点到为止之abc360配置不当敏感造成订单信息泄露

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0153073

漏洞标题：点到为止之abc360配置不当敏感造成订单信息泄露

漏洞作者：路人甲

提交时间：2015-11-09 16:50

修复时间：2015-11-09 19:57

公开时间：2015-11-09 19:57

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：厂商已经修复

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-11-09：细节已通知厂商并且等待厂商处理中
2015-11-09：厂商已经确认，细节仅向厂商公开
2015-11-09：厂商已经修复漏洞并主动公开，细节向公众公开

简要描述：

详细说明：

0x01:订单信息泄露

http://www.abc360.com/log.txt

漏洞证明：

0x02：.viminfo

http://tc.abc360.com/.viminfo

# This viminfo file was generated by Vim 7.2.
# You may edit it if you're careful!
# Value of 'encoding' when this file was written
*encoding=utf-8
# hlsearch on (H) or off (h):
~H
# Last Search Pattern:
~MSle0~/openOneCl
# Last Substitute String:
$
# Command Line History (newest to oldest):
:q
:w
:e .
:set nu
# Search String History (newest to oldest):
?/openOneCl
? ^\d\{-}\/
?/TestCon
?/TestC
? ^\d\{3}ÿ
?/saveBookCp
?/fix 3
?/fix3
?/fix:
?/fix
?/fix : de
# Expression History (newest to oldest):
# Input Line History (newest to oldest):
# Input Line History (newest to oldest):
# 寄存器:
"0	LINE	0
	        //  请假过滤
	        if( M('TeacherLeaveRecords')->where('tid = %d AND begin_time <= %d AND end_time >= $d',array($tid,$begin_time,$begin_time))->count() > 0 ) {
	            logtest('老师请假,开课失败');
	            return false;
	        }
""1	LINE	0
	        //  请假过滤 test
	        if( M('TeacherLeaveRecords')->where('tid = %d AND begin_time <= %d AND end_time >= %d',array($tid,$begin_time,$begin_time))->count() > 0 ) {
	            logtest('老师请假,开课失败');
	            return false;
	        }else{
			echo M('TeacherLeaveRecords')->getLastSql();
		}
"2	LINE	0
		echo 'x';
"3	LINE	0
	
"4	LINE	0
	
"5	LINE	0
	
"6	LINE	0
	
"7	LINE	0
	
"8	LINE	0
	
"9	LINE	0
	" ============================================================================
	" Netrw Directory Listing                                        (netrw v134)
	"   /home/vhost/abc360.com/www/Application/Admin
	"   Sorted by      name
	"   Sort sequence: [\/]$,\.h$,\.c$,\.cpp$,*,\.o$,\.obj$,\.info$,\.swp$,\.bak$,\~$
	"   Quick Help: <F1>:help  -:go up dir  D:delete  R:rename  s:sort-by  x:exec
	" ============================================================================
	../
	Common/
	Conf/
	Controller/
	Logic/
	Model/
	View/
	index.html*
	.swp
"-	CHAR	0
	$
# 文件标记:
'0  181  12  ~/Application/Common/Logic/TeacherBaseLogic.class.php
'1  180  147  ~/Application/Common/Logic/TeacherBaseLogic.class.php
'2  9  0  ~/Application/Admin/Controller
'3  1  1  /cron/jobs/fixmemo/memo_exec.log
'4  184  22  ~/Application/Students/Controller/BookController.class.php
'5  111  0  /cron/jobs/getTodayZoommeeting/fixzoommeetingid.php
'6  1  0  /cron/jobs/getTodayZoommeeting/fixzoommeetingid.php
'7  1  0  /cron/jobs/getTodayZoommeeting/2014-11-07.log
'8  18276  58  /home/vhost/abc360.com/log/2014-11-07.log
'9  15691  57  /home/vhost/abc360.com/log/2014-11-07.log
# 跳转列表 (从新到旧):
-'  181  12  ~/Application/Common/Logic/TeacherBaseLogic.class.php
-'  180  12  ~/Application/Common/Logic/TeacherBaseLogic.class.php
-'  1  0  ~/Application/Common/Logic/TeacherBaseLogic.class.php
-'  9  0  ~/Application/Admin/Controller
-'  1  0  ~/Application/Admin/Controller
-'  156  0  ~/Application/Admin/Controller
-'  148  0  ~/Application/Admin/Controller
-'  112  0  ~/Application/Admin/Controller
-'  93  0  ~/Application/Admin/Controller
-'  12  0  ~/Application/Admin
-'  3  0  ~/Application/Admin
-'  17  0  ~/Application
-'  7  0  ~/Application
-'  1  0  ~/Application
-'  7  0  ~/Application/Admin/Common
-'  1  0  ~/Application/Admin/Common
-'  21  0  ~/Application/Admin
-'  1  0  ~/Application/Admin
-'  20  0  ~/Application/Admin
-'  1  1  /cron/jobs/fixmemo/memo_exec.log
-'  1031  0  /cron/jobs/fixmemo/memo_exec.log
-'  3  0  /cron/jobs/fixmemo/memo_exec.log
-'  184  22  ~/Application/Students/Controller/BookController.class.php
-'  1  0  ~/Application/Students/Controller/BookController.class.php
-'  111  0  /cron/jobs/getTodayZoommeeting/fixzoommeetingid.php
-'  1  0  /cron/jobs/getTodayZoommeeting/fixzoommeetingid.php
-'  1  0  /cron/jobs/getTodayZoommeeting/2014-11-07.log
-'  18276  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18269  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18263  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18255  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18250  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18248  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18242  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18322  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18317  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18311  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18305  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18300  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18294  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18288  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  18282  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  1  0  /home/vhost/abc360.com/log/2014-11-07.log
-'  18241  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  15691  0  /home/vhost/abc360.com/log/2014-11-07.log
-'  16721  53  /home/vhost/abc360.com/log/2014-11-07.log
-'  16770  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16769  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16768  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16767  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16766  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16765  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16764  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16763  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16762  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16761  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16760  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16759  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16758  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16757  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16756  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16755  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16754  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16753  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16752  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16751  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16750  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16749  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16748  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16747  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16746  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16745  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16744  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16743  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16742  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16741  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16740  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16739  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16738  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  16737  58  /home/vhost/abc360.com/log/2014-11-07.log
-'  9  0  ~/Application/Admin/Controller
-'  1  0  ~/Application/Admin/Controller
-'  156  0  ~/Application/Admin/Controller
-'  148  0  ~/Application/Admin/Controller
-'  112  0  ~/Application/Admin/Controller
-'  93  0  ~/Application/Admin/Controller
-'  12  0  ~/Application/Admin
-'  3  0  ~/Application/Admin
-'  17  0  ~/Application
-'  7  0  ~/Application
-'  1  0  ~/Application
-'  7  0  ~/Application/Admin/Common
-'  1  0  ~/Application/Admin/Common
-'  21  0  ~/Application/Admin
-'  1  0  ~/Application/Admin
-'  20  0  ~/Application/Admin
-'  1  1  /cron/jobs/fixmemo/memo_exec.log
-'  1031  0  /cron/jobs/fixmemo/memo_exec.log
-'  3  0  /cron/jobs/fixmemo/memo_exec.log
# 文件内的标记历史记录 (从新到旧):
> ~/Application/Common/Logic/TeacherBaseLogic.class.php
	"	181	12
	^	180	148
	.	171	0
	+	175	65
	+	171	28
	+	171	1
	+	171	0
	+	171	6
	+	171	91
	+	171	0
> /cron/jobs/fixmemo/memo_exec.log
	"	1	1
> ~/Application/Students/Controller/BookController.class.php
	"	184	22
> /cron/jobs/getTodayZoommeeting/fixzoommeetingid.php
	"	111	0
> /cron/jobs/getTodayZoommeeting/2014-11-07.log
	"	1	0
> /home/vhost/abc360.com/log/2014-11-07.log
	"	18276	58
> ~/delete.me
	"	1	4
	^	1	5
	.	1	5
	+	1	5

修复方案：

我是来找礼物的！

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：6

确认时间：2015-11-09 18:20

厂商回复：

感谢路人甲的反馈，我们将尽快修复漏洞。

漏洞评价：

2015-11-09 18:27 | 带头大哥 ( 普通白帽子 | Rank:369 漏洞数:112 | 很早前，我就有个梦想。哪一天能站在国家会...)

小礼物都没有吗？ @ABC360
2015-11-09 20:18 | ABC360(乌云厂商)

路人甲的礼物已发。
2015-11-09 21:33 | 带头大哥 ( 普通白帽子 | Rank:369 漏洞数:112 | 很早前，我就有个梦想。哪一天能站在国家会...)

@ABC360 额，是我提交的，我匿名提交了就是路人甲。你获取了我的联系方式。我已经接受了！

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0153073

漏洞标题：点到为止之abc360配置不当敏感造成订单信息泄露

相关厂商：ABC360

漏洞作者：路人甲

提交时间：2015-11-09 16:50

修复时间：2015-11-09 19:57

公开时间：2015-11-09 19:57

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：厂商已经修复

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0153073

漏洞标题：点到为止之abc360配置不当敏感造成订单信息泄露

相关厂商：ABC360

漏洞作者： 路人甲

提交时间：2015-11-09 16:50

修复时间：2015-11-09 19:57

公开时间：2015-11-09 19:57

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：厂商已经修复

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0153073"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云