当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-087836

漏洞标题:钱方互动某敏感信息泄露可进邮箱

相关厂商:北京钱方互动科技有限公司

漏洞作者: 爱上平顶山

提交时间:2014-12-19 18:56

修复时间:2014-12-24 18:58

公开时间:2014-12-24 18:58

漏洞类型:敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-12-19: 细节已通知厂商并且等待厂商处理中
2014-12-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

...

详细说明:

钱方互动
哈巴
https://github.com/jinstrive/hack_flavor/blob/cc9310b651e1eb0bf1ed17c1773fec2751ad841a/server/conf/settings.py

#-*- coding:utf-8 -*-
import os
from qfcommon.base import logger
logger.install()
SITE = 'china'
SITE = 'inter'
class const:
MYSQL_USER = "qf"
MYSQL_PASS = "123456"
MYSQL_HOST = "127.0.0.1"
MYSQL_PORT = "3306"
class redis_conf:
host = '172.100.101.150'
port = 6388
db = 1
import logging
DATA_NAME = "test_qf_trade"
WX_EMAIL = "qmmzh@qfpay.com"
WX_PW = "qmm2013"
YEEPAY_PUBLIC_KEY = '/home/zzzz/zhonglin/gitlib/weidian/conf/yeepay/rsa_public_key.pem'
YEEPAY_PRIVATE_KEY ='/home/zzzz/zhonglin/gitlib/weidian/conf/yeepay/pkcs8_rsa_private_key.pem'
SUBSCRIBE_PIC = ""
#openapi调用key
QFPAY_OPENAPI_KEY = "qf_api_key"
#范围
DIS = 3000
#openapi地址
QFPAY_OPENAPI_LOACTION_URL = "http://1.openapi2.qfpay.com/merchant/v1/search?key=%s&lng=%s&lat=%s&dis=%s&mcc=%s&pagesize=%s&page=%s"
QFPAY_OPENAPI_CARD_URL = "http://1.openapi2.qfpay.com/membercard/v1/member/shops?key=%s&mobile=%s&limit=%s&offset=%s"
QFPAY_OPENAPI_RECORD_URL = "http://1.openapi2.qfpay.com/trade/v1/customerdeal?key=%s&mobile=%s&stat=%s&month=%s"
QFPAY_SMS_URL = "http://1.openapi2.qfpay.com/util/v1/sendsms"
BANNER_PIC = "%s/static/banner/%s.png"
MONTH_PIC = "%s/static/icon/m%s.png"
MCC_PIC = "%s/static/icon/l%s.png"
BIND_PIC = "%s/static/icon/bind.png"
GUA_PIC = "%s/static/icon/gua.png"
COUPON_PIC = "%s/static/icon/coupon.png"
FIND_LOCATION_PIC = "%s/static/location.jpg"
#"http://www.qfpay.com/wp-content/uploads/2013/06/2.0C.png"
MERCHANT_PIC_URL = "http://gezipuzi.com/img/%s/shop_midd.jpg"
MERCHANT_PIC_URL_ = "%s/static/shop/%s.jpg"
MAX_PAGE_LEN = 10
#PAGE_RETURN_HOME = "http://0.qfuser.duapp.com" #web.ctx.home
PAGE_RETURN_HOME = "http://dev.qfpay.net"
#商家对应的MCC
NAIL_MCC= "3007"
CLOTH_MCC = "1"
FOOD_MCC = "13"
BEAUTY_MCC = "3001"
TOOL_SERVER = {'ip': '192.168.10.4', 'port': 4401, 'timeout': 2000}
QFUSER_SERVER = {'ip': '192.168.10.11', 'port': 4900, 'timeout': 4000}
SESSION_SERVER = {'ip': '192.168.30.4', 'port':4700, 'timeout':4000}
#cache失效时间
SESSION_TIMEOUT = 600
#自动关闭订单时间 单位 分钟
ORDER_SYS_AUTO_CLOSED_INTERVAL = 30
textTpl = """<xml>
<ToUserName><![CDATA[%s]]></ToUserName>
<FromUserName><![CDATA[%s]]></FromUserName>
<CreateTime>%s</CreateTime>
<MsgType><![CDATA[%s]]></MsgType>
<Content><![CDATA[%s]]></Content>
<FuncFlag>0</FuncFlag>
</xml>"""
imgTpl = """<xml>
<ToUserName><![CDATA[%s]]></ToUserName>
<FromUserName><![CDATA[%s]]></FromUserName>
<CreateTime>%s</CreateTime>
<MsgType><![CDATA[%s]]></MsgType>
<ArticleCount>2</ArticleCount>
<Articles>
</Articles>
</xml>"""
imgTextTpl = """<xml>
<ToUserName><![CDATA[%s]]></ToUserName>
<FromUserName><![CDATA[%s]]></FromUserName>
<CreateTime>%s</CreateTime>
<MsgType><![CDATA[%s]]></MsgType>
<ArticleCount>%s</ArticleCount>
<Articles>
%s
</Articles>
</xml>"""
itemTpl = """<item>
<Title><![CDATA[%s]]></Title>
<Description><![CDATA[%s]]></Description>
<PicUrl><![CDATA[%s]]></PicUrl>
<Url><![CDATA[%s]]></Url>
</item>"""
#优惠列表
couponList =[
["麦当劳","http://m.qfpay.com/qpos/coupon/","http://m.qfpay.com/wp-content/uploads/2013/07/mlogo.jpg"],
["东方既白","http://m.qfpay.com/coupon_d/","http://m.qfpay.com/wp-content/uploads/2013/09/dongfanglogo.png"],
["汉堡王","http://m.qfpay.com/coupon_b/","http://m.qfpay.com/wp-content/uploads/2013/09/burgerkinglogo.jpg"],
["呷浦呷浦","http://m.qfpay.com/coupon_s/","http://m.qfpay.com/wp-content/uploads/2013/09/shabulogo.jpg"],
["好伦哥","http://m.qfpay.com/coupon_o/","http://m.qfpay.com/wp-content/uploads/2013/09/origus.jpg"],
["豪客来","http://m.qfpay.com/coupon_h/","http://m.qfpay.com/wp-content/uploads/2013/09/houcallerlogo.jpg"],
]
APP_ROOT_PATH = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
GRAY_VERSION = 0
log_conf = {
'version': 1,
'disable_existing_loggers': True,
'formatters': {
'myformat': {
'format': '%(asctime)s %(process)d,%(threadName)s %(filename)s:%(lineno)d [%(levelname)s] %(message)s'
}
},
'handlers': {
'console': {
'class': 'logging.ScreenHandler',
'formatter': 'myformat',
'level': 'DEBUG',
'stream': 'ext://sys.stdout'
},
'info_file': {
'class': 'logging.handlers.RotatingFileHandler',
'formatter': 'myformat',
'level': 'DEBUG',
'filename': '%s/log/%s.membercard_wx.info.log'% (APP_ROOT_PATH, GRAY_VERSION)
},
'error_file': {
'class': 'logging.handlers.RotatingFileHandler',
'formatter': 'myformat',
'level': 'ERROR',
'filename': '%s/log/%s.membercard_wx.error.log'% (APP_ROOT_PATH, GRAY_VERSION)
}
},
'loggers': {
'openapi2': {
'level': 'INFO',
'handlers': ['info_file']
}
}
}
logger.logging.config.dictConfig(log_conf)
log = logger.logging.getLogger('openapi2')
# 钱喵喵
WX_URL= 'http://wx.qfpay.com'
WX_DOMAIN = 'wx.qfpay.com'
WX_MP_USERNAME = 'qmmzh@qfpay.com'
WX_MP_PASSWORD = 'qmm2013'
WX_APP_ID = 'wx214b9b77b6501add'
WX_APP_SECRET = '1c18008a1c98fc471ba1699e35e26de6'
#STATIC_URL = 'http://wxstatic.u.qiniudn.com'
STATIC_URL = '/static'


10.jpg


ok

漏洞证明:

···

修复方案:

···

版权声明:转载请注明来源 爱上平顶山@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-12-24 18:58

厂商回复:

最新状态:

暂无


漏洞评价:

评论

  1. 2014-12-26 11:12 | darkrerror ( 普通白帽子 | Rank:263 漏洞数:44 )

    偷偷修复了