漏洞概要
关注数(24 )
关注此漏洞
漏洞标题:安居客某系统可爆破
提交时间:2015-05-18 10:08
修复时间:2015-07-02 10:34
公开时间:2015-07-02 10:34
漏洞类型:设计缺陷/逻辑错误
危害等级:高
自评Rank:12
漏洞状态:厂商已经确认
Tags标签:
无
漏洞详情 披露状态:
2015-05-18: 细节已通知厂商并且等待厂商处理中 2015-05-18: 厂商已经确认,细节仅向厂商公开 2015-05-28: 细节向核心白帽子及相关领域专家公开 2015-06-07: 细节向普通白帽子公开 2015-06-17: 细节向实习白帽子公开 2015-07-02: 细节向公众公开
简要描述: 安居客某系统可爆破
详细说明: 其实相当于主站登录接口可爆破了= = 中国网络经纪人平台登录 http://my.anjuke.com/login POST http://my.anjuke.com/usercenter/login DATA loginpost=1&formhash=&sid=anjukemy&url=******&systemtime=1431703368&frombroker=1&act=login&username=******&password=123456&history= 没有验证和限制,拿一部分user测试出几百个弱口令(123456)
请审核帮忙把code区mask一下,多谢!
zhouyuanyuan jiangwencong wanggaoxiang chenmingyang wangshangyou zhangxueyuan liufengjuan wanglongjun zhangpengfei chenrongwei wanghaining huangsiyuan zhangzhiyong jiangyuanyuan liuxinliang chenxiuying jiangxuejiao zhoujinlong linjianbin zhaozhihui guyingying zhanghaiyan wanqingyun changxiang chunchunli zhangxianli wangwenjia zhanghuijun zhouxiangyu wangyuying zhangjianguo liqingfang lizhuqing liuyunlong wangliuhui lihuadong zhangxinye zhangwei1 zhouyaqin wangguilin xuxiaojing zhangweimin zhuxiaofei anitading vikizhong yangxiaoli koudeming quanzhong zhaoguowei liuyuanyuan fanweiguo zhangailing chennannan wangguirong lixiaohong tuhaiyan yangming1 zhanglei2 kailazhao zhoucheng liyuanyuan liuzhenyu jessiejia wentaolu jerrycai liqiuhong lizhigang zhuanghui lichunhui wangyumei chenqiang wanglijuan wangdandan huangshi liuweiwei zhangxiao linqiong gongguan tangyang zhangsan zhangrq zhangchao hujialing wangzheng geshijie zhouquan huichen suhuiliu rockywu madandan ronglei lianmeng huangwb li_gang weiyuan zhoushuo yuanzhen wangpeng zhangling zhanghao hongkong test12345 dlcheng chenghao chenyao dongjing jiangwei lijunmei qinxuan wangchao wangnan zhoujing gaojian lijunli chenhf chengq zhuqiang hongbh tiankun shiyong zhuanyi zhangjl zhangts chenlan lihaijun fuzheng tanjing lilyhao yancywu huiwang zhoujian zhangkai fangyan huangxh huangyl shaohm wangjue songty yangby zhangcf baofeng appledu wangfang wanglili ivanhe test1234 tianmiao zyzhang wcheng dengli luocong wanglu wenyun yaojia chenpu fapiao hanyt liuchq shenhe wangtf xiekun zhujin ziliao lmfang yangfei guosha maojh majing qiluo weilin suyong shiqu dinglei li_wei fanglu huangying chenym yangliu chenfei chenhui wanghx yangxue caopei lcheng daiwen shiwei xunan wangfei yutian liting liuyj xuxw wangli gaoyang zhuyun baiyu nangua sunwei leader all1 liuyg liujun wangyan cuikai hujun macl liukun xurui liuxin wangxy liujie yangch atc hejin silina malin nali zhxw baidu cailei mayy zshy liyu humin felix ddc liuj wulu xulei lilin sunbo hr1 liudy sale liuna pli cheng lwy itil wangbo xxm jzz dan zhang hls libo cjf dev wym zxh zjs ghd zhb wyt zqd cai hyf aec lihua cxy aixi bxy xj kj blog bi mj ty jr cc test love
漏洞证明: 修复方案: 版权声明:转载请注明来源 鸟云厂商 @乌云
漏洞回应 厂商回应: 危害等级:高
漏洞Rank:15
确认时间:2015-05-18 10:33
厂商回复: 感谢对安居客的支持!
最新状态: 暂无