乐视TV某洞影响4万多用户UID/密码/等信息

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0140731

漏洞标题：乐视TV某洞影响4万多用户UID/密码/等信息

漏洞作者：路人甲

提交时间：2015-09-13 09:23

修复时间：2015-10-29 11:48

公开时间：2015-10-29 11:48

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：18

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-09-13：细节已通知厂商并且等待厂商处理中
2015-09-14：厂商已经确认，细节仅向厂商公开
2015-09-24：细节向核心白帽子及相关领域专家公开
2015-10-04：细节向普通白帽子公开
2015-10-14：细节向实习白帽子公开
2015-10-29：细节向公众公开

简要描述：

一直想买台乐视TV送给爸妈。

详细说明：

安全无小事。
乐视某FTP未授权访问：

ftp//123.56.108.123

随便打开一个，格式如下：

# Identify: MTQzOTkwMTkxOCxYMy4yLGRpc2N1el91YyxtdWx0aXZvbCwxLHByZV8sdXRmOA==
# <?php exit();?>
# Discuz! Multi-Volume Data Dump Vol.1
# Version: Discuz! X3.2
# Time: 2015-8-18 20:45
# Type: discuz_uc
# Table Prefix: pre_
#
# Discuz! Home: http://www.discuz.com
# Please visit our website for newest infomation about Discuz!
# --------------------------------------------------------

漏洞证明：

其它不重要。重要的是.sql文件。由于sql文件过大，打开后，让加载完可以慢慢看。
其中包括各种参数（ pre_common_）的数据……，你懂，我懂，大家懂！

第三个.sql存在，member_..都说了，不要着急，加载完了，细看了你就懂得

随便复制一段：

INSERT INTO pre_common_member_status VALUES ('20',0x31302e3135342e32382e3737,0x3137352e31322e3137352e3637,'59715','1439858873','1439857890','1438785450','0','0','0','0','0','0','84');
INSERT INTO pre_common_member_status VALUES ('22',0x31302e3135342e32382e3737,0x3131322e33382e3138372e3936,'26552','1439806728','1439806728','1438742827','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('24',0x31302e3135342e32382e3737,0x3138322e3230322e3131332e3436,'60413','1439813122','1439813122','1439191312','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('27',0x31302e3135342e32382e3737,0x31302e3135342e32382e3736,'56951','1437309393','1437293343','1437263837','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('28',0x31302e3135342e32382e3737,0x3232302e3137372e3130302e313036,'55658','1439798051','1439791999','1436527456','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('30',0x31302e3135342e32382e3737,0x3131322e3130312e3131322e313538,'29047','1439349377','1439348491','1438747696','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('32',0x31302e3135342e32382e3737,0x31302e3135342e32382e3736,'5837','1438432220','1438432220','1436787190','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('34',0x31302e3135342e32382e3737,0x31302e3135342e32382e3736,'11653','1438472043','1438472043','1436849506','0','0','0','0','0','0','84');
INSERT INTO pre_common_member_status VALUES ('37',0x31302e3135342e32382e3737,0x3131392e39392e3138352e313435,'55705','1439796615','1439796615','1439302429','0','0','0','0','0','0','57');
INSERT INTO pre_common_member_status VALUES ('39',0x31302e3135342e32382e3737,0x31302e3135342e32382e3736,'9200','1439522166','1439522166','1438743522','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('40',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'18336','1438344714','1438344672','1434548888','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('42',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'54511','1436969925','1436969925','0','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('43',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'56732','1434430437','1434428596','0','0','0','0','0','0','0','100');
INSERT INTO pre_common_member_status VALUES ('46',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'39975','1437926066','1437926066','1435551805','0','0','0','0','0','0','73');
INSERT INTO pre_common_member_status VALUES ('49',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'36826','1437718848','1437718848','1435924570','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('52',0x31302e3135342e32382e3737,0x33362e34352e322e313030,'25459','1438912562','1438912562','1438743421','0','0','0','0','0','0','94');
INSERT INTO pre_common_member_status VALUES ('55',0x31302e3135342e32382e3737,0x3137352e3136372e3134342e313738,'64554','1439803192','1439803192','1438749106','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('56',0x31302e3135342e32382e3737,0x3231392e3133372e3137382e323032,'52712','1439796923','1439796923','1439797347','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('57',0x31302e3135342e32382e3737,0x31302e3135342e32382e3736,'16542','1439304600','1439304600','1438747087','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('59',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'58451','1439301504','1439301504','1438743423','0','0','0','0','0','0','84');
INSERT INTO pre_common_member_status VALUES ('60',0x31302e3135342e32382e3737,0x3132332e3132362e33332e323533,'1914','1439792938','1439791949','1439020336','0','0','0','0','0','0','73');
INSERT INTO pre_common_member_status VALUES ('63',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'0','1434425493','1434425493','1434425954','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('66',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'59495','1434594305','1434594305','1434426869','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('67',0x31302e3135342e32382e3737,0x3232332e3130342e312e313235,'14297','1439304054','1439304054','1438747128','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('68',0x31302e3135342e32382e3737,0x36312e3133352e3136392e3837,'37510','1439792234','1439792234','1435239032','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('69',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'0','1434443917','1434443917','0','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('70',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'0','1434444832','1434444832','0','0','0','0','0','0','0','0');
INSERT INTO pre_common_member_status VALUES ('73',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'28673','1437210525','1437202613','1437048810','0','0','0','0','0','0','78');
INSERT INTO pre_common_member_status VALUES ('74',0x31302e3135342e32382e3737,0x3137352e32352e3138392e313430,'27107','1438913041','1438913041','1438913141','0','0','0','0','0','0','94');
INSERT INTO pre_common_member_status VALUES ('76',0x31302e3135342e32382e3737,0x31302e3135342e32382e3737,'0','1434448128','1434448128','0','0','0','0','0','0','0','0');

修复方案：

我是来找礼物的！

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：低

漏洞Rank：3

确认时间：2015-09-14 11:46

厂商回复：

感谢提交，论坛用户数据与公司内部无任何关联，属于员工自建的测试站点。9.19乐迷节，乐视商城折扣惊人。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0140731

漏洞标题：乐视TV某洞影响4万多用户UID/密码/等信息

相关厂商：乐视网

漏洞作者：路人甲

提交时间：2015-09-13 09:23

修复时间：2015-10-29 11:48

公开时间：2015-10-29 11:48

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：18

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0140731

漏洞标题：乐视TV某洞影响4万多用户UID/密码/等信息

相关厂商：乐视网

漏洞作者： 路人甲

提交时间：2015-09-13 09:23

修复时间：2015-10-29 11:48

公开时间：2015-10-29 11:48

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：18

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0140731"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云