当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0212559

漏洞标题:雷柏邮件系统账户体系控制不严影响内部信息

相关厂商:rapoo.cn

漏洞作者: mango

提交时间:2016-05-25 07:15

修复时间:2016-07-10 16:10

公开时间:2016-07-10 16:10

漏洞类型:账户体系控制不严

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-05-25: 细节已通知厂商并且等待厂商处理中
2016-05-26: 厂商已经确认,细节仅向厂商公开
2016-06-05: 细节向核心白帽子及相关领域专家公开
2016-06-15: 细节向普通白帽子公开
2016-06-25: 细节向实习白帽子公开
2016-07-10: 细节向公众公开

简要描述:

~~ 邮件都是一些设计啥的~~~

详细说明:

通过网上收集邮箱然后对这些邮箱进行爆破
根据雷柏的域名进行密码组合,尝试爆破一个出来,然后导出所有邮件进行爆破

[+] Login successful: yaobo@rapoo.com rapoo123
        [+] Mail: 267 emails
        [+] Size: 188932750 bytes
[+] Login successful: zhouwei@rapoo.com rapoo123
        [+] Mail: 134 emails
        [+] Size: 85127698 bytes
[+] Login successful: mobile@rapoo.com rapoo123
        [+] Mail: 37 emails
        [+] Size: 29750767 bytes
[+] Login successful: wangping@rapoo.com rapoo123
        [+] Mail: 733 emails
        [+] Size: 600423755 bytes
[+] Login successful: zs1@rapoo.com rapoo123
        [+] Mail: 511 emails
        [+] Size: 498727641 bytes
[+] Login successful: zsd@rapoo.com rapoo123
        [+] Mail: 488 emails
        [+] Size: 397979424 bytes
[+] Login successful: softwareau@rapoo.com Rapoo@123
        [+] Mail: 48 emails
        [+] Size: 40378205 bytes
[+] Login successful: zoujungang@rapoo.com Rapoo@123
        [+] Mail: 350 emails
        [+] Size: 222363758 bytes
[+] Login successful: yuting@rapoo.com rapoo123
        [+] Mail: 289 emails
        [+] Size: 70203236 bytes
[+] Login successful: hezhi@rapoo.com rapoo123
        [+] Mail: 794 emails
        [+] Size: 588196424 bytes
[+] Login successful: wlz3@rapoo.com rapoo123
        [+] Mail: 246 emails
        [+] Size: 98432705 bytes
		
		
		[+] Login successful: xieyangyang@rapoo.com Rapoo@123
        [+] Mail: 10 emails
        [+] Size: 7055830 bytes
[+] Login successful: yangyisong@rapoo.com Rapoo@123
        [+] Mail: 76 emails
        [+] Size: 29935852 bytes
[+] Login successful: xuyiming@rapoo.com Rapoo@123
        [+] Mail: 79 emails
        [+] Size: 29948721 bytes
[+] Login successful: wangwuwei@rapoo.com Rapoo@123
        [+] Mail: 81 emails
        [+] Size: 41464504 bytes
[+] Login successful: wangliangliang@rapoo.com Rapoo@123
        [+] Mail: 35 emails
        [+] Size: 29725610 bytes
[+] Login successful: quchumin@rapoo.com Rapoo@123
        [+] Mail: 41 emails
        [+] Size: 29787410 bytes
		
		
		
		[+] Login successful: hepuyan@rapoo.com Rapoo@123
        [+] Mail: 1 emails
        [+] Size: 127383 bytes
[+] Login successful: legal@rapoo.com Rapoo@123
        [+] Mail: 19 emails
        [+] Size: 6147858 bytes
[+] Login successful: chengming@rapoo.com Rapoo@123
        [+] Mail: 143 emails
        [+] Size: 128301349 bytes
[+] Login successful: chenquwen@rapoo.com Rapoo@123
        [+] Mail: 118 emails
        [+] Size: 36754090 bytes
[+] Login successful: fanmengjing@rapoo.com Rapoo@123
        [+] Mail: 136 emails
        [+] Size: 52402746 bytes
[+] Login successful: fengjiaying@rapoo.com Rapoo@123
        [+] Mail: 139 emails
        [+] Size: 48261209 bytes
[+] Login successful: huangxiaoqing@rapoo.com Rapoo@123
        [+] Mail: 98 emails
        [+] Size: 80172004 bytes
[+] Login successful: luoqin@rapoo.com Rapoo@123
        [+] Mail: 48 emails
        [+] Size: 26130977 bytes
[+] Login successful: rapoo-yjx@rapoo.com Rapoo@123
        [+] Mail: 2 emails
        [+] Size: 308201 bytes
[+] Login successful: zhaopin01@rapoo.com Rapoo@123
        [+] Mail: 431 emails
        [+] Size: 47494163 bytes
[+] Login successful: zhaopin02@rapoo.com Rapoo@123
        [+] Mail: 2847 emails
        [+] Size: 305287243 bytes
[+] Login successful: zhaopin03@rapoo.com Rapoo@123
        [+] Mail: 3799 emails
        [+] Size: 448304777 bytes
[+] Login successful: zhaopin04@rapoo.com Rapoo@123
        [+] Mail: 8 emails
        [+] Size: 73553 bytes
[+] Login successful: zhaopincb@rapoo.com Rapoo@123
        [+] Mail: 3480 emails
        [+] Size: 444559522 bytes
[+] Login successful: guoxianghai@rapoo.com Rapoo@123
        [+] Mail: 166 emails
        [+] Size: 106076368 bytes
[+] Login successful: wangguofeng@rapoo.com Rapoo@123
        [+] Mail: 75 emails
        [+] Size: 10975553 bytes
[+] Login successful: yeming@rapoo.com Rapoo@123
        [+] Mail: 168 emails
        [+] Size: 91670797 bytes
[+] Login successful: zuozhiqing@rapoo.com Rapoo@123
        [+] Mail: 178 emails
        [+] Size: 276582108 bytes
[+] Login successful: gongmin@rapoo.com Rapoo@123
        [+] Mail: 83 emails
        [+] Size: 37495616 bytes
[+] Login successful: egagoa@rapoo.com Rapoo@123
        [+] Mail: 10 emails
        [+] Size: 10086133 bytes
[+] Login successful: gergana@rapoo.com Rapoo@123
        [+] Mail: 78 emails
        [+] Size: 41104322 bytes
[+] Login successful: i.klindworth@rapoo.com Rapoo@123
        [+] Mail: 0 emails
        [+] Size: 0 bytes
[+] Login successful: invoice-eu@rapoo.com Rapoo@123
        [+] Mail: 0 emails
        [+] Size: 0 bytes
[+] Login successful: ireneliu@rapoo.com Rapoo@123
        [+] Mail: 16 emails
        [+] Size: 15748064 bytes
[+] Login successful: lilywang@rapoo.com Rapoo@123
        [+] Mail: 2 emails
        [+] Size: 517091 bytes
[+] Login successful: alok.a@rapoo.com Rapoo@123
        [+] Mail: 56 emails
        [+] Size: 8758004 bytes
[+] Login successful: alvin@rapoo.com Rapoo@123
        [+] Mail: 118 emails
        [+] Size: 58547854 bytes
[+] Login successful: balendu.dubey@rapoo.com Rapoo@123
        [+] Mail: 66 emails
        [+] Size: 24597138 bytes
[+] Login successful: neeraj.beri@rapoo.com Rapoo@123
        [+] Mail: 24 emails
        [+] Size: 553430 bytes
[+] Login successful: shailesh@rapoo.com Rapoo@123
        [+] Mail: 79 emails
        [+] Size: 17130587 bytes
[+] Login successful: support.india@rapoo.com Rapoo@123
        [+] Mail: 195 emails
        [+] Size: 31462193 bytes
[+] Login successful: swarup@rapoo.com Rapoo@123
        [+] Mail: 33 emails
        [+] Size: 5110062 bytes
[+] Login successful: vimal@rapoo.com Rapoo@123
        [+] Mail: 52 emails
        [+] Size: 3466688 bytes
[+] Login successful: vinson.liu@rapoo.com Rapoo@123
        [+] Mail: 245 emails
        [+] Size: 92743829 bytes
[+] Login successful: feishou@rapoo.com Rapoo@123
        [+] Mail: 120 emails
        [+] Size: 46735304 bytes
[+] Login successful: cgtb@rapoo.com Rapoo@123
        [+] Mail: 17 emails
        [+] Size: 1227174 bytes
[+] Login successful: diana.du@rapoo.com Rapoo@123
        [+] Mail: 1379 emails
        [+] Size: 620621364 bytes


漏洞证明:

%X[}DN%1[)P8QZI8}U6({F0.png


~%@)~S@HYX8]I_VI%`6`6EX.png


4N_MWDP9U3N9ET_PWEIDDXJ.png


73F)`EMS2MT0Q4]}MFRZJSN.png


DSQ[{99CZC_){@@1V)JZQ7T.png


Y%1]}}%44CDSY)[RM%U([)2.png

修复方案:

加强密码设置~

版权声明:转载请注明来源 mango@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-05-26 16:07

厂商回复:

谢谢提交

最新状态:

暂无

漏洞评价:

评价

  1. 2016-05-25 08:33 | px1624 ( 普通白帽子 | Rank:1173 漏洞数:208 | px1624)

    一个个都来混键盘...

  2. 2016-05-25 09:11 | mango ( 核心白帽子 | Rank:2185 漏洞数:312 | 解决问题的第一步,是要承认问题的存在。)

    @px1624 2333333 谁让你们秀键盘

  3. 2016-05-25 09:33 | 黑色键盘丶 ( 普通白帽子 | Rank:2479 漏洞数:526 | 哥,是孤独风中的一匹狼)

    这下大表哥也整好几个键盘 啦啦啦嘟嘟嘟

  4. 2016-05-25 09:36 | 小龙 ( 普通白帽子 | Rank:2802 漏洞数:550 | 我就问,还有谁!!!!!!!!!!!!!...)

    我拉来的厂商每次都快被你们刷爆了……

  5. 2016-05-25 10:32 | JiuShao ( 普通白帽子 | Rank:509 漏洞数:110 | ╮(╯▽╰)╭锄禾日当午)

    为什么我没收到键盘,可怜

  6. 2016-05-25 11:13 | scanf ( 核心白帽子 | Rank:1768 漏洞数:245 | 。)

    等会我试试看能不能混个键盘

  7. 2016-05-25 13:17 | M4sk ( 普通白帽子 | Rank:1218 漏洞数:323 | 啥都不会....)

    等会我试试看能不能混个键盘

  8. 2016-07-10 16:20 | 欧尼酱 ( 路人 | Rank:17 漏洞数:9 | 陨星网络安全团队)

    等会我试试看能不能混个键盘