当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0168177

漏洞标题:格林豪泰某处设计缺陷导致大数据撞库后用户身份证/手机号/开房信息等泄漏,可消耗用户格林币升级会员

相关厂商:格林豪泰酒店管理集团

漏洞作者: 祸斗

提交时间:2016-01-07 22:36

修复时间:2016-02-22 16:48

公开时间:2016-02-22 16:48

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-07: 细节已通知厂商并且等待厂商处理中
2016-01-08: 厂商已经确认,细节仅向厂商公开
2016-01-18: 细节向核心白帽子及相关领域专家公开
2016-01-28: 细节向普通白帽子公开
2016-02-07: 细节向实习白帽子公开
2016-02-22: 细节向公众公开

简要描述:

格林豪泰某处设计缺陷导致大数据撞库后用户身份证/手机号/开房信息等泄漏,可消耗用户格林币升级会员

详细说明:

http://998.com/Account/Sign这个地方登录位置,有验证码但是可绕过,用户名密码明文传输

1.png


2.png


测试可以撞库,大数据跑了跑,出来了很多,这里给出部分成功帐号证明:

[email protected]	310715	770
[email protected]	jiguang26	771
[email protected]	byswdh741	772
[email protected]	123098357	774
[email protected]	leilei19871130	777
[email protected]	38239199	777
[email protected]	4088333	777
[email protected]	19901124	778
[email protected]	wen123	778
[email protected]	515610	778
[email protected]	43652375	779
[email protected]	06dongjun14	779
[email protected]	dong123321	780
[email protected]	yangyuxin	781
[email protected]	870530	781
[email protected]	19830522	781
[email protected]	129416	781
[email protected]	123456	781
[email protected]	l04260029	782
[email protected]	668868	782
[email protected]	135020	782
[email protected]	hyq521	782
[email protected]	tonyray	783
[email protected]	64258070	783
[email protected]	13951982350	783
[email protected]	aaqqaa	783
[email protected]	998877	783
[email protected]	60696558	784
[email protected]	987600	784
[email protected]	123456	784
[email protected]	987536	785
[email protected]	861229	785
[email protected]	8764806	785
[email protected]	276951439	785
[email protected]	xiaochuan	785
[email protected]	22006281	785
[email protected]	435513	785
[email protected]	11111111	786
[email protected]	1992asz	786
[email protected]	198165	786
[email protected]	11259375	786
[email protected]	871123	786
[email protected]	dalin520	787
[email protected]	55169997	787
[email protected]	520609	787
[email protected]	1236548	787
[email protected]	521827	788
[email protected]	560623	788
[email protected]	198808109	789
[email protected]	911207	789
[email protected]	sh2000lq	789
[email protected]	liguang	789
[email protected]	408925547	789
[email protected]	68734693	789
[email protected]	5128299	790
[email protected]	123456	792
[email protected]	5605570	792
[email protected]	87704821	792
[email protected]	5201314	792
[email protected]	89892344	792
[email protected]	8422925	792
[email protected]	8422925	792
[email protected]	15074720	792
[email protected]	6860577	792
[email protected]	gaofeng	792
[email protected]	yangdong123	792
[email protected]	wy2311545	792
[email protected]	mimabaohua	792
[email protected]	26197709	793
[email protected]	9132898961	793
[email protected]	tiantian1325	793
[email protected]	88382776	794
[email protected]	19870405	794
[email protected]	19820926	794
[email protected]	1qaz2wsx	794
[email protected]	498240	794
[email protected]	88775150	794
[email protected]	jiandanai	795
[email protected]	88811925	795
[email protected]	19891123	795
[email protected]	wzl1988	795
[email protected]	2262126	795
[email protected]	jiang6110285	795
[email protected]	wang59835	795
[email protected]	wzl1988	795
[email protected]	520520	795
[email protected]	3344521	795
[email protected]	15944350846	795
[email protected]	15944350846	795
[email protected]	qwert789	795
[email protected]	49331211	795
[email protected]	810912	795
[email protected]	198477	795
[email protected]	1qaz1q	795
[email protected]	321654	796
[email protected]	woshitiancai	797
[email protected]	6225065	797
[email protected]	devil86010	797
[email protected]	woshitiancai	797
[email protected]	12345zxcvb	798
[email protected]	667292	798
[email protected]	861130	798
[email protected]	13245768	798
[email protected]	66369386	799
[email protected]	5201314aa	799
[email protected]	783728	799
[email protected]	120488	799
[email protected]	123456789	799
[email protected]	584520	800
[email protected]	1231010	800
[email protected]	yayaya	800
[email protected]	904094	800
[email protected]	13537446	801
[email protected]	jijiji	801
[email protected]	8887113	801
[email protected]	woaizhuzhu	801
[email protected]	77803914	801
[email protected]	839200	801
[email protected]	828500	801
[email protected]	841123	801
[email protected]	140605	801
[email protected]	8219525	801
[email protected]	63781200	801
[email protected]	wang123qi	802
[email protected]	wangyufeng	802
[email protected]	397562024	802
[email protected]	15470847	802
[email protected]	407296362	802
[email protected]	jaytaba	802
[email protected]	8286889	803
[email protected]	6912940	803
[email protected]	2101117	803
[email protected]	1990225	803
[email protected]	jackal	803
[email protected]	335455183	803
[email protected]	wangwei915	803
[email protected]	5329580	803
[email protected]	5626228	803
[email protected]	963258963	803
[email protected]	421988	803
[email protected]	871206	804
[email protected]	34891393	804
[email protected]	520687	804
[email protected]	1d0b7d9b	804
[email protected]	814117	804
[email protected]	349478121	805
[email protected]	xuan9826	805
[email protected]	1360lhy	805
[email protected]	hyk187192	806
[email protected]	sfglkwfn	806
[email protected]	107331	806
[email protected]	138919	807
[email protected]	19871106	807
[email protected]	qunima	808
[email protected]	guoshuai	808
[email protected]	stefanie0723	809
[email protected]	262945677	810
[email protected]	mengbd520	810
[email protected]	8621068	810
[email protected]	mengbd520	810
[email protected]	118511	810
[email protected]	53411230	811
[email protected]	511521	811
[email protected]	198719	811
[email protected]	511521	811
[email protected]	ss051212	811
[email protected]	880317	811
[email protected]	112649776	812
[email protected]	233757	812
[email protected]	win256	812
[email protected]	dayezi1y1	812
[email protected]	windows	812
[email protected]	4994651	813
[email protected]	4994651	813
[email protected]	zclovett	813
[email protected]	887900	813
[email protected]	198543	813
[email protected]	1253000	814
[email protected]	800258	816


登录之后可以查看用户的身份证,手机号,开房信息之类的,其他的不多说,这里说下身份证,这么重要的东西,已经打码了,但是。。。这里设计缺陷,你这打码和不打有啥区别。。。

3.png


5.png


6.png


还可以消耗用户格林币升级会员享受优惠~

7.png


还有就是这里出来的帐号,因为是998.com主站域,所以是通用的,还可以登录格林商城,又是一波信息泄漏~

漏洞证明:

[email protected]	310715	770
[email protected]	jiguang26	771
[email protected]	byswdh741	772
[email protected]	123098357	774
[email protected]	leilei19871130	777
[email protected]	38239199	777
[email protected]	4088333	777
[email protected]	19901124	778
[email protected]	wen123	778
[email protected]	515610	778
[email protected]	43652375	779
[email protected]	06dongjun14	779
[email protected]	dong123321	780
[email protected]	yangyuxin	781
[email protected]	870530	781
[email protected]	19830522	781
[email protected]	129416	781
[email protected]	123456	781
[email protected]	l04260029	782
[email protected]	668868	782
[email protected]	135020	782
[email protected]	hyq521	782
[email protected]	tonyray	783
[email protected]	64258070	783
[email protected]	13951982350	783
[email protected]	aaqqaa	783
[email protected]	998877	783
[email protected]	60696558	784
[email protected]	987600	784
[email protected]	123456	784
[email protected]	987536	785
[email protected]	861229	785
[email protected]	8764806	785
[email protected]	276951439	785
[email protected]	xiaochuan	785
[email protected]	22006281	785
[email protected]	435513	785
[email protected]	11111111	786
[email protected]	1992asz	786
[email protected]	198165	786
[email protected]	11259375	786
[email protected]	871123	786
[email protected]	dalin520	787
[email protected]	55169997	787
[email protected]	520609	787
[email protected]	1236548	787
[email protected]	521827	788
[email protected]	560623	788
[email protected]	198808109	789
[email protected]	911207	789
[email protected]	sh2000lq	789
[email protected]	liguang	789
[email protected]	408925547	789
[email protected]	68734693	789
[email protected]	5128299	790
[email protected]	123456	792
[email protected]	5605570	792
[email protected]	87704821	792
[email protected]	5201314	792
[email protected]	89892344	792
[email protected]	8422925	792
[email protected]	8422925	792
[email protected]	15074720	792
[email protected]	6860577	792
[email protected]	gaofeng	792
[email protected]	yangdong123	792
[email protected]	wy2311545	792
[email protected]	mimabaohua	792
[email protected]	26197709	793
[email protected]	9132898961	793
[email protected]	tiantian1325	793
[email protected]	88382776	794
[email protected]	19870405	794
[email protected]	19820926	794
[email protected]	1qaz2wsx	794
[email protected]	498240	794
[email protected]	88775150	794
[email protected]	jiandanai	795
[email protected]	88811925	795
[email protected]	19891123	795
[email protected]	wzl1988	795
[email protected]	2262126	795
[email protected]	jiang6110285	795
[email protected]	wang59835	795
[email protected]	wzl1988	795
[email protected]	520520	795
[email protected]	3344521	795
[email protected]	15944350846	795
[email protected]	15944350846	795
[email protected]	qwert789	795
[email protected]	49331211	795
[email protected]	810912	795
[email protected]	198477	795
[email protected]	1qaz1q	795
[email protected]	321654	796
[email protected]	woshitiancai	797
[email protected]	6225065	797
[email protected]	devil86010	797
[email protected]	woshitiancai	797
[email protected]	12345zxcvb	798
[email protected]	667292	798
[email protected]	861130	798
[email protected]	13245768	798
[email protected]	66369386	799
[email protected]	5201314aa	799
[email protected]	783728	799
[email protected]	120488	799
[email protected]	123456789	799
[email protected]	584520	800
[email protected]	1231010	800
[email protected]	yayaya	800
[email protected]	904094	800
[email protected]	13537446	801
[email protected]	jijiji	801
[email protected]	8887113	801
[email protected]	woaizhuzhu	801
[email protected]	77803914	801
[email protected]	839200	801
[email protected]	828500	801
[email protected]	841123	801
[email protected]	140605	801
[email protected]	8219525	801
[email protected]	63781200	801
[email protected]	wang123qi	802
[email protected]	wangyufeng	802
[email protected]	397562024	802
[email protected]	15470847	802
[email protected]	407296362	802
[email protected]	jaytaba	802
[email protected]	8286889	803
[email protected]	6912940	803
[email protected]	2101117	803
[email protected]	1990225	803
[email protected]	jackal	803
[email protected]	335455183	803
[email protected]	wangwei915	803
[email protected]	5329580	803
[email protected]	5626228	803
[email protected]	963258963	803
[email protected]	421988	803
[email protected]	871206	804
[email protected]	34891393	804
[email protected]	520687	804
[email protected]	1d0b7d9b	804
[email protected]	814117	804
[email protected]	349478121	805
[email protected]	xuan9826	805
[email protected]	1360lhy	805
[email protected]	hyk187192	806
[email protected]	sfglkwfn	806
[email protected]	107331	806
[email protected]	138919	807
[email protected]	19871106	807
[email protected]	qunima	808
[email protected]	guoshuai	808
[email protected]	stefanie0723	809
[email protected]	262945677	810
[email protected]	mengbd520	810
[email protected]	8621068	810
[email protected]	mengbd520	810
[email protected]	118511	810
[email protected]	53411230	811
[email protected]	511521	811
[email protected]	198719	811
[email protected]	511521	811
[email protected]	ss051212	811
[email protected]	880317	811
[email protected]	112649776	812
[email protected]	233757	812
[email protected]	win256	812
[email protected]	dayezi1y1	812
[email protected]	windows	812
[email protected]	4994651	813
[email protected]	4994651	813
[email protected]	zclovett	813
[email protected]	887900	813
[email protected]	198543	813
[email protected]	1253000	814
[email protected]	800258	816

修复方案:

信息泄漏这么严重如果被人大数据撞库后发布到网上去。。。好好修一下验证码+打码吧

版权声明:转载请注明来源 祸斗@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-01-08 16:51

厂商回复:

感谢对格林的关注,该问题已进行处理。

最新状态:

暂无