当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-099494

漏洞标题:快递100官方可利用源码获取万条订单记录

相关厂商:快递100

漏洞作者: 0x 80

提交时间:2015-03-04 18:03

修复时间:2015-04-18 18:04

公开时间:2015-04-18 18:04

漏洞类型:敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-04: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-04-18: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

匿名利用源码获取万条订单

详细说明:

http://www.kuaidi100.com/query?id=1&postid=300003849895&temp=0.8066521694418043&type=quanfengkuaidi&valicode=

556.png


漏洞证明:

其中postid=订单号,直接替换即可,没有任何加密!
{"message":"ok","nu":"300003849896","companytype":"quanfengkuaidi","ischeck":"1","com":"quanfengkuaidi","updatetime":"2015-03-04 17:09:41","status":"200","condition":"F00","codenumber":"300003849896","data":[{"time":"2013-04-29 18:41:32","location":"","context":"派件已【签收】,签收人是【本人】签收网点是【福州台江站】","ftime":"2013-04-29 18:41:32"},{"time":"2013-04-27 10:09:15","location":"","context":"【福州台江站】的【福州台江站】正在派件,扫描员是【福州台江站】备注【 】","ftime":"2013-04-27 10:09:15"},{"time":"2013-04-27 09:39:37","location":"","context":"快件到达【福州台江站】,上一站是【福州分拨中心】扫描员是【福州台江站】备注【 】","ftime":"2013-04-27 09:39:37"},{"time":"2013-04-27 08:47:47","location":"","context":"快件在【福州分拨中心】装车,正发往【福州台江站】扫描员是【韩海东】备注【 】","ftime":"2013-04-27 08:47:47"},{"time":"2013-04-26 19:28:01","location":"","context":"快件到达【福州分拨中心】,上一站是【临海分拨中心】扫描员是【林锋】备注【 】","ftime":"2013-04-26 19:28:01"},{"time":"2013-04-26 06:42:40","location":"","context":"快件在【临海分拨中心】装车,正发往【福州分拨中心】扫描员是【魏仕炎】备注【 】","ftime":"2013-04-26 06:42:40"},{"time":"2013-04-26 06:42:28","location":"","context":"快件到达【临海分拨中心】,上一站是【上海分拨中心】扫描员是【杨涛】备注【 】","ftime":"2013-04-26 06:42:28"},{"time":"2013-04-25 20:01:30","location":"","context":"快件在【上海分拨中心】装车,正发往【福州分拨中心】扫描员是【吴军联】备注【 】","ftime":"2013-04-25 20:01:30"},{"time":"2013-04-25 19:56:06","location":"","context":"快件到达【上海分拨中心】,上一站是【上海市场部】扫描员是【杨齐】备注【 审核中转费计算】","ftime":"2013-04-25 19:56:06"},{"time":"2013-04-25 17:38:30","location":"","context":"快件在【上海良无限】装车,正发往【上海】扫描员是【上海良无限】备注【 】","ftime":"2013-04-25 17:38:30"},{"time":"2013-04-25 17:36:56","location":"","context":"【上海良无限】的【上海良无限】已收件,扫描员是:【上海良无限】,备注【 】","ftime":"2013-04-25 17:36:56"}],"state":"3"}

http://www.kuaidi100.com/query?id=1&postid=300003849896&temp=0.8066521694418043&type=quanfengkuaidi&valicode=


http://www.kuaidi100.com/query?id=1&postid=300003849897&temp=0.8066521694418043&type=quanfengkuaidi&valicode=

修复方案:

版权声明:转载请注明来源 0x 80@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论

  1. 2015-05-03 22:19 | 0c0c0f ( 实习白帽子 | Rank:48 漏洞数:15 | My H34rt c4n 3xploit 4ny h0les!)

    @疯狗 这个是金蝶旗下网站。 @0x 80 跟业务确认这个不是漏洞,是对外开放的查询接口。感谢关注:)