当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-088152

漏洞标题:乐知空间某平台数据库未授权访问 (疑似册数数据)

相关厂商:北京乐知空间数字科技有限公司

漏洞作者: 龍 、

提交时间:2014-12-22 16:25

修复时间:2015-02-05 16:26

公开时间:2015-02-05 16:26

漏洞类型:未授权访问/权限绕过

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-12-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-02-05: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

乐知行某平台数据库未授权访问 (泄露用户信息)

详细说明:

/* 0 */
{
"_id" : ObjectId("543cc9a70364ebd3d10e229c"),
"conifgId" : "1",
"registHttpUrl" : "http://211.151.14.234:8080/GameWeb/info_register",
"roleInfoHttpUrl" : "http://211.151.14.234:8080/GameWeb/info_select"
}


mango.jpg

漏洞证明:

mango.jpg


/* 0 */
{
"_id" : ObjectId("5464b751e4b0f8daf010f80c"),
"uid" : "kmg25",
"account" : "yungu1020",
"pwd" : "yungu1020",
"devId" : "ac5325b26d151b536ec69375901a3817",
"email" : "",
"registeTime" : "2014-11-13 21:51:13",
"sex" : 0
}
/* 1 */
{
"_id" : ObjectId("5464b9a7e4b0f8daf010f80d"),
"uid" : "tez64",
"account" : "yungu1021",
"pwd" : "yungu1021",
"devId" : "ac5325b26d151b536ec69375901a3817",
"email" : "",
"registeTime" : "2014-11-13 22:01:11",
"sex" : 0
}
/* 2 */
{
"_id" : ObjectId("546572e1e4b0f8daf010f80e"),
"uid" : "kbj43",
"account" : "l00001",
"pwd" : "l00001",
"devId" : "",
"email" : "",
"registeTime" : "2014-11-14 11:11:29",
"sex" : 0
}
/* 3 */
{
"_id" : ObjectId("5465be6ce4b0f8daf010f80f"),
"uid" : "vns43",
"account" : "WHFwhf",
"pwd" : "111111",
"devId" : "",
"email" : "",
"registeTime" : "2014-11-14 16:33:48",
"sex" : 0
}
/* 4 */
{
"_id" : ObjectId("5465e771e4b0f8daf010f810"),
"uid" : "jxj09",
"account" : "Suhang",
"pwd" : "Suhang",
"devId" : "",
"email" : "",
"registeTime" : "2014-11-14 19:28:49",
"sex" : 0
}
/* 5 */
{
"_id" : ObjectId("5466076ae4b0f8daf010f811"),
"uid" : "fqq44",
"account" : "wanglc",
"pwd" : "qazwsx",
"devId" : "",
"email" : "",
"registeTime" : "2014-11-14 21:45:14",
"sex" : 0
}
/* 6 */
{
"_id" : ObjectId("546607fce4b0f8daf010f812"),
"uid" : "fnu78",
"account" : "wanglc1",
"pwd" : "qazwsx",
"devId" : "",
"email" : "",
"registeTime" : "2014-11-14 21:47:40",
"sex" : 0
}
/* 7 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f813"),
"uid" : "wdu60",
"account" : "abc001",
"pwd" : "abc001",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 8 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f814"),
"uid" : "yvd73",
"account" : "abc002",
"pwd" : "abc002",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 9 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f815"),
"uid" : "eai90",
"account" : "abc003",
"pwd" : "abc003",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 10 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f816"),
"uid" : "fqr89",
"account" : "abc004",
"pwd" : "abc004",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 11 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f817"),
"uid" : "dvr26",
"account" : "abc005",
"pwd" : "abc005",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 12 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f818"),
"uid" : "zyd32",
"account" : "abc006",
"pwd" : "abc006",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 13 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f819"),
"uid" : "lvc84",
"account" : "abc007",
"pwd" : "abc007",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 14 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f81a"),
"uid" : "grf82",
"account" : "abc008",
"pwd" : "abc008",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 15 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f81b"),
"uid" : "gyr63",
"account" : "abc009",
"pwd" : "abc009",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 16 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f81c"),
"uid" : "jis40",
"account" : "abc010",
"pwd" : "abc010",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 17 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f81d"),
"uid" : "smv46",
"account" : "abc011",
"pwd" : "abc011",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 18 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f81e"),
"uid" : "ynh18",
"account" : "abc012",
"pwd" : "abc012",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 19 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f81f"),
"uid" : "ogz69",
"account" : "abc013",
"pwd" : "abc013",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 20 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f820"),
"uid" : "rri13",
"account" : "abc014",
"pwd" : "abc014",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 21 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f821"),
"uid" : "ksa13",
"account" : "abc015",
"pwd" : "abc015",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 22 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f822"),
"uid" : "yca67",
"account" : "abc016",
"pwd" : "abc016",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 23 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f823"),
"uid" : "xxp40",
"account" : "abc017",
"pwd" : "abc017",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 24 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f824"),
"uid" : "fjy27",
"account" : "abc018",
"pwd" : "abc018",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 25 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f825"),
"uid" : "ajv48",
"account" : "abc019",
"pwd" : "abc019",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 26 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f826"),
"uid" : "ngj73",
"account" : "abc020",
"pwd" : "abc020",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 27 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f827"),
"uid" : "doq02",
"account" : "abc021",
"pwd" : "abc021",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 28 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f828"),
"uid" : "rvh97",
"account" : "abc022",
"pwd" : "abc022",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 29 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f829"),
"uid" : "qwc61",
"account" : "abc023",
"pwd" : "abc023",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 30 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f82a"),
"uid" : "qqu91",
"account" : "abc024",
"pwd" : "abc024",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 31 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f82b"),
"uid" : "tax88",
"account" : "abc025",
"pwd" : "abc025",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 32 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f82c"),
"uid" : "joc12",
"account" : "abc026",
"pwd" : "abc026",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 33 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f82d"),
"uid" : "zyd04",
"account" : "abc027",
"pwd" : "abc027",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 34 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f82e"),
"uid" : "zie85",
"account" : "abc028",
"pwd" : "abc028",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 35 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f82f"),
"uid" : "vgs31",
"account" : "abc029",
"pwd" : "abc029",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 36 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f830"),
"uid" : "cmy39",
"account" : "abc030",
"pwd" : "abc030",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 37 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f831"),
"uid" : "pwk46",
"account" : "abc031",
"pwd" : "abc031",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 38 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f832"),
"uid" : "hvo30",
"account" : "abc032",
"pwd" : "abc032",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 39 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f833"),
"uid" : "ymk96",
"account" : "abc033",
"pwd" : "abc033",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 40 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f834"),
"uid" : "ryn61",
"account" : "abc034",
"pwd" : "abc034",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 41 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f835"),
"uid" : "ntn09",
"account" : "abc035",
"pwd" : "abc035",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 42 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f836"),
"uid" : "cth30",
"account" : "abc036",
"pwd" : "abc036",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 43 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f837"),
"uid" : "dbl68",
"account" : "abc037",
"pwd" : "abc037",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 44 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f838"),
"uid" : "kfv09",
"account" : "abc038",
"pwd" : "abc038",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 45 */
{
"_id" : ObjectId("54660ab3e4b0f8daf010f839"),
"uid" : "nvt15",
"account" : "abc039",
"pwd" : "abc039",
"email" : "",
"registeTime" : "2014-11-14 21:59:15",
"sex" : 0
}
/* 46 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f83a"),
"uid" : "yuk68",
"account" : "abc040",
"pwd" : "abc040",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 47 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f83b"),
"uid" : "gkd03",
"account" : "abc041",
"pwd" : "abc041",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 48 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f83c"),
"uid" : "bvt25",
"account" : "abc042",
"pwd" : "abc042",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 49 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f83d"),
"uid" : "aqx82",
"account" : "abc043",
"pwd" : "abc043",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 50 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f83e"),
"uid" : "tdh39",
"account" : "abc044",
"pwd" : "abc044",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 51 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f83f"),
"uid" : "roj76",
"account" : "abc045",
"pwd" : "abc045",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 52 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f840"),
"uid" : "avd25",
"account" : "abc046",
"pwd" : "abc046",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 53 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f841"),
"uid" : "myk26",
"account" : "abc047",
"pwd" : "abc047",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 54 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f842"),
"uid" : "vsz44",
"account" : "abc048",
"pwd" : "abc048",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 55 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f843"),
"uid" : "tcy97",
"account" : "abc049",
"pwd" : "abc049",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 56 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f844"),
"uid" : "rrc44",
"account" : "abc050",
"pwd" : "abc050",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 57 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f845"),
"uid" : "ity24",
"account" : "abc051",
"pwd" : "abc051",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 58 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f846"),
"uid" : "kch03",
"account" : "abc052",
"pwd" : "abc052",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 59 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f847"),
"uid" : "mth55",
"account" : "abc053",
"pwd" : "abc053",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 60 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f848"),
"uid" : "rro43",
"account" : "abc054",
"pwd" : "abc054",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 61 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f849"),
"uid" : "mfy03",
"account" : "abc055",
"pwd" : "abc055",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 62 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f84a"),
"uid" : "hrm48",
"account" : "abc056",
"pwd" : "abc056",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 63 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f84b"),
"uid" : "vtu76",
"account" : "abc057",
"pwd" : "abc057",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 64 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f84c"),
"uid" : "sga77",
"account" : "abc058",
"pwd" : "abc058",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 65 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f84d"),
"uid" : "mcn97",
"account" : "abc059",
"pwd" : "abc059",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 66 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f84e"),
"uid" : "zvo45",
"account" : "abc060",
"pwd" : "abc060",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 67 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f84f"),
"uid" : "whs46",
"account" : "abc061",
"pwd" : "abc061",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 68 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f850"),
"uid" : "xfl87",
"account" : "abc062",
"pwd" : "abc062",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 69 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f851"),
"uid" : "asw79",
"account" : "abc063",
"pwd" : "abc063",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 70 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f852"),
"uid" : "gds59",
"account" : "abc064",
"pwd" : "abc064",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 71 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f853"),
"uid" : "bhk47",
"account" : "abc065",
"pwd" : "abc065",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 72 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f854"),
"uid" : "kvr13",
"account" : "abc066",
"pwd" : "abc066",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 73 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f855"),
"uid" : "xmf96",
"account" : "abc067",
"pwd" : "abc067",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 74 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f856"),
"uid" : "zao94",
"account" : "abc068",
"pwd" : "abc068",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 75 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f857"),
"uid" : "egg82",
"account" : "abc069",
"pwd" : "abc069",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 76 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f858"),
"uid" : "fgh09",
"account" : "abc070",
"pwd" : "abc070",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 77 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f859"),
"uid" : "edn01",
"account" : "abc071",
"pwd" : "abc071",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 78 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f85a"),
"uid" : "wsk25",
"account" : "abc072",
"pwd" : "abc072",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 79 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f85b"),
"uid" : "gbv40",
"account" : "abc073",
"pwd" : "abc073",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 80 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f85c"),
"uid" : "cnr68",
"account" : "abc074",
"pwd" : "abc074",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 81 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f85d"),
"uid" : "bce54",
"account" : "abc075",
"pwd" : "abc075",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 82 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f85e"),
"uid" : "ivr81",
"account" : "abc076",
"pwd" : "abc076",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 83 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f85f"),
"uid" : "nxf74",
"account" : "abc077",
"pwd" : "abc077",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 84 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f860"),
"uid" : "ibl51",
"account" : "abc078",
"pwd" : "abc078",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 85 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f861"),
"uid" : "tna83",
"account" : "abc079",
"pwd" : "abc079",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 86 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f862"),
"uid" : "ccz65",
"account" : "abc080",
"pwd" : "abc080",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 87 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f863"),
"uid" : "cen89",
"account" : "abc081",
"pwd" : "abc081",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 88 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f864"),
"uid" : "ohr04",
"account" : "abc082",
"pwd" : "abc082",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 89 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f865"),
"uid" : "fff75",
"account" : "abc083",
"pwd" : "abc083",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 90 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f866"),
"uid" : "lzs88",
"account" : "abc084",
"pwd" : "abc084",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 91 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f867"),
"uid" : "pmm05",
"account" : "abc085",
"pwd" : "abc085",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 92 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f868"),
"uid" : "cth65",
"account" : "abc086",
"pwd" : "abc086",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 93 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f869"),
"uid" : "maf88",
"account" : "abc087",
"pwd" : "abc087",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 94 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f86a"),
"uid" : "zxq58",
"account" : "abc088",
"pwd" : "abc088",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 95 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f86b"),
"uid" : "lsa10",
"account" : "abc089",
"pwd" : "abc089",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 96 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f86c"),
"uid" : "tfd38",
"account" : "abc090",
"pwd" : "abc090",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 97 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f86d"),
"uid" : "uhm67",
"account" : "abc091",
"pwd" : "abc091",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 98 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f86e"),
"uid" : "ajp47",
"account" : "abc092",
"pwd" : "abc092",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}
/* 99 */
{
"_id" : ObjectId("54660ab4e4b0f8daf010f86f"),
"uid" : "iga87",
"account" : "abc093",
"pwd" : "abc093",
"email" : "",
"registeTime" : "2014-11-14 21:59:16",
"sex" : 0
}

修复方案:

版权声明:转载请注明来源 龍 、@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论

  1. 2014-12-22 17:38 | 无心、 ( 实习白帽子 | Rank:71 漏洞数:20 | 你不是风儿,我也不是沙,再怎么缠绵也到不...)

    2B