ADSL猫的漏洞
最近我的宽带服务到期了,为了能继续上网,我想了很多办法,但觉得还是自己再搞个帐号来比较好!于是我在我们学校的IP段,扫描了一些电脑,一看有些电脑,开了23断口,高兴!因为可能是ADSL的IP,于是登陆进去,没想到是要密码,不过,我一看是VKING,想是实达的,用默认用户名和密码试试!哇,没想到真的进去了!
哈哈,看来这次成功了!我们学校的网络安全意识怎么这么差了,难怪有的同学说,电脑老中毒!我到猫里面的PPP拨号设置看看,用户名能看到,但密码是。。。。。,看不到,而且是8位!于是我自己猜,我到铁通的网站的宽带服务上去猜密码哎,铁通的网站的那个用户名和密码登陆的界面的安全性也太差了,登陆提交居然是无限制。于是我把一些常用的密码试试!不行看来还是想想其他方法!
忽然我想到用那些看星号面的软件,高兴啊!试试咯!于是看看,还是看不到!难道真的要放弃吗?不符合我的习惯,没有研究精神,技术不会提高!于是我想,还是看看网页的原代码咯!果然看到了密码,我快高兴的跳起来了!有点成就感!到宽带服务网上验证,密码正确!成功了!
下面我把那个网页原代码给大家看看!
摩科 15:06:57
<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=GB2312 ">
<title>快速设置</title>
<META HTTP-EQUIV ="pragma" CONTENT="no-cache" >
<script language="JavaScript" src="hag/js/global.gsv"></script>
<link rel="stylesheet" type="text/css" href="hag/css/style.css">
</head>
<body class="mainContentBody"><div class="alignleft"><table width="800" cellpadding="10" cellspacing="0" border="0" class="mainTable" >
<tr>
<td>
<h3>快速设置</h3>
</td>
</tr>
<tr>
<td class="pagedescription">
使用本页快速设置系统参数.</td>
</tr>
<form name="frmMacWan" id="frmMacWan" action="/Action" method="POST"><tr><td class="alignmiddle"><table bgcolor="#fdfae3" cellpadding="3" cellspacing="0" border="1" class="mainContentTable" ><tr><td class="tableheader">ATM 接口: </td><td class="alignleft"><select size="1" name="ex_param1" onChange="window.location='/MainPage?id=25&ex_param1=' + this.options[this.selectedIndex].value" >
<option value="8" selected>0</option><option value="9" >1</option><option value="10" >2</option><option value="11" >3</option><option value="12" >4</option><option value="13" >5</option><option value="14" >6</option><option value="15" >7</option></select>
</td></tr><tr><td class="tableheader">运行模式: </td><td class="alignleft"><select size="1" name="MacWanVcEn" onChange="" >
<option value="1" selected>Enabled</option><option value="0" >Disabled</option></select>
</td></tr><tr><td class="tablerowheader">封装格式: </td><td class="alignleft"><select size="1" name="MacWanEncaps" onChange="" >
<option value="0" >PPPoA VC-Mux</option><option value="1" >PPPoA LLC</option><option value="2" >PPPoE VC-Mux</option><option value="3" selected>PPPoE LLC</option><option value="4" >1483 Routed IP VC-Mux</option><option value="5" >1483 Routed IP LLC</option><option value="7" >1483 Routed IP LLC(1577)</option><option value="8" >1483 Bridged IP VC-Mux</option><option value="9" >1483 Bridged IP LLC</option></select>
</td></tr><tr><td class="tablerowheader">VPI: </td><td class="alignleft"><input type="text" id="MacWanVpi" name="MacWanVpi" class="" value="8" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
</td></tr><tr><td class="tablerowheader">VCI: </td><td class="alignleft"><input type="text" id="MacWanVci" name="MacWanVci" class="" value="81" size="5" maxlength="5" onBlur="ValidateNum(this,'U16')? true:this.focus()">
</td></tr><tr><td class="tablerowheader">桥接: </td><td class="alignleft"><select size="1" name="MacWanBdgEn" onChange="" >
<option value="1" >Enabled</option><option value="0" selected>Disabled</option></select>
</td></tr><tr><td class="tablerowheader">IGMP: </td><td class="alignleft"><select size="1" name="MacWanIgmpEn" onChange="" >
ption></select>
</td></tr><tr><td class="tablerowheader">IP地址: </td><td class="alignleft"><input type="text" id="MacWanIpAddr_1" name="MacWanIpAddr_1" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="MacWanIpAddr_2" name="MacWanIpAddr_2" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="MacWanIpAddr_3" name="MacWanIpAddr_3" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="MacWanIpAddr_4" name="MacWanIpAddr_4" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
</td></tr><tr><td class="tablerowheader">子网掩码: </td><td class="alignleft"><input type="text" id="MacWanNetMask_1" name="MacWanNetMask_1" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="MacWanNetMask_2" name="MacWanNetMask_2" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="MacWanNetMask_3" name="MacWanNetMask_3" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="MacWanNetMask_4" name="MacWanNetMask_4" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
</td></tr><tr><td class="tablerowheader">启用Dhcp: </td><td class="alignleft"><input type="radio" id="MacWanDhcpClEn" name="MacWanDhcpClEn" class="mycheckbox" value="1" >
Enable<br><input type="radio" id="MacWanDhcpClEn" name="MacWanDhcpClEn" class="mycheckbox" value="0" checked>
Disable<br></td></tr><tr><td class="tablerowheader">缺省路由: </td><td class="alignleft" colspan="2" ><select size="1" name="MacWanDefRtEn" onChange="" >
<option value="1" selected>Enabled</option><option value="0" >Disabled</option></select>
</td></tr><tr><td class="tablerowheader">网关 IP 地址: </td><td class="alignleft" colspan="2" ><input type="text" id="MacWanGwIp_1" name="MacWanGwIp_1" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="MacWanGwIp_2" name="MacWanGwIp_2" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="MacWanGwIp_3" name="MacWanGwIp_3" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="MacWanGwIp_4" name="MacWanGwIp_4" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
</td></tr><tr><td class="tableheader" colspan="2">PPP</td></tr><tr><td class="tablerowheader">用户名: </td><td class="alignleft"><input type="text" id="MacWanUsrName" name="MacWanUsrName" class="" value="zz_02025508(用户名)" size="16" maxlength="128">
</td></tr><tr><td class="tablerowheader">密码: </td><td class="alignleft"><input type="password" id="MacWanPasswd" name="MacWanPasswd" class="" value="pjh0809(密码)" size="16" maxlength="128">
</td></tr><tr><td class="tablerowheader">启用DNS: </td><td class="alignleft"><input type="radio" id="MacWanUseDns" name="MacWanUseDns" class="mycheckbox" value="1" checked>
Enable<br><input type="radio" id="MacWanUseDns" name="MacWanUseDns" class="mycheckbox" value="0" >
Disable<br></td></tr><tr><td class="tableheader" colspan="2">DNS</td></tr><tr><td class="tablerowheader">主DNS服务器: </td><td class="alignleft"><input type="text" id="prim_serv_1" name="prim_serv_1" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="prim_serv_2" name="prim_serv_2" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="prim_serv_3" name="prim_serv_3" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="prim_serv_4" name="prim_serv_4" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
</td></tr><tr><td class="tablerowheader">备用DNS服务器: </td><td class="alignleft"><input type="text" id="sec_serv_1" name="sec_serv_1" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="sec_serv_2" name="sec_serv_2" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="sec_serv_3" name="sec_serv_3" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
<input type="text" id="sec_serv_4" name="sec_serv_4" class="ipField" value="0" size="3" maxlength="3" onBlur="ValidateNum(this,'U8')? true :this.focus()" >
</td></tr></table></td></tr><tr><td class="alignmiddle"><table cellpadding="10" cellspacing="0" border="0"><tr><td class="alignmiddle"><input type="hidden" id="id" name="id" class="" value="0" >
<input class="mybutton" name="cmd提交" id="cmd提交" value="提交" type="submit" onClick='document.frmMacWan.id.value ="63";'>
<input class="mybutton" name="cmd删除" id="cmd删除" value="删除" type="submit" onClick='document.frmMacWan.id.value ="69";'>
<input class="mybutton" name="cmd取消" id="cmd取消" value="取消" type="button" onClick="self.location.reload(true)">
<input class="mybutton" name="cmd帮助" id="cmd帮助" value="帮助" type="button" onClick="PopNewWindow('hag/help/qck_conf.ssi', 'wndHelp' , 500)">
</td></tr></table></td></tr></form>
<tr>
<td class="copyright">
Copyright © 2003-2004 Starnet Digital, Inc. 版权所有.
<br><br>
</td>
</tr>
</table></div></body></html>
我还以为只是实达的猫是这样,于是又看看其他猫!哎,其他的都是这样,一看原代码,就看到了用户名和密码!我想这是各个厂商的漏洞吧!为什么要让用户能看到网页的原代码了!看来以后猫的厂商必须对网页进行加密,不让用户看到原代码或者多密码进行加密!不要密码的明文在网页的远代码里面出现!
看到了吧,原来ADSL的密码这么容易!其实没什么深的技术含量!你也可以自己试试!能搞到很多帐号哦!但可不要做那些骇客哦!只是技术研究!
我还是其他的网站上试了一下,是否看网页的代码就可以看到?很多网站都允许用户看网页代码,而且密码就可以看到!其利用价值可想而知咯!
顺便提醒一下网站的设计者和猫的厂商,以后网页的代码不要随便给用户看!安全还是要的!对普通的用户必须也要有安全意识,猫的密码设置严密些,不要是厂商的默认密码!
好了!就写到这里咯!各位有什么新发现一起讨论!
611
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
