wifi安全之易速可操控2502343位用户(SQL注入/爆破/越权/明文密码模拟攻击) admin 104946文章 87评论 2017年4月18日08:07:28评论288 views字数 274阅读0分54秒阅读模式 摘要2016-04-18: 细节已通知厂商并且等待厂商处理中 2016-04-22: 厂商已经确认,细节仅向厂商公开 2016-05-02: 细节向核心白帽子及相关领域专家公开 2016-05-12: 细节向普通白帽子公开 2016-05-22: 细节向实习白帽子公开 2016-06-06: 细节向公众公开 漏洞概要 关注数(4) 关注此漏洞 缺陷编号: WooYun-2016-197242 漏洞标题: wifi安全之易速可操控2502343位用户(SQL注入/爆破/越权/明文密码模拟攻击) 相关厂商: 南京英佰迪思电子科技有限公司 漏洞作者: 小龙 提交时间: 2016-04-18 12:30 公开时间: 2016-06-06 11:40 漏洞类型: XSS 跨站脚本攻击 危害等级: 高 自评Rank: 20 漏洞状态: 已交由第三方合作机构(cncert国家互联网应急中心)处理 漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系 Tags标签: 持久型xss 存储型xss XSS 0人收藏 漏洞详情 披露状态: 2016-04-18: 细节已通知厂商并且等待厂商处理中 2016-04-22: 厂商已经确认,细节仅向厂商公开 2016-05-02: 细节向核心白帽子及相关领域专家公开 2016-05-12: 细节向普通白帽子公开 2016-05-22: 细节向实习白帽子公开 2016-06-06: 细节向公众公开 简要描述: 英佰迪思专注于WIFI、3G、4G等无线通信领域。并与Qualcomm、MTK、Broadcom、Realtek、Mavell、Leacore 等多家无线网络芯片组厂商紧密合作,自主研发设计面向消费电子及行业应用的高新技术及产品。 消费电子以便携式3G/4G无线路由器(MIFI)、WiFi移动电源、WiFi音箱等产品为主,以“简约、高效、时尚、健康”为品牌理念,立足于用户体验,致力于移动互联网终端最佳伴侣的打造。 行业应用以3G/4G工业智能传输终端、3G/4G模块、WiFi模块、CPE、WiFi摄像头等产品为主,其中面向中国移动开发TD-SCDMA及TD-LTE产品均通过工信部及中移动研究院入网入库测试,是中移动TD FI和LTE FI的主要设备厂商。 英佰迪思3G工业智能传输终端被广泛应用于传媒、金融、交通、城建等多个领域,是人民日报、浦发银行、南京公安、南京城建等客户3G数据传输模块主要设备厂商之一。 英佰迪思拥有产品定位、外观设计、结构设计、硬件设计、软件设计等多个技术团队。团队成员均来自华为、中兴、甲骨文、夏新、海尔等知名企业,核心成员拥有十年以上技术管理经验,后备力量多为南京各高校青年才俊,公司技术实力雄厚,核心团队稳定,并为技术过渡和人才储备搭建了良好平台。 详细说明: code 区域 xinwei 302 false false 227 weiwei 302 false false 227 shenjian 302 false false 227 wangyu 302 false false 227 zhangyong 302 false false 227 zhaowei 302 false false 227 改id可查看别人的东西 会员信息 我随便找个登录吧 code 区域 [00:05:53] [INFO] retrieved: "heryjorjer","18438222262" [00:05:53] [INFO] retrieved: "jinjinjin","18744226363" [00:05:53] [INFO] retrieved: "001314","18129002221" [00:05:53] [INFO] retrieved: "6526516","18999307222" [00:05:53] [INFO] retrieved: "a809960251","13159947272" [00:05:53] [INFO] retrieved: "123456789","13851554213" [00:05:53] [INFO] retrieved: "123457","15143234123" [00:05:53] [INFO] retrieved: "123456789","13851786984" [00:05:53] [INFO] retrieved: "hnxkgood130808","15261922933" [00:05:54] [INFO] retrieved: "laogong123","15510564753" [00:05:54] [INFO] retrieved: "890925","13089181237" [00:05:54] [INFO] retrieved: "zxawx1314","13147765557" [00:05:54] [INFO] retrieved: "0319ping","15568480825" [00:05:54] [INFO] retrieved: "ygdn831106","13364445111" [00:05:54] [INFO] retrieved: "abc739898","15843219315" [00:05:54] [INFO] retrieved: "13304402117","13294421999" [00:05:54] [INFO] retrieved: "820512","15568278168" [00:05:55] [INFO] retrieved: "820512","15568278168" [00:05:55] [INFO] retrieved: "yan129310","18629969665" [00:05:55] [INFO] retrieved: "zxd781026","13804421828" [00:05:55] [INFO] retrieved: "jiajia19920317","15568392299" [00:05:55] [INFO] retrieved: "jqb0319","13162761231" [00:05:55] [INFO] retrieved: "751112211","13944275111" [00:05:55] [INFO] retrieved: "656550","15543213201" [00:05:55] [INFO] retrieved: "sunyan","15044295333" [00:05:55] [INFO] retrieved: "52357970","18686552895" [00:05:56] [INFO] retrieved: "th19911003","15981160765" [00:05:56] [INFO] retrieved: "th19911003","15981160765" [00:05:56] [INFO] retrieved: "th19911003","15981160765" [00:05:56] [INFO] retrieved: "j041226","13694328815" [00:05:56] [INFO] retrieved: "yulun1015","13039155992" [00:05:56] [INFO] retrieved: "105353","15948673207" [00:05:56] [INFO] retrieved: "112233","15144209988" [00:06:15] [INFO] retrieved: "ksf521","13331727678" [00:06:15] [INFO] retrieved: "go750750","13844632828" [00:06:15] [INFO] retrieved: "123456","15568243337" [00:06:15] [INFO] retrieved: "665789","15043255789" [00:06:16] [INFO] retrieved: "891111xz","13944205180" [00:06:16] [INFO] retrieved: "991108","15568457797" [00:06:16] [INFO] retrieved: "lx805470","13704405415" [00:06:16] [INFO] retrieved: "liang521","15688907192" [00:06:16] [INFO] retrieved: "721113","13843208123" [00:06:16] [INFO] retrieved: "asd3039504","13089156530" [00:06:16] [INFO] retrieved: "15981188823","15981188823" [00:06:16] [INFO] retrieved: "wstclt911","13404666638" [00:06:16] [INFO] retrieved: "840625","15043283345" [00:06:16] [INFO] retrieved: "chaos828","18709244111" [00:06:17] [INFO] retrieved: "13804424444","13804424444" [00:06:17] [INFO] retrieved: "yayun320971","13614326111" [00:06:17] [INFO] retrieved: "123456789","13844228729" [00:06:17] [INFO] retrieved: "15944249055","13321506317" [00:06:17] [INFO] retrieved: "wojiaosongmingyu","13278213091" [00:06:17] [INFO] retrieved: "dh2316","13904447114" [00:06:17] [INFO] retrieved: "623828","15096008028" [00:06:17] [INFO] retrieved: "liudazhi","13294497999" [00:06:17] [INFO] retrieved: "yili217890","13596239622" [00:06:17] [INFO] retrieved: "wc325641","18260329111" [00:06:17] [INFO] retrieved: "888999","15312998902" [00:06:17] [INFO] retrieved: "ngs0507","13956569965" [00:06:17] [INFO] retrieved: "662660","13955342660" [00:06:17] [INFO] retrieved: "620804","13355532344" [00:06:18] [INFO] retrieved: "wkl880309","18356596123" [00:06:18] [INFO] retrieved: "66155333W","15543257444" [00:06:18] [INFO] retrieved: "123456","15921715993" [00:06:18] [INFO] retrieved: "15044208278","15044208278" [00:06:18] [INFO] retrieved: "dsq812570707","18715332026" [00:06:18] [INFO] retrieved: "199204","15655319750" [00:06:18] [INFO] retrieved: "840428","13716376499" 模拟攻击 ———————————————————————————————————————— [00:06:17] [INFO] retrieved: "yayun320971","13614326111" 密码是yayun320971 可以登录当当网 [00:06:18] [INFO] retrieved: "wkl880309","18356596123" 密码 wk1880309 百合 当当 优酷 收货地址等好多地方都可越权 漏洞证明: 11 修复方案: 111 版权声明:转载请注明来源 小龙@乌云 漏洞回应 厂商回应: 危害等级:高 漏洞Rank:10 确认时间:2016-04-22 11:39 厂商回复: CNVD未直接复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。 最新状态: 暂无 漏洞评价: 对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值 漏洞评价(共0人评价): 登陆后才能进行评分 评价 点赞 https://cn-sec.com/archives/3449.html 复制链接 复制链接 左青龙 微信扫一扫 右白虎 微信扫一扫
评论