当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116893

漏洞标题:搜狐汽车某后台1508个弱口令(可任意修改线上汽车价格)

相关厂商:搜狐

漏洞作者: px1624

提交时间:2015-05-29 11:21

修复时间:2015-07-15 00:12

公开时间:2015-07-15 00:12

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-29: 细节已通知厂商并且等待厂商处理中
2015-05-31: 厂商已经确认,细节仅向厂商公开
2015-06-10: 细节向核心白帽子及相关领域专家公开
2015-06-20: 细节向普通白帽子公开
2015-06-30: 细节向实习白帽子公开
2015-07-15: 细节向公众公开

简要描述:

感觉这个问题属于大公司诟病了!之前遇到的案例也很多,这里详细分析下这种问题。
简单的检测下,竟然检测出了搜狐这个后台1508个弱口令,而且各个都是权限和功能都很高!

详细说明:

1 这是搜狐汽车的很随意的一个页面:http://dealer.auto.sohu.com/bat69210/index.html

1.jpg


2 通过右上角的商家登录入口,找到了商家后台:http://dealer.auto.sohu.com/ ,登录没有页面验证码!
通过测试和分析,发现商家后台有很多帐号的用户名是以 bat+数字编号 构成的

2.jpg


3 然后先对url http://dealer.auto.sohu.com/bat69210/index.html 中的数字编号位置进行遍历,收集到了大量的登录帐号。
由于后台登录是没有验证码的,所以可以对后台进行爆破,以大量的帐号和固定的密码去爆破!
4 成功的爆破出了大量的弱口令,这里随便找一个证明下危害!
帐号和密码:bat78601 123456a
可以看到后台权限和功能很大!

3.jpg


5 可以随意修改商家信息,修改客服电话号码,查看并修改销售的信息!

4.jpg


5.jpg


6.jpg


7.jpg


6 可以任意发布和修改文章。

8.jpg


9.jpg


7 最牛逼的是可以直接修改线上的车价啊!

10.jpg


设想下,随便把一个100W的车给修改成10W,那影响得有多大!何况还有1508个帐号的后台呢。。。

漏洞证明:

1508个弱口令
以下7个帐号密码均为123456a 

bat78601 
bat75545
bat83803
bat75509
bat78988
bat85324
bat76213


以下2个帐号密码均为a123456

bat78246
bat74519


以下1499个帐号密码均为123456

bat91998
bat91966
bat93229
bat92025
bat91202
bat91977
bat92008
bat93834
bat92021
bat91187
bat91170
bat91180
bat92816
bat91995
bat92006
bat92846
bat75930
bat92018
bat91176
bat92007
bat91165
bat91205
bat92003
bat92971
bat91992
bat91188
bat92024
bat91996
bat91997
bat92010
bat96590
bat69563
bat91182
bat91991
bat91164
bat91172
bat96540
bat92005
bat92009
bat70179
bat91194
bat91993
bat91153
bat91976
bat75446
bat92023
bat91181
bat91197
bat96541
bat70939
bat90185
bat91185
bat93832
bat91179
bat92012
bat92013
bat91191
bat92017
bat91190
bat91175
bat91198
bat76111
bat91167
bat91183
bat91178
bat91189
bat96324
bat93188
bat76857
bat91965
bat91184
bat91990
bat91192
bat72811
bat91980
bat91171
bat91168
bat70812
bat71837
bat91193
bat91177
bat92020
bat91166
bat92488
bat92016
bat92815
bat91200
bat75624
bat91201
bat91203
bat91195
bat91989
bat92019
bat92001
bat93655
bat92022
bat92004
bat76061
bat91738
bat79719
bat77559
bat77514
bat89057
bat76361
bat77537
bat75328
bat91687
bat77601
bat75733
bat77513
bat83061
bat77655
bat77603
bat77560
bat77590
bat78992
bat77498
bat79680
bat91701
bat96322
bat77495
bat75262
bat78444
bat75049
bat89059
bat91744
bat91678
bat92424
bat85153
bat91316
bat78264
bat91718
bat92411
bat73349
bat72525
bat73362
bat93232
bat73377
bat73358
bat92500
bat77421
bat73379
bat73400
bat73403
bat73240
bat75871
bat77591
bat73367
bat75467
bat75362
bat80778
bat78363
bat75661
bat73386
bat77433
bat91169
bat70341
bat86944
bat91741
bat75219
bat73378
bat91688
bat75409
bat91791
bat92412
bat83058
bat89061
bat75865
bat77617
bat70504
bat75050
bat76115
bat91685
bat77313
bat91699
bat73397
bat80953
bat80926
bat80666
bat76169
bat78480
bat77517
bat73182
bat73184
bat75042
bat91986
bat73146
bat78377
bat78824
bat91698
bat79289
bat77604
bat77579
bat76051
bat75168
bat91679
bat80960
bat73301
bat73194
bat92422
bat79607
bat73089
bat79723
bat77489
bat70511
bat75402
bat73235
bat91740
bat70496
bat73186
bat73128
bat70507
bat77507
bat92938
bat73123
bat76057
bat80972
bat80159
bat77303
bat76231
bat78911
bat73085
bat80196
bat76154
bat83037
bat78082
bat75642
bat90207
bat70100
bat70731
bat78443
bat75868
bat79513
bat73660
bat75430
bat73383
bat77510
bat79734
bat77535
bat77470
bat75827
bat91186
bat79278
bat80790
bat92419
bat80673
bat94150
bat80675
bat75595
bat73180
bat70807
bat80636
bat73737
bat80796
bat80954
bat76282
bat76138
bat76358
bat78898
bat70821
bat91204
bat73476
bat76431
bat76079
bat73470
bat82639
bat73443
bat78090
bat78990
bat78985
bat76016
bat94363
bat80671
bat78383
bat73303
bat79288
bat92425
bat78105
bat79690
bat76195
bat78416
bat94354
bat77553
bat76310
bat70193
bat76044
bat93060
bat73164
bat87270
bat73203
bat94451
bat91726
bat79732
bat80917
bat80996
bat77445
bat78901
bat75014
bat69864
bat89554
bat78873
bat69879
bat79281
bat78104
bat85798
bat72348
bat78382
bat75769
bat80668
bat72377
bat77438
bat80995
bat80964
bat72374
bat78384
bat72367
bat91677
bat76126
bat72358
bat72380
bat92415
bat75434
bat77544
bat92426
bat72424
bat77518
bat78757
bat72511
bat78088
bat75556
bat72533
bat80074
bat72567
bat75354
bat93835
bat75779
bat80157
bat76034
bat89046
bat76387
bat75872
bat80077
bat76441
bat89261
bat94008
bat75596
bat89548
bat92420
bat80387
bat79106
bat75655
bat75076
bat75568
bat79505
bat91704
bat77534
bat78427
bat77545
bat79165
bat78750
bat80920
bat73222
bat90731
bat79585
bat80792
bat76086
bat70226
bat91745
bat77582
bat70467
bat69819
bat93144
bat79693
bat76403
bat69730
bat77423
bat74007
bat80929
bat77538
bat72939
bat72390
bat70444
bat70353
bat70460
bat70324
bat70347
bat89052
bat91683
bat71162
bat75806
bat80437
bat70279
bat78381
bat89555
bat70313
bat69769
bat75406
bat73649
bat70217
bat70247
bat80163
bat69720
bat75770
bat76050
bat82226
bat69717
bat70218
bat75855
bat77522
bat70271
bat70160
bat72340
bat78432
bat91674
bat77527
bat80967
bat70367
bat70422
bat71796
bat69744
bat70425
bat79609
bat77385
bat77581
bat73590
bat71862
bat80934
bat80669
bat70373
bat71729
bat70406
bat73596
bat70298
bat80646
bat76227
bat70377
bat79685
bat80386
bat70401
bat70402
bat79688
bat71814
bat73661
bat80921
bat70400
bat70372
bat73677
bat91682
bat78976
bat77539
bat80785
bat77446
bat76247
bat80648
bat92441
bat71755
bat79722
bat73549
bat78100
bat70405
bat78431
bat75032
bat69770
bat72231
bat72234
bat80756
bat77497
bat72226
bat78878
bat77502
bat89045
bat77496
bat93292
bat78419
bat78755
bat78862
bat79164
bat78069
bat69355
bat78103
bat81023
bat79160
bat96542
bat78414
bat80672
bat79287
bat92300
bat92423
bat89055
bat78894
bat69785
bat77515
bat77894
bat78407
bat70161
bat70394
bat79587
bat75639
bat71842
bat79285
bat80643
bat77504
bat78472
bat80767
bat89064
bat71402
bat75565
bat80955
bat78385
bat79511
bat78360
bat69361
bat78418
bat78479
bat73498
bat77659
bat79694
bat80659
bat77349
bat77437
bat83048
bat77576
bat91730
bat91708
bat78089
bat80956
bat92440
bat92421
bat70364
bat77492
bat70260
bat78412
bat78910
bat80916
bat72262
bat91686
bat71686
bat89299
bat76486
bat78913
bat73665
bat77586
bat91675
bat70099
bat77610
bat72031
bat77351
bat73647
bat72837
bat72829
bat70110
bat80638
bat79166
bat71977
bat76292
bat79730
bat71986
bat72281
bat79738
bat89546
bat78420
bat78912
bat72029
bat80961
bat72025
bat79283
bat71984
bat72274
bat72304
bat77320
bat78871
bat77516
bat77361
bat75232
bat71983
bat72006
bat72009
bat72027
bat78423
bat77546
bat78760
bat72023
bat72297
bat93238
bat71989
bat72014
bat73747
bat89050
bat72857
bat77551
bat72744
bat89058
bat72761
bat72271
bat78861
bat70055
bat74640
bat72292
bat72026
bat69322
bat71434
bat72306
bat84402
bat72544
bat69315
bat71781
bat78446
bat70361
bat75742
bat72855
bat72816
bat72241
bat77388
bat78822
bat77441
bat78426
bat72033
bat78043
bat86669
bat79159
bat78095
bat69262
bat80781
bat69268
bat91715
bat78476
bat69261
bat91174
bat78422
bat78425
bat80066
bat78448
bat92416
bat77573
bat70672
bat69317
bat77352
bat69328
bat69302
bat78863
bat72767
bat71122
bat77609
bat76092
bat69238
bat69260
bat75566
bat79735
bat79691
bat78429
bat75265
bat77622
bat69314
bat79274
bat79021
bat75129
bat78909
bat73274
bat79727
bat80155
bat77353
bat82884
bat91729
bat79600
bat91747
bat71034
bat89949
bat77663
bat77343
bat76306
bat89551
bat70251
bat75515
bat78758
bat77606
bat80922
bat70992
bat78359
bat70986
bat92433
bat71012
bat71069
bat71288
bat71201
bat77574
bat70910
bat71005
bat71196
bat71324
bat80797
bat70918
bat78408
bat70997
bat76402
bat80384
bat91690
bat69488
bat70874
bat78410
bat71172
bat78907
bat70877
bat81003
bat78099
bat70922
bat71007
bat71106
bat71146
bat77605
bat73086
bat79736
bat71296
bat89060
bat69576
bat71089
bat76382
bat79499
bat78084
bat91743
bat79501
bat71140
bat71361
bat77363
bat71347
bat75685
bat78077
bat72179
bat77491
bat79606
bat69461
bat69489
bat78424
bat71092
bat71110
bat71291
bat71285
bat71322
bat72197
bat69514
bat70908
bat71085
bat79689
bat73414
bat71170
bat80933
bat69486
bat69639
bat78442
bat73277
bat75948
bat76411
bat78373
bat77630
bat77302
bat77615
bat69574
bat71212
bat73291
bat71255
bat77652
bat71382
bat71224
bat77575
bat69516
bat71610
bat80932
bat72084
bat69609
bat69625
bat77860
bat71174
bat80937
bat71430
bat75323
bat71677
bat79584
bat71364
bat71377
bat71679
bat78984
bat92436
bat72669
bat77624
bat69403
bat72528
bat71061
bat78101
bat71393
bat76041
bat91705
bat69536
bat72182
bat77490
bat92417
bat73176
bat69458
bat69624
bat79292
bat80766
bat78361
bat74252
bat93432
bat77905
bat71395
bat71454
bat72219
bat71114
bat71403
bat91691
bat84863
bat69564
bat71670
bat72989
bat70949
bat72701
bat69386
bat69565
bat77344
bat71481
bat69532
bat78368
bat69534
bat69643
bat76194
bat72211
bat71709
bat77526
bat71711
bat69544
bat71381
bat80927
bat69481
bat69581
bat71647
bat70112
bat71517
bat71620
bat71713
bat70873
bat78996
bat72641
bat70063
bat69466
bat75629
bat78473
bat78759
bat71658
bat75436
bat69535
bat69501
bat77599
bat78471
bat71535
bat91737
bat84250
bat70946
bat75755
bat89056
bat89065
bat69600
bat91697
bat75671
bat78371
bat72883
bat71552
bat77543
bat78091
bat91714
bat82920
bat71424
bat72974
bat77613
bat73654
bat80156
bat75700
bat76397
bat77384
bat77616
bat78914
bat72642
bat91713
bat77440
bat69621
bat72628
bat69623
bat72922
bat72956
bat84258
bat80383
bat77600
bat72889
bat71058
bat91717
bat71570
bat72949
bat73007
bat78367
bat71327
bat79599
bat89048
bat73002
bat77555
bat70206
bat71538
bat73022
bat69463
bat72904
bat77359
bat91707
bat71099
bat72461
bat72951
bat72100
bat71799
bat79582
bat73010
bat72934
bat75659
bat91689
bat72063
bat69449
bat78904
bat72059
bat72069
bat75464
bat91736
bat79608
bat92413
bat78364
bat72055
bat91684
bat80639
bat72060
bat80798
bat72917
bat72152
bat75722
bat80759
bat79718
bat71735
bat71456
bat72098
bat72108
bat80764
bat72040
bat72076
bat71891
bat77664
bat72127
bat71901
bat80999
bat77691
bat72050
bat78436
bat70799
bat70265
bat72067
bat72094
bat72070
bat80777
bat78919
bat72147
bat71859
bat77508
bat72121
bat92414
bat72263
bat71867
bat91727
bat78086
bat90696
bat77585
bat77065
bat75079
bat71931
bat72053
bat71176
bat71839
bat79613
bat72018
bat71757
bat86668
bat69817
bat73239
bat79595
bat78915
bat80385
bat78087
bat78897
bat89053
bat75008
bat72997
bat78908
bat80930
bat77583
bat78470
bat91722
bat79883
bat77447
bat69958
bat91694
bat78494
bat69868
bat75543
bat69970
bat69862
bat78378
bat70040
bat71602
bat71894
bat69931
bat70009
bat72080
bat77614
bat70322
bat91720
bat89054
bat78386
bat78440
bat72161
bat90733
bat89550
bat80779
bat72734
bat89062
bat71013
bat92430
bat69941
bat90704
bat75687
bat75544
bat77556
bat69967
bat96017
bat76113
bat70878
bat77509
bat75518
bat77356
bat79167
bat70003
bat72960
bat76000
bat77542
bat70448
bat70052
bat69991
bat72863
bat72933
bat77418
bat79277
bat70909
bat91716
bat69459
bat78449
bat70470
bat78493
bat69630
bat77422
bat87038
bat69718
bat80067
bat70596
bat70560
bat70699
bat70545
bat72905
bat77618
bat70696
bat70744
bat70575
bat70703
bat93458
bat78370
bat70801
bat70960
bat70752
bat91735
bat70671
bat69266
bat70612
bat70745
bat70567
bat70624
bat70750
bat72293
bat70759
bat79720
bat70738
bat72901
bat69499
bat75228
bat70625
bat70670
bat70803
bat70604
bat70761
bat71571
bat70697
bat79586
bat75602
bat79504
bat70693
bat70544
bat70618
bat75403
bat77661
bat80650
bat70611
bat80918
bat92439
bat71881
bat75638
bat89547
bat70776
bat70615
bat77519
bat70904
bat71892
bat70659
bat78093
bat71328
bat75951
bat76172
bat91672
bat70658
bat79284
bat76030
bat69977
bat72140
bat72772
bat72587
bat70584
bat92688
bat75533
bat72024
bat86287
bat71959
bat72032
bat92662
bat75150
bat71851
bat71208
bat81002
bat70685
bat77525
bat80210
bat70461
bat79692
bat79681
bat72429
bat72778
bat80768
bat80382
bat72854
bat77658
bat78870
bat70665
bat79506
bat93346
bat78379
bat76145
bat73284
bat77305
bat71444
bat70015
bat78880
bat79494
bat73198
bat77611
bat78415
bat72807
bat71156
bat75114
bat75573
bat78900
bat91746
bat75594
bat91723
bat91695
bat71756
bat78980
bat71705
bat73650
bat75936
bat72832
bat77304
bat77648
bat78751
bat72858
bat71088
bat71157
bat80200
bat77444
bat80076
bat78486
bat79497
bat72963
bat80780
bat70190
bat77434
bat77626
bat92923
bat69988
bat91692
bat72130
bat91706
bat91921
bat71760
bat73015
bat80670
bat80379
bat72915
bat77656
bat77629
bat75030
bat71622
bat79591
bat92437
bat71138
bat71976
bat80765
bat78040
bat80160
bat89969
bat92432
bat77524
bat79163
bat84240
bat79158
bat91680
bat69809
bat76383
bat76406
bat75830
bat69491
bat91733
bat75728
bat70674
bat72501
bat77091
bat89999
bat80162
bat90865
bat79594
bat77340
bat94309
bat78989
bat69997
bat77354
bat78409
bat77389
bat76421
bat73641
bat78488
bat77358
bat71889
bat78892
bat94252
bat70423
bat72727
bat75601
bat90725
bat72827
bat69504
bat86731
bat79593
bat78044
bat76035
bat84105
bat75984
bat79509
bat91681
bat78439
bat78752
bat69292
bat91676
bat70617
bat75938
bat79686
bat86331
bat78441
bat78083
bat70278
bat72841
bat78072
bat71008
bat78753
bat77548
bat79293
bat71621
bat79512
bat69483
bat78037
bat71119
bat71200
bat73162
bat78490
bat87052
bat77612
bat71736
bat79733
bat77806
bat80645
bat72285
bat71452
bat71414
bat69343
bat77347
bat71704
bat78864
bat80661
bat75582
bat94207
bat78977
bat73804
bat89051
bat75906
bat70108
bat72833
bat91944
bat70074
bat72860
bat77580
bat78474
bat80655
bat69467
bat69597
bat77623
bat80789
bat70998
bat82283
bat70345
bat78075
bat69848
bat75654
bat80667
bat84479
bat90493
bat90727
bat79614
bat89553
bat78823
bat79592
bat80793
bat82361
bat79598
bat75128
bat69492
bat69963
bat78074
bat71464
bat77632
bat71930
bat72755
bat80958
bat96574
bat78428
bat71090
bat69666
bat73671
bat77533
bat80970
bat70047
bat70669
bat75252
bat91411
bat77295
bat70629
bat69925
bat73994
bat88467
bat77393
bat82494
bat75326
bat73191
bat79602
bat71910
bat75749
bat78376
bat70028
bat71070
bat93702
bat70913
bat84762
bat70608
bat69976
bat76234
bat70645
bat80204
bat89465
bat79276
bat90739
bat72085
bat70250
bat71526
bat71808
bat70711
bat78754
bat69998
bat70597
bat70673
bat69380
bat70626
bat69246
bat71482
bat91936
bat79157
bat92505
bat91725
bat72813
bat70502
bat88126
bat77528
bat78435
bat80635
bat70022
bat72758
bat71368
bat77552
bat79508
bat78482
bat79514
bat70923
bat70344
bat71703
bat70351
bat78872
bat75297
bat70229
bat76225
bat69213
bat93651
bat69430
bat78484
bat78109
bat72748
bat69273
bat91734
bat80377
bat75535
bat76352
bat69465
bat70330
bat80663
bat79583
bat77627
bat76332
bat80762
bat69619
bat77383
bat79286
bat90204
bat70030
bat87139
bat75167
bat79495
bat76545
bat76191
bat71136
bat77863
bat72942
bat80656
bat75588
bat76420
bat77620
bat76563
bat80208
bat79503
bat73812
bat78825
bat84883
bat77342
bat78902
bat69982
bat73030
bat84492
bat69524
bat70542
bat71266
bat90724
bat86631
bat70485
bat76179
bat91673
bat94406
bat89269
bat77494
bat71401
bat69334
bat78070
bat71010
bat94356
bat76155
bat73659
bat78038
bat93594
bat82860
bat75318

修复方案:

1 修改那堆弱口令帐号的密码
2 登录位置添加页面验证码
3 这种商家后台最好加个手机二次验证,或者放到vpn里吧
4 从结果分析,123456应该是这个后台的初始默认的密码,大量的弱口令高权限帐号,若被不法分子利用,造成的影响和资金损失,真心无法估计啊!

版权声明:转载请注明来源 px1624@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-05-31 00:11

厂商回复:

感谢支持。

最新状态:

暂无