[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站

阿尔法神域

10个月前更新

11103015

sessionkey引入

微信sessionkey是微信小程序开发中用于标识用户会话的一串密钥。当用户在微信小程序中进行登录操作时，微信服务器会返回一个session_key，开发者可以使用这个session_key来获取用户的身份信息或进行加密通信.

如果sessionkey泄露就可以进行获取用户信息,伪造登录.

师傅404Xyunxi就是通过sessionkey打的拿到了江西财经大学的证书

图片[1],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

[5.20]提交的某edusrc平台案例

此次案例就是通过sessionkey泄露达到伪造登录的

期中此次信息搜集的骚操作方法来自师傅404Xyunxi,收益匪浅

伪造登录工具:Wx_SessionKey_crypt

图片[2],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

发现漏洞一:sessionkey泄露

点击登录

图片[3],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

图片[4],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

抓取数据包

图片[5],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

微信session key泄露伪造登录需要手机号

从抖音信息搜集到手机号

在抖音搜索相关平台信息,得到泄露的手机号

得到私人手机号187291*****

伪造登录

1.先解密自己的：

2.在伪加密替换成他的

图片[8],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

替换encrypetdData,成功伪造登录

图片[9],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

每次替换的时候encryptedData和iv都会改变,所以每次的包都不同,这里就不提供数据包了

发现漏洞二:逻辑缺陷

使用自己的手机号再次点击登录

图片[10],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

无法登录

图片[11],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

此时抓取数据包

登录失败的返回包:

图片[12],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

抓取187291***登录成功的返回包

图片[13],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

图片[14],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

复制成功登录的返回包


{"code":2000,"msg":"success","data":{"user_id":3925,"class":[{"teacher_id":24,"name":"王萍萍","role":9,"major_id":42,"grade":4,"class":3,"point":76,"status":"正常"},{"teacher_id":24,"name":"王萍萍","role":8,"major_id":43,"grade":4,"class":4,"point":80,"status":"正常"}]}}
{"code":2000,"msg":"success","data":{"user_id":3925,"class":[{"teacher_id":24,"name":"王萍萍","role":9,"major_id":42,"grade":4,"class":3,"point":76,"status":"正常"},{"teacher_id":24,"name":"王萍萍","role":8,"major_id":43,"grade":4,"class":4,"point":80,"status":"正常"}]}}
{"code":2000,"msg":"success","data":{"user_id":3925,"class":[{"teacher_id":24,"name":"王萍萍","role":9,"major_id":42,"grade":4,"class":3,"point":76,"status":"正常"},{"teacher_id":24,"name":"王萍萍","role":8,"major_id":43,"grade":4,"class":4,"point":80,"status":"正常"}]}}

对自己的返回包进行替换

图片[15],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

再次成功登录

图片[16],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

拿到其他手机号

重新操作再次替换返回包:


{"code":2000,"msg":"success","data":{"user_id":3905,"class":[{"teacher_id":24,"name":"湛善萍","role":9,"major_id":42,"grade":4,"class":3,"point":76,"status":"正常"},{"teacher_id":24,"name":"湛善萍","role":8,"major_id":43,"grade":4,"class":4,"point":80,"status":"正常"}]}}
{"code":2000,"msg":"success","data":{"user_id":3905,"class":[{"teacher_id":24,"name":"湛善萍","role":9,"major_id":42,"grade":4,"class":3,"point":76,"status":"正常"},{"teacher_id":24,"name":"湛善萍","role":8,"major_id":43,"grade":4,"class":4,"point":80,"status":"正常"}]}}
{"code":2000,"msg":"success","data":{"user_id":3905,"class":[{"teacher_id":24,"name":"湛善萍","role":9,"major_id":42,"grade":4,"class":3,"point":76,"status":"正常"},{"teacher_id":24,"name":"湛善萍","role":8,"major_id":43,"grade":4,"class":4,"point":80,"status":"正常"}]}}

也可再次成功伪造登录

图片[17],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

结束语

最后祝大家都能挖到洞

图片[18],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

博客内容均为打码内容,而我们圈内写的报告不打码而且包含poc,更适合挖洞小白学习复现!

欢迎加入我们的圈子,每日分享一手edu,cnvd,企业src报告(挖完就分享),带你领略渗透圈,手把手教挖洞!

图片[19],[5.20]从抖音信息收集到微信小程序sessionkey泄露伪造登录渗透某edu站,网络安全爱好者中心-神域博客网

------本文已结束，感谢您的阅读------

THE END

渗透测试网络安全网络攻防

喜欢就支持一下吧

Change your thoughts and you change your world.

改变你的思想，你就能改变自己的命运

相关推荐

评论共11条

请登录后发表评论

登录注册

只看作者

- search engine optimization0
  Your exemplary work demonstrates remarkable potential. With strategic enhancements, this foundation can be transformed into a pioneering contribution that advances the field and solidifies your position as an industry authority.
  8个月前回复
- stc المملكة العربية السعودية0
  Amazing effort!
  8个月前回复
- Erdung0
  This article? It's got some interesting ideas, definitely. You've touched on a few good points, but it feels like there's more to explore. Digging a bit deeper next time could really add value. On the plus side, you are thinking outside the box, which is great. Your writing style gets the point across, but it could use a bit more energy. The examples are decent, but adding some spice wouldn't hurt. I'm not saying it's bad, just that there's room for improvement. Consider tightening up your arguments and including more compelling facts. You've got potential. Keep pushing yourself, and your next piece could be truly impressive. Keep at it! Your next article might just blow me away. Or maybe not. We'll see.
  9个月前回复
- Sicherheit0
  Your article reflects a deep understanding of the subject matter. The comprehensive coverage and insightful analysis provide substantial value to readers. Your clear explanations and well-structured arguments demonstrate a strong grasp of the topic. The practical implications you've drawn out are particularly useful. While there's always room for further exploration, this piece makes a meaningful contribution to the discourse. I look forward to seeing how you build on these ideas in future work.
  9个月前回复
- Smart Home0
  Your article reflects a deep understanding of the subject matter. The comprehensive coverage and insightful analysis provide substantial value to readers. Your clear explanations and well-structured arguments demonstrate a strong grasp of the topic. The practical implications you've drawn out are particularly useful. While there's always room for further exploration, this piece makes a meaningful contribution to the discourse. I look forward to seeing how you build on these ideas in future work.
  9个月前回复
- elektriker gesundbrunnen0
  Your article demonstrates an exceptional level of professionalism and expertise. The thoroughness and depth with which you have covered the topic are truly impressive. Readers will greatly benefit from the valuable insights and practical advice you have shared. The clarity of your understanding is evident throughout the entire piece. I anticipate more of your high-quality work in the future. Thank you for offering your profound knowledge and providing such a detailed and enlightening resource.
  9个月前回复
- teppichreinigung München0
  Your article demonstrates an exceptional level of professionalism and expertise. The thoroughness and depth with which you have covered the topic are truly impressive. Readers will greatly benefit from the valuable insights and practical advice you have shared. The clarity of your understanding is evident throughout the entire piece. I anticipate more of your high-quality work in the future. Thank you for offering your profound knowledge and providing such a detailed and enlightening resource.
  9个月前回复
- elektriker gesundbrunnen0
  Your article demonstrates an exceptional level of professionalism and expertise. The thoroughness and depth with which you have covered the topic are truly impressive. Readers will greatly benefit from the valuable insights and practical advice you have shared. The clarity of your understanding is evident throughout the entire piece. I anticipate more of your high-quality work in the future. Thank you for offering your profound knowledge and providing such a detailed and enlightening resource.
  9个月前回复
- autovermietung Berlin0
  What a remarkable article! The way you’ve tackled the topic with such precision and depth is commendable. Readers are sure to gain a great deal from the wealth of knowledge and practical insights you’ve shared. Your profound understanding of the subject shines through every part of the piece. I'm eager to see more of your exceptional work. Thank you for offering your expertise and providing us with such enlightening and comprehensive content.
  9个月前回复
- Dayton Fisher0
  Just wish to say your article is as surprising The clearness in your post is just cool and i could assume youre an expert on this subject Fine with your permission allow me to grab your RSS feed to keep updated with forthcoming post Thanks a million and please keep up the enjoyable work
  9个月前回复
- seosearchoptimizationpro0
  Awell-roundeddiscussionthatcoversvariousaspectsof[topic].
  10个月前回复