雷柏邮件系统账户体系控制不严影响内部信息

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0212559

漏洞标题：雷柏邮件系统账户体系控制不严影响内部信息

漏洞作者： mango

提交时间：2016-05-25 07:15

修复时间：2016-07-10 16:10

公开时间：2016-07-10 16:10

漏洞类型：账户体系控制不严

危害等级：高

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-05-25：细节已通知厂商并且等待厂商处理中
2016-05-26：厂商已经确认，细节仅向厂商公开
2016-06-05：细节向核心白帽子及相关领域专家公开
2016-06-15：细节向普通白帽子公开
2016-06-25：细节向实习白帽子公开
2016-07-10：细节向公众公开

简要描述：

~~ 邮件都是一些设计啥的~~~

详细说明：

通过网上收集邮箱然后对这些邮箱进行爆破
根据雷柏的域名进行密码组合,尝试爆破一个出来,然后导出所有邮件进行爆破

[+] Login successful: yaobo@rapoo.com rapoo123
        [+] Mail: 267 emails
        [+] Size: 188932750 bytes
[+] Login successful: zhouwei@rapoo.com rapoo123
        [+] Mail: 134 emails
        [+] Size: 85127698 bytes
[+] Login successful: mobile@rapoo.com rapoo123
        [+] Mail: 37 emails
        [+] Size: 29750767 bytes
[+] Login successful: wangping@rapoo.com rapoo123
        [+] Mail: 733 emails
        [+] Size: 600423755 bytes
[+] Login successful: zs1@rapoo.com rapoo123
        [+] Mail: 511 emails
        [+] Size: 498727641 bytes
[+] Login successful: zsd@rapoo.com rapoo123
        [+] Mail: 488 emails
        [+] Size: 397979424 bytes
[+] Login successful: softwareau@rapoo.com Rapoo@123
        [+] Mail: 48 emails
        [+] Size: 40378205 bytes
[+] Login successful: zoujungang@rapoo.com Rapoo@123
        [+] Mail: 350 emails
        [+] Size: 222363758 bytes
[+] Login successful: yuting@rapoo.com rapoo123
        [+] Mail: 289 emails
        [+] Size: 70203236 bytes
[+] Login successful: hezhi@rapoo.com rapoo123
        [+] Mail: 794 emails
        [+] Size: 588196424 bytes
[+] Login successful: wlz3@rapoo.com rapoo123
        [+] Mail: 246 emails
        [+] Size: 98432705 bytes
		
		
		[+] Login successful: xieyangyang@rapoo.com Rapoo@123
        [+] Mail: 10 emails
        [+] Size: 7055830 bytes
[+] Login successful: yangyisong@rapoo.com Rapoo@123
        [+] Mail: 76 emails
        [+] Size: 29935852 bytes
[+] Login successful: xuyiming@rapoo.com Rapoo@123
        [+] Mail: 79 emails
        [+] Size: 29948721 bytes
[+] Login successful: wangwuwei@rapoo.com Rapoo@123
        [+] Mail: 81 emails
        [+] Size: 41464504 bytes
[+] Login successful: wangliangliang@rapoo.com Rapoo@123
        [+] Mail: 35 emails
        [+] Size: 29725610 bytes
[+] Login successful: quchumin@rapoo.com Rapoo@123
        [+] Mail: 41 emails
        [+] Size: 29787410 bytes
		
		
		
		[+] Login successful: hepuyan@rapoo.com Rapoo@123
        [+] Mail: 1 emails
        [+] Size: 127383 bytes
[+] Login successful: legal@rapoo.com Rapoo@123
        [+] Mail: 19 emails
        [+] Size: 6147858 bytes
[+] Login successful: chengming@rapoo.com Rapoo@123
        [+] Mail: 143 emails
        [+] Size: 128301349 bytes
[+] Login successful: chenquwen@rapoo.com Rapoo@123
        [+] Mail: 118 emails
        [+] Size: 36754090 bytes
[+] Login successful: fanmengjing@rapoo.com Rapoo@123
        [+] Mail: 136 emails
        [+] Size: 52402746 bytes
[+] Login successful: fengjiaying@rapoo.com Rapoo@123
        [+] Mail: 139 emails
        [+] Size: 48261209 bytes
[+] Login successful: huangxiaoqing@rapoo.com Rapoo@123
        [+] Mail: 98 emails
        [+] Size: 80172004 bytes
[+] Login successful: luoqin@rapoo.com Rapoo@123
        [+] Mail: 48 emails
        [+] Size: 26130977 bytes
[+] Login successful: rapoo-yjx@rapoo.com Rapoo@123
        [+] Mail: 2 emails
        [+] Size: 308201 bytes
[+] Login successful: zhaopin01@rapoo.com Rapoo@123
        [+] Mail: 431 emails
        [+] Size: 47494163 bytes
[+] Login successful: zhaopin02@rapoo.com Rapoo@123
        [+] Mail: 2847 emails
        [+] Size: 305287243 bytes
[+] Login successful: zhaopin03@rapoo.com Rapoo@123
        [+] Mail: 3799 emails
        [+] Size: 448304777 bytes
[+] Login successful: zhaopin04@rapoo.com Rapoo@123
        [+] Mail: 8 emails
        [+] Size: 73553 bytes
[+] Login successful: zhaopincb@rapoo.com Rapoo@123
        [+] Mail: 3480 emails
        [+] Size: 444559522 bytes
[+] Login successful: guoxianghai@rapoo.com Rapoo@123
        [+] Mail: 166 emails
        [+] Size: 106076368 bytes
[+] Login successful: wangguofeng@rapoo.com Rapoo@123
        [+] Mail: 75 emails
        [+] Size: 10975553 bytes
[+] Login successful: yeming@rapoo.com Rapoo@123
        [+] Mail: 168 emails
        [+] Size: 91670797 bytes
[+] Login successful: zuozhiqing@rapoo.com Rapoo@123
        [+] Mail: 178 emails
        [+] Size: 276582108 bytes
[+] Login successful: gongmin@rapoo.com Rapoo@123
        [+] Mail: 83 emails
        [+] Size: 37495616 bytes
[+] Login successful: egagoa@rapoo.com Rapoo@123
        [+] Mail: 10 emails
        [+] Size: 10086133 bytes
[+] Login successful: gergana@rapoo.com Rapoo@123
        [+] Mail: 78 emails
        [+] Size: 41104322 bytes
[+] Login successful: i.klindworth@rapoo.com Rapoo@123
        [+] Mail: 0 emails
        [+] Size: 0 bytes
[+] Login successful: invoice-eu@rapoo.com Rapoo@123
        [+] Mail: 0 emails
        [+] Size: 0 bytes
[+] Login successful: ireneliu@rapoo.com Rapoo@123
        [+] Mail: 16 emails
        [+] Size: 15748064 bytes
[+] Login successful: lilywang@rapoo.com Rapoo@123
        [+] Mail: 2 emails
        [+] Size: 517091 bytes
[+] Login successful: alok.a@rapoo.com Rapoo@123
        [+] Mail: 56 emails
        [+] Size: 8758004 bytes
[+] Login successful: alvin@rapoo.com Rapoo@123
        [+] Mail: 118 emails
        [+] Size: 58547854 bytes
[+] Login successful: balendu.dubey@rapoo.com Rapoo@123
        [+] Mail: 66 emails
        [+] Size: 24597138 bytes
[+] Login successful: neeraj.beri@rapoo.com Rapoo@123
        [+] Mail: 24 emails
        [+] Size: 553430 bytes
[+] Login successful: shailesh@rapoo.com Rapoo@123
        [+] Mail: 79 emails
        [+] Size: 17130587 bytes
[+] Login successful: support.india@rapoo.com Rapoo@123
        [+] Mail: 195 emails
        [+] Size: 31462193 bytes
[+] Login successful: swarup@rapoo.com Rapoo@123
        [+] Mail: 33 emails
        [+] Size: 5110062 bytes
[+] Login successful: vimal@rapoo.com Rapoo@123
        [+] Mail: 52 emails
        [+] Size: 3466688 bytes
[+] Login successful: vinson.liu@rapoo.com Rapoo@123
        [+] Mail: 245 emails
        [+] Size: 92743829 bytes
[+] Login successful: feishou@rapoo.com Rapoo@123
        [+] Mail: 120 emails
        [+] Size: 46735304 bytes
[+] Login successful: cgtb@rapoo.com Rapoo@123
        [+] Mail: 17 emails
        [+] Size: 1227174 bytes
[+] Login successful: diana.du@rapoo.com Rapoo@123
        [+] Mail: 1379 emails
        [+] Size: 620621364 bytes

漏洞证明：

$DSQ[{99CZC_){@@1V)JZQ7T.png$

修复方案：

加强密码设置~

版权声明：转载请注明来源 mango@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：10

确认时间：2016-05-26 16:07

厂商回复：

谢谢提交

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0212559

漏洞标题：雷柏邮件系统账户体系控制不严影响内部信息

相关厂商：rapoo.cn

漏洞作者： mango

提交时间：2016-05-25 07:15

修复时间：2016-07-10 16:10

公开时间：2016-07-10 16:10

漏洞类型：账户体系控制不严

危害等级：高

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 mango@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0212559

漏洞标题：雷柏邮件系统账户体系控制不严影响内部信息

相关厂商：rapoo.cn

漏洞作者： mango

提交时间：2016-05-25 07:15

修复时间：2016-07-10 16:10

公开时间：2016-07-10 16:10

漏洞类型：账户体系控制不严

危害等级：高

自评Rank：10

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0212559"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 mango@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：