漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0141035
漏洞标题:酷狗旗下某站登陆位置可撞库用户(成功账号证明)
相关厂商:酷狗
漏洞作者: 路人甲
提交时间:2015-09-14 12:16
修复时间:2015-11-02 16:26
公开时间:2015-11-02 16:26
漏洞类型:设计缺陷/逻辑错误
危害等级:低
自评Rank:3
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-09-14: 细节已通知厂商并且等待厂商处理中
2015-09-18: 厂商已经确认,细节仅向厂商公开
2015-09-28: 细节向核心白帽子及相关领域专家公开
2015-10-08: 细节向普通白帽子公开
2015-10-18: 细节向实习白帽子公开
2015-11-02: 细节向公众公开
简要描述:
酷狗旗下某站登陆位置可撞库用户(成功账号证明)
详细说明:
http://5sing.kugou.com/zc/login这个登陆接口是酷狗旗下5sing的登陆接口,登陆位置没有做出任何限制
抓包发现用户名和密码都是明文
测试后发现可以成功撞库,部分撞库成功账号证明:
3923717@qq.com nicholas 1449
469640699@qq.com shlovely1 1449
634368577@qq.com 7451920 1449
372366784@qq.com 54788245 1449
1318439@qq.com 200311 1449
865652959@qq.com wjy0418qq 1449
434971072@qq.com jay88888 1449
328680796@qq.com 5788578 1449
249631724@qq.com 8445182 1449
316909435@qq.com 2693388 1449
254953338@qq.com 2242562 1449
3135153@qq.com 111111 1449
423636614@qq.com 870306 1449
159252270@qq.com ying821130 1449
29579118@qq.com 123123 1449
306000476@qq.com duv4lang 1449
634368577@qq.com 7451920 1449
542096818@qq.com 11221122 1449
751849890@qq.com 123longcht 1449
7682354@qq.com 234452148 1449
422272302@qq.com bh19861029 1449
13074118@qq.com 558811 1449
5776083@qq.com 100283 1449
game3108@qq.com jason27 1449
554254978@qq.com 55542549789 1449
393886566@qq.com yefeng1992 1449
596279@qq.com 871222 1449
429663698@qq.com 1231516 1449
22762146@qq.com 19861006z 1449
876469599@qq.com zlpz5115 1449
251157649@qq.com irene630416 1449
nightescort@vip.qq.com dengpeng 1449
q375619702@qq.com aaaaaaa 1449
9602863@qq.com 19871025 1449
9605776@qq.com 11251107 1449
plpop1991@qq.com plpop1991 1450
153311891@qq.com 52zhangshaohan 1450
360115831@qq.com lx0034811 1450
303318531@qq.com wojiushiwo 1450
740138588@qq.com 208213 1450
1123456@qq.com 123456 1450
41497898@qq.com 8692265 1450
xierdeguangmang@vip.qq.com liangying1011 1450
410701570@qq.com james6212 1450
160542252@qq.com 87651234 1450
77402982@qq.com 77402982 1450
626793@qq.com 726913 1450
308675601@qq.com 851106 1450
GiGi666666@qq.com 666666 1450
410334985@qq.com 7113041 1450
350422660@qq.com wx8232535 1450
731446329@qq.com 123456 1450
623693404@qq.com 6782667 1450
4572903@qq.com zhang4572903 1450
271237386@qq.com 950204 1450
410809849@qq.com 123456 1450
27040139@qq.com pinosayi 1450
476696769@qq.com 5099888 1450
280359854@qq.com 123456 1450
rinkany@qq.com 112234 1450
35356349@qq.com 830323 1450
444506650@qq.com 753210321 1450
21292536@qq.com shmily 1450
rinkany@qq.com 112234 1450
187329004@qq.com a121417988 1450
2170746@qq.com welcome 1450
1002578609@qq.com hym19931130 1450
527587591@qq.com 2570279 1450
285293180@qq.com mojing816 1450
6158153@qq.com 6158153 1450
1017022160@qq.com 1989236 1451
470550007@qq.com 456852 1451
418384322@qq.com 484012 1451
332079186@qq.com 891003 1451
120538446@qq.com 7721910 1452
564582463@qq.com 1987918 1452
414167732@qq.com 1010410 1452
595766979@qq.com 62310991 1452
286247109@qq.com 321671215x 1452
252351239@qq.com ay521ty 1452
443827953@qq.com wangtianyun1 1452
362354665@qq.com jinzi763 1452
185123482@qq.com 15031777028 1452
258931550@qq.com jiekexun12 1452
497578595@qq.com 497578595 1452
61133222@qq.com 28622145 1452
396371931@qq.com 13795866525 1452
83628889@qq.com wxh19820209 1452
243017825@qq.com yjxmpzu9 1452
116788390@qq.com wodemima00oo 1452
619215523@qq.com 619215523 1452
809100441@qq.com 111111 1452
200858117@qq.com 890317 1452
373091531@qq.com myclair 1452
3752372@qq.com 123456 1452
263854319@qq.com asdasd 1452
578881553@qq.com z2186822 1452
403098489@qq.com 403098489 1452
593637739@qq.com ihqcqtye 1452
289122483@qq.com 3132195 1452
9709310@qq.com 111111 1452
215878322@qq.com wg19891029 1452
445967867@qq.com 3753442 1452
837791275@qq.com q7758521 1452
lisongeng@qq.com 350387536 1452
jy02381508@qq.com qwe123 1452
312358520@qq.com 349478121 1452
463089576@qq.com qq463089576 1452
568575032@qq.com guojiuling 1452
282046931@qq.com 7814518 1452
274893994@qq.com 784512 1452
adrian8819@qq.com xihuanni12 1452
670267307@qq.com s19890828 1452
357757657@qq.com 11990908 1452
598200859@qq.com 19870801 1452
1050068269@qq.com andylau 1452
417081995@qq.com 20386642 1452
113066574@qq.com wb2254017 1452
86989772@qq.com 2572889 1453
420000920@qq.com sibeisi 1453
417744756@qq.com 19891026 1453
8550099@qq.com lwsj8129 1453
13994819@qq.com 548946 1453
353376728@qq.com 19911214 1453
898606044@qq.com 2079075941 1453
yingcai@vip.qq.com 1987824 1453
33070661@qq.com liyu1989214 1453
363961384@qq.com bingxias 1453
7101922@qq.com 59579802 1453
495989760@qq.com 19851207 1453
314075348@qq.com youxiyuki123 1453
295761780@qq.com binbin321 1453
416688042@qq.com 37216379 1453
615050000@qq.com 123456 1453
532354728@qq.com 285002 1453
786432739@qq.com 19921025 1453
615050000@qq.com 123456 1453
151222156@qq.com 890425zc 1453
262826249@qq.com 98837308 1453
498084039@qq.com fantasy0 1453
415914303@qq.com peter1986 1453
12345465@qq.com 123456 1453
615050000@qq.com 123456 1453
1377711@qq.com Nintendo 1453
472397937@qq.com 123456 1453
289577511@qq.com czq35618284 1453
332730196@qq.com 23267714 1453
137792638@qq.com 131420 1453
574318477@qq.com 59189936 1453
973267924@qq.com 6866515 1453
454710508@qq.com 454710508 1453
365846447@qq.com 025689hh 1453
468897@qq.com 19870811 1453
登陆撞库账号证明:
漏洞证明:
http://5sing.kugou.com/zc/login这个登陆接口是酷狗旗下5sing的登陆接口,登陆位置没有做出任何限制
抓包发现用户名和密码都是明文
测试后发现可以成功撞库,部分撞库成功账号证明:
3923717@qq.com nicholas 1449
469640699@qq.com shlovely1 1449
634368577@qq.com 7451920 1449
372366784@qq.com 54788245 1449
1318439@qq.com 200311 1449
865652959@qq.com wjy0418qq 1449
434971072@qq.com jay88888 1449
328680796@qq.com 5788578 1449
249631724@qq.com 8445182 1449
316909435@qq.com 2693388 1449
254953338@qq.com 2242562 1449
3135153@qq.com 111111 1449
423636614@qq.com 870306 1449
159252270@qq.com ying821130 1449
29579118@qq.com 123123 1449
306000476@qq.com duv4lang 1449
634368577@qq.com 7451920 1449
542096818@qq.com 11221122 1449
751849890@qq.com 123longcht 1449
7682354@qq.com 234452148 1449
422272302@qq.com bh19861029 1449
13074118@qq.com 558811 1449
5776083@qq.com 100283 1449
game3108@qq.com jason27 1449
554254978@qq.com 55542549789 1449
393886566@qq.com yefeng1992 1449
596279@qq.com 871222 1449
429663698@qq.com 1231516 1449
22762146@qq.com 19861006z 1449
876469599@qq.com zlpz5115 1449
251157649@qq.com irene630416 1449
nightescort@vip.qq.com dengpeng 1449
q375619702@qq.com aaaaaaa 1449
9602863@qq.com 19871025 1449
9605776@qq.com 11251107 1449
plpop1991@qq.com plpop1991 1450
153311891@qq.com 52zhangshaohan 1450
360115831@qq.com lx0034811 1450
303318531@qq.com wojiushiwo 1450
740138588@qq.com 208213 1450
1123456@qq.com 123456 1450
41497898@qq.com 8692265 1450
xierdeguangmang@vip.qq.com liangying1011 1450
410701570@qq.com james6212 1450
160542252@qq.com 87651234 1450
77402982@qq.com 77402982 1450
626793@qq.com 726913 1450
308675601@qq.com 851106 1450
GiGi666666@qq.com 666666 1450
410334985@qq.com 7113041 1450
350422660@qq.com wx8232535 1450
731446329@qq.com 123456 1450
623693404@qq.com 6782667 1450
4572903@qq.com zhang4572903 1450
271237386@qq.com 950204 1450
410809849@qq.com 123456 1450
27040139@qq.com pinosayi 1450
476696769@qq.com 5099888 1450
280359854@qq.com 123456 1450
rinkany@qq.com 112234 1450
35356349@qq.com 830323 1450
444506650@qq.com 753210321 1450
21292536@qq.com shmily 1450
rinkany@qq.com 112234 1450
187329004@qq.com a121417988 1450
2170746@qq.com welcome 1450
1002578609@qq.com hym19931130 1450
527587591@qq.com 2570279 1450
285293180@qq.com mojing816 1450
6158153@qq.com 6158153 1450
1017022160@qq.com 1989236 1451
470550007@qq.com 456852 1451
418384322@qq.com 484012 1451
332079186@qq.com 891003 1451
120538446@qq.com 7721910 1452
564582463@qq.com 1987918 1452
414167732@qq.com 1010410 1452
595766979@qq.com 62310991 1452
286247109@qq.com 321671215x 1452
252351239@qq.com ay521ty 1452
443827953@qq.com wangtianyun1 1452
362354665@qq.com jinzi763 1452
185123482@qq.com 15031777028 1452
258931550@qq.com jiekexun12 1452
497578595@qq.com 497578595 1452
61133222@qq.com 28622145 1452
396371931@qq.com 13795866525 1452
83628889@qq.com wxh19820209 1452
243017825@qq.com yjxmpzu9 1452
116788390@qq.com wodemima00oo 1452
619215523@qq.com 619215523 1452
809100441@qq.com 111111 1452
200858117@qq.com 890317 1452
373091531@qq.com myclair 1452
3752372@qq.com 123456 1452
263854319@qq.com asdasd 1452
578881553@qq.com z2186822 1452
403098489@qq.com 403098489 1452
593637739@qq.com ihqcqtye 1452
289122483@qq.com 3132195 1452
9709310@qq.com 111111 1452
215878322@qq.com wg19891029 1452
445967867@qq.com 3753442 1452
837791275@qq.com q7758521 1452
lisongeng@qq.com 350387536 1452
jy02381508@qq.com qwe123 1452
312358520@qq.com 349478121 1452
463089576@qq.com qq463089576 1452
568575032@qq.com guojiuling 1452
282046931@qq.com 7814518 1452
274893994@qq.com 784512 1452
adrian8819@qq.com xihuanni12 1452
670267307@qq.com s19890828 1452
357757657@qq.com 11990908 1452
598200859@qq.com 19870801 1452
1050068269@qq.com andylau 1452
417081995@qq.com 20386642 1452
113066574@qq.com wb2254017 1452
86989772@qq.com 2572889 1453
420000920@qq.com sibeisi 1453
417744756@qq.com 19891026 1453
8550099@qq.com lwsj8129 1453
13994819@qq.com 548946 1453
353376728@qq.com 19911214 1453
898606044@qq.com 2079075941 1453
yingcai@vip.qq.com 1987824 1453
33070661@qq.com liyu1989214 1453
363961384@qq.com bingxias 1453
7101922@qq.com 59579802 1453
495989760@qq.com 19851207 1453
314075348@qq.com youxiyuki123 1453
295761780@qq.com binbin321 1453
416688042@qq.com 37216379 1453
615050000@qq.com 123456 1453
532354728@qq.com 285002 1453
786432739@qq.com 19921025 1453
615050000@qq.com 123456 1453
151222156@qq.com 890425zc 1453
262826249@qq.com 98837308 1453
498084039@qq.com fantasy0 1453
415914303@qq.com peter1986 1453
12345465@qq.com 123456 1453
615050000@qq.com 123456 1453
1377711@qq.com Nintendo 1453
472397937@qq.com 123456 1453
289577511@qq.com czq35618284 1453
332730196@qq.com 23267714 1453
137792638@qq.com 131420 1453
574318477@qq.com 59189936 1453
973267924@qq.com 6866515 1453
454710508@qq.com 454710508 1453
365846447@qq.com 025689hh 1453
468897@qq.com 19870811 1453
登陆撞库账号证明:
修复方案:
加上验证码
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:低
漏洞Rank:4
确认时间:2015-09-18 16:25
厂商回复:
谢谢
最新状态:
暂无