当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-010958

漏洞标题:京东团购敏感信息泄漏

相关厂商:京东商城

漏洞作者: 笔墨

提交时间:2012-08-16 12:58

修复时间:2012-08-21 12:59

公开时间:2012-08-21 12:59

漏洞类型:敏感信息泄露

危害等级:中

自评Rank:7

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2012-08-16: 细节已通知厂商并且等待厂商处理中
2012-08-21: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

配置不当。

详细说明:

京东首页打开团购页面。


漏洞证明:

Ice_UnknownException Object ( [unknown] => Thread.cpp:521: IceUtil::ThreadSyscallException: syscall exception: Resource temporarily unavailable [message:protected] => [string:Exception:private] => [code:protected] => 0 [file:protected] => /export/data/tomcatRoot/tuan.360buy.com/include/library/Ice.class.php [line:protected] => 22 [trace:Exception:private] => Array ( [0] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/library/Ice.class.php [line] => 22 [function] => Ice_initialize [args] => Array ( ) ) [1] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/function/iceUtils.php [line] => 201 [function] => findIce [class] => IceUtil [type] => :: [args] => Array ( [0] => RpcJdUserService ) ) [2] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/function/iceUtils.php [line] => 159 [function] => getJdUser [args] => Array ( [0] => dosbear ) ) [3] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/classes/ZLogin.class.php [line] => 37 [function] => inituser [args] => Array ( [0] => 233E96400AD0D2F381C7F3FFA68A4AFDB96526624BD9D76A37CD300B5CAF2F90860B776D73752781BEB5723CBE828EA3B9FACD9DE31176470C296E26815A5B3F7D94493B2F4CFFB115CA88D65D11F7386ACB99B6C02B20CFC0059F424B613A212A8480286BDAB37B9249987C468A89A542413BC36D4C0A4FA224919607A852A7BCD37C58E95B1914328661A6829ED8B7 [1] => 4ef687a948709891d0cfc2ab64b43661 ) ) [4] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/classes/ZLogin.class.php [line] => 26 [function] => initUserInfo [class] => ZLogin [type] => :: [args] => Array ( [0] => 233E96400AD0D2F381C7F3FFA68A4AFDB96526624BD9D76A37CD300B5CAF2F90860B776D73752781BEB5723CBE828EA3B9FACD9DE31176470C296E26815A5B3F7D94493B2F4CFFB115CA88D65D11F7386ACB99B6C02B20CFC0059F424B613A212A8480286BDAB37B9249987C468A89A542413BC36D4C0A4FA224919607A852A7BCD37C58E95B1914328661A6829ED8B7 [1] => 4ef687a948709891d0cfc2ab64b43661 ) ) [5] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/app.php [line] => 26 [function] => GetLoginId [class] => ZLogin [type] => :: [args] => Array ( ) ) [6] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/forward.php [line] => 9 [args] => Array ( [0] => /export/data/tomcatRoot/tuan.360buy.com/app.php ) [function] => require_once ) ) [previous:Exception:private] => )

修复方案:

技术人员都懂的。

版权声明:转载请注明来源 笔墨@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2012-08-21 12:59

厂商回复:

最新状态:

暂无


漏洞评价:

评论

  1. 2012-08-16 13:00 | xsjswt ( 普通白帽子 | Rank:156 漏洞数:49 | 我思故我猥琐,我猥琐故我强大)

    洞主要被京东起诉的,洞主要遭

  2. 2012-08-16 13:22 | circus ( 实习白帽子 | Rank:54 漏洞数:4 | 你会为一件事去说一句话,也会为一句话去干...)

    围观。

  3. 2012-08-16 14:09 | momo ( 实习白帽子 | Rank:91 漏洞数:24 | ★精华漏洞数:24 | WooYun认证√)

    路人甲方式提交。、、、 京东快点直接忽略吧,让我们都看看是什么

  4. 2012-08-16 18:29 | 笔墨 ( 实习白帽子 | Rank:75 漏洞数:20 | 瘦子)

    @xsjswt ……听说最近跟京东闹矛盾了

  5. 2012-08-17 09:34 | zidane ( 路人 | Rank:13 漏洞数:2 | 噢 乖,你们应该明白 这样下去对我们谁都不...)

    京东的就别发了 娃哈哈

  6. 2012-08-21 21:00 | 大和尚 ( 实习白帽子 | Rank:49 漏洞数:5 | www.ieroot.com 积极向上的心态!百折不挠...)

    还好啊,没有什么机密信息啊

  7. 2012-08-22 10:02 | Topman王 ( 实习白帽子 | Rank:31 漏洞数:6 | 软件开发工程师!白帽子!XSSER,渗透,SEO)

    jd的不敢发。会被起诉的