当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0164225

漏洞标题:19楼某重要服务可账号爆破(已登百余内部员工账号)

相关厂商:十九楼

漏洞作者: 子墨

提交时间:2015-12-24 15:11

修复时间:2016-02-06 10:45

公开时间:2016-02-06 10:45

漏洞类型:后台弱口令

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-24: 细节已通知厂商并且等待厂商处理中
2015-12-24: 厂商已经确认,细节仅向厂商公开
2016-01-03: 细节向核心白帽子及相关领域专家公开
2016-01-13: 细节向普通白帽子公开
2016-01-23: 细节向实习白帽子公开
2016-02-06: 细节向公众公开

简要描述:

19楼,我又来了

详细说明:

承接上回,这次找到一个新的分站:http://newmail.19lou.com/,果然,你们的邮箱已经换了

0.jpg


但是,你们总是为我考虑得比较周到,http://newmail.19lou.com/include/userlist.txt,所有的用户列表

1.jpg


直接操起BurpSuite,导入用户表,爆破

2.jpg


3.jpg


刷刷刷,300多个用户,十几秒就跑完了,根据返回时间长短确定是否登陆成功

4.jpg


登陆几个试试吧,如下图

5.jpg


6.jpg


7.jpg


漏洞证明:

以你们老总邮箱做证明演示吧,哈哈

8.jpg


密码为123456的(90个)

litao
lijun
yujia
lishu
xiayu
laijun
lujian
xuting
wangli
panjin
liuwei
wuting
lvqing
xuliang
daiming
wangjie
qiuyana
renying
fengxue
zhanglv
wanghui
zhujian
lvjiyong
qianping
chenjian
xujiajin
wuliping
jianghui
wangchen
dingyika
chensisi
caiyijia
yuanjing
zhangchi
wuyiting
yuliqian
bubinwei
yujiabiao
chenlufei
fanchuchu
zhaiwuyan
lucaihong
zhuyimiao
qiweiqing
xuyueling
yinliping
jiangyang
renhaojie
shaoyanli
zhuwenchao
linbanghao
wuzhongmin
zhaoyufeng
zhangrujie
chenjingya
chenpeihua
chenbinmei
wangyihong
huxiangtao
luoxuanang
xulingling
wangxingbo
mojianhong
jiangzheng
zhaopanpan
weipengwei
wanglizhen
wangyunhua
mamingkang
wangyongmei
zhangxigang
xiangxiuwei
chenmingjie
zhengbinbin
feijingjing
louxinglong
daitingting
dingjianjun
wangxiaowen
zhangyiting
wangzhaohui
yanjianguang
dengdongming
zenghongyang
jinzhouzheyu
yangguangzhao
zhangbingbing
chenglongxuan
huangjianmeng
zhaoyufeng1203


密码为19lou的(89个)

litao
lijun
yujia
lishu
xiayu
laijun
lujian
xuting
wangli
panjin
liuwei
wuting
lvqing
xuliang
daiming
wangjie
qiuyana
renying
fengxue
zhanglv
wanghui
zhujian
lvjiyong
qianping
chenjian
xujiajin
wuliping
jianghui
wangchen
dingyika
chensisi
caiyijia
yuanjing
zhangchi
wuyiting
yuliqian
bubinwei
yujiabiao
chenlufei
fanchuchu
zhaiwuyan
lucaihong
zhuyimiao
qiweiqing
xuyueling
yinliping
jiangyang
shaoyanli
zhuwenchao
linbanghao
wuzhongmin
zhaoyufeng
zhangrujie
chenjingya
chenpeihua
chenbinmei
wangyihong
huxiangtao
luoxuanang
xulingling
wangxingbo
mojianhong
jiangzheng
zhaopanpan
weipengwei
wanglizhen
wangyunhua
mamingkang
wangyongmei
zhangxigang
xiangxiuwei
chenmingjie
zhengbinbin
feijingjing
louxinglong
daitingting
dingjianjun
wangxiaowen
zhangyiting
wangzhaohui
yanjianguang
dengdongming
zenghongyang
jinzhouzheyu
yangguangzhao
zhangbingbing
chenglongxuan
huangjianmeng
zhaoyufeng1203


密码为19lou.com的(97个)

wuqi
linyu
litao
lijun
yujia
lishu
xiayu
baoli
laijun
lujian
xuting
wangli
panjin
liuwei
wuting
lvqing
xuliang
daiming
wangjie
qiuyana
renying
fengxue
zhanglv
wanghui
wuhaibo
penglin
zhujian
lvjiyong
qianping
chenjian
xujiajin
wuliping
jianghui
wangchen
dingyika
chensisi
caiyijia
yuanjing
zhangshu
zhangchi
wuyiting
yuliqian
bubinwei
tuwenjing
yujiabiao
chenlufei
shiyan662
fanchuchu
zhaiwuyan
lucaihong
zhuyimiao
qiweiqing
xuyueling
yinliping
jiangyang
shaoyanli
zhuwenchao
linbanghao
wuzhongmin
zhaoyufeng
zhangrujie
chenjingya
chenpeihua
chenbinmei
wangyihong
huxiangtao
luoxuanang
xulingling
wangxingbo
mojianhong
jiangzheng
zhaopanpan
weipengwei
wanglizhen
wangyunhua
mamingkang
wangyongmei
zhangxigang
xiangxiuwei
chenmingjie
zhengbinbin
feijingjing
louxinglong
daitingting
dingjianjun
wangxiaowen
zhangyiting
wangzhaohui
yanjianguang
dengdongming
zenghongyang
jinzhouzheyu
yangguangzhao
zhangbingbing
chenglongxuan
huangjianmeng
zhaoyufeng1203


细心的你应该会注意到,上面三个表中有很多账户是重复的,是的,我尝试过登陆,发现有些用户竟然可以多个密码登陆,百思不得其解~

修复方案:

魏总,可以给发个礼物了么?哈哈

版权声明:转载请注明来源 子墨@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-12-24 16:03

厂商回复:

谢谢子墨,居然还有个list文件,晕死。

最新状态:

暂无