2015-07-03: 细节已通知厂商并且等待厂商处理中 2015-07-03: 厂商已经确认,细节仅向厂商公开 2015-07-13: 细节向核心白帽子及相关领域专家公开 2015-07-23: 细节向普通白帽子公开 2015-08-02: 细节向实习白帽子公开 2015-08-17: 细节向公众公开
深夜挖洞很不容易啊,给高神rank吧!博库网是博库网络有限公司独立运营的目前国内领先、可供图书品种最多的文化知识平台,是浙江省新华书店集团有限公司投资人民币5000万元设立的全资子公司。[1] 博库网作为浙江省新华书店集团“十二五”发展规划项目之一,依靠新华书店集团公司强有力的资源背景(全行业领先、具有自主知识产权的ERP系统、14万平方米规模的现代物流中心,丰富的产品资源和信息资源、以及全集团信息一体化、库存一体化、市场一体化的连锁经营运作体系),博库网有信心迈好“走出去——大力发展博库文化品牌”的每一个步伐,努力成为世界一流、国内领先、具有出版物中盘特色的中文图书购书平台和博库文化品牌
0x1:只要知道用户的账户就可以重置用户的密码,于是在官网上找到了这个,就拿热线电话测试!
95105940
重置热线之前先走一下正确的流程,拿自己手机申请的用户抓取响应包!
HTTP/1.1 200 OKServer: nginx/0.8.46Date: Sun, 24 May 2015 15:38:49 GMTContent-Type: text/html; charset=utf-8Connection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/5.3.6Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheContent-Length: 31517<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>æ¾åå¯ç -ååºç½</title> <link href="http://style.bookuu.com/css/sys.css" rel="stylesheet" type="text/css" /> <link href="http://style.bookuu.com/css/base.css" rel="stylesheet" type="text/css" /> <link href="http://style.bookuu.com/index/css/layout.css" rel="stylesheet" type="text/css" /> <link href="http://style.bookuu.com/index/css/login-reg.css" rel="stylesheet" type="text/css" /> <link rel="stylesheet" type="text/css" href="http://style.bookuu.com/index_new/css/sub_head.css" /> <link rel="stylesheet" type="text/css" href="http://style.bookuu.com/css/feedback.css"><link rel="icon" href="http://style.bookuu.com/favicon.ico" type="image/x-icon" /><script type="text/javascript" src="http://style.bookuu.com/jquery/jquery-1.5.1.min.js"></script><script type="text/javascript" src="http://style.bookuu.com/jquery/jqueryTabs.js"></script><script type="text/javascript" src="http://style.bookuu.com/jquery/base.js"></script> <script type="text/javascript"> $(document).ready(function(){ $('#submitid').bind('click',function(){ checkform(); }); //éªè¯è¡¨å function checkform(){ var name= $.trim($("#nicknameid").val()); var checkcode = $('#seccode').val(); if(Len(name)<5||Len(name)>20){ alert('请è¾å ¥æ£ç¡®çç¨æ·åä¿¡æ¯ï¼'); return false; }else if(Len(checkcode)!=4){ alert('请æ£ç¡®çéªè¯ç ï¼'); return false; }/*else{ $.get("getpassword.php", {name:name, checkcode: checkcode,step:1 }, function(data){ if(data.flag==101||data.flag==102){ alert(data.msg); return false; }else{ alert('请继ç»æä½'); //window.location.href='./getpassword.php?t='+Math.random(); } }); }*/ } //å符串é¿åº¦ function Len(str){ var i,sum; sum=0; for(i=0;i<str.length;i++) { if ((str.charCodeAt(i)>=0) && (str.charCodeAt(i)<=255)) sum=sum+1; else sum=sum+2; } return sum; } }) </script> <style type="text/css"> <!-- .default {color: #999999} .login_form_wrong { background: url("../images/bg_login_wrong.gif") no-repeat scroll 3px 4px transparent; color: #CC3300; padding-left: 14px !important; padding-right: 2px; width: 167px !important; } --> .serve-form{ display: none;} </style> </head> <body> <div class="layout"> <div class="login-logo-pannel"> <a href="http://www.bookuu.com" class="bk-logo"></a> <a href="http://www.bookuu.com" class="gotoboku">åååºé¦é¡µ</a> </div> <div class="register-pannel"> <div class="cbox"> <div class="cbox-inner"> <h1 class="underline">æ¾åå¯ç </h1> <div class="gpb"> <p>æ¨çè´¦å·å·²ç»å®ææºï¼è¯·éæ©ææºç»å®æ¾åå¯ç ã</p> <div class="options"> <a href="./getpwbymobile.php?act=update&step=1"><img src="http://style.bookuu.com/index/images/m1_phone.png">ææºç»å®æ¾åå¯ç </a> <a href="http://help.bookuu.com/helper.php?typeDeal=79"><img src="http://style.bookuu.com/index/images/m2_support.png">è系客ææ¾åå¯ç </a> </div> </div> <b class="cbox-ctl"></b> <b class="cbox-ctr"></b> <b class="cbox-cbl"></b> <b class="cbox-cbr"></b> </div> </div> </div></div> <div id="footer" class="footer"> <ul class="clearfix"> <li> <h3>æ°æå ¥é¨</h3> <ul> <li><a href="http://help.bookuu.com/helper.php?typeDeal=39" target="_blank">è´ç©æµç¨</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=51" target="_blank">å票å¶åº¦</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=37" target="_blank">积å说æ</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=68" target="_blank">交ææ¡æ¬¾</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=458" target="_blank">订åç¶æ</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=79" target="_blank">常è§é®é¢</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=4153" target="_blank">ICå å¼å¡è¯´æ</a></li> </ul> </li> <li> <h3>é éæ¹å¼</h3> <ul> <li><a href="http://help.bookuu.com/helper.php?typeDeal=41" target="_blank">é éèå´ä¸è¿è´¹</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=42" target="_blank">é éæ¶é´</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=44" target="_blank">ä¸é¨èªå</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=43" target="_blank">ååéªè´§ä¸ç¾æ¶</a></li> </ul> </li> <li> <h3>æ¯ä»æ¹å¼</h3> <ul> <li><a href="http://help.bookuu.com/helper.php?typeDeal=46" target="_blank">è´§å°ä»æ¬¾</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=47" target="_blank">ç½ä¸æ¯ä»</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=48" target="_blank">é®å±æ±æ¬¾</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=49" target="_blank">é¶è¡æ±æ¬¾ä¸è½¬è´¦</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=50" target="_blank">ååºå¸</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=593" target="_blank">ååºå¸</a></li> </ul> </li> <li> <h3>å®åæå¡</h3> <ul> <li><a href="http://help.bookuu.com/helper.php?typeDeal=53" target="_blank">é货说æ</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=52" target="_blank">éæ¢è´§æµç¨</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=59" target="_blank">éæ¢è´§å°å</a></li> <li><a href="http://help.bookuu.com/helper.php?typeDeal=60" target="_blank">é款说æ</a></li> </ul> </li> <li> <h3>äºè§£ååº</h3> <ul> <li><a href="http://help.bookuu.com/anentbookuu.php?typeDeal=94" target="_blank">å ³äºååº</a></li> <li><a href="http://help.bookuu.com/anentbookuu.php?typeDeal=98" target="_blank">å ³äºæµæ±æ°å</a></li> <li><a href="http://help.bookuu.com/anentbookuu.php?typeDeal=459" target="_blank">èç³»æ们</a></li> <li><a href="http://help.bookuu.com/anentbookuu.php?typeDeal=4034" target="_blank">å ¬å¸æè</a></li> <li><a href="http://help.bookuu.com/anentbookuu.php?typeDeal=97" target="_blank">åä½ä¼ä¼´</a></li> <li><a href="http://help.bookuu.com/anentbookuu.php?typeDeal=93" target="_blank">åæ é¾æ¥</a></li> </ul> </li> <li class="serphone"> <h3>æå¡ç线</h3> <div class="phone-footer-bg"> <p>æå¡æ¶é´: 9:00 -- 21:00</p> <p class="tel">TEL: 95105940</p> </div> </li> </ul> <p class="binfo"> <img src="http://style.bookuu.com/index_new/images/footer_banner.jpg"> </p> <div class="copyright"> <dl> <dd class="polices_icon"></dd> <dd class="ll"><a href="http://www.itrust.org.cn/yz/pjwx.asp?wm=1575312902" target="_blank" title="ç¹å»æ¥éªçµåè¯ä¹¦"><img src="http://style.bookuu.com/images/itrust47.jpg" alt="ä¸å½ä¿¡ç¨ä¼ä¸"></a></dd> <dd class="web_gs"><script type="text/javascript" src="http://zjnet.zjaic.gov.cn/sjqybswj/3300000000022054.js"></script></dd> <dd class="copy_txt">Copyright 2005-<script type="text/javascript">(function(){document.write(new Date().getFullYear())})()</script> <a href="http://www.bookuu.com" target="_blank" title="ååºç½">bookuu.com</a> çæææ<br>å¢å¼çµä¿¡ä¸å¡ç»è¥è®¸å¯è¯:<a href="http://www.miibeian.gov.cn/" target="_blank" title="æµB2-20110278" rel="nofollow">æµB2-20110278</a></dd> <dd class="ll"><a href="https://ss.knet.cn/verifyseal.dll?sn=e14082133010052836nfbw000000&comefrom=trust&trustKey=dn&trustValue=www.bookuu.com" target="_blank"><img src="http://style.bookuu.com/images/kxwz.jpg"></a></dd> <dd class="ll"> <a id='___szfw_logo___' href='https://search.szfw.org/cert/l/CX20131024003180003178' target='_blank'><img src='http://style.bookuu.com/images/cxwz.png'></a> <script type='text/javascript'>(function(){document.getElementById('___szfw_logo___').oncontextmenu = function(){return false;}})();</script> </dd> </dl> </div></div><!-- E åºé¨ --><div id="cat-menu"> <div class="max-menu"><a href="http://www.bookuu.com/sort/book.html">å¾ä¹¦</a></div> <ul class="cat-menu-bd"> </ul> <div class="max-menu"><a href="http://www.bookuu.com/sort/music.html">å½±é³</a> <a href="http://www.bookuu.com/sort/software.html">软件</a></div></div><script type="text/javascript"> //帮å©ä¸å¿ $(".site-help").hover(function(){ $(this).addClass("site-help-on"); $(this).find(".help-bd").show(); },function(){ $(this).removeClass("site-help-on"); $(this).find(".help-bd").hide(); }); //æç´¢æ¡ $('#key_S').focus(function(){ if($(this).val()==this.defaultValue){ $(this).css("color","#000"); } }).blur(function(){ if($(this).val()==''){ $(this).val(this.defaultValue); $(this).css("color","#999"); } }); //åç±» var timer = 0; $('.main-nav h2').hover(function(){ clearTimeout(timer); $('#cat-menu').toposition(this, {x:0, y:35}).show(); $(this).addClass("on"); }); $(".cat-menu-bd li").hover(function(){ $(this).addClass("hover"); var oChild = $(".cat-mod", this); // è®¡ç® .cat-mod ç top var iHeight = 35 + 32 * ($(this).index() + 1), iChildHeight = oChild.height(), iMinHeight = 50; // paddingTop + 30 if ((iChildHeight - iHeight) < iMinHeight) { var iCatHeight = $('#cat-menu').height() - 35, iTop = iHeight - (iChildHeight - iMinHeight); if ((iTop + iChildHeight) > iCatHeight) { iTop = iCatHeight - iChildHeight; } oChild.css('top', iTop); } oChild.show(); },function(){ $(this).removeClass("hover"); $(".cat-mod", this).hide(); }); $('.main-nav h2').mouseout(function() { timer = setTimeout(function() { $("#cat-menu").hide(); $(".main-nav h2").removeClass("on"); }, 100); }); $('#cat-menu').live('mouseout', function() { timer = setTimeout(function() { $("#cat-menu").hide(); $(".main-nav h2").removeClass("on"); }, 100); }); $('#cat-menu').live('mouseover', function() { clearTimeout(timer); }); //è´ç©è½¦ var enter = function(){ if($("#top-cart-list").is(":hidden")){ $("#top-cart-list").show(); var html_list = $.ajax({url:"/sync/getcart.php",async:false}); $('#top-cart-list').html(html_list.responseText); if($(".smb .shoppingcartnumid").html()===null){ $(".shoppingcartnumid").html(0); }else{ $(".shoppingcartnumid").html(parseFloat($(".smb .shoppingcartnumid").html())); }; return false; }else{ $("#top-cart-list").hide(); return false; }; }; var _enter; $("#bk-t-cart").mouseenter(function(){ clearTimeout(_enter); _enter = setTimeout(enter, 200); }); $("#bk-t-cart").mouseleave(function(){ clearTimeout(_enter); $("#top-cart-list").hide(); return false; }); function del_cart(spbs){ var dnum = parseFloat($("#cald_"+spbs).attr('cal')); $.ajax({ url:"http://www.bookuu.com/sync/getcart.php", data :{ action:'del', spbs:spbs }, success: function(data){ $("#top-cart-list").html(data); $(".shoppingcartnumid").html(parseFloat($(".shoppingcartnumid").html())-dnum); } }); } </script><!--ç¹å»--><div class="contact-list"> <ul> <li class="yjfk"><a href="javascript:void(0);" id="_yjfk" name="yjfk">ç¨æ·åé¦</a></li> <li class="hdsy"id="huidao_top"><a href="javascript:void(0);">åå°é¡¶é¨</a></li> </ul></div><!-- å¼¹çªé®ç½© --><div class="fb-mask"></div><!--ç¨æ·ç»å½--><div class="serve-form"> <div id="khzx-login"> <div id="kfzx-header" class="khzx-hd"><h3>ç¨æ·ç»å½</h3><em id="close" class="close">Ã</em></div> <div class="khzx-bd login"> <p id="kfzx_show_info"></p> <!-- <h4>ç¨æ·ç»å½</h4> --> <div class="info"> <form> <ul> <li><label class="label">ç¨æ·å:</label> <input type="text" name="nickname" id="_nickname" onkeydown='if(event.keyCode==13){syncLogin()}' value="" maxlength="32" ></li> <li><label class="label">å¯ ç :</label> <input type="password" name="passwd" id="_passwd" onkeydown='if(event.keyCode==13){syncLogin()}' value="" maxlength="32"></li> <li class="li-btn"> <input id="kfzx-send-login" type="button" value="æ交" class="submit-btn" onclick="syncLogin();" /><a href="http://passport.bookuu.com/getpassword.php">æ¾åå¯ç </a> </li> <li class="alliance-login"> <a href="http://passport.bookuu.com/qqlogin.php" target="_blank" title="ç¨QQè´¦å·ç»å½"><img src="http://style.bookuu.com/index/images/qqlogin_icon.gif" alt="ç¨QQè´¦å·ç»å½"></a> <a href="http://passport.bookuu.com/alilogin.php" target="_blank" title="ç¨æ¯ä»å®å¸å·ç»å½"><img src="http://style.bookuu.com/index/images/alipaylogin_icon.gif" alt="ç¨æ¯ä»å®å¸å·ç»å½" /></a> <a href="http://passport.bookuu.com/xunleilogin.php" target="_blank" title="è¿ é·è´¦å·ç»å½"><img src="http://style.bookuu.com/index/images/xunlei.jpg" alt="è¿ é·è´¦å·ç»å½" style="vertical-align:middle;">è¿ é·</a> <a href="http://passport.bookuu.com/feixinlogin.php" target="_blank" title="é£ä¿¡è´¦å·ç»å½"><img src="http://style.bookuu.com/index/images/feixin.png" alt="é£ä¿¡è´¦å·ç»å½" style="vertical-align:middle;">é£ä¿¡</a> </li> <li class="sub-reg">è¿ä¸æ¯ååºç½ç¨æ·ï¼<a href="http://passport.bookuu.com/reg.php" target="_blank">å¿«é注å>></a></li> </ul> </form> </div> </div> </div><!--ç¨æ·åé¦--> <div id="khzx-feedback"> <div id="kfzx-header3" class="khzx-hd"><h3>ç¨æ·åé¦</h3><em id="close" class="close">Ã</em></div> <div class="khzx-bd khzx-fb" id="khzx-fb" style="display: none"> <span class="yjjy"> <label class="on"><input type="radio" id="_yjjy" name="radio" checked="checked" value="0">æè§å»ºè®®</label> <label><input type="radio" id="_ddwt" name="radio" value="1">订åé®é¢</label> <label><input type="radio" id="_wycw" name="radio" value="2">ç½ç«é误</label> </span> <div class="info" id="_yjandjy"> <form> <textarea id="content1" name="yjfka" rows="10" maxLength="1000" style="width:418px;" onkeyup="checkLength(this)" placeholder="为æ´å¥½çæåååºç½æå¡ï¼çè¯å¸ææ¨è½å¯¹ååºç½çä¸è¶³æåºå®è´µæè§ã"></textarea> <br /> <span>æ¨è¿å¯ä»¥è¾å ¥<span style="color:#DE5401" id="spanword">1000</span>å</span> <br /> <span id="yj-eeror"></span> <input type="button" value="æ交åé¦" class="submit-btn" onclick="yjfkbutton()"> </form> </div> <div class="info" id="_ddandwt" style="display: none"> <ul> <li><label class="label"><font color='red'>*</font>订åç¼å·:</label> <input class="inpt" type="text" name="num" id="num" maxlength="32" placeholder="å¦ï¼E00019999912" style="width:300px;"> </li> <li style="padding-left:70px;"><span id="dd-num"></span></li> <li><label class="label"><font color='red'>*</font>èç³»çµè¯:</label> <input class="inpt" type="phone" name="phone" id="phone" maxlength="32" placeholder="ææºå·ç " style="width:300px;"></li> <li style="padding-left:70px;"><span id="dd-phone"></span></li> <li><label class="label" style="vertical-align: top;"><font color='red'>*</font>详ç»æè¿°:</label> <textarea id="content" name="content" rows="5" maxLength="500" onkeyup="Lengthb(this)" placeholder="请尽é详ç»æè¿°æ¨ç订åé®é¢" ></textarea> <br /> </li> <li style="padding-left:70px;"><span>æ¨è¿å¯ä»¥è¾å ¥<span style="color:#DE5401" id="spanwordb">500</span>å</span><br /><span id="dd-error"></span></li> <li> <input type="hidden" id="ckitem_ddadwt" value="0" > <input type="button" value="æ交åé¦" class="submit-btn" onclick="send_msg()"> </li> </ul> </div> <div class="info" id="_wyandcw" style="display: none"> <form action='/sync/feedback.php?a=uploadimg' method="post"> <ul> <li><label class="label"><font color="red">*</font>页é¢é¾æ¥:</label> <input class="inpt" type="text" name="url" id="_url" maxlength="200" placeholder="å¦: http://www.bookuu.com/"> <select id="_oldtime" name="oldtime" style="padding:5px;"> <option value="">é误åçæ¶é´</option> <option value="åå">åå</option> <option value="ä¸å°æ¶å">ä¸å°æ¶å</option> <option value="ä¸å¤©å">ä¸å¤©å</option> <option value="ä¸å¤©å">ä¸å¤©å</option> </select> <br /> <li style="padding-left:70px;"><span id="ym-url"></span></li> </li> <!--li><label class="label"><font color="red">*</font>é误å¾çä¸ä¼ :</label> <input type="file" name="publish" id="file" style="width:180px;" /><span>JPG/PNG 500K以å </span> </li--> <li><label class="label"><font color="red">*</font>æè¿°æä½:</label> <textarea id="_bugcontent" name="bugcontent" rows="5" maxLength="500" onkeyup="Length(this)" placeholder="请详ç»æ述页é¢åçé误åæ¨çæä½"></textarea> <li style="padding-left:70px;"> <span>æ¨è¿å¯ä»¥è¾å ¥<span style="color:#DE5401" id="spanworda">500</span>å</span> <br /><span id="ym-error"></span></li> </li> <li><input type="button" value="æ交åé¦" class="submit-btn" onclick="send_bugmsg()"></li> </ul> </form> </div> </div> </div></div><script type="text/javascript">//å¼¹åºå±ç¹å»æ¶var is_opened = false;//å¤ææ¯å¦ç»å½var _logined = false;if (!_logined) { $.get("/sync/feedback.php?login=1&num="+Math.round(Math.random()*10000),function(result){ if(result==1){ _logined=true; }else{ _logined=false; } });}$(".yjfk").click(function() { $(".fb-mask").fadeIn(200); $(".serve-form").fadeIn(400); $("#khzx-fb").show(); if (_logined) { if (is_opened) { is_opened = false; $(".serve-form").hide(); $("#khzx-feedback").hide(); // $("#khzx-fb").hide(); } else { $("#khzx-feedback").show(); $("#khzx-login").hide(); is_opened = true; } } else { if (is_opened) { is_opened = false; $(".serve-form").hide(); $("#khzx-feedback").hide(); // $("#khzx-fb").hide(); } else { $("#khzx-login").show(); $("#khzx-feedback").hide(); is_opened = true; } }});// $(".contact-list").show();// ç¨æ·åé¦éèæ¾ç¤º$(window).scroll(function(){ if( $(document).scrollTop() > 0 ) { $('.contact-list').show(); } else { $('.contact-list').hide(); }});//ç»å½function syncLogin() { $.post("/sync/login.php", { nickname: $("#_nickname").val(), passwd: $("#_passwd").val() }, function(result) { if (result == "ç»å½æå") { $("#kfzx-t").text("客æå¨è¯¢"); //è·åç½é¡µæ 头æ¶æ¯ $.post("/sync/refreshheader.php", function(result) { $("#bk-site-nav").html(result); }); _logined = true; $("div.serve-form").show(); $("#khzx-fb").show(); $("#khzx-login").hide(); $("#khzx-feedback").show(); } else { $("#kfzx-t").text("ç¨æ·ç»å½"); $("#kfzx_show_info").html("<font color='red'>" + result + "</font>"); } });}//æè§å»ºè®®æ交function yjfkbutton() { var data = $("#content1").val(); if (data == '') { $("#yj-eeror").html("<font color='red'>å 容ä¸è½ä¸ºç©º</font>"); return; } $.post("/sync/feedback.php", { yjfka: encodeURIComponent($("#content1").val()), surl: window.location.href }, function(_data) { var _show = _data == '1' ? "<font color='green'>æ¨çæè§å·²æ交æåï¼æ们å°ä»ç»é 读æ¨çåé¦æè§ï¼æè°¢æ¨çæ¯æã</font>": "<font color='red'>æ±æï¼æ¶æ¯åé失败ï¼è¯·ç¨åéè¯ã</font>"; $("div.khzx-bd").html(_show); setTimeout("location.reload()", 1500); });}//订åé误æ交function send_msg() { $("#num").blur(); $("#phone").blur(); var number = $("#num").val(); var phone = $("#phone").val(); var content = $("#content").val(); if (content.length > 500) { $("#dd-error").html("<font color='red'>åæ°è¶ åºéå¶</font>"); error = 1; } else if (!content) { $("#dd-error").html("<font color='red'>å 容ä¸è½ä¸ºç©º</font>"); } else { $("#dd-error").html(""); } if ($('#dd-num').html() || $('#dd-phone').html() || $('#dd-error').html()) { return; } if (phone != "" && number != "" && content != "") { $.get("/sync/feedback.php?a=ddbh&phone=" + $("#phone").val() + "&ddbh=" + number + "&msg_content=" + encodeURIComponent(content), function(data) { var _show = data == '1' ? "<font color='green'>æ¨çæè§å·²æ交æåï¼æ们å°ä»ç»é 读æ¨çåé¦æè§ï¼æè°¢æ¨çæ¯æã</font>": "<font color='red'>æ±æï¼æ¶æ¯åé失败ï¼è¯·ç¨åéè¯ï¼</font>"; $("div.khzx-bd").html(_show); setTimeout("location.reload()", 1500); }); } else { $("#dd-error").html("<font color='red'>å 容ä¸è½ä¸ºç©º</font>"); return; }}// ç½ç«é误function send_bugmsg() { $("#_url").blur(); var url = $("#_url").val(); var bugcontent = $('#_bugcontent').val(); var oldtime = $('#_oldtime').val(); if (bugcontent.length > 500) { $("#ym-error").html("<font color='red'>åæ°è¶ åºéå¶</font>"); } else if (!bugcontent) { $("#ym-error").html("<font color='red'>å 容ä¸è½ä¸ºç©º</font>"); } else { $("#ym-error").html(""); } if ($('#ym-url').html() || $('#ym-error').html()) { return; } if (url != "") { $.post("/sync/feedback.php", {a: 'pagebug', url : url, oldtime : oldtime, bugcontent: encodeURIComponent(bugcontent)}, function(data) { var _show = data == '1' ? "<font color='green'>æ¨çæè§å·²æ交æåï¼æ们å°ä»ç»é 读æ¨çåé¦æè§ï¼æè°¢æ¨çæ¯æã</font>": "<font color='red'>æ±æï¼æ¶æ¯åé失败ï¼è¯·ç¨åéè¯ï¼</font>"; $("div.khzx-bd").html(_show); setTimeout("location.reload()", 1500); }); } else { $("#ym-error").html("<font color='red'>å 容ä¸è½ä¸ºç©º</font>"); return; }}$(".close").click(function() { $(".fb-mask").fadeOut(200); $("#khzx-login").fadeOut(200); $("#khzx-feedback").hide(); //$('#khzx-feedback input').val(''); //$('#khzx-feedback textarea').val(''); //location.reload(); is_opened = false;});$(function() { $(":radio").click(function() { var radio = $(this).val(); switch (radio) { case "1": $("#_ddandwt").show(); $("#_wyandcw").hide(); $("#_yjandjy").hide(); break; case "2": $("#_wyandcw").show(); $("#_ddandwt").hide(); $("#_yjandjy").hide(); break; default: $("#_yjandjy").show(); $("#_ddandwt").hide(); $("#_wyandcw").hide(); } }); $("#content1").blur(function(){ }); $("#num").blur(function(){ var number = $("#num").val(); var reg = /^[A-Z]\d{11}$/; var error = 0 if (number == '') { $("#dd-num").html("<font color='red'>订åç¼å·ä¸è½ä¸ºç©ºï¼</font>"); error = 1; }else if (!reg.test(number)) { $("#dd-num").html("<font color='red'>订åå·ç æ ¼å¼æ误ã</font>"); error = 1; } if (!error) { $("#dd-num").html(""); } }); $("#phone").blur(function(){ var phone = $("#phone").val(); var error = 0; var reg = /^(13[0-9]|15[0|3|6|7|8|9]|18[8|9])\d{8}$/; if (phone == '') { $("#dd-phone").html("<font color='red'>èç³»çµè¯ä¸è½ä¸ºç©ºã</font>"); error = 1; } else if (!reg.test(phone)) { $("#dd-phone").html("<font color='red'>请è¾å ¥ææçææºå·ç ã</font>"); error = 1; } if (!error) { $("#dd-phone").html(""); } }); $("#_url").blur(function(){ var url = $("#_url").val(); var error = 0; if (url == '') { $("#ym-url").html("<font color='red'>请è¾å ¥é¡µé¢é¾æ¥å°åã</font>"); error = 1; } else if (url.indexOf('bookuu') < 0) { $("#ym-url").html("<font color='red'>URLæ ¼å¼æ误ã</font>"); error = 1; } if (!error) { $("#ym-url").html(""); } });});$(".yjjy label").click(function() { $(".yjjy label").removeClass("on"); $(this).addClass("on");});//åå°é¡¶å±window.onload = function() { var oTop = document.getElementById("huidao_top"); var screenw = document.documentElement.clientWidth || document.body.clientWidth; var screenh = document.documentElement.clientHeight || document.body.clientHeight; oTop.style.left = screenw - oTop.offsetWidth +"px"; oTop.style.top = screenh - oTop.offsetHeight + "px"; window.onscroll = function() { var scrolltop = document.documentElement.scrollTop || document.body.scrollTop; oTop.style.top = screenh - oTop.offsetHeight + scrolltop +"px"; } oTop.onclick = function() { document.documentElement.scrollTop = document.body.scrollTop =0; }}//åæ°ç»è®¡function checkLength(which) { var maxChars = 1000; if (which.value.length > maxChars) which.value = which.value.substring(0,maxChars); var curr = maxChars - which.value.length; document.getElementById("spanword").innerHTML = curr.toString();}function Length(lengths) { var maxChars = 500; if (lengths.value.length > maxChars) lengths.value = lengths.value.substring(0,maxChars); var curr = maxChars - lengths.value.length; document.getElementById("spanworda").innerHTML = curr.toString();}function Lengthb(lengthb) { var maxChars = 500; if (lengthb.value.length > maxChars) lengthb.value = lengthb.value.substring(0,maxChars); var curr = maxChars - lengthb.value.length; document.getElementById("spanwordb").innerHTML = curr.toString();}</script><!--END客æ·å¨è¯¢--></body></html> <script type="text/javascript" src="http://style.bookuu.com/shoping/js/shopping-cart.js"></script> <script type="text/javascript"> function reg(){} function resign() { var qq = Math.round((Math.random()) * 100000000); $('#sign').attr('src', './imgcode.php?r='+qq); } $(".contact-list").hide(); </script>
0x2:需要的数据抓到就可以重置热线!
热线是没有绑定手机号!
所以在第一步填入用户名时截断数据把返回的数据包修改成第一步的响应包,就能通过手机修改密码!
选择手机修改密码,手机号显示****其实是不存在手机号,就无法发送验证码,验证码若是发送不成功是不能提交数据进行下一步,其实4位的验证码,但无法爆破输入三次就无法在输入!
获取验证码截断数据,修改响应包102改为100放行即可!
之后在验证码随意输入几个数字点击提交,接着修改响应包102改为100放行!
0x3:之后放行就能到修改密码的页面,修改密码为wooyun123!
0x4:修改密码成功登录验证!
方法一样复线上面的过程重置admin的密码,密码wooyun123
完善服务端的验证机制!深夜挖洞求高神rank!
危害等级:高
漏洞Rank:20
确认时间:2015-07-03 17:46
感谢乌云和千斤拨四两大神提供漏洞信息,我们会尽快修复,致敬。
暂无
