Problems caused by exposure of new APP background (leakage of user coordinates and other information)

Problems caused by exposure of new APP background (leakage of user coordinates and other information)

The new APP background is exposed .... Various ....

This APP is wow.


Background address:

http://wasai.yy.com/admin/                http://wasai.yy.com/wsadm

Access the first address and jump

http://wasai.yy.com/super/login.html?r=/admin/

An Error 404 is reported during access ..

However, the redirection address is exposed in the front-end... 95th lines of web page source code

window.location = "/wsadm/#/";

It's fun to expose the address.

Visit http://wasai.yy.com/wsadm .... The admin page is automatically requested.

Whether to log on to JS .. That is to say, You need to load the entire management page and then judge, then...

Exposes all the backend JS/CSS.

It's fun to have JavaScript ..

User Registration Information is also leaked.

In wsadmin, the system will automatically get the user information...

http://wasai.yy.com/userInfoReq_s?json={%22UserInfoReq%22:{%22uid%22:0}}&_=1418196227753

Change 0 to the corresponding UID.

Nickname, coordinates, registration time, logon time, and so on

So let's take a look at the exposed JS.

Capture a packet .. Very clear
 

You can view the content directly by using get. You don't need to talk about the dangers .. I can see that JS is used for login judgment ..



That's good. Let's take a look at the login page

The login page uses post

http://wasai.yy.com/wl

Let's take a look at the parameters ..

After many tests .. You can always post .. So .... Brute force cracking ..

Solution:

Use JS to determine whether to log on

Unlimited post requests