当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0136171

漏洞标题:奥一网主站可撞库用户(成功账号证明)

相关厂商:广东南都全媒体网络科技有限公司

漏洞作者: 路人甲

提交时间:2015-08-23 11:55

修复时间:2015-08-28 11:56

公开时间:2015-08-28 11:56

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:19

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-23: 细节已通知厂商并且等待厂商处理中
2015-08-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

奥一网主站可撞库用户(成功账号证明)

详细说明:

http://www.oeeee.com奥一网主站登陆框接口,未做登陆验证限制

1.png


用户名和密码全部为明文传输

2.png


设置变量后测试撞库,成功账号证明:

sbams@vip.qq.com	15907676860	2580
camelyx@qq.com 900310 2610
tomole@vip.qq.com skyyang365 2636
273399418@qq.com 226417866 2643
szguoke@qq.com 790725 2659
377169703@qq.com 565783 2671
12345678@qq.com 123456 2673
727340846@qq.com 19910104 2674
727340846@qq.com 19910104 2678
ftpc@qq.com atgqlzj 2686
12345678@qq.com 123456 2687
85856595@qq.com 62771227 2693
232872104@qq.com 741236 2704
17814747@qq.com 3336352 2715
385838661@qq.com 385838 2716
395992088@qq.com ly19860525 2717
544301996@qq.com 13728729112 2723
634063666@qq.com 780802 2725
157582414@qq.com qm831013 2726
gottatan@qq.com 870519 2729
adanet@qq.com 198546 2730
331371824@qq.com qaz5989126 2732
29750666@qq.com 123321 2737
9153152@qq.com 1834567 2737
372199250@qq.com 8331895 2738
3717488@qq.com pig3323 2739
9960463@qq.com adaqbuxx 2740
123123@qq.com 123123 2742
123123@qq.com 123123 2744
514938004@qq.com yongming 2744
123123@qq.com 123123 2746
65465@qq.com 123456 2747
527413519@qq.com 527413519 2747
410683781@qq.com 5675585 2749
ringi@vip.qq.com 431131131 2749
253838442@qq.com 121590 2750
344300470@qq.com 3420938 2750
549531256@qq.com 556600 2750
670324178@qq.com 19851515 2753
413535377@qq.com 413535377 2753
50330823@qq.com shittimad1 2755
123123@qq.com 123123 2756
hzhjn@vip.qq.com 18334488 2757
360058964@qq.com 1834997 2757
320099996@qq.com 6612965 2758
lifigo@qq.com 3819072 2759
274321615@qq.com night1100 2759
23251715@qq.com 8562792 2760
23423423@qq.com 123456 2761
79056711@qq.com 666666 2762
512080373@qq.com lanqiu 2763
robin_zou@qq.com 123456 2766
amimoon@qq.com 630417 2770
459319702@qq.com 1q2w3e4r5t 2772
250241922@qq.com 666456 2773
136431180@qq.com 2317016 2780
172117846@qq.com 67810480 2781
115940400@qq.com 47697294 2782
413535377@qq.com 413535377 2783
642995313@qq.com 325603256 2786
wlhh@qq.com 894242 2788
tomyidea@qq.com 321322 2788
11603949@qq.com 820619 2789
478515773@qq.com 19890324 2790
378739221@qq.com 7412118 2792
guocalvin@qq.com 28681888 2793
399905225@qq.com 1989215yjn 2793
360766226@qq.com 821027 2793
262751907@qq.com 881023 2794
103103002@qq.com 6866618 2795
413535377@qq.com 413535377 2797
413535377@qq.com 413535377 2799
whatme321@qq.com 887900 2800
270132685@qq.com huangxi 2800
83284518@qq.com wb19880701 2804
985649296@qq.com 133664 2804
huxiaoming@vip.qq.com 1982529 2808
772915728@qq.com 97506409 2809
261630037@qq.com 840917 2809
520520@qq.com 520520 2809
laijin250@qq.com 5513055 2813
462250223@qq.com 1972158 2815
179320320@qq.com wangba74 2815
15027474@qq.com 210698 2816
szcartoon@qq.com ccedu029 2816
1234567@qq.com 123456 2818
405533058@qq.com yuye123 2820
liy12586@qq.com lisbfyong 2821
1234567@qq.com 123456 2824
103017012@qq.com 123456 2824
1234567@qq.com 123456 2826
1234567@qq.com 123456 2826
348270582@qq.com 664110 2829
1234567@qq.com 123456 2832
331615497@qq.com 280582817 2832
360273293@qq.com qepwqauige 2833
1234567@qq.com 123456 2836
334237087@qq.com wuzhiheng 2840
20964712@qq.com 811124 2843
49998859@qq.com mingming 2844
9771101@qq.com verbatim 2845
516429946@qq.com 12345678 2863
52227741@qq.com xkwyzq 2872
408341779@qq.com 13713887699 2879
421065207@qq.com woaini 2882
103105112@qq.com 2562917 2883
418360910@qq.com 8088282 2895
asdf@qq.com 123456789 2899
305772038@qq.com 19850407 2901
153225650@qq.com a31610518 2902
812999013@qq.com 5235361225 2903
642848274@qq.com 864563110 2909
229695598@qq.com hejiangyan1980 2912
80719777@qq.com fanlei 2920
663092380@qq.com jiangbao 2945
306997149@qq.com 688496 2951
ailin2099@vip.qq.com 3545768802 2951
75368589@qq.com 5681864 2963
851829818@qq.com 5879576 3006


登陆测试证明:

3.png


4.png


5.png

漏洞证明:

http://www.oeeee.com奥一网主站登陆框接口,未做登陆验证限制

1.png


用户名和密码全部为明文传输

2.png


设置变量后测试撞库,成功账号证明:

sbams@vip.qq.com	15907676860	2580
camelyx@qq.com 900310 2610
tomole@vip.qq.com skyyang365 2636
273399418@qq.com 226417866 2643
szguoke@qq.com 790725 2659
377169703@qq.com 565783 2671
12345678@qq.com 123456 2673
727340846@qq.com 19910104 2674
727340846@qq.com 19910104 2678
ftpc@qq.com atgqlzj 2686
12345678@qq.com 123456 2687
85856595@qq.com 62771227 2693
232872104@qq.com 741236 2704
17814747@qq.com 3336352 2715
385838661@qq.com 385838 2716
395992088@qq.com ly19860525 2717
544301996@qq.com 13728729112 2723
634063666@qq.com 780802 2725
157582414@qq.com qm831013 2726
gottatan@qq.com 870519 2729
adanet@qq.com 198546 2730
331371824@qq.com qaz5989126 2732
29750666@qq.com 123321 2737
9153152@qq.com 1834567 2737
372199250@qq.com 8331895 2738
3717488@qq.com pig3323 2739
9960463@qq.com adaqbuxx 2740
123123@qq.com 123123 2742
123123@qq.com 123123 2744
514938004@qq.com yongming 2744
123123@qq.com 123123 2746
65465@qq.com 123456 2747
527413519@qq.com 527413519 2747
410683781@qq.com 5675585 2749
ringi@vip.qq.com 431131131 2749
253838442@qq.com 121590 2750
344300470@qq.com 3420938 2750
549531256@qq.com 556600 2750
670324178@qq.com 19851515 2753
413535377@qq.com 413535377 2753
50330823@qq.com shittimad1 2755
123123@qq.com 123123 2756
hzhjn@vip.qq.com 18334488 2757
360058964@qq.com 1834997 2757
320099996@qq.com 6612965 2758
lifigo@qq.com 3819072 2759
274321615@qq.com night1100 2759
23251715@qq.com 8562792 2760
23423423@qq.com 123456 2761
79056711@qq.com 666666 2762
512080373@qq.com lanqiu 2763
robin_zou@qq.com 123456 2766
amimoon@qq.com 630417 2770
459319702@qq.com 1q2w3e4r5t 2772
250241922@qq.com 666456 2773
136431180@qq.com 2317016 2780
172117846@qq.com 67810480 2781
115940400@qq.com 47697294 2782
413535377@qq.com 413535377 2783
642995313@qq.com 325603256 2786
wlhh@qq.com 894242 2788
tomyidea@qq.com 321322 2788
11603949@qq.com 820619 2789
478515773@qq.com 19890324 2790
378739221@qq.com 7412118 2792
guocalvin@qq.com 28681888 2793
399905225@qq.com 1989215yjn 2793
360766226@qq.com 821027 2793
262751907@qq.com 881023 2794
103103002@qq.com 6866618 2795
413535377@qq.com 413535377 2797
413535377@qq.com 413535377 2799
whatme321@qq.com 887900 2800
270132685@qq.com huangxi 2800
83284518@qq.com wb19880701 2804
985649296@qq.com 133664 2804
huxiaoming@vip.qq.com 1982529 2808
772915728@qq.com 97506409 2809
261630037@qq.com 840917 2809
520520@qq.com 520520 2809
laijin250@qq.com 5513055 2813
462250223@qq.com 1972158 2815
179320320@qq.com wangba74 2815
15027474@qq.com 210698 2816
szcartoon@qq.com ccedu029 2816
1234567@qq.com 123456 2818
405533058@qq.com yuye123 2820
liy12586@qq.com lisbfyong 2821
1234567@qq.com 123456 2824
103017012@qq.com 123456 2824
1234567@qq.com 123456 2826
1234567@qq.com 123456 2826
348270582@qq.com 664110 2829
1234567@qq.com 123456 2832
331615497@qq.com 280582817 2832
360273293@qq.com qepwqauige 2833
1234567@qq.com 123456 2836
334237087@qq.com wuzhiheng 2840
20964712@qq.com 811124 2843
49998859@qq.com mingming 2844
9771101@qq.com verbatim 2845
516429946@qq.com 12345678 2863
52227741@qq.com xkwyzq 2872
408341779@qq.com 13713887699 2879
421065207@qq.com woaini 2882
103105112@qq.com 2562917 2883
418360910@qq.com 8088282 2895
asdf@qq.com 123456789 2899
305772038@qq.com 19850407 2901
153225650@qq.com a31610518 2902
812999013@qq.com 5235361225 2903
642848274@qq.com 864563110 2909
229695598@qq.com hejiangyan1980 2912
80719777@qq.com fanlei 2920
663092380@qq.com jiangbao 2945
306997149@qq.com 688496 2951
ailin2099@vip.qq.com 3545768802 2951
75368589@qq.com 5681864 2963
851829818@qq.com 5879576 3006


登陆测试证明:

3.png


4.png


5.png

修复方案:

发放19rank又不会怀孕

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-28 11:56

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评论