当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0118953

漏洞标题:ShopEx某服务器存在心脏出血

相关厂商:ShopEx

漏洞作者: 路人甲

提交时间:2015-06-08 17:07

修复时间:2015-07-23 17:24

公开时间:2015-07-23 17:24

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-08: 细节已通知厂商并且等待厂商处理中
2015-06-08: 厂商已经确认,细节仅向厂商公开
2015-06-18: 细节向核心白帽子及相关领域专家公开
2015-06-28: 细节向普通白帽子公开
2015-07-08: 细节向实习白帽子公开
2015-07-23: 细节向公众公开

简要描述:

**

详细说明:

oauth.ishopex.cn
openapi.ishopex.cn
id.shopex.cn
IP:122.144.135.220

shopex.cnopenapi.ishopex.cn.ishopex.cnAccept: */*Content-Length: 430Content-Type: application/x-www-form-urlencodeddata=%7B%22tid%22%3A%2220150608114237%22%2C%22from_type%22%3A%22local%22%2C%22province%22%3A330000%2C%22from_nodeid%22%3A%22%22%2C%22amount%22%3A%2285.500%22%2C%22prod_nums%22%3A%222%22%2C%22time%22%3A1433734388%2C%22%40class%22%3A%22prodata-order%22%2C%22nodeid%22%3A%22%22%2C%22shopexid%22%3A%22%22%2C%22code%22%3A%22product_0182%22%2C%22product%22%3A%22C-0003%22%7D&routing_key=bnow.stat.fenxiao&content-type=application%2Fjsonc,C@s^8$53Xrr=jafx79-lo<`BFR P+#xn%2Fjson*%@\j5U+gVjXHupM'[u)*u5546%5Cuff0c%5Cu81ea%5Cu5df1%5Cu8d5a%5Cu94b1%5Cu4e0d%5Cu9700%5Cu8981%5Cu9760%5Cu5bb6%5Cu957f%5Cuff0c%5Cu5efa%5Cu8bae%5Cu6ca1%5Cu6709%7E%22%2C%22new_product_cat%22%3A%221027%2C1031%2C1033%2C%22%2C%22customerid%22%3A2299631%2C%22contactuserid%22%3A1418149%7D%7D+:m9K~+\Cu53d1%5Cu8bf7%5Cu8054%5Cu7cfb%5Cu6211+%7E%5Cuff01%22%2C%22new_product_cat%22%3A%221027%2C1031%2C1032%2C%22%2C%22customerid%22%3A2299589%2C%22contactuserid%22%3A1418113%7D%7D^Uvywx2C%22%2C%22customerid%22%3A2299578%2C%22contactuserid%22%3A1418102%7D%7Dm%`q?o%27%2C%271417791%27%2C%271417788%27%2C%271417789%27%2C%271417790%27%2C%271417792%27%2C%271417794%27%2C%271417796%27%2C%271417797%27%29%22%7D%5D%7D>.oGD9e3ea%5Cu662f%5Cu4e2a%5Cu521a%5Cu5f00%5Cu59cb%5Cu505a%5Cu7684%5Cu4e5f%5Cu4e0d%5Cu4f1a%5Cu770b%5Cu4e0d%5Cu8d77%5Cu4f60%5Cuff0c%5Cu4e0d%5Cu7406%5Cu4f60%5Cu4ec0%5Cu4e48%5Cu7684%5Cuff0c%5Cu4e00%5Cu89c6%5Cu540c%5Cu4ec1%5Cuff0c%5Cu800c%5Cu4e14%5Cu8ddf%5Cu4ed6%5Cu4eec%5Cu5728%5Cu4e00%5Cu8d77%5Cuff0c%5Cu771f%5Cu7684%5Cu5b66%5Cu4f1a%5Cu5f88%5Cu591a%5Cu4e1c%5Cu897f%5Cuff01%5Cu652f%5Cu6301%5Cu4f60%5Cu4eec%5Cuff01%5Cu963f%5Cu91cc%5Cu5206%5Cu9500%5Cuff01%5Cuff01%22%2C%22new_product_cat%22%3A%221027%2C1028%2C1029%2C%22%2C%22customerid%22%3A2299108%2C%22contactuserid%22%3A1417683%7D%7DO<p]mBS(Kz>%b,>811DNSTNBYN`NCapplication/rss+xmlrssintxth)O@pPP+ww[~HYI`+ ,{7+p,T+!8,,e`D,@-1#ob--D-server192.168.23.54:8080PQ6192.168.23.54:8080serverq!%CH$@Q0e(SPjwTw/ %(Q `(0h1  HIPvQ-Rp28ZV`)Q67(EPp}xd677*@/@4V@b1h8(P`T(`Y(`dIZ2(Wt`7JX5#@ep P1<H@Hmxrx#OGPwwq W#`1J8!}"(RX)@"/0Y084H(!#3((DPkp/\#(D=3PJ$Pqx7p8zH=tzHh`pz0ka`  @ p0c>pc00c@c0`fP0k  c@ `    ad  `(>@ `(> 00kA  00@ gSSST TPT`TTii0jknqsuwTxy{}}0~`~~~(xXP8vP0b ``_0u0ud"h<@5@@h@=@,!! Np?NNNN{?NNN,``` @  !1DN$0$$#N

漏洞证明:

RT

修复方案:

**

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-06-08 17:22

厂商回复:

非常感谢您为shopex信息安全做的贡献
我们将尽快修复
非常感谢

最新状态:

暂无


漏洞评价:

评论