当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0148959

漏洞标题:金山词霸一接口设计缺陷可撞库网站用户

相关厂商:金山词霸

漏洞作者: 路人甲

提交时间:2015-10-23 18:22

修复时间:2015-12-07 19:10

公开时间:2015-12-07 19:10

漏洞类型:设计缺陷/逻辑错误

危害等级:低

自评Rank:3

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-23: 细节已通知厂商并且等待厂商处理中
2015-10-23: 厂商已经确认,细节仅向厂商公开
2015-11-02: 细节向核心白帽子及相关领域专家公开
2015-11-12: 细节向普通白帽子公开
2015-11-22: 细节向实习白帽子公开
2015-12-07: 细节向公众公开

简要描述:

金山词霸一接口设计缺陷可撞库网站用户

详细说明:

http://my.iciba.com/此处接口无验证码无登录限制的,用户名密码均明文传输的可撞库网站用户

1.png


成功帐号证明:

kiruru8@qq.com	6626890	919
6796482@qq.com 851516 919
49013@qq.com 21110011 919
5730191@qq.com 690907 919
hgc1027@qq.com 8180178 919
wyg1258@qq.com w5722u 919
xielu456@qq.com byswdh741 920
23157655@qq.com 771107 920
27541925@qq.com 27541925 920
222800@qq.com fyj8515 920
52227741@qq.com xkwyzq 920
45674387@qq.com xiaodong 920
76297759@qq.com 9800337 920
45447491@qq.com yuan369 920
321321@qq.com 321321 920
403813748@qq.com 65357515 921
174481364@qq.com 16894322 921
304823296@qq.com 880815mark 921
352111272@qq.com 13961739871 921
343245774@qq.com 323445774 921
412209813@qq.com wuxinhen 921
690004424@qq.com 830316 921
343245774@qq.com 323445774 921
372515840@qq.com 326818 921
971482056@qq.com 19901001 921
505700859@qq.com 420433007 921
463623508@qq.com 30303030 921
314851954@qq.com liu9079 921
380076693@qq.com xiangyu66 921
973267924@qq.com 6866515 921
775355898@qq.com 123456 921
184601201@qq.com 19881211 921
278011364@qq.com 520870 921
5878008@qq.com 520775 921
691484678@qq.com 991122 921
361465484@qq.com 232112 921
330148606@qq.com qweasdzxc 921
671525206@qq.com 138765 921
451073534@qq.com 175836 921
806794133@qq.com xyy7777 921
478601181@qq.com 1988919 921
511165844@qq.com gdmc123456 921
562557364@qq.com 4131025 921
251433191@qq.com 19898230 921
514053908@qq.com yeah2008 921
1490580@qq.com nishizhu 921
510299218@qq.com pp124578 921
327431237@qq.com 19920107 921
407278789@qq.com 19941228 921
289012703@qq.com 36350160 921
419301603@qq.com 2663232 921
289012703@qq.com 36350160 921
845774050@qq.com zq06171211 921
502631332@qq.com 213465a 921
451073534@qq.com 175836 921
534349737@qq.com 95679697 921
1490580@qq.com nishizhu 921
767305537@qq.com 5718248 921
407165005@qq.com 3018731 921
108170682@qq.com jian26019 921
43324696@qq.com bx190000 922
49246672@qq.com 1314520 922
49246672@qq.com 1314520 922
sunjie29@qq.com believeME 922
36658432@qq.com 13643845575 922
99252152@qq.com prgyriu 922
36234538@qq.com 36234538 922
libern@vip.qq.com lin999 922
122777138@qq.com 19850904cs 923
716099362@qq.com 1988316 923
261977966@qq.com 8897163 923
360305593@qq.com 300134919 923
306128599@qq.com qq195510 923
630561992@qq.com 135246 923
247511816@qq.com 3360390 923
xiangfang@qq.com 5136098118 923
296463270@qq.com 19880314 923
182478840@qq.com 5574097 923
961368681@qq.com lw90514 923
251529882@qq.com 8956741 923
130920717@qq.com 920717 923
403023651@qq.com qq1234567 923
354953231@qq.com 513420 923
lumenatte@qq.com 32943524 923
251218123@qq.com cuckoo 923
601328921@qq.com 511022365 923
452424934@qq.com jh19921105 923
506640939@qq.com 1991118x 923
396624287@qq.com 13709394 923
391002627@qq.com yangyang10 923
453608213@qq.com 1987123 923
568845219@qq.com 6524913 923
491304668@qq.com 49880775 923
854700350@qq.com 31415926535 923
454717600@qq.com 123cc.com 923
343942234@qq.com 7758521 923
603102762@qq.com zhangyang 923
284205547@qq.com 641209 923
253890971@qq.com 3935017 923
534844590@qq.com alyssa880302 923
653809930@qq.com 545322253 923
397000859@qq.com 68739210 923
sxs_0@qq.com 19921121 923
523113289@qq.com 19920810 923
100598520@qq.com weiwei 923
597575162@qq.com 123456 923
287118254@qq.com wwdk584520 923
270642315@qq.com zhao1234 923
653069073@qq.com 5582756 923
395014951@qq.com wa1992618 923
575810735@qq.com jhk123qwe 923
170156420@qq.com tlb7885605 923
460850518@qq.com 6878999 923
156026999@qq.com 19891113 923
568239650@qq.com 8779433221 923
310757458@qq.com 19891080 923
271849787@qq.com 123456 923


登录帐号证明:

2.png


3.png

漏洞证明:

2.png


3.png

修复方案:

验证码

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-10-23 19:09

厂商回复:

感谢提交,我们将反馈给业务进行修复

最新状态:

暂无