[email protected]	2699487	926
[email protected]	571688	926
[email protected]	1986510	926
[email protected]	13065320006	926
[email protected]	123456	926
[email protected]	410202552	926
[email protected]	123456	926
[email protected]	13829603350	926
[email protected]	di12AFt	926
[email protected]	3370890	926
[email protected]	258258369	926
[email protected]	2859777	926
[email protected]	qaz6204410	926
[email protected]	woaininan521	926
[email protected]	123123	926
[email protected]	5213344	926
[email protected]	zzy965377775	926
[email protected]	5213344	926
[email protected]	110768	926
[email protected]	liujingting	926
[email protected]	q1w2e3	926
[email protected]	13592235240	926
[email protected]	zxy301318	926
[email protected]	qaz6204410	926
[email protected]	2197688	926
[email protected]	qaz6204410	926
[email protected]	2197688	926
[email protected]	3283886	926
[email protected]	zhangfan	926
[email protected]	2859777	926
[email protected]	8851036	926
[email protected]	7758521	926
[email protected]	520055	926
[email protected]	3283886	926
[email protected]	848537	926
[email protected]	qaz6204410	926
[email protected]	A19731113	926
[email protected]	8965638	926
[email protected]	liuwenlong.	926
[email protected]	672510	926
[email protected]	881207	927
[email protected]	asahina	927
[email protected]	2233032	927
[email protected]	mm584201314	927
[email protected]	124819975	927
[email protected]	1236548	927
[email protected]	564307904	927
[email protected]	1860sjf	927
[email protected]	qinchao581321	927
[email protected]	520123	927
[email protected]	85316029	927
[email protected]	471775	928
[email protected]	84359369	928
[email protected]	lgjj0308	928
[email protected]	3202861	928
[email protected]	19861207	928
[email protected]	19840420	928
[email protected]	hyq521	928
[email protected]	1096311715	928
[email protected]	5278400	928
[email protected]	71749463	929
[email protected]	1234567	929
[email protected]	906243703	929
[email protected]	811028	929
[email protected]	71749463	929
[email protected]	19910821	929
[email protected]	9567226258	929
[email protected]	19890404	929
[email protected]	bing0809	929
[email protected]	198862	929
[email protected]	58607506	929
[email protected]	6301680	930
[email protected]	6301680	930
[email protected]	897626	931
[email protected]	290741582	931
[email protected]	841120	931
[email protected]	2285413	932
[email protected]	24260306	932
[email protected]	84207952	932
[email protected]	a3344520	933
[email protected]	chen0806	934
[email protected]	zwq123456	934
[email protected]	33855134	934
[email protected]	20198088	935
[email protected]	651316013	935
[email protected]	19871205	935
[email protected]	2137133	935
[email protected]	5234121	935
[email protected]	5841314520	935
[email protected]	2811525	935
[email protected]	qjh19870623	935
[email protected]	199107310a	936
[email protected]	63362230	937
[email protected]	2562678	937
[email protected]	lilong	937
[email protected]	970627	937
[email protected]	84859631	937
[email protected]	880815mark	938
[email protected]	3120215	938
[email protected]	lixiangyu1986	938
[email protected]	335903	938
[email protected]	31914109	938
[email protected]	730622	941
[email protected]	85878810	941
[email protected]	58425703	941
[email protected]	sfglkwfn	947
[email protected]	312133	950

既然有了帐号，就好办多了，欧珀的网站的话我看这个洞

 WooYun: oppo某设计不当导致撞库攻击

的简要描述说

很多用户绑定了设备

这洞

 WooYun: oppo某登陆接口撞库（大量用户的电话薄、短信、网盘）

的标题又提到

（大量用户的电话薄、短信、网盘）

电话簿短信网盘的泄漏感觉还是挺有意思的，然后呢？然后：

感觉这信息泄漏挺严重的了吧- -

漏洞证明：

详细说明看。。。

修复方案：

给个高rank，改善一下验证码，加密

版权声明：转载请注明来源 Azazel@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：16

确认时间：2015-10-23 11:17

厂商回复：

感谢，我们紧急处理!

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0148733

漏洞标题：oppo主站登录位置设计缺陷可绕过验证码继续撞库用户（成功帐号证明+大量用户的电话薄、短信、网盘）

相关厂商：广东欧珀移动通讯有限公司

漏洞作者： Azazel

提交时间：2015-10-22 23:20

修复时间：2015-12-07 11:18

公开时间：2015-12-07 11:18

漏洞类型：设计缺陷/逻辑错误

危害等级：高

自评Rank：19

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Azazel@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0148733

漏洞标题：oppo主站登录位置设计缺陷可绕过验证码继续撞库用户（成功帐号证明+大量用户的电话薄、短信、网盘）

相关厂商：广东欧珀移动通讯有限公司

漏洞作者： Azazel

提交时间：2015-10-22 23:20

修复时间：2015-12-07 11:18

公开时间：2015-12-07 11:18

漏洞类型：设计缺陷/逻辑错误

危害等级：高

自评Rank：19

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0148733"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Azazel@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：