酷我某位置设计不当可撞库大量用户（账号主站通用）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0142770

漏洞标题：酷我某位置设计不当可撞库大量用户（账号主站通用）

漏洞作者：路人甲

提交时间：2015-09-23 23:05

修复时间：2015-11-09 11:50

公开时间：2015-11-09 11:50

漏洞类型：设计缺陷/逻辑错误

危害等级：低

自评Rank：3

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-09-23：细节已通知厂商并且等待厂商处理中
2015-09-25：厂商已经确认，细节仅向厂商公开
2015-10-05：细节向核心白帽子及相关领域专家公开
2015-10-15：细节向普通白帽子公开
2015-10-25：细节向实习白帽子公开
2015-11-09：细节向公众公开

简要描述：

酷我某位置设计不当可撞库大量用户（账号主站通用）

详细说明：

http://x.kuwo.cn/KlAnchor/jsp/login.jsp
这个是酷我直播后台的一个登陆位置，登陆的地方没有验证码之类的限制

抓包后发现用户名和密码明文传输

然后测试撞库，判断回显应该是可以撞库用户的

成功账号证明：

lmt849856391	qqqqqqq9999999	849
jsdynixin	6889680	849
q269648163	269648163	849
wg8211	57836157	849
307945103	891026	849
dive2002	898788	849
baby20yu	870204	849
329291379	185766121	849
juncheng1209	jaychou	849
princequn	910414	849
kw564191039	3095063	849
ryuyoungsi	n2m7g5e2	849
jy02546162	88990551	849
zb61186651	zb1987zb	849
seven71014	leilei520	849
haohuibaby	327219	849
luoxi85	36439438	849
lu517462300	329958	849
aina19870813	nana19870813	849
w359980960	15044910306	849
liuxinbang	191955083	849
hilton502	3320586	849
jingsiwei	jingsiwei	849
huanghu277	52771314	849
wangguan304	wangguan	849
zhou28218	8952505	849
asdjiewei	linjiewei	849
sufei918918	yaoyuan	849
zhaomi0406	123456	849
wqq911218	wqq911218	849
yanglfree	yl040911	849
fengyuncx	553235466	849
qwedcfthn2	1987562103	849
ngj3050599	3050599	849
tongjia19	920109	849
q562524699	q81653285	849
csxfeiyang	beautiful	849
christwong	nicholas	849
liuxingyuji	5504942	849
ilovehy2008	ilovehy	849
ilovehy2008	ilovehy	849
longbin241	563021	849
lijinzhe	lijinzhe	849
yandy1314	yandy000	849
li107225389	217716	849
yntm1985	176305am	849
123042713	123	849
aiaiwo0512	65503110	849
gamesc	liuyang	849
xiaoliang380	2643855	849
whysty	13876659363	849
wangjjmiao	xiaobudian	849
gongbin0813	gong913	849
willlonely	willlonely	849
lovelxm520	woaishui	849
chen312399	3122818	849
zhong258741	xiaomami	849
liulu8883	liulu8883	849
zuozhongfan	111111	849
songbingru	123456	849
weddingkid	pengjian	849
shyyisheng	shuiyimumu	849
gt65122731	gt65122731	849
zichensong	szc19263	849
yuanbinggod	3275319	849
paul161553	161553	849
spp8680	12070120	849
ailinuoking	dad0326	849
gaoshubing	19761102gao	849
caichuangyu	cai132698	849
chlzh8116	19861022	849
smallroy121	123456	849
jiao841207	2206211	849
lilei75610	13224314983	849
arsenalljk	ljk1989	849
mnert1314	8883370	849
976749616	zzl19881104	849
qwqwrn	800610	849
ddffgdf	123123	849
asdasdsad	123123	849
yyccycyc	19870813	849
baishangbo	zq19870816	849
sk8erjiejie	jie2zhangyu	849
luzycr	7856440	849
rs66dame	300728	849
yl880921520	yuling880921	849
liurizhou	liurizhou	849
zhujf0728	19860728	849
bobo890808	rxb890808	849
wo75043387	4617505	849
315276184	19870211	849
hjqqin888	mghxandcl	849
kisscaihui	55524486	849
maliyi1989	19890430	849
zw165524147	zw1978	849
returnglory	4044111	849
kingdeekris	kris77	849
lifu3821085	5620638	849
hefangkui	360395641	849
luoyu7888	2988277	849
xiaoduo122	xiaoduo	849
shimaosong	102060059	849
qq358442242	13017574613	849
feilinhan	276800	849
ezhangbowen	wen860414	849
weixin1127	2120267	849
caipy1986	215553157	849
jianguo109	325400	849
wenjingboa	83491439	849
jessically	lynn20	849
dearmanman77	527715	849
gtxcl1030	6861030	849
imagicd86	clhcjbyhs	849
yuangbohui	13141685	850
haiou3738	haiouhaiou	850
iredghost	123321	850
phoenixof405	370784	850
xiaonuo870	nnnihaoma	850
aiwosuoai2527	830519	850
402338490	5986275	850
longnan1129	1879105268	850
wjqsndn	888888	850
a304375994	251068912	850
liujw1991	1230123	850
b459731186	654321	850
wangzhan868	881022369	850
icewingcool	5242265	850
zhangshanwu	123456	850
limengzhou01	27911508	850
lanzishun	952785	850
babywuming	69446633	850
liwei1987929	1987929	850
panweijiong	7895123	850
shanhangke	3681535	850
704202095	546254613	850
tb245987446	6540491	850
akumagamina	buzhidao	850
youwei2005	qq123123	850
bb520bb521	989420	850
cuiyongbo6540	14386540	850
iamcyh0102	60507504	850
a429299930	8928762	850
lsld0192008	3251693449	850
woojianwei	wjw19870321	850
yingchao90	00dedianfu	850
liuguang525	liuguang	850
laiminquan	55778438	850
lcz200802084	200802084	850
joyousshow	123QWEasd	850
xuanmuyouling	19821018	850
oushantang	19850915	850
zpa1798	828203	850
chujianxin	278298861	850
likehym12	5667730a	850
zyw9258	92589258	850
cmy1990628	363784518	850
windcloud789	546123	850
xishuaiqing	xishuaiqing	850
w2660968	2660968	850
dxj120	791120119	850
guojin1133	guojin	850
h562579175	5862556	850
luzhoucheng	619826	850
qinnaidaguai	zhangkun	850
lixianggood	zhang6878	850
caishaohai	caishaohai	850
yinguo1989	891114	850
fantom123	362325	850
xiaobin629	1812588	850
fanzui9527	284224110	850
jingjing255	930723852	850
wu77889900	15138700168	850
yb191050120	317312	850
yyc236461481	6331839	850
happy523159	woaini	850
wangxin1259	198823	850
lidapeng110	lidapeng	850
xusodom	84296548	850
longlong942	3134942	850
huliping360	780923	850
woohyuk5080	3205080	850
sqjiafeimao	suqiang	850
chinabaishan	19881008	850
ltx0101	xjz0505	850
hebojiadian	13219149818	850
fuquan1990	1990222	850
gh605230238	605230238	850
a281039764	111111b	850
a315686865	315686865	850
a369583491	199025	850
treezza	zzazza	850
zws199012	6310960	850
themour	themthem	850
niejinlong	niejinlong	850
a306567281	a7311620	850
hupeng13533	895774821	850
zhanghuaand	2326143	850
hanjiaqian	hanjiaqian	850
weiyuanhot	wei3036429	851
zjunovelty	liuxinqi	851
tyyk1984	578284	851
sha0913	19850913	851
chch1990	chch199023	851
shandiandidi	didi930723	851
zhchlei2008	850926	851
xiandonghai	870602	851
123456q	123456	851
cupid80s	77648533	851
fanghui1030	19891116	851
liujianmin666	liujianmin666	851
chromosomegg	woaini	851
chengangjita	19831127	851
mm971	110110	851
shoot1985117	1985117	851
milkyo	123456	851
jianchen963	123099798	851
dxawitfk123	6666666a	851
cjkhello	cuining	851
xuanyanjian	78184845	851
liyi132465	kekeya	851
anheiguinu	322985	851
mmllsky	1989626	851
andyvin	yanjingwen	851
zhangdingy	1234567890p	851
mj4520570	4520570	851
qiuzhangchi	qiuzhangchi	851
michelle7227	9573466399	851
ruguodelove	69231151	851
a605103360	6051033600	851
yde2003	qdwydyygy	851
depgfbj	198771	851
lixianggood	zhang6878	851
maxiaogang54	10012254	851
mo409843409	mo01080325	851
angy805487999	hye870826	851
nanquan5hao	1224tl	851
maloveqing	19841225	851
amiaoamiaoamiao	8322306	851
chenchao1991	chenchao	851
xiaolei5375	19850126	851
nikkihayashi	shuai0829	851
xuzhiguo2008	19780127	851
pengzeqing	5305240	851
kingleejun	52scguf	851
zhaofaia	zaofaia	851
mimiyuan1985	mimiyuan1985	851
qioujianhua	8349960	851
yuyi261564680	20020102	851
leeonjohnson	leeonjohnson0	851
linsisi	linsisi	851
chenxiaochi89	78910847	851
songtao520139	songtao123	851
chentao789123	4062681	851
yonghongcom	801002	851
wangscorpio	wang86	851
xulichen0318	19850318xu	851
yanhaili1981	3895337	851
cxgui988	ws680csd	851
zhushengquan1	83145741	851
love2561828	125906188	851
molly1987121	2602130004	851
zcjiangfeng	19791229	851
hezhixian001	850916	851
libo1221love	19901221	851
realraul520	19840329	851
maplesailer	49915001	852
zww236728783	6746256	852
jinchong0905	1989104	852
lz13593839313	lyy20050308	852
chenjiexxxx	j780114	852
sunny3366866	19840314	852
yhlinjun	276951439	852
zhengwei8762	zhengwei8762	852
mikelanyang	yanyu631	852
leveexie	8216508	852
huangfeiguo	3310702	852
dongxuwang12	6624720120	852
liwei1987929	1987929	852
jiaweiwei168	13994930189	852
chenzhong0399	chenzj1017	852
xiaoyu13222	xiaoyu	852
rainyinthesky	520zouwang	852
lishouxiangjs	13285195068	852
fei245379384	413083668	852
zhengliang115	7229572	852
felixwjz	283861591	852
simonwilliams	1234567	852
guhaiyan0316	8198303168	852
xiaoxigua1485	woxiangni1	852
wangxin00320	1431225260	852
ygzhzhh	Y076950	852
danshen1ren	8441080	852
luowenfu	luowenfu	852
qxcruise	3715730	852
zhengfeng928	800928	852
yuxiaoqing1001	yxq841001	852
arthurkingcn	840721	852
superpandacc	cc19871020cc	852
feifei890123	19890123	852
shoot1985117	1985117	852
czy9088	ly16677	852
manaoking	271458	852
chenfly1991	20710080420	852
wyfu0986	wyfu1979	852
avaliotshow	show342526	852
chn0592	5518838	852
fengxiaochong	xiaoxiao	852
emzylzc	10725019	852
chenhouqian	123456	852
amekoyuzi666	86319262	852
guomin65	650402	852
shelleyzhou831	459580367	853
myskyfoot	19860603	853
lixiuxian666	461226	853
longlinxinshen	yanleixin0608	853
shuaihong617	137566	853
wendy806	7721041	853
xiexfeng	2322322	853
wenshunshizi	wenshunabao	853
paopaopao007	1985412	853
mengsihun	6678280	853
hui648573047	13358733181	853
w366311969	80542022	853
wujingjing888	1986510	853
zijinhui	19901113	853
ovomyself	ovomyself	853
lsc8577	467262836	853
tingbotongzhi	5640220	853
liushui7235036	7235036	853
woai76467778	76467778	853
xyjsk007	wodipeidao	853
luweihua12345	1987092121	853
liu2692500	2692500	853
luweihua12345	1987092121	853
boxining	63957255	853
fangqijun520	1989716000	854
goodchenting	3513346	854
scorpiuscurry	811030	854
kisslandi	19850227	854
a496042074	456852	854
huanglili812	1985812	854
valentino0086	3338434313	854
wujingxiaomei	1236987	854
linxin198899	198899123	854
piaoxueqingren	19831021	854
changcheng2008c	574871	854
ablat379	379520	854
mali107877128	88523455	854
da13081658755	800718	854
meinv526	123456789	854
xiaoweixiaoweix	785646663	854
zhuangjiawei18	2553524000	854
blackworms	yangzhao	854
zhaoyakun333	zhao198990	854
wj0266155	842643	854
fangjiasi	5763856	855
gaofei137	gaofei	855
gan82784586	gan0202	855
yqw7654321	3820511	855
xiaoyaochengzhan	kiki2002885	855
kongxiangfengling	12597758	855
wanshendaxia	xiebin520	855
xiu8177887	8177887	855
guokai139	308417801	855
guozhaojun2008	19820618	855
wushugang	shywsg	855
qm810627	810627	855
zhaoyuqing1986	525733	855
wxmwxm941	1212121	856
rex901226	19901226	856
tidus1982	ls820714	856
rongjiarui	wolf7cat	856
mumuyuki	356217521	856
sunjian372391309	372391309	856
shandianzhouchao	3334575	856
yu2305750	13838840309	856
zhang5612	1221112221	856
wangdapeng0126	19850126	856
jayking777	56131680	856
lixinnong	13814079555	856
zhang449268828	19870902	856
lihaibo627	54522299	856
weizhiheng	13948080906	856
hj48603658	huangjie	857
jianxin287	331359	857
xiaolukelly	828128	857
jackzengyx	jack1981	857
foreverlovebobo	716728	857
z169660529	861105	857
heroxuqiang	jianxiaoxu	857
simafeilong	sanbing	857
dongmengcr	jinxianzhu	858
simafeilong	sanbing	858
liujun0407	liujun123.	858
simafeilong	sanbing	858
yuanding23202	gxhgxj1314	859
zyz251590543	zyz523147	859
a645720190	13715583341	859

撞库的用户登陆测试也是说登陆成功，但是之后没反应了就，难道是操作有问题？

感觉不应该是操作问题，直接去主站登陆发现账号都是主站通用的，主站登陆证明：

漏洞证明：

http://x.kuwo.cn/KlAnchor/jsp/login.jsp
这个是酷我直播后台的一个登陆位置，登陆的地方没有验证码之类的限制

抓包后发现用户名和密码明文传输

然后测试撞库，判断回显应该是可以撞库用户的

成功账号证明：

lmt849856391	qqqqqqq9999999	849
jsdynixin	6889680	849
q269648163	269648163	849
wg8211	57836157	849
307945103	891026	849
dive2002	898788	849
baby20yu	870204	849
329291379	185766121	849
juncheng1209	jaychou	849
princequn	910414	849
kw564191039	3095063	849
ryuyoungsi	n2m7g5e2	849
jy02546162	88990551	849
zb61186651	zb1987zb	849
seven71014	leilei520	849
haohuibaby	327219	849
luoxi85	36439438	849
lu517462300	329958	849
aina19870813	nana19870813	849
w359980960	15044910306	849
liuxinbang	191955083	849
hilton502	3320586	849
jingsiwei	jingsiwei	849
huanghu277	52771314	849
wangguan304	wangguan	849
zhou28218	8952505	849
asdjiewei	linjiewei	849
sufei918918	yaoyuan	849
zhaomi0406	123456	849
wqq911218	wqq911218	849
yanglfree	yl040911	849
fengyuncx	553235466	849
qwedcfthn2	1987562103	849
ngj3050599	3050599	849
tongjia19	920109	849
q562524699	q81653285	849
csxfeiyang	beautiful	849
christwong	nicholas	849
liuxingyuji	5504942	849
ilovehy2008	ilovehy	849
ilovehy2008	ilovehy	849
longbin241	563021	849
lijinzhe	lijinzhe	849
yandy1314	yandy000	849
li107225389	217716	849
yntm1985	176305am	849
123042713	123	849
aiaiwo0512	65503110	849
gamesc	liuyang	849
xiaoliang380	2643855	849
whysty	13876659363	849
wangjjmiao	xiaobudian	849
gongbin0813	gong913	849
willlonely	willlonely	849
lovelxm520	woaishui	849
chen312399	3122818	849
zhong258741	xiaomami	849
liulu8883	liulu8883	849
zuozhongfan	111111	849
songbingru	123456	849
weddingkid	pengjian	849
shyyisheng	shuiyimumu	849
gt65122731	gt65122731	849
zichensong	szc19263	849
yuanbinggod	3275319	849
paul161553	161553	849
spp8680	12070120	849
ailinuoking	dad0326	849
gaoshubing	19761102gao	849
caichuangyu	cai132698	849
chlzh8116	19861022	849
smallroy121	123456	849
jiao841207	2206211	849
lilei75610	13224314983	849
arsenalljk	ljk1989	849
mnert1314	8883370	849
976749616	zzl19881104	849
qwqwrn	800610	849
ddffgdf	123123	849
asdasdsad	123123	849
yyccycyc	19870813	849
baishangbo	zq19870816	849
sk8erjiejie	jie2zhangyu	849
luzycr	7856440	849
rs66dame	300728	849
yl880921520	yuling880921	849
liurizhou	liurizhou	849
zhujf0728	19860728	849
bobo890808	rxb890808	849
wo75043387	4617505	849
315276184	19870211	849
hjqqin888	mghxandcl	849
kisscaihui	55524486	849
maliyi1989	19890430	849
zw165524147	zw1978	849
returnglory	4044111	849
kingdeekris	kris77	849
lifu3821085	5620638	849
hefangkui	360395641	849
luoyu7888	2988277	849
xiaoduo122	xiaoduo	849
shimaosong	102060059	849
qq358442242	13017574613	849
feilinhan	276800	849
ezhangbowen	wen860414	849
weixin1127	2120267	849
caipy1986	215553157	849
jianguo109	325400	849
wenjingboa	83491439	849
jessically	lynn20	849
dearmanman77	527715	849
gtxcl1030	6861030	849
imagicd86	clhcjbyhs	849
yuangbohui	13141685	850
haiou3738	haiouhaiou	850
iredghost	123321	850
phoenixof405	370784	850
xiaonuo870	nnnihaoma	850
aiwosuoai2527	830519	850
402338490	5986275	850
longnan1129	1879105268	850
wjqsndn	888888	850
a304375994	251068912	850
liujw1991	1230123	850
b459731186	654321	850
wangzhan868	881022369	850
icewingcool	5242265	850
zhangshanwu	123456	850
limengzhou01	27911508	850
lanzishun	952785	850
babywuming	69446633	850
liwei1987929	1987929	850
panweijiong	7895123	850
shanhangke	3681535	850
704202095	546254613	850
tb245987446	6540491	850
akumagamina	buzhidao	850
youwei2005	qq123123	850
bb520bb521	989420	850
cuiyongbo6540	14386540	850
iamcyh0102	60507504	850
a429299930	8928762	850
lsld0192008	3251693449	850
woojianwei	wjw19870321	850
yingchao90	00dedianfu	850
liuguang525	liuguang	850
laiminquan	55778438	850
lcz200802084	200802084	850
joyousshow	123QWEasd	850
xuanmuyouling	19821018	850
oushantang	19850915	850
zpa1798	828203	850
chujianxin	278298861	850
likehym12	5667730a	850
zyw9258	92589258	850
cmy1990628	363784518	850
windcloud789	546123	850
xishuaiqing	xishuaiqing	850
w2660968	2660968	850
dxj120	791120119	850
guojin1133	guojin	850
h562579175	5862556	850
luzhoucheng	619826	850
qinnaidaguai	zhangkun	850
lixianggood	zhang6878	850
caishaohai	caishaohai	850
yinguo1989	891114	850
fantom123	362325	850
xiaobin629	1812588	850
fanzui9527	284224110	850
jingjing255	930723852	850
wu77889900	15138700168	850
yb191050120	317312	850
yyc236461481	6331839	850
happy523159	woaini	850
wangxin1259	198823	850
lidapeng110	lidapeng	850
xusodom	84296548	850
longlong942	3134942	850
huliping360	780923	850
woohyuk5080	3205080	850
sqjiafeimao	suqiang	850
chinabaishan	19881008	850
ltx0101	xjz0505	850
hebojiadian	13219149818	850
fuquan1990	1990222	850
gh605230238	605230238	850
a281039764	111111b	850
a315686865	315686865	850
a369583491	199025	850
treezza	zzazza	850
zws199012	6310960	850
themour	themthem	850
niejinlong	niejinlong	850
a306567281	a7311620	850
hupeng13533	895774821	850
zhanghuaand	2326143	850
hanjiaqian	hanjiaqian	850
weiyuanhot	wei3036429	851
zjunovelty	liuxinqi	851
tyyk1984	578284	851
sha0913	19850913	851
chch1990	chch199023	851
shandiandidi	didi930723	851
zhchlei2008	850926	851
xiandonghai	870602	851
123456q	123456	851
cupid80s	77648533	851
fanghui1030	19891116	851
liujianmin666	liujianmin666	851
chromosomegg	woaini	851
chengangjita	19831127	851
mm971	110110	851
shoot1985117	1985117	851
milkyo	123456	851
jianchen963	123099798	851
dxawitfk123	6666666a	851
cjkhello	cuining	851
xuanyanjian	78184845	851
liyi132465	kekeya	851
anheiguinu	322985	851
mmllsky	1989626	851
andyvin	yanjingwen	851
zhangdingy	1234567890p	851
mj4520570	4520570	851
qiuzhangchi	qiuzhangchi	851
michelle7227	9573466399	851
ruguodelove	69231151	851
a605103360	6051033600	851
yde2003	qdwydyygy	851
depgfbj	198771	851
lixianggood	zhang6878	851
maxiaogang54	10012254	851
mo409843409	mo01080325	851
angy805487999	hye870826	851
nanquan5hao	1224tl	851
maloveqing	19841225	851
amiaoamiaoamiao	8322306	851
chenchao1991	chenchao	851
xiaolei5375	19850126	851
nikkihayashi	shuai0829	851
xuzhiguo2008	19780127	851
pengzeqing	5305240	851
kingleejun	52scguf	851
zhaofaia	zaofaia	851
mimiyuan1985	mimiyuan1985	851
qioujianhua	8349960	851
yuyi261564680	20020102	851
leeonjohnson	leeonjohnson0	851
linsisi	linsisi	851
chenxiaochi89	78910847	851
songtao520139	songtao123	851
chentao789123	4062681	851
yonghongcom	801002	851
wangscorpio	wang86	851
xulichen0318	19850318xu	851
yanhaili1981	3895337	851
cxgui988	ws680csd	851
zhushengquan1	83145741	851
love2561828	125906188	851
molly1987121	2602130004	851
zcjiangfeng	19791229	851
hezhixian001	850916	851
libo1221love	19901221	851
realraul520	19840329	851
maplesailer	49915001	852
zww236728783	6746256	852
jinchong0905	1989104	852
lz13593839313	lyy20050308	852
chenjiexxxx	j780114	852
sunny3366866	19840314	852
yhlinjun	276951439	852
zhengwei8762	zhengwei8762	852
mikelanyang	yanyu631	852
leveexie	8216508	852
huangfeiguo	3310702	852
dongxuwang12	6624720120	852
liwei1987929	1987929	852
jiaweiwei168	13994930189	852
chenzhong0399	chenzj1017	852
xiaoyu13222	xiaoyu	852
rainyinthesky	520zouwang	852
lishouxiangjs	13285195068	852
fei245379384	413083668	852
zhengliang115	7229572	852
felixwjz	283861591	852
simonwilliams	1234567	852
guhaiyan0316	8198303168	852
xiaoxigua1485	woxiangni1	852
wangxin00320	1431225260	852
ygzhzhh	Y076950	852
danshen1ren	8441080	852
luowenfu	luowenfu	852
qxcruise	3715730	852
zhengfeng928	800928	852
yuxiaoqing1001	yxq841001	852
arthurkingcn	840721	852
superpandacc	cc19871020cc	852
feifei890123	19890123	852
shoot1985117	1985117	852
czy9088	ly16677	852
manaoking	271458	852
chenfly1991	20710080420	852
wyfu0986	wyfu1979	852
avaliotshow	show342526	852
chn0592	5518838	852
fengxiaochong	xiaoxiao	852
emzylzc	10725019	852
chenhouqian	123456	852
amekoyuzi666	86319262	852
guomin65	650402	852
shelleyzhou831	459580367	853
myskyfoot	19860603	853
lixiuxian666	461226	853
longlinxinshen	yanleixin0608	853
shuaihong617	137566	853
wendy806	7721041	853
xiexfeng	2322322	853
wenshunshizi	wenshunabao	853
paopaopao007	1985412	853
mengsihun	6678280	853
hui648573047	13358733181	853
w366311969	80542022	853
wujingjing888	1986510	853
zijinhui	19901113	853
ovomyself	ovomyself	853
lsc8577	467262836	853
tingbotongzhi	5640220	853
liushui7235036	7235036	853
woai76467778	76467778	853
xyjsk007	wodipeidao	853
luweihua12345	1987092121	853
liu2692500	2692500	853
luweihua12345	1987092121	853
boxining	63957255	853
fangqijun520	1989716000	854
goodchenting	3513346	854
scorpiuscurry	811030	854
kisslandi	19850227	854
a496042074	456852	854
huanglili812	1985812	854
valentino0086	3338434313	854
wujingxiaomei	1236987	854
linxin198899	198899123	854
piaoxueqingren	19831021	854
changcheng2008c	574871	854
ablat379	379520	854
mali107877128	88523455	854
da13081658755	800718	854
meinv526	123456789	854
xiaoweixiaoweix	785646663	854
zhuangjiawei18	2553524000	854
blackworms	yangzhao	854
zhaoyakun333	zhao198990	854
wj0266155	842643	854
fangjiasi	5763856	855
gaofei137	gaofei	855
gan82784586	gan0202	855
yqw7654321	3820511	855
xiaoyaochengzhan	kiki2002885	855
kongxiangfengling	12597758	855
wanshendaxia	xiebin520	855
xiu8177887	8177887	855
guokai139	308417801	855
guozhaojun2008	19820618	855
wushugang	shywsg	855
qm810627	810627	855
zhaoyuqing1986	525733	855
wxmwxm941	1212121	856
rex901226	19901226	856
tidus1982	ls820714	856
rongjiarui	wolf7cat	856
mumuyuki	356217521	856
sunjian372391309	372391309	856
shandianzhouchao	3334575	856
yu2305750	13838840309	856
zhang5612	1221112221	856
wangdapeng0126	19850126	856
jayking777	56131680	856
lixinnong	13814079555	856
zhang449268828	19870902	856
lihaibo627	54522299	856
weizhiheng	13948080906	856
hj48603658	huangjie	857
jianxin287	331359	857
xiaolukelly	828128	857
jackzengyx	jack1981	857
foreverlovebobo	716728	857
z169660529	861105	857
heroxuqiang	jianxiaoxu	857
simafeilong	sanbing	857
dongmengcr	jinxianzhu	858
simafeilong	sanbing	858
liujun0407	liujun123.	858
simafeilong	sanbing	858
yuanding23202	gxhgxj1314	859
zyz251590543	zyz523147	859
a645720190	13715583341	859

撞库的用户登陆测试也是说登陆成功，但是之后没反应了就，难道是操作有问题？

感觉不应该是操作问题，直接去主站登陆发现账号都是主站通用的，主站登陆证明：

修复方案：

加上验证码啊

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：7

确认时间：2015-09-25 11:49

厂商回复：

感谢对酷我的支持

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0142770

漏洞标题：酷我某位置设计不当可撞库大量用户（账号主站通用）

相关厂商：酷我音乐

漏洞作者：路人甲

提交时间：2015-09-23 23:05

修复时间：2015-11-09 11:50

公开时间：2015-11-09 11:50

漏洞类型：设计缺陷/逻辑错误

危害等级：低

自评Rank：3

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0142770

漏洞标题：酷我某位置设计不当可撞库大量用户（账号主站通用）

相关厂商：酷我音乐

漏洞作者： 路人甲

提交时间：2015-09-23 23:05

修复时间：2015-11-09 11:50

公开时间：2015-11-09 11:50

漏洞类型：设计缺陷/逻辑错误

危害等级：低

自评Rank：3

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0142770"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云