CSDN某处Cookie泄露问题可随机登陆用户

admin
admin
admin
139347
文章
114
评论
2017年4月24日06:02:23评论498 views字数 216阅读0分43秒阅读模式
摘要

2016-03-03: 细节已通知厂商并且等待厂商处理中
2016-03-03: 厂商已经确认,细节仅向厂商公开
2016-03-13: 细节向核心白帽子及相关领域专家公开
2016-03-23: 细节向普通白帽子公开
2016-04-02: 细节向实习白帽子公开
2016-04-17: 细节向公众公开

漏洞概要 关注数(36) 关注此漏洞

缺陷编号: WooYun-2016-180414

漏洞标题: CSDN某处Cookie泄露问题可随机登陆用户

相关厂商: CSDN开发者社区

漏洞作者: 紫霞仙子CSDN某处Cookie泄露问题可随机登陆用户

提交时间: 2016-03-03 12:31

公开时间: 2016-04-17 14:22

漏洞类型: 敏感信息泄露

危害等级: 高

自评Rank: 18

漏洞状态: 厂商已经确认

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: 敏感信息泄漏

1人收藏

漏洞详情

披露状态:

2016-03-03: 细节已通知厂商并且等待厂商处理中
2016-03-03: 厂商已经确认,细节仅向厂商公开
2016-03-13: 细节向核心白帽子及相关领域专家公开
2016-03-23: 细节向普通白帽子公开
2016-04-02: 细节向实习白帽子公开
2016-04-17: 细节向公众公开

简要描述:

随机登陆用户。

详细说明:

code 区域 
domain: dc.csdn.net
 ip: 117.79.92.146  
 vul: heartbleed
 info : cookies, user_email, user_name

漏洞证明:

code 区域 
https://passport.csdn.net/..Accept-Encoding: gzip,deflate..Accept-Language: zh-CN,zh;q=0.8.. *********Cookie: uuid_tt_dd=-3614588521237494073_20150925; __gads=ID=01d8bbb5ee6de66c:T=1443159798:S=ALNI_MbEk_kx386sCVadexr6_uf-AK3h5g; __qca=P0-820754983-1443159800552; CloudGuest=mFhHurqWgfWYNj4QOwbkaMxZwMjn7nPMczz4uBaMvMHdMoOe5s6jvqlTdeMEnfiHKWmGFc4mrEweEDvx91inCN8HvUpKqoZ7j9xfdr+f6r2wJd22dK+n9aldL1eyoRvJo+N9c2DZQm61+GcIjJDcFYNHPgjJR7tOkQpQ1dMFCkPwHK0PDh0VZn1C0vlx5a9c; UN=ZJX_1992; ********UE=""; access-token=d21c3371-083c-4573-8118-e4e9aa8ba37f; Hm_lvt_6bcd52f51e9b3dce32bec4a3997715ac=1456976289; Hm_lpvt_6bcd52f51e9b3dce32bec4a3997715ac=1456976330; dc_tos=o3g24r; dc_session_id=1456976231947.C>..2s.md=referral|utmcct=/download/xlqxyg520/5347482; Hm_lvt_6bcd52f51e9b3dce32bec4a3997715ac=1456975660; Hm_lpvt_6bcd52f51e9b3dce32bec4a3997715ac=1456975660; dc_tos=o3g1oe; dc_session_id=1456975642901.....r..&..q.:.....+BCE2A1E43022340A9D8952029C2FDB27B8E9166E3FC1977B8AEF3BF179206D7D410372260BA9DBF76854F61918EC1FCA3BB251A25FD0353D4B059B1E348CD8BDE0D27F4E7C8DE10FAD86B4BAE912A5AB92C238C4DF7; Hm_lvt_6bcd52f51e9b3dce32bec4a3997715ac=1456974486; Hm_lpvt_6bcd52f51e9b3dce32bec4a3997715ac=1456974486; dc_tos=o3g0pl; dc_session_id=1456974489618; __message_sys_msg_id=0; __message_gu_msg_id=0; __message_cnel_msg_id=0; __message_district_code=110000; [email protected] ..
 UserName=ioshook; UserInfo=Tre4fcosY7JQTBv4MzAKvZrlmpLb%2FdZpqWzHHuYNJlbfxInmUPK7WNd1G007iou9qPlEoVN3PDsneHb%2BvnYmHV0i0tGzpqFAWUkB4kzCvRaSq7bNfnsiRBl6oe1qic%2BU; UserNick=ioshook; AU=4FF; access-token=d19c138b-f0fa-4b6b-84e2-2822b0addfd8..Connection: keep-alive..../....;..-.;..a.S.....Y.bih.:30; access-token=6a938873-0764-4f49-a464-1712858af5cd..Connection: keep-alive....s.te....=..*0!..00; UN=sinat_25117193; UE=""; access-token=d76a7424-0e9b-4202-a2b9-268e100e812e; dc_tos=o3g199; dc_session_id=1456975197551..p`P....7.T..aOOrP2et%2BR1LqbhjMtuRmT7ZuG%2FZid0XYSZEKVkNRey0SCeFnvzv12zyqh%2Bqg0kE7yu4gQzD1m%2FJ9gO2nj%2BMmXe84G5%2FbJ%2F19q9XdbZk35hAXnz4OEilZZxxEpRedwPCcFyf54Fg%3D%3D; UserNick=jxt376985175; AU=2A8; UN=jxt376985175; UE=""; access-token=61131142-af47-414c-823b-8be57be35988; dc_tos=o3g1jl; dc_session_id=1456975557109...zS...H.fm^,P~dKi1i..D..V709_20151216; __gads=ID=c876cb29cf307055:T=1450484361:S=ALNI_MbXdpgoeof5O8SAgdKnoXIdEY9-kw; dc_tos=o3g12t; dc_session_id=1456974965687; _gat=1....;..,..?)C.s...'h.`l.2dZhU8bDuDfVVRQ+/9H5oudSfM88mFV1zjoIZoiJ8U1Xey77ij6NQ0/4ygdXwXsrDR8cIqgqetGu/eQXFCZ39Q0n2DeuK5PhOA+54vDmXAwZjoZuHAdpRgvGWZ8IP7sB8QDteFFNOFgamfABhp9+wLdsVMI2Wol1hUx1ebla5B/maEI0JwV2IC7KPcZsNPrk0ppSxwuJb40J3kWYV65gso/CI1C6kmdgjVjc/cOilvklEHo5RWhGMcClL1TErdg==; .ASPXAUTH=7F99B4A6E68DC7E3641EE7C6DAFED87F5082BA3B8CFE17FEADFFF95E2F760BCE2A1E43022340A9D8952029C2FDB27B8E9166E3FC1977B8AEF3BF179206D7D410372260BA9DBF76854F61918EC1FCA3BB251A25FD0353D4B059B1E348CD8BDE0D27F4E7C8DE10FAD86B4BAE912A5AB92C238C4DF7; __message_sys_msg_id=0; __message_gu_msg_id=0; __message_cnel_msg_id=0; __message_district_code=110000; __message_in_school=0; Hm_lvt_6bcd52f51e9b3dce32bec4a3997715ac=1456974486; Hm_lpvt_6bcd52f51e9b3dce32bec4a3997715ac=1456974533; dc_tos=o3g0rw; dc_session_id=1456974536552
 
 .Cookie: uuid_tt_dd=635556166609617508_20160218; __utma=17226283.1641056488.1455949675.1455949675.1455949675.1; __utmz=17226283.1455949675.1.1.utmcsr=csdn.net|utmccn=(referral)|utmcmd=referral|utmcct=/; "; access-token=82fa86b6-ad9f-4b67-88de-e6e069d2cebe; dc_tos=o3g1jg; dc_session_id=1456975257849.....T.;B.)..OG.C.#./r6.__message_sys_msg_id=0; __message_gu_msg_id=0; __message_cnel_msg_id=0; __message_district_code=110000; __message_in_school=0; Hm_lvt_6bcd52f51e9b3dce32bec4a3997715ac=1456974486; Hm_lpvt_6bcd52f51e9b3dce32bec4a3997715ac=1456974533; dc_tos=o3g0rw; dc_session_id=1456974536552.....<{.}iPZi..kM....w.....846-4bc9d5-8ec4a3x/.{...e...

试着登陆一个

CSDN某处Cookie泄露问题可随机登陆用户

修复方案:

~~~

版权声明:转载请注明来源 紫霞仙子@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-03-03 14:22

厂商回复:

尽快修复。

最新状态:

暂无

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

  1. 2016-03-03 12:41 | 沦沦 ( 普通白帽子 | Rank:651 漏洞数:149 | 爱老婆,爱生活|脚步不能停要一直向前走【...)

    1

    紫霞师父就是给力

  2. 2016-03-03 13:04 | scanf ( 核心白帽子 | Rank:1694 漏洞数:238 | 。)

    1

    ssl读取吗?

  3. 2016-03-04 10:01 | 小牛牛 ( 普通白帽子 | Rank:139 漏洞数:17 | 求带)

    1

    ... 前排果断来看

  4. 2016-03-04 17:29 | CSDN开发者社区(乌云厂商)

    1

    麻烦问一下是不是通过OpenSSL CVE-2016-0800 DROWN漏洞抓到的数据?

  5. 2016-05-05 23:25 | unxss ( 路人 | Rank:12 漏洞数:4 )

    0

    @CSDN开发者社区 vul: heartbleed 人家都说了。你不仔细看。

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin