当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-011294

漏洞标题:走秀网660W用户信息泄漏

相关厂商:走秀网

漏洞作者: 梦想肥羊

提交时间:2012-08-24 17:22

修复时间:2012-10-08 17:22

公开时间:2012-10-08 17:22

漏洞类型:用户资料大量泄漏

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2012-08-24: 细节已通知厂商并且等待厂商处理中
2012-08-24: 厂商已经确认,细节仅向厂商公开
2012-09-03: 细节向核心白帽子及相关领域专家公开
2012-09-13: 细节向普通白帽子公开
2012-09-23: 细节向实习白帽子公开
2012-10-08: 细节向公众公开

简要描述:

走秀网660W用户数据泄漏,泄漏事件发生时间为2011年10月16日或者更早
数据包含 邮箱+用户名+md5加密的密码(上在线解密网站随便解)
数据总量约660W (我也没数,差不多,数据包上标的)
声明:不是我拖的库,我只是来告诉你库被拖了。

详细说明:

走秀网660W用户数据泄漏,泄漏事件发生时间为2011年10月16日或者更早
数据包含 邮箱+用户名+md5加密的密码(上在线解密网站随便解)
数据总量约660W (我也没数,差不多,数据包上标的)
声明:不是我拖的库,我只是来告诉你库被拖了。
我试着登陆了几个账户,成功登陆~~太多了~我就不试了,上截图


漏洞证明:

随便粘贴点给大家试试~
love_morientes@126.com:love_morientes:376edf7f37f2f3c249e0890167dd9a95:
luckymember@qq.com:luckymember:4dc4125703be6a1019ff793e0818b344:
yinsixiaoqi@126.com:luofei:e10adc3949ba59abbe56e057f20f883e:
10496898@qq.com:dxzwd213:3294cf478d29be8894a5d6321e22b296:
wpnmg@vip.qq.com:shuizhimu:d2390a76300fb83c26fe1faadaa853f1:
zhangdongyao@live.cn:zhangdongyao:5150ee994149adcfad171dea1ef2e1e8:
xiongwt87@hotmail.com:xiongwt87:e1b110797d12ed8abde34142ec614345:
violetzl@126.com:zongliu:81a57538bea3f6e953f6a459eb767357:
zzh19810729@163.com:zzh19810729:5e62a15affd19c27713a6059dbbcfa3a:
flower_liu@126.com:flower_liu:3f51e53123f9c28371517f4f4427d525:
iou520se@126.com:iou520se:69c0992adec8cf3549b823e803175f43:
lovelifeifei@qq.com:lovelifeifei:73e3bac63bb2d5e5cfa1315f062e4ac5:
luosen19830826@163.com:luosen:51b32d8360afdde01e011dc4c1244416:
zwj407924549@126.com:suoyun:0fb7cab6bd503f889e7fa7c2fc24c1f8:
wadden220@sina.com:seaxhly816:f25a2fc72690b780b2a14e140ef6a9e0:
xiawm05@yahoo.com.cn:xul2005:6123cd710e2e9ec2fcfb140c99fbf9ac:
wulina1016@sohu.com:wulina1016:662be8a28444fe9b80595f92b8493fc4:
417292502@qq.com:qyy_417292502:beb679b11c589de70ee1622f5c5dec07:
8838100@126.com:lsdv0960:80403a400104149e6246028d0366f285:
ananann@163.com:ananann:3d4505133123a49b770d159c4d863109:
hsuwen@126.com:zosue:1e0216972eaced2f5b3638f3b60c7dbc:
qfingeng0815@163.com:jiejing:93db966c60345c20f9ee959c0ef17f1b:
175245562@qq.com:geng1021:51e5846de97ec256567cf3700efbaae5:
angel001228@yahoo.com.cn:angellai:baba22ae337c4a8283264b8c8d4fc9ef:
qiuqian_2008@126.com:qiuqian:e8a1b1078653417c43695c46bc1659fc:
heiguidong555@163.com:heiguidong555:cb406e87936682a6a464f87fb16d501c:
qing9616@sina.com:lhyzaj:e50d63a46c218835bd6f9552f7ff4121:
maisaiqing@yahoo.com.cn:shaoxiaosan:385e701c1c806b5e7c4fc3d9e9d3af2d:
yangqinfashion@163.com:yangqin2009:12cb1bddb49bb8061e80f2557251941a:
937739654@qq.com:ronglin:1c87af8f2f19e9b7b111d293a334e2cc:
ml199809@tom.com:maling:f444e1a01b93317098bd6ec78698f78e:
azalea_1019@hotmail.com:azalea_1019:60bc931fa279a302925f7127e145732f:
delingcly@sina.com:deling:3af5797239e8a8b2cf170b9abf61efba:
sailei1116@hotmail.com:layip:ef286d50c0a808abd3cd6119b95fed92:
ljykkll@163.com:ljykkll:443371f69b99fd2a42197f7037b6964f:
txy0415@yahoo.com.cn:0415txy:7d280e031cd27a11737e5c7e3a33faf0:
zdhko@126.com:zdhko:39fd491e6913611f112c7fc9570f4280:
jcgaotong@163.com:anitagao821119:72d6ceda3e342f25f2b7ee6974e5dc6e:
jiaaolun@163.com:jlq040526:789ae761f1b48d90b1c5ecbd7814381c:
qwe0206@163.com:qwe_0206:78efc805c8d3c45b95145201a7f25415:
313740881@qq.com:anlesi123:3327c2480d2017d319bc500d12aa534e:
yy.chen1021@163.com:cherry_chen:7b38bb048aa22db31836b4ae15f4e5fd:
niuniu_0122@163.com:niuniu_0122:2d05bc2bae5c00acff672ed7babe0a6f:
517222061@qq.com:yang_zekai:473bbc72cedffe6660a59a72ef21f2e2:
zhuhongyanyy@163.com:zhuzhuaml2009:dbc45f63f55e9f4cd986076a37a8d070:
qiuemingmm@yahoo.cn:qiueming:ad5a787885049349000d8569b3783304:
wo-shi-xz@163.com:lmz2009:ccb2a0e0f1d83f67b59496c268a672d6:
42504028@qq.com:fyczwenxin:e6900a79f90657446b5e638a36964af6:
hp-ping57@163.com:yiping:28912685f0038566f6112b5c984c6e8c:
jingshu0204@hotmail.com:jingshu:76e91698d162ac84d2a3fede1e10f835:
wowokatie@yahoo.com.cn:katieiou:6d974dd4abc8bb6dfc52b8347277fb0d:
61174719@qq.com:321bao:666817a67282519c6e45b75dfb9621de:
283706064@qq.com:xiao0chun:6e7ddc9cb03b1b15b4210057d95897f1:
yeti10@163.com:yeti10:85503098ec431d0693d953f4a24aed3e:
kasumibaby@qq.com:kasumi:72c703d79d74df5ec4c875529e03bb65:
canterburybells@yeah.net:xiaominm:39ebfdcc3bcf03adabf2808521ed2e78:
jingyuesky@163.com:baobaoaisajiao:7337e2f117b38edd90ef8ddd50c31406:
klz1841@sina.com:klz319:f1a7dfc1a9d977d68bca6561fa36390f:
543199186@qq.com:mtfx:f39f56303a3b354df2c77f55fae4a9d0:
aiyis@163.com:mice11:96e79218965eb72c92a549dd5a330112:
luoyelove1988@163.com:1988311:48c90a005e4f56c64503571b90ae4256:
tjyangbo1978@sina.com:tjyangbo1978:5f715748d4538fbf6c4f87244be69930:
251463541@qq.com:zhuzouji:6343ef19a84f29cc54db8cffda2f65d1:
chen.minchun@163.com:chen1015:0be1b07e3fa9abb025ee4cc524600d33:
kasamasisi@hotmail.com:kasamasisi:33814acc0b112f9c4a7d49a407321729:
xsw19940522@163.com:yfy_xsw:7f028dd6ada3f134abc6250bed00bdfb:
tdl1989425@163.com:tdl1989425:fc34203b0ac1306243e3d9b60b1884ca:
wy27653419@yahoo.cn:yijianfenghou:16ff84d1223754b3e8983496b28de3f7:
qiziiile@tom.com:qiziiile:bce9398c742cf207120731e8a5dc9cdd:
wenyipiao@163.com:wenyipiao:2ae565a436212be647eff375f95934a6:
shirley820908@hotmail.com:shirley820908:aa8f33c7db40f55eabe7e188ef385a0c:
drsujin@126.com:drsujin:0f63bbd2965273ffef24853fdd09a681:
taocheng.2004@163.com:20090909:e10adc3949ba59abbe56e057f20f883e:
lqy7105@163.com:zqlqy:a5fc76752a632b409874981bf60c378c:
13650425955@139.com:ting200815_:d0ff89fbb14c097e223626bf8acfd756:
niedd520@163.com:niedd520:6723a9c183d8d9d7ece4883f364b1596:
yfts123@126.com:yfts123:e10adc3949ba59abbe56e057f20f883e:
86584450@qq.com:zhengna:fb4bc44a25c2a2a62bf3a7b0d4c18ea2:
190509907@qq.com:lee9394:bcb56d437e6ae1f8da4df5d3bd79675d:
heruoruo@163.com:ruoruo5254:e4ae131b67949f6000202127d84b7b28:
pkuyanghe@163.com:pkuyanghe:bb0174f05e41f22ed305ef0fcbd80156:
904405543@qq.com:wszyp:a407456cfca8cf560b2905876c13671e:
wingohuang@heah.net:huangcaifen:f9ca110ea0857d03042787a1a4330d15:
178138975@qq.com:178138975:431ede8494c556085472ab5a2c472c1a:
13600151011@139.com:jiejie007:e9d4b5ee9ef712c9ae5758a5c8fca272:
yujingxun@vip.qq.com:lanse123:e10adc3949ba59abbe56e057f20f883e:
linziily@yahoo.com.cn:linziily:0318155bd74cef7289385a031a288e35:
jixin84@yahoo.com:jill:b483c697b7748153cd0cc6dbd8ecd343:
jierud@126.com:sakana:1ef1651bfb101a5bf5c96b40ec9d12da:
wangye_12.student@sina.com:miantuan:93257d2545bb4be00ccc46673192fe01:
paulaijie@yahoo.com.cn:wj325ggg:2b87519b3611131679c8a7d020826851:
sankuai107@yahoo.com.cn:sankuai:99758cd142cdb6d8ea147df1bf75b3db:
112017058@qq.com:kn7758:4e5e469c9b5acc160b1fcdc7ab970ad4:
muwanqing1103107@163.com:anita1103107:dcbc780692626ddbdaa2efd797d3cf11:
gyj85xp@163.com:gyj85xp:0b4e7a0e5fe84ad35fb5f95b9ceeac79:
sf6783@21cn.com:hblhbl123:142da02991a6143a69e2047775a1dcf7:
xw2172@163.com:greenwei:7c160e5af253ac7ce41a098f9c95c1c2:
yilianchen@tom.com:samchen:636e106d695a3dcad758b9a31ae005e3:
yzllynn@hotmail.com:lynn123:191c5d5eeb525c7df111822a4fb47f51:
zcy0923@126.com:zcy0923:dc7cbfb57cb39901b35d5cce5b947fc9:
linwenlei007@sohu.com:lami:74887eea901d2d36607adabc3e56d927:
328493935@qq.com:haipinglee:455a80f958e29c866e48e12ad16c3106:
zqx1983@163.com:zhanqiuxia:6fd624d7466a6678d5e08dd14464a986:
leilei43420242@hotmail.com:yusenlisa:e10adc3949ba59abbe56e057f20f883e:
fsmykj@163.com:fenghanshuang:3255a3fc0026286b2864611a68a8b057:
jj770709@163.com:kitkitbb2008:56c3658a0dc6893931d490c95194daef:
dearnavy@tom.com:dearnavy:24094631a1ab9db95190fccb12b82f2a:
cchui120061@126.com:yeahand:96c0648dc4a54ff430417b5e93d84525:
shy_1818@yahoo.com.cn:shy_1818:6fe444aa5cdfcde24e8d963a916abc1e:
5065999@qq.com:candy_jang:6bf5ad77a8e6bb97b4ac40d3025194c1:
yu861101@sina.com:ximen:cf8c8998be3b2fc3c3ab291f35f60e12:
moyingjie@163.com:moyingjie:a2699803f766d8775383da32cf1a12b8:
2586it@sohu.com:tjh302:e10adc3949ba59abbe56e057f20f883e:
cjy_sz@126.com:caicaicai:75f5aa81632055fb6a71a4ffb4685849:
waw24@sohu.com:waw24:78ee2dd7ec13501b0707cd3782bcd000:
lihaotong_2007@sina.com:lihaotong_2007:b3d6c1d91b93f351d9860ec8b4e0e73e:
huolonghuolong@hotmail.com:hjuan:523c7c9c751da6cdf08ffa43051b25c9:
jayce322@163.com:jayce322:48b81016fe92311f8a1222a17cba5216:
tk0320@139.com:tink:de03c1354aa9b147f9a59f7562feedce:
799848790@qq.com:lano:2e04e94a124f54fae4efc4d37e71f9c7:
zhu.wang@qq.com:zw170:e7f3116246c0a6673d6ee5d2e00d6a74:
duxinglong2009@126.com:a13797329999:c9db4c09d7b66832f243bce411807928:
83784265@qq.com:yuanshan:57e9521cf5f0734dc31af761dc1da378:
1019321520@qq.com:wulolita:bc0ca42ccf14865054fc045390e565fb:
i-xy430@163.com:yen6316:4e5ab11a823906188ac8d71097405db6:
83179334@qq.com:liuxx:8e77c1b302952531b4525949bfdec3fc:
liuxi0630@163.com:liuxi:e10adc3949ba59abbe56e057f20f883e:
jsls7@163.com:youling:f8b210535f30960ab18d391c4d5284d6:
lijinyuan48@tom.com:lijinyuan48:b5a08f5a696de5c879a444aa34029358:
fugs417837859@yahoo.cn:fugs417837859:b53b5a868182dc82f5b7780264b10553:
haozhoujin@tom.com:haozj712:520be7d1d437d8ddbe9bfd6edc56884f:
dumb_yuki@hotmail.com:yukitoronto:0288606f6301121231332e6fba975ce9:
www.362884858@qq.com:zouxiu11:aa9124c003ee5e1f7c674a12d036789b:
geyu99@163.com:geyu99:52a67342e1f96194e83b3b53f3962eb4:
gdgjm@139.com:gdgjm:fbda9f94bac8733ea723272d8e2ca627:

修复方案:

你懂的~

版权声明:转载请注明来源 梦想肥羊@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2012-08-24 23:45

厂商回复:

非常感谢“梦想肥羊”提供的打包原始数据!已经确认,这是几年前的老数据了,并且去重后数据量不多。沟通过程中感觉你是一个真正的白帽子,再一次感谢!

最新状态:

暂无

漏洞评价:

评论

  1. 2012-08-24 17:26 | king ( 路人 | Rank:15 漏洞数:2 | 喜爱安全,网络游戏安全应用漏洞挖掘)

    声明:不是我拖的库,我只是来告诉你库被拖了。+1

  2. 2012-08-24 17:28 | Z-0ne 认证白帽子 ( 普通白帽子 | Rank:559 漏洞数:38 | 目前专注于工控安全基础研究,工业数据采集...)

    上新闻前先占座

  3. 2012-08-24 17:30 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    之前带头大哥已经报了N多洞了

  4. 2012-08-24 17:37 | 梦想肥羊 ( 实习白帽子 | Rank:89 漏洞数:18 | 博客:dnswalk.blog.163.com)

    @zeracker 你不就是乌云的带头大哥~难道还有别人?

  5. 2012-08-24 17:38 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @梦想肥羊 Jannock 呼叫带头大哥@Jannock 来分析一下

  6. 2012-08-24 17:41 | imlonghao ( 普通白帽子 | Rank:730 漏洞数:74 )

    前排围观............

  7. 2012-08-24 17:45 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)

    官方应该知道了吧?...

  8. 2012-08-24 17:56 | 可乐超人 ( 实习白帽子 | Rank:71 漏洞数:10 )

    咚咚,开下门,查水表

  9. 2012-08-24 18:00 | 葉孒 ( 实习白帽子 | Rank:37 漏洞数:5 | 呵呵)

    准备接律师函。

  10. 2012-08-24 18:09 | TwoSpring ( 路人 | Rank:8 漏洞数:1 | 游走于道德与随性之间……)

    只是冰山一角吧

  11. 2012-08-24 18:14 | Z-0ne 认证白帽子 ( 普通白帽子 | Rank:559 漏洞数:38 | 目前专注于工控安全基础研究,工业数据采集...)

    @xsser 我感觉官方应该是知晓的,年前那一批里不就有他们,莫非还有什么下文

  12. 2012-08-24 18:14 | Rookie ( 普通白帽子 | Rank:288 漏洞数:78 | 123)

    来占位置

  13. 2012-08-24 18:41 | 爱上平顶山 认证白帽子 ( 核心白帽子 | Rank:2738 漏洞数:547 | [不戴帽子]异乡过客.曾就职于天朝某机构.IT...)

    0............

  14. 2012-08-24 19:37 | 梦想肥羊 ( 实习白帽子 | Rank:89 漏洞数:18 | 博客:dnswalk.blog.163.com)

    @xsser [img src="/upload/image/201208/2012082419343623713.jpg"/]

  15. 2012-08-24 19:49 | Metasploit ( 实习白帽子 | Rank:37 漏洞数:7 | http://www.metasploit.cn/)

    @爱上平顶山 这个名字霸气,我下次改名叫爱上舞钢

  16. 2012-08-24 22:32 | Vty ( 普通白帽子 | Rank:199 漏洞数:37 )

    前排插入,球下载地址

  17. 2012-08-25 09:10 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    都在回复里求下载地址的,还后者脸皮自称“白帽子”?

  18. 2012-08-25 11:28 | Vty ( 普通白帽子 | Rank:199 漏洞数:37 )

    @zeracker 表示你一点不幽默,你觉得人家会把地址写出来么,我哭

  19. 2012-08-25 12:29 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    @Vty 这种行为在乌云上出现的话,不和谐。

  20. 2012-09-25 11:59 | 神刀 ( 路人 | Rank:23 漏洞数:3 | www.shellsec.com内射那么牛,虾米没妹子?)

    沟通过程中感觉你是一个真正的白帽子

  21. 2013-08-04 00:13 | M4sk ( 普通白帽子 | Rank:1199 漏洞数:319 | 国内信息安全任重而道远,还需要厂商和白帽...)

    沟通过程中感觉你是一个真正的白帽子