当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149982

漏洞标题:同程旅游网移动端某处接口未授权

相关厂商:苏州同程旅游网络科技有限公司

漏洞作者: 1937nick

提交时间:2015-10-28 09:48

修复时间:2015-12-12 09:58

公开时间:2015-12-12 09:58

漏洞类型:未授权访问/权限绕过

危害等级:低

自评Rank:3

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-28: 细节已通知厂商并且等待厂商处理中
2015-10-28: 厂商已经确认,细节仅向厂商公开
2015-11-07: 细节向核心白帽子及相关领域专家公开
2015-11-17: 细节向普通白帽子公开
2015-11-27: 细节向实习白帽子公开
2015-12-12: 细节向公众公开

简要描述:

麻麻:说标题不能太
还是高rank 送京东礼品卡就好

详细说明:

漏洞位置:URL:http://tcmobileapi.17usoft.com/Movie/default.aspx

1.png


来测试一下酒店接口地址:http://tcmobileapi.17usoft.com/hotel/orderhandler.ashx

"response":
	{
		"header":
		{
			"rspType":"0",
			"rspCode":"0000",
			"rspDesc":"查询成功"
		},
		"body":
		{
			"serialId":"hh55bddu67210024u610",
			"orderFlag":"未入住",
			"hotelId":"2111",
			"hotelName":"北京丽苑公寓",
			"hotelLinkPhone":"010-65258855",
			"roomName":"敞开式套房",
			"address":"王府井金鱼胡同18号近校尉胡同",
			"totalPrice":"1680.00",
			"realTotalPrice":"1680",
			"comeDate":"2015-08-02",
			"leaveDate":"2015-08-03",
			"creationTime":"2015/8/2 17:09:59",
			"rooms":"1",
			"comeTime":"18:00",
			"contactName":"7990862870D539A4",
			"contactMobile":"13536848017",
			"theNewContactMobile":"135****8017",
			"guestName":"恩旺",
			"guestMobile":"13536848017",
			"theNewGuestMobile":"135****8017",
			"otherGuests":"",
			"remark":"",
			"isAbleComment":"0",
			"isGuarantee":"0",
			"isCancelable":"0",
			"isAblePay":"0",
			"isCanDelete":"1",
			"paymentType":"到店付款",
			"guaranteeAmount":"0.00",
			"couponPrice":"100.00",
			"commentPrice":"0",
			"invoiceName":"",
			"invoiceRise":"",
			"invoiceAddress":"",
			"invoiceFee":"0",
			"invoiceMobile":"",
			"orderAmountDetailList":[
			{
				"amountAdvice":"1680.00",
				"breakfast":"单份",
				"stayDate":"20150802"
			}],
			"isProcess":"0",
			"introduction":"",
			"copywriter":"",
			"commentTip":"",
			"commentCashMoney":"",
			"returnCashMoneyAll":"",
			"isPromo":"0",
			"currency":"0",
			"isAbleSubmitCheckInfo":"0",
			"isAbleChange":"0",
			"policyId":"1401276",
			"roomTypeId":"569761",
			"supplierId":"74475",
			"RemindCheckRoom":"0",
			"RemindConfirm":"0",
			"OtherGuaranteeAmount":"0.00",
			"OtherCurrency":"0",
			"OtherOrderPrice":"1680.00",
			"platId":"",
			"redEnvelopeAmount":"0"
		}
	}
}


2.png


要测试内容可以看这个漏洞http://wooyun.org/bugs/wooyun-2010-0137596
我就不在测试了 上次已经修复了 现在是第三次了

漏洞证明:

http://wooyun.org/bugs/wooyun-2010-0137596

修复方案:

还好我做过研发 把调试页面删除

版权声明:转载请注明来源 1937nick@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-10-28 09:56

厂商回复:

感谢关注同程旅游

最新状态:

暂无

漏洞评价:

评价