漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0164349
漏洞标题:58同城某OA大量弱口令可登录
相关厂商:58同城
漏洞作者: _Thorns
提交时间:2015-12-25 12:48
修复时间:2016-02-08 18:23
公开时间:2016-02-08 18:23
漏洞类型:后台弱口令
危害等级:高
自评Rank:15
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-25: 细节已通知厂商并且等待厂商处理中
2015-12-26: 厂商已经确认,细节仅向厂商公开
2016-01-05: 细节向核心白帽子及相关领域专家公开
2016-01-15: 细节向普通白帽子公开
2016-01-25: 细节向实习白帽子公开
2016-02-08: 细节向公众公开
简要描述:
58同城某OA大量弱口令
详细说明:
密码全是123456
*anl*ang*h*n 325
*angs*hu* 325
zhoum*ng 325
z*ngq*ngx*ang 325
zongj*ng 325
zhaoha*zh*ng 325
*ang***nan 325
zh*ngyangyang 325
*aobo 325
guoy* 325
***uj*ngx*an 325
*u*xu* 325
*h*ngm*ng 325
*a*l* 325
*uyao 325
fanl*nru* 325
hanm*ng*hao 325
huluan 325
huang** 325
l*p*ngy*ng 325
l*ang*ong 325
l*nm*ngh* 325
l*uhu*m*n 325
luol*p*ng 325
p**junxu 325
tanluq*ng 325
*anghuaj*ng 325
***yongzh*ng 325
*uhang 325
xuyaoj*a 325
yanhao 325
yangbo**n 325
yanghualong 325
y*n*haohong 325
zhangfangqun 325
zhangj*nm*ng 325
zhangh*m**z* 325
zhangz*an 325
zhangl*ngj*a 325
zhouq*anq*an 325
zhanghongyang 325
*hanghua 325
g*b*ngyu 325
*uhao*h*n 325
zhangx*aohan 325
*aoshan 325
n**sh*m*n 325
fanshuo 325
gaot*anbao 325
yan** 325
l*pu 325
qux*aohu* 325
y***anhong 325
sum*ng 325
*angj*ng*** 325
zhaozhu 325
g**h*nyu 325
y*nmaosh*ng 325
maxu*l* 325
l*p***an 325
guo**n**n 325
buha*yu* 325
zhangp*ny* 325
x*ngq*ngyun 325
ouxul* 325
*uanhongl*n 325
luguot*ng 325
zhang**nyu 325
yangx*nl* 325
**ng***l* 325
songxuhong 325
zhangxu*nan 325
songyan 325
j*al*uy*ng 325
*angx*aonan 325
song*anx*a 325
baoj*ngna 325
houj*a*** 325
*u*huay*ng 325
*aoxuhua 325
*an*haoqun 325
*angl*yu 325
pang*hunyan 325
huangshuyu 325
hujunya 325
yum**q*an 325
**nj*ayu 325
maj*ao 325
*aom*ngyu* 325
zhouj*ngj*ng 325
m*nz***n 325
l*uanq* 325
huj*ng**n 325
l*um** 325
j*aoj*angyan 325
luyut*ng 325
**ngx*angyu 325
r*nka*xuan 325
r*nhongy*ng 325
***yangyang 325
x**j*an*ng 325
yuj*nghu* 325
sunl*njun 325
zhangx*aoyang 325
yangnana 325
t*ang* 325
huangx*aoq* 325
zhangluyang 325
*uansujuan 325
xushaohu* 325
yanggao*** 325
n*uhao 325
huoyanhong 325
lu*u**u* 325
tant*anyu 325
l*suzhu 325
l*uy*j*a 325
f*ng**nx*n 325
*usuyun 325
*aokang 325
zhuha*l*ng 325
yu**nbo 325
h*t*ngl* 325
*angyu*x*n 325
x*aoyuanl* 325
pangguohua 325
lu**nt*ng 325
**njunl*ng 325
songt*anx*ong 325
yul**ong 325
漏洞证明:
密码全是123456
*anl*ang*h*n 325
*angs*hu* 325
zhoum*ng 325
z*ngq*ngx*ang 325
zongj*ng 325
zhaoha*zh*ng 325
*ang***nan 325
zh*ngyangyang 325
*aobo 325
guoy* 325
***uj*ngx*an 325
*u*xu* 325
*h*ngm*ng 325
*a*l* 325
*uyao 325
fanl*nru* 325
hanm*ng*hao 325
huluan 325
huang** 325
l*p*ngy*ng 325
l*ang*ong 325
l*nm*ngh* 325
l*uhu*m*n 325
luol*p*ng 325
p**junxu 325
tanluq*ng 325
*anghuaj*ng 325
***yongzh*ng 325
*uhang 325
xuyaoj*a 325
yanhao 325
yangbo**n 325
yanghualong 325
y*n*haohong 325
zhangfangqun 325
zhangj*nm*ng 325
zhangh*m**z* 325
zhangz*an 325
zhangl*ngj*a 325
zhouq*anq*an 325
zhanghongyang 325
*hanghua 325
g*b*ngyu 325
*uhao*h*n 325
zhangx*aohan 325
*aoshan 325
n**sh*m*n 325
fanshuo 325
gaot*anbao 325
yan** 325
l*pu 325
qux*aohu* 325
y***anhong 325
sum*ng 325
*angj*ng*** 325
zhaozhu 325
g**h*nyu 325
y*nmaosh*ng 325
maxu*l* 325
l*p***an 325
guo**n**n 325
buha*yu* 325
zhangp*ny* 325
x*ngq*ngyun 325
ouxul* 325
*uanhongl*n 325
luguot*ng 325
zhang**nyu 325
yangx*nl* 325
**ng***l* 325
songxuhong 325
zhangxu*nan 325
songyan 325
j*al*uy*ng 325
*angx*aonan 325
song*anx*a 325
baoj*ngna 325
houj*a*** 325
*u*huay*ng 325
*aoxuhua 325
*an*haoqun 325
*angl*yu 325
pang*hunyan 325
huangshuyu 325
hujunya 325
yum**q*an 325
**nj*ayu 325
maj*ao 325
*aom*ngyu* 325
zhouj*ngj*ng 325
m*nz***n 325
l*uanq* 325
huj*ng**n 325
l*um** 325
j*aoj*angyan 325
luyut*ng 325
**ngx*angyu 325
r*nka*xuan 325
r*nhongy*ng 325
***yangyang 325
x**j*an*ng 325
yuj*nghu* 325
sunl*njun 325
zhangx*aoyang 325
yangnana 325
t*ang* 325
huangx*aoq* 325
zhangluyang 325
*uansujuan 325
xushaohu* 325
yanggao*** 325
n*uhao 325
huoyanhong 325
lu*u**u* 325
tant*anyu 325
l*suzhu 325
l*uy*j*a 325
f*ng**nx*n 325
*usuyun 325
*aokang 325
zhuha*l*ng 325
yu**nbo 325
h*t*ngl* 325
*angyu*x*n 325
x*aoyuanl* 325
pangguohua 325
lu**nt*ng 325
**njunl*ng 325
songt*anx*ong 325
yul**ong 325
修复方案:
版权声明:转载请注明来源 _Thorns@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:5
确认时间:2015-12-26 10:41
厂商回复:
已提交给到家的小伙伴,感谢对58安全的关注。
最新状态:
暂无