当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0166971

漏洞标题:21cake主站接口设计缺陷可绕过验证码撞库用户,严重泄漏用户敏感信息

相关厂商:廿一客食品有限公司

漏洞作者: 路人甲

提交时间:2016-01-04 12:17

修复时间:2016-01-10 09:00

公开时间:2016-01-10 09:00

漏洞类型:设计缺陷/逻辑错误

危害等级:低

自评Rank:3

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-04: 细节已通知厂商并且等待厂商处理中
2016-01-10: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

21cake主站接口设计缺陷可绕过验证码撞库用户,严重泄漏用户敏感信息

详细说明:

http://www.21cake.com/passport-login.html这个是主站登录的地方,一开始没有验证码,出错一定次数之后就出来了验证码:

1.png


然后抓包看到用户名,密码,验证码的包都可以抓到

2.png


测试撞库用户发现是可以的,这里给出部分我撞库成功的帐号:

[email protected]	789654123a	323
[email protected]	19891027	323
[email protected]	123456	323
[email protected]	320628	323
[email protected]	936501918	323
[email protected]	123456	323
[email protected]	5211314	323
[email protected]	19451314	323
[email protected]	196204110	323
[email protected]	asahina	323
[email protected]	8621068	323
[email protected]	5hnti8gm	323
[email protected]	68736890	323
[email protected]	123456	323
[email protected]	6032996	323
[email protected]	122365	323
[email protected]	123456	323
[email protected]	1a2b3c4d5e	323
[email protected]	123456	323
[email protected]	123123	323
[email protected]	123456	323
[email protected]	329600761	323
[email protected]	123456	323
[email protected]	liwenxuan	323
[email protected]	840771	323
[email protected]	900904	323
[email protected]	19901124	323
[email protected]	158181742	323
[email protected]	19871212	323
[email protected]	123456	323
[email protected]	123456	323
[email protected]	123456	323
[email protected]	72426cyz	323
[email protected]	123456	323
[email protected]	123456	323
[email protected]	nelson0122	323
[email protected]	66860062110	323
[email protected]	wei19881117	323
[email protected]	1317758	323
[email protected]	60245506	323
[email protected]	w42278hw	323
[email protected]	v1wujiv1	323
[email protected]	123456	323
[email protected]	45255636	323
[email protected]	920622	323
[email protected]	174510586	323
[email protected]	caojun	323
[email protected]	3132334	323
[email protected]	22160466	323
[email protected]	123456	323
[email protected]	19881031lyj	323
[email protected]	yaoshiyi	323
[email protected]	liuqing	323
[email protected]	801021	323
[email protected]	zxj198378	323
[email protected]	1988212	323
[email protected]	ytsm36	323
[email protected]	123456	323
[email protected]	jiannanren123	323
[email protected]	123456	323
[email protected]	67613051	323
[email protected]	123456	323
[email protected]	1317758	323
[email protected]	19911225	323
[email protected]	moyi106325	323
[email protected]	880818	323
[email protected]	fengfeng	323
[email protected]	19881123	323
[email protected]	1993319	323
[email protected]	ccjjccjj	323
[email protected]	814117	323
[email protected]	19890519	323
[email protected]	yusayusa	323
[email protected]	224927	323
[email protected]	8321ljf	323
[email protected]	123456	323
[email protected]	11259375	323
[email protected]	QQQQQQ	323
[email protected]	140605	323
[email protected]	123456	323
[email protected]	lovejay1314	323
[email protected]	123456	323
[email protected]	32241937	323
[email protected]	cafferylove0224	323
[email protected]	5201314	323
[email protected]	sabina	323
[email protected]	123456	323
[email protected]	silverwolf	323
[email protected]	131421	323
[email protected]	zhaonina225	323
[email protected]	123456	323
[email protected]	123456	323
[email protected]	6820134	323
[email protected]	321522	323
[email protected]	123456789	323
[email protected]	1987421	323
[email protected]	123456	323
[email protected]	19900912zrr	323
[email protected]	123456	323
[email protected]	chen0517c1	323
[email protected]	881204	323
[email protected]	354543512	323
[email protected]	66251020	323
[email protected]	372816	323
[email protected]	19911030	323
[email protected]	123456	323
[email protected]	962464	323
[email protected]	826927	323
[email protected]	54285018	323
[email protected]	123456	323
[email protected]	xiaoyu68	323
[email protected]	123456	323
[email protected]	keyaya	323
[email protected]	1123581321	323
[email protected]	peilimin	323
[email protected]	19840418	323
[email protected]	123456	323
[email protected]	85793427	323
[email protected]	hongshen	323
[email protected]	123456	323
[email protected]	901006	323
[email protected]	19870126a	323
[email protected]	chenyuqing	323
[email protected]	19841018	323
[email protected]	123456	323
[email protected]	ma925376	323
[email protected]	20060109	323
[email protected]	6041578	323
[email protected]	212100	323
[email protected]	oct11th	323
[email protected]	112233	323
[email protected]	123123	323
[email protected]	64890310	323
[email protected]	yang123	323
[email protected]	123456	324
[email protected]	123123	324
[email protected]	chaoqun25	324
[email protected]	cncast	324
[email protected]	123456	324
[email protected]	123456	324
[email protected]	red429	324
[email protected]	66160427	324
[email protected]	qazwsx123	324


登录帐号看到严重泄漏用户敏感信息:

3.png


5.png


6.png


7.png

漏洞证明:

http://www.21cake.com/passport-login.html这个是主站登录的地方,一开始没有验证码,出错一定次数之后就出来了验证码:

1.png


然后抓包看到用户名,密码,验证码的包都可以抓到

2.png


测试撞库用户发现是可以的,这里给出部分我撞库成功的帐号:



mask 区域


*****m	789654*****
*****	198910*****
*****	1234*****
*****com	320*****
*****om	93650*****
*****om	123*****
*****com	521*****
*****om	1945*****
*****m	196204*****
*****com	asah*****
*****com	862*****
*****com	5hn*****
*****com	687*****
*****com	123*****
*****om	603*****
*****com	122*****
*****om	123*****
*****com	1a2b3*****
*****	1234*****
*****om	123*****
*****com	123*****
*****m	329600*****
*****om	123*****
*****q.com	liw*****
*****om	8407*****
*****com	900*****
*****q.com	19*****
*****m	158181*****
*****om	1987*****
*****com	123*****
*****om	123*****
*****om	123*****
*****om	7242*****
*****om	123*****
*****om	123*****
*****	nelson0*****
*****m	668600*****
*****m	wei198*****
*****om	131*****
*****com	602*****
*****com	w42*****
*****om	v1wu*****
*****com	123*****
*****m	4525*****
*****com	920*****
*****m	174510*****
*****com	cao*****
*****com	313*****
*****om	2216*****
*****om	123*****
*****m	198810*****
*****com	yao*****
*****om	liuq*****
*****om	8010*****
*****m	zxj19*****
*****com	198*****
*****	ytsm3*****
*****om	123*****
*****jiannanre*****
*****com	12*****
*****com	676*****
*****com	123*****
*****om	131*****
*****com	199*****
*****m	moyi10*****
*****com	88*****
*****m	fengf*****
*****com	198*****
*****com	199*****
*****com	ccj*****
*****om	8141*****
*****com	198*****
*****com	yus*****
*****com	224*****
*****com	832*****
*****om	1234*****
*****com	112*****
*****com	QQQ*****
*****com	140*****
*****om	123*****
*****m	loveja*****
*****om	123*****
*****com	322*****
*****m	caffery*****
*****com	520*****
*****com	sab*****
*****om	1234*****
*****m	silver*****
*****com	131*****
*****m	zhaoni*****
*****om	123*****
*****m	1234*****
*****com	682*****
*****om	3215*****
*****om	12345*****
*****om	1987*****
*****om	123*****
*****m	199009*****
*****com	123*****
*****m	chen05*****
*****com	881*****
*****m	354543*****
*****com	662*****
*****com	372*****
*****om	1991*****
*****om	123*****
*****.com	96*****
*****q.com	82*****
*****com	542*****
*****com	123*****
*****com	xia*****
*****om	123*****
*****com	key*****
*****om	11235*****
*****om	peili*****
*****com	198*****
*****om	123*****
*****com	857*****
*****com	hon*****
*****om	123*****
*****com	901*****
*****m	198701*****
*****m	chenyu*****
*****com	198*****
*****om	123*****
*****com	ma9*****
*****com	200*****
*****com	604*****
*****com	212*****
*****com	oct*****
*****com	112*****
*****om	123*****
*****com	648*****
*****com	yan*****
*****	1234*****
*****om	123*****
*****m	chaoqu*****
*****m	cnca*****
*****om	123*****
*****om	123*****
*****om	red4*****
*****com	661*****
*****om	qazw*****


登录帐号看到严重泄漏用户敏感信息:

3.png


5.png


6.png


7.png

修复方案:

修复验证码

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-01-10 09:00

厂商回复:

最新状态:

暂无