当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0197242

漏洞标题:wifi安全之易速可操控2502343位用户(SQL注入/爆破/越权/明文密码模拟攻击)

相关厂商:南京英佰迪思电子科技有限公司

漏洞作者: 小龙

提交时间:2016-04-18 12:30

修复时间:2016-06-06 11:40

公开时间:2016-06-06 11:40

漏洞类型:XSS 跨站脚本攻击

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-04-18: 细节已通知厂商并且等待厂商处理中
2016-04-22: 厂商已经确认,细节仅向厂商公开
2016-05-02: 细节向核心白帽子及相关领域专家公开
2016-05-12: 细节向普通白帽子公开
2016-05-22: 细节向实习白帽子公开
2016-06-06: 细节向公众公开

简要描述:

英佰迪思专注于WIFI、3G、4G等无线通信领域。并与Qualcomm、MTK、Broadcom、Realtek、Mavell、Leacore 等多家无线网络芯片组厂商紧密合作,自主研发设计面向消费电子及行业应用的高新技术及产品。
消费电子以便携式3G/4G无线路由器(MIFI)、WiFi移动电源、WiFi音箱等产品为主,以“简约、高效、时尚、健康”为品牌理念,立足于用户体验,致力于移动互联网终端最佳伴侣的打造。
行业应用以3G/4G工业智能传输终端、3G/4G模块、WiFi模块、CPE、WiFi摄像头等产品为主,其中面向中国移动开发TD-SCDMA及TD-LTE产品均通过工信部及中移动研究院入网入库测试,是中移动TD FI和LTE FI的主要设备厂商。
英佰迪思3G工业智能传输终端被广泛应用于传媒、金融、交通、城建等多个领域,是人民日报、浦发银行、南京公安、南京城建等客户3G数据传输模块主要设备厂商之一。
英佰迪思拥有产品定位、外观设计、结构设计、硬件设计、软件设计等多个技术团队。团队成员均来自华为、中兴、甲骨文、夏新、海尔等知名企业,核心成员拥有十年以上技术管理经验,后备力量多为南京各高校青年才俊,公司技术实力雄厚,核心团队稳定,并为技术过渡和人才储备搭建了良好平台。

详细说明:

用户.jpg


xinwei	302	false	false	227
weiwei	302	false	false	227
shenjian	302	false	false	227
wangyu	302	false	false	227
zhangyong	302	false	false	227
zhaowei	302	false	false	227


1.jpg


2.jpg


改id可查看别人的东西

3.jpg


会员信息

3.jpg


我随便找个登录吧

4.jpg


[00:05:53] [INFO] retrieved: "heryjorjer","18438222262"
[00:05:53] [INFO] retrieved: "jinjinjin","18744226363"
[00:05:53] [INFO] retrieved: "001314","18129002221"
[00:05:53] [INFO] retrieved: "6526516","18999307222"
[00:05:53] [INFO] retrieved: "a809960251","13159947272"
[00:05:53] [INFO] retrieved: "123456789","13851554213"
[00:05:53] [INFO] retrieved: "123457","15143234123"
[00:05:53] [INFO] retrieved: "123456789","13851786984"
[00:05:53] [INFO] retrieved: "hnxkgood130808","15261922933"
[00:05:54] [INFO] retrieved: "laogong123","15510564753"
[00:05:54] [INFO] retrieved: "890925","13089181237"
[00:05:54] [INFO] retrieved: "zxawx1314","13147765557"
[00:05:54] [INFO] retrieved: "0319ping","15568480825"
[00:05:54] [INFO] retrieved: "ygdn831106","13364445111"
[00:05:54] [INFO] retrieved: "abc739898","15843219315"
[00:05:54] [INFO] retrieved: "13304402117","13294421999"
[00:05:54] [INFO] retrieved: "820512","15568278168"
[00:05:55] [INFO] retrieved: "820512","15568278168"
[00:05:55] [INFO] retrieved: "yan129310","18629969665"
[00:05:55] [INFO] retrieved: "zxd781026","13804421828"
[00:05:55] [INFO] retrieved: "jiajia19920317","15568392299"
[00:05:55] [INFO] retrieved: "jqb0319","13162761231"
[00:05:55] [INFO] retrieved: "751112211","13944275111"
[00:05:55] [INFO] retrieved: "656550","15543213201"
[00:05:55] [INFO] retrieved: "sunyan","15044295333"
[00:05:55] [INFO] retrieved: "52357970","18686552895"
[00:05:56] [INFO] retrieved: "th19911003","15981160765"
[00:05:56] [INFO] retrieved: "th19911003","15981160765"
[00:05:56] [INFO] retrieved: "th19911003","15981160765"
[00:05:56] [INFO] retrieved: "j041226","13694328815"
[00:05:56] [INFO] retrieved: "yulun1015","13039155992"
[00:05:56] [INFO] retrieved: "105353","15948673207"
[00:05:56] [INFO] retrieved: "112233","15144209988"
[00:06:15] [INFO] retrieved: "ksf521","13331727678"
[00:06:15] [INFO] retrieved: "go750750","13844632828"
[00:06:15] [INFO] retrieved: "123456","15568243337"
[00:06:15] [INFO] retrieved: "665789","15043255789"
[00:06:16] [INFO] retrieved: "891111xz","13944205180"
[00:06:16] [INFO] retrieved: "991108","15568457797"
[00:06:16] [INFO] retrieved: "lx805470","13704405415"
[00:06:16] [INFO] retrieved: "liang521","15688907192"
[00:06:16] [INFO] retrieved: "721113","13843208123"
[00:06:16] [INFO] retrieved: "asd3039504","13089156530"
[00:06:16] [INFO] retrieved: "15981188823","15981188823"
[00:06:16] [INFO] retrieved: "wstclt911","13404666638"
[00:06:16] [INFO] retrieved: "840625","15043283345"
[00:06:16] [INFO] retrieved: "chaos828","18709244111"
[00:06:17] [INFO] retrieved: "13804424444","13804424444"
[00:06:17] [INFO] retrieved: "yayun320971","13614326111"
[00:06:17] [INFO] retrieved: "123456789","13844228729"
[00:06:17] [INFO] retrieved: "15944249055","13321506317"
[00:06:17] [INFO] retrieved: "wojiaosongmingyu","13278213091"
[00:06:17] [INFO] retrieved: "dh2316","13904447114"
[00:06:17] [INFO] retrieved: "623828","15096008028"
[00:06:17] [INFO] retrieved: "liudazhi","13294497999"
[00:06:17] [INFO] retrieved: "yili217890","13596239622"
[00:06:17] [INFO] retrieved: "wc325641","18260329111"
[00:06:17] [INFO] retrieved: "888999","15312998902"
[00:06:17] [INFO] retrieved: "ngs0507","13956569965"
[00:06:17] [INFO] retrieved: "662660","13955342660"
[00:06:17] [INFO] retrieved: "620804","13355532344"
[00:06:18] [INFO] retrieved: "wkl880309","18356596123"
[00:06:18] [INFO] retrieved: "66155333W","15543257444"
[00:06:18] [INFO] retrieved: "123456","15921715993"
[00:06:18] [INFO] retrieved: "15044208278","15044208278"
[00:06:18] [INFO] retrieved: "dsq812570707","18715332026"
[00:06:18] [INFO] retrieved: "199204","15655319750"
[00:06:18] [INFO] retrieved: "840428","13716376499"
模拟攻击
————————————————————————————————————————


[00:06:17] [INFO] retrieved: "yayun320971","13614326111"
密码是yayun320971
可以登录当当网

5.jpg


[00:06:18] [INFO] retrieved: "wkl880309","18356596123"
密码 wk1880309
百合

百合.jpg


当当

当当.jpg


优酷

优酷.jpg


收货地址等好多地方都可越权

漏洞证明:

11

修复方案:

111

版权声明:转载请注明来源 小龙@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-04-22 11:39

厂商回复:

CNVD未直接复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。

最新状态:

暂无