当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0124485

漏洞标题:久游网某问题可导致大量用户名密码泄漏

相关厂商:久游网

漏洞作者: 紫霞仙子

提交时间:2015-07-04 14:07

修复时间:2015-08-22 14:40

公开时间:2015-08-22 14:40

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-04: 细节已通知厂商并且等待厂商处理中
2015-07-08: 厂商已经确认,细节仅向厂商公开
2015-07-18: 细节向核心白帽子及相关领域专家公开
2015-07-28: 细节向普通白帽子公开
2015-08-07: 细节向实习白帽子公开
2015-08-22: 细节向公众公开

简要描述:

233

详细说明:

fj.9you.com
$ping fj.9you.com
PING fj.9you.net (120.197.83.153) 56(84) bytes of data.
64 bytes from 120.197.83.153: icmp_seq=1 ttl=50 time=31.1 ms
64 bytes from 120.197.83.153: icmp_seq=2 ttl=50 time=31.0 ms
64 bytes from 120.197.83.153: icmp_seq=3 ttl=50 time=31.1 ms

漏洞证明:

Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 521
... received message: type = 22, ver = 0302, length = 203
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
.@....SC[...r....+..H...9..w.3....f.....".!.9.8...5.....3.2.....E.D...../...A...I.....4.2...#.Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)..Content-Length: 59..Host: passport.9you.com.O=...d.LG..i3Zq.....988607; PHPSESSID=c708128d7d2b4d6a28de53ddddf552ee....*..M...T.,B'.3..=1435988607; PHPSESSID=c708128d7d2b4d6a28de53ddddf552ee....>?].^G....I...%.08128d7d2b4d6a28de53ddddf552ee?.b1...T.. i..d.$.f~EL...B\Eo,x..t.9you.com%252Findex.php....modify=1&username=15530042097&newpasswd=15530042097aa&renewpasswd=15530042097aa&x=35&y=18...4...V..hZ...-..g..dgn20150704&x=66&y=23du.n....BKy..+.._..F..S#)..e..PE5|..:.2...`c$.y..KQassport.9you.com%252F.....L.m....0qzK7...!.4P..`....t..6=.z/!.passport.9you.com%252F.d.t!/.m.0...3.;..TH.q....&;.v^.P...
抓取到用户名密码:
modify=1&username=15530042097&newpasswd=15530042097aa&renewpasswd=15530042097aa&x=35&y=18
登陆:


920150704135403.png


抓到的部分信息,未整理
&username=xiaodong525&area=au&areaid=1&checkcode=5AUV&x=63&y=26
Provip=1&username=15038511488&vipcode=19930926&x=44&y=11....
.resecretemail=344049766%40qq.com&x=40&y=16q&checkcode=jmyz&mobile=13727831837
-username=gening0316&oldpasswd=a003002001%21&newpasswd=a214316%3F&renewpasswd=a214316%3F&x=33&y=14
&dataType=json&checkcode=jmyz&mobile=13727831837&ssosessionid=8e1e7fa7-a91f-41d9-8b1c-52d26175d7cf....verfiystr=fc57dd29e41e5913f4649f57c941e8cb&username=xiaodong525&area=au&areaid=1&checkcode=5AUV&x=63&y=268B%BD%C7%92%E6%8B%BD&protocal=1&x=47&y=25.UmProvip=1&username=15038511488&vipcode=19930926&x=44&y=11
还有注册的信息:
appeal=2&username=dongxiao525&answer1=%E5%86%AC%E5%86%AC%E7%8E%8B%E5%85%AB%E8%9B%8B&answer2=&secureCode=&email=&idcard=&regdate=&regname=&regphone=&regemail=&oldpw1=XY7758521&oldpw2=123456789&oldpw3=XY635121-%2B&x=48&y=25
只抓了一会,发现用户注册和重置密码的时候能100%抓到详情。
数据证明就到这里。


修复方案:

~~~

版权声明:转载请注明来源 紫霞仙子@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-07-08 14:38

厂商回复:

感谢提交漏洞。

最新状态:

暂无