当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0191484

漏洞标题:百度91平台旗下某游戏未授权访问泄漏支付系统SDK密钥以及大量日志文件

相关厂商:百度

漏洞作者: 方大核桃

提交时间:2016-04-01 18:28

修复时间:2016-05-20 17:10

公开时间:2016-05-20 17:10

漏洞类型:网络敏感信息泄漏

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-04-01: 细节已通知厂商并且等待厂商处理中
2016-04-05: 厂商已经确认,细节仅向厂商公开
2016-04-15: 细节向核心白帽子及相关领域专家公开
2016-04-25: 细节向普通白帽子公开
2016-05-05: 细节向实习白帽子公开
2016-05-20: 细节向公众公开

简要描述:

rt

详细说明:

地址

http://180.76.169.198/baidu91/


未授权访问
1.泄漏密钥:发现备份文件:

http://180.76.169.198/baidu91/baidu91_charge.rar


下载后查看,发现:

Screenshot from 2016-04-01 02-48-52.png


使用base64解码之后发现:

{"common":{"appKey":"37d8b691eea78b72e0803ad19a6b0f83","pakgeName":"csss","hostUrl":"http://mhtj1.duoku.com/baidu91/Kinside/kinside","signKeyClient":"mY8m1zOE5rho#*%g8c)%+Z(mq7pf-g!rxA*wpDMR","signKeyServer":"+E4y^44IQ$HJfoNi0C+h_+vY(LTDq-0CK^uNDFU~","orderCreateUrl":"http://mhtj1.duoku.com/baidu91/bsm_orderCreate.php","orderCallBackUrl":"http://mhtj1.duoku.com/baidu91/bsm_orderCallback.php","payCallBackUrl":"http://mhtj1.duoku.com/baidu91/bsm_payCallback.php","logFileType":"log","channelList":["ndandroid","ndios","mmyandroid","djandroid","bddkandroid","ucandroid","wdjandroid","anzhiandroid","oppoandroid","huaweiandroid","lenovoandroid","tongbuios","ppios","miandroid","itoolsios","kuaiyongios","mzwandroid","amigoplayandroid","ppsandroid"]},"channel":{"ndandroid":{"AppId":"113155","AppKey":"5faa90e53f0478e7b81cd913022b86a306756f8e685f7639","PakgeName":"com.mobimirage.mhtj.BD"},"ndios":{"AppId":"114287","AppKey":"918ce30d757862634733176fc30858017dd8ad2bcd8ba242","PakgeName":"com.mobimirage.mhtj.BD"},"mmyandroid":{"AppKey":"63ae8a141d526c82TmF1La2mhyWRL6s33PCJfwlH7TYZXyDpSFvXdRyolbWVlbo5","PakgeName":"com.mobimirage.mhtj.mmy"},"djandroid":{"AppId":"2197","AppKey":"uXSiMOqF","PaymentKey":"1PRwSl513hNY","MerchantId":"969","PakgeName":"com.mobimirage.mhtj.dl"},"bddkandroid":{"AppId":"5222","ProductKey":"942a499ad3084c2ff783638a5b191e3a","ProductSecret":"a8a02451a21166f15fd5915551cbb5ae","PakgeName":"com.mobimirage.mhtj.Dk"},"ucandroid":{"CpId":"28573","GameId":"543989","ApiKey":"05c35efcd6a3e3daa0755e8a8a1ec5cf","ServerId":"3427","ChannelId":"2","PakgeName":"com.mobimirage.mhtj.uc"},"wdjandroid":{"AppKeyId":"100011888","SecretKey":"c56faa31d34172900d8b1c8f302dd81c","PublicKey":"","PakgeName":"com.mobimirage.mhtj.wdj"},"anzhiandroid":{"AppKey":"14109207580aVstiyN4MV8mM16MNm9","AppSecret":"LCd9x09P2g00pLn5N1627UGy","PakgeName":"com.mobimirage.mhtj.anzhi"},"oppoandroid":{"GameID":"2066","AppKey":"bt3pAw3PZyg4wgCc4w8CCgkOS","AppSecret":"d869dA2da2716e6ffD80Ad8009b1181e","PakgeName":"com.mobimirage.mhtj.nearme.gamecenter","PayCallBackUrl":"http://mhtj1.duoku.com/baidu91/Kinside/kinside/pay/oppoandroid/paycallback.php"},"huaweiandroid":{"AppId":"10176532","AppSecret":"MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAK2KVbR7zLmkwiyu5excagUh0XmLBvYu+bqkZriCpGBhuS7H8Ishkl8mcIeVyPJdgHKxP+7sG+euEjuVnSOHg4Bn50slFaFA+cWdblcwRtJYRC4w7dtOy5yZ7mlKzA5yHYZUa0bw0D+wRhXY8Ess9FcKXnOtSLrT0bRgNoMYCZRJAgMBAAECgYEAmuYMI+IQ1W9zhjDCt5uxYk1STXvDxgAeFfNiYLTzhbgUc+YxFe7sWJPWA5+10meVHEqL93W2XrBoQ9kCftEZlQ30w33IoYTf3XxTs6GVzTREdRcFq2QaL1xSH/B /KzbUqzxtjuvhHcp3hG9ezucQM7z+u+y0dfbZywi2Zyx3oBUCQQDdHTwKnIkDlzUlSAS3yfmUopAuGBKFLMaalU0HDY7epAuap2Pu3jxDb91Es7WhCTJ8J1rHURLG1X8W6jLIIPAPAkEAyOuZ8FwDTSfOgKAxfnj5gd7Ief1OCJfAyImKrP90+OnC+3DsgJK/T1o0wBKqtfuli7/SXjjMjDJCn4Aab6jeJwJBAMW599ARbOCeHbNJ9JYZcir9N+tQMXePs8XWTvxInoLvtUTF/TJE3yT66qYeAgSQQeoOEzp7gEv37N8j7OdTtPcCQDfDU+Um1G+8hY6jZzkvwCfwOfnJeLffzkyaB9f9ymwvDMOWUr1YfSo74foQ9DovzoFbyroFz5d1d5InDq9A0e8CQD0W40fZOiO1WZl/BcfsfwYiEUakBzCrrcGJye7g81WakaDJpHouICk7ZpGT2Qh2N4uSd8wDhygM8o0Ujd/hicg=","PayId":"900086000020653433","PublicKey":"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK5+mAWZ1R0agcXJsFY+bvCUe+OpjlRC8CQ0Z40xCfcjl21Rvusq7LZNb9gW0nEGYapc/b5ScRLKWurZ3o7gYlMCAwEAAQ==","PrivateKey":"MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEArn6YBZnVHRqBxcmwVj5u8JR746mOVELwJDRnjTEJ9yOXbVG+6yrstk1v2BbScQZhqlz9vlJxEspa6tnejuBiUwIDAQABAkEAoASv3NMJwLrCL2OaNjzi9/Ty+ABR6avJFSqJm81Q2jVc3xv42udPrmPn8XUZRiVjQgfgY2p/B5+E2FT5SdddAQIhAPfjCnoBxOVsOG0eP9ZqK6LZuUNFCIzHo6P4Gao0j9qhAiEAtDSfmIGZx5ww9ePrfKbiM8BJWN1TN+QtmJqNj1M9rHMCIAxATVlAU yHfml5SO2d2cdenmQ9pDwYeK8lDzsjpth5hAiBkigeQup3ldAsM5QB5J1KEtP83CSRoxnF59qCMGlEKaQIhAIEREuRmBkIBieBs7VXq24vEHY+Wjp8rz2O8CMhOKxsS","PakgeName":"com.mobimirage.mhtj.Dk.huawei"},"lenovoandroid":{"AppId":"1408110410079.app.ln","AppSecret":"NzA5NkIxRjZGQTY3Q0M5OUI5RUIxM0Y1MjAxOTRENkYzMEYwOTg3NU9UY3dNVGcyT0RNME56UTVOakUwTXpjME55c3hOakUzTlRjd01UZ3lOVGMzTlRZME1qWTNPRE13TURjd09UQXlNekUwTlRnMk16TTNNak09","WaresId":"1","PakgeName":"com.mobimirage.mhtj.lenovo"},"tongbuios":{"AppId":"140859","AppKey":"AMCZm0yJVtiQFcS*3MZwl0IgVi6PFRp*","PakgeName":"com.mobimirage.mhtj.tbt"},"ppios":{"AppId":"4099","AppKey":"63427f9b9efb383155e04331baf0f182","PublicKey":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1E0kdR9NNUbCd5KtpfBp\nVCsoh6/wqLJF/kuUQNcKN0EhZ14oYwB8ou52VPJoVedyOn6kxHd0LHZytYs8+lf9\nX9VvRm8ZLxZRyVdLhQmykZLNHAM8TS6ZE3AMQCnd259a2jlW7YNcJ4qrylanr2/G\n3QSu+gmzqd+Bcu923UKps/DYLd8hJN+gvGNPc3UUOPtD5FsFlv7V5UeSTgqLIAic\nrHIuzs43HciMdxKeJdVvVQ+ZSIbNEnO0bVqQIS31c9QJXoWSEye0YP2wxRAQz1zK\noBbgZZd+jk1nqexjMsufS2IVBcPUQyTRA6NzZTDeK3wgCpR69JnyotV44KQrIO4F\nbwIDAQAB\n-----END PUBLIC KEY-----","PakgeName":"com.mobimirage.mhtj.pp"},"miandroid":{"AppId":"2882303761517245154","AppKey":"5731724557154","AppSecret":"WFVlAWuU0O1vAwf+7pjwkg==","PakgeName":"com.mobimirage.mhtj.mi"},"itoolsios":{"AppId":"427","AppKey":"FDEA22559C7AD8CF2A87602D8D6713F3","NumId":"10669","PakgeName":"com.mobimirage.mhtj.itools"},"kuaiyongios":{"Game":"6023","AppKey":"954a2eccb75d30930e0394fd16067952","AppSecret":"LU8huCBQdFtCt839iM63uKVJKWHwfoI1","PublicKey":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOzQy6ll38LOZ7viCdvXP5/TdmE1dSRZOtrfAL3c+58/MggpA7KyI2Q701EC0upJNHdDy76hk3sLFKngIEUX6ObTySZsZ/zn8bK9gsAQkCDQCMstocbODrnGmdzpCtiEHk+DQVkGTN2HSBQP62k4x+Mk3MfHnuDLXLEajbM++K6QIDAQAB","PakgeName":"com.mobimirage.mhtj.ky"},"mzwandroid":{"AppKey":"dc3b2db6f2812ed280bc96ce5c95e5d2","AppSecret":"5405292f93071","PakgeName":"com.mobimirage.mhtj.mzw"},"amigoplayandroid":{"AppId":"0","PrivateKey":"MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAKvdpbQWQ61mAtzshppmxSRvV2T43arKvKF2sFFV9pGP+dJ2jHEKKC0AOdzDDogVnQPPehf3+/1rFh2+U2Mrz65S9F0rJVtRlHuisWPlTfPcSToTB2Znk0q96BG9838kbJEFhHSvhNhKK4E7x3XnnqycAJEbjc7en2G40HBXLWXBAgMBAAECgYEAl5YrrSdmEe7D37APGOhEQdqirsCCYz3mGlPhOBwmGkVvB57gSGO5A9gLMRgqHQVTNCUvfyyO6foly54vVm0yAxBPQfivw8E0vWuIUvueLZ9ANBYq9QfrnNvGpuFtlCv1wS+KrgM91gf1hJjc1EVLVBt85YnSjNqb/z3DimLSJkECQQDlZ4pz5jTSXNX0irBP0vG5V6rFUd8bk6TOow6pXHkPywAFMcGqoaUVVBOBKc3aqXxkyEuDC8kNR4rxQtdt3/jFAkEAv8ptCCA3zNw 1UAYBkNWCTGgKdzg7zOPwO/XL3MAG6AipsLZW6PyrKilOGNqAqSKjkETTyERqapMNWgtNc9lwzQJBAIPT7WdO6hndCYKe1FT61rf4ngUIWFrDjJjGcR14K4Wc1WUmw7EndPN9vjuiZ055ySctRt+GvUGpVDnyfFQCujUCQQCdiKEMRqJu5AXqaDSLCcUQC3llOcxs3GFsbtX3yccielMfsnYqw7e4VtsuMPPzeV9OVip62i9qwMT7zELfQKCVAkEAktYowgSOVSF7GNrSa7nc3vqMCLQMJjwpGJPpIumFKGMLoNmWmox8lbyaubeyecY37H0gBVsfzadkX0D11ZqAYw==","ApiKey":"825AA973E08C497DB6955DE2D0FC7AA6","SecretKey":"61D1260FBCD640AB9790473F3FFC37D1","ChannelPayCallBack":"http://mhtj1.duoku.com/baidu91/Kinside/kinside/pay/amigoplayandroid/paycallback.php","PublicKey":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZkjkrqOSH06M3km3lB0u4OhFlMovE3lkY90fKcu6kwGgYbmXS8VjphXlCqIkjm9l9kOmNO+7Xk4FCOTk+tN3DXbjpDulUv1PmbHLt8bT9mvbvz+jHb7NFqZ9Giu3XBoyMJC9aKnmlACTmqvQtYl1vy7JkpkHVfhDzo9p8onDEAQIDAQAB","PayIcon":"http://dl.mhtj.duoku.com/91ftp/v3/channel/jinli.png","PakgeName":"com.mobimirage.mhtj.am"},"ppsandroid":{"AppId":"675","ChannelId":"mhtj_test","LoginKey":"74974bf301ff7e270d0e1e6860735f38","AppKey":"MHTJjsafg15f12fLISGF1f3lpPpsgames675","PakgeName":"com.mobimirage.mhtj.pps"}}}


未深入研究api的用法,但问题确实存在
2.泄漏日志文件
http://180.76.169.198/baidu91/Resource/kinside/log/20160401/
实时的日志,证明非废弃系统

漏洞证明:

{"common":{"appKey":"37d8b691eea78b72e0803ad19a6b0f83","pakgeName":"csss","hostUrl":"http://mhtj1.duoku.com/baidu91/Kinside/kinside","signKeyClient":"mY8m1zOE5rho#*%g8c)%+Z(mq7pf-g!rxA*wpDMR","signKeyServer":"+E4y^44IQ$HJfoNi0C+h_+vY(LTDq-0CK^uNDFU~","orderCreateUrl":"http://mhtj1.duoku.com/baidu91/bsm_orderCreate.php","orderCallBackUrl":"http://mhtj1.duoku.com/baidu91/bsm_orderCallback.php","payCallBackUrl":"http://mhtj1.duoku.com/baidu91/bsm_payCallback.php","logFileType":"log","channelList":["ndandroid","ndios","mmyandroid","djandroid","bddkandroid","ucandroid","wdjandroid","anzhiandroid","oppoandroid","huaweiandroid","lenovoandroid","tongbuios","ppios","miandroid","itoolsios","kuaiyongios","mzwandroid","amigoplayandroid","ppsandroid"]},"channel":{"ndandroid":{"AppId":"113155","AppKey":"5faa90e53f0478e7b81cd913022b86a306756f8e685f7639","PakgeName":"com.mobimirage.mhtj.BD"},"ndios":{"AppId":"114287","AppKey":"918ce30d757862634733176fc30858017dd8ad2bcd8ba242","PakgeName":"com.mobimirage.mhtj.BD"},"mmyandroid":{"AppKey":"63ae8a141d526c82TmF1La2mhyWRL6s33PCJfwlH7TYZXyDpSFvXdRyolbWVlbo5","PakgeName":"com.mobimirage.mhtj.mmy"},"djandroid":{"AppId":"2197","AppKey":"uXSiMOqF","PaymentKey":"1PRwSl513hNY","MerchantId":"969","PakgeName":"com.mobimirage.mhtj.dl"},"bddkandroid":{"AppId":"5222","ProductKey":"942a499ad3084c2ff783638a5b191e3a","ProductSecret":"a8a02451a21166f15fd5915551cbb5ae","PakgeName":"com.mobimirage.mhtj.Dk"},"ucandroid":{"CpId":"28573","GameId":"543989","ApiKey":"05c35efcd6a3e3daa0755e8a8a1ec5cf","ServerId":"3427","ChannelId":"2","PakgeName":"com.mobimirage.mhtj.uc"},"wdjandroid":{"AppKeyId":"100011888","SecretKey":"c56faa31d34172900d8b1c8f302dd81c","PublicKey":"","PakgeName":"com.mobimirage.mhtj.wdj"},"anzhiandroid":{"AppKey":"14109207580aVstiyN4MV8mM16MNm9","AppSecret":"LCd9x09P2g00pLn5N1627UGy","PakgeName":"com.mobimirage.mhtj.anzhi"},"oppoandroid":{"GameID":"2066","AppKey":"bt3pAw3PZyg4wgCc4w8CCgkOS","AppSecret":"d869dA2da2716e6ffD80Ad8009b1181e","PakgeName":"com.mobimirage.mhtj.nearme.gamecenter","PayCallBackUrl":"http://mhtj1.duoku.com/baidu91/Kinside/kinside/pay/oppoandroid/paycallback.php"},"huaweiandroid":{"AppId":"10176532","AppSecret":"MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAK2KVbR7zLmkwiyu5excagUh0XmLBvYu+bqkZriCpGBhuS7H8Ishkl8mcIeVyPJdgHKxP+7sG+euEjuVnSOHg4Bn50slFaFA+cWdblcwRtJYRC4w7dtOy5yZ7mlKzA5yHYZUa0bw0D+wRhXY8Ess9FcKXnOtSLrT0bRgNoMYCZRJAgMBAAECgYEAmuYMI+IQ1W9zhjDCt5uxYk1STXvDxgAeFfNiYLTzhbgUc+YxFe7sWJPWA5+10meVHEqL93W2XrBoQ9kCftEZlQ30w33IoYTf3XxTs6GVzTREdRcFq2QaL1xSH/B /KzbUqzxtjuvhHcp3hG9ezucQM7z+u+y0dfbZywi2Zyx3oBUCQQDdHTwKnIkDlzUlSAS3yfmUopAuGBKFLMaalU0HDY7epAuap2Pu3jxDb91Es7WhCTJ8J1rHURLG1X8W6jLIIPAPAkEAyOuZ8FwDTSfOgKAxfnj5gd7Ief1OCJfAyImKrP90+OnC+3DsgJK/T1o0wBKqtfuli7/SXjjMjDJCn4Aab6jeJwJBAMW599ARbOCeHbNJ9JYZcir9N+tQMXePs8XWTvxInoLvtUTF/TJE3yT66qYeAgSQQeoOEzp7gEv37N8j7OdTtPcCQDfDU+Um1G+8hY6jZzkvwCfwOfnJeLffzkyaB9f9ymwvDMOWUr1YfSo74foQ9DovzoFbyroFz5d1d5InDq9A0e8CQD0W40fZOiO1WZl/BcfsfwYiEUakBzCrrcGJye7g81WakaDJpHouICk7ZpGT2Qh2N4uSd8wDhygM8o0Ujd/hicg=","PayId":"900086000020653433","PublicKey":"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK5+mAWZ1R0agcXJsFY+bvCUe+OpjlRC8CQ0Z40xCfcjl21Rvusq7LZNb9gW0nEGYapc/b5ScRLKWurZ3o7gYlMCAwEAAQ==","PrivateKey":"MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEArn6YBZnVHRqBxcmwVj5u8JR746mOVELwJDRnjTEJ9yOXbVG+6yrstk1v2BbScQZhqlz9vlJxEspa6tnejuBiUwIDAQABAkEAoASv3NMJwLrCL2OaNjzi9/Ty+ABR6avJFSqJm81Q2jVc3xv42udPrmPn8XUZRiVjQgfgY2p/B5+E2FT5SdddAQIhAPfjCnoBxOVsOG0eP9ZqK6LZuUNFCIzHo6P4Gao0j9qhAiEAtDSfmIGZx5ww9ePrfKbiM8BJWN1TN+QtmJqNj1M9rHMCIAxATVlAU yHfml5SO2d2cdenmQ9pDwYeK8lDzsjpth5hAiBkigeQup3ldAsM5QB5J1KEtP83CSRoxnF59qCMGlEKaQIhAIEREuRmBkIBieBs7VXq24vEHY+Wjp8rz2O8CMhOKxsS","PakgeName":"com.mobimirage.mhtj.Dk.huawei"},"lenovoandroid":{"AppId":"1408110410079.app.ln","AppSecret":"NzA5NkIxRjZGQTY3Q0M5OUI5RUIxM0Y1MjAxOTRENkYzMEYwOTg3NU9UY3dNVGcyT0RNME56UTVOakUwTXpjME55c3hOakUzTlRjd01UZ3lOVGMzTlRZME1qWTNPRE13TURjd09UQXlNekUwTlRnMk16TTNNak09","WaresId":"1","PakgeName":"com.mobimirage.mhtj.lenovo"},"tongbuios":{"AppId":"140859","AppKey":"AMCZm0yJVtiQFcS*3MZwl0IgVi6PFRp*","PakgeName":"com.mobimirage.mhtj.tbt"},"ppios":{"AppId":"4099","AppKey":"63427f9b9efb383155e04331baf0f182","PublicKey":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1E0kdR9NNUbCd5KtpfBp\nVCsoh6/wqLJF/kuUQNcKN0EhZ14oYwB8ou52VPJoVedyOn6kxHd0LHZytYs8+lf9\nX9VvRm8ZLxZRyVdLhQmykZLNHAM8TS6ZE3AMQCnd259a2jlW7YNcJ4qrylanr2/G\n3QSu+gmzqd+Bcu923UKps/DYLd8hJN+gvGNPc3UUOPtD5FsFlv7V5UeSTgqLIAic\nrHIuzs43HciMdxKeJdVvVQ+ZSIbNEnO0bVqQIS31c9QJXoWSEye0YP2wxRAQz1zK\noBbgZZd+jk1nqexjMsufS2IVBcPUQyTRA6NzZTDeK3wgCpR69JnyotV44KQrIO4F\nbwIDAQAB\n-----END PUBLIC KEY-----","PakgeName":"com.mobimirage.mhtj.pp"},"miandroid":{"AppId":"2882303761517245154","AppKey":"5731724557154","AppSecret":"WFVlAWuU0O1vAwf+7pjwkg==","PakgeName":"com.mobimirage.mhtj.mi"},"itoolsios":{"AppId":"427","AppKey":"FDEA22559C7AD8CF2A87602D8D6713F3","NumId":"10669","PakgeName":"com.mobimirage.mhtj.itools"},"kuaiyongios":{"Game":"6023","AppKey":"954a2eccb75d30930e0394fd16067952","AppSecret":"LU8huCBQdFtCt839iM63uKVJKWHwfoI1","PublicKey":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOzQy6ll38LOZ7viCdvXP5/TdmE1dSRZOtrfAL3c+58/MggpA7KyI2Q701EC0upJNHdDy76hk3sLFKngIEUX6ObTySZsZ/zn8bK9gsAQkCDQCMstocbODrnGmdzpCtiEHk+DQVkGTN2HSBQP62k4x+Mk3MfHnuDLXLEajbM++K6QIDAQAB","PakgeName":"com.mobimirage.mhtj.ky"},"mzwandroid":{"AppKey":"dc3b2db6f2812ed280bc96ce5c95e5d2","AppSecret":"5405292f93071","PakgeName":"com.mobimirage.mhtj.mzw"},"amigoplayandroid":{"AppId":"0","PrivateKey":"MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAKvdpbQWQ61mAtzshppmxSRvV2T43arKvKF2sFFV9pGP+dJ2jHEKKC0AOdzDDogVnQPPehf3+/1rFh2+U2Mrz65S9F0rJVtRlHuisWPlTfPcSToTB2Znk0q96BG9838kbJEFhHSvhNhKK4E7x3XnnqycAJEbjc7en2G40HBXLWXBAgMBAAECgYEAl5YrrSdmEe7D37APGOhEQdqirsCCYz3mGlPhOBwmGkVvB57gSGO5A9gLMRgqHQVTNCUvfyyO6foly54vVm0yAxBPQfivw8E0vWuIUvueLZ9ANBYq9QfrnNvGpuFtlCv1wS+KrgM91gf1hJjc1EVLVBt85YnSjNqb/z3DimLSJkECQQDlZ4pz5jTSXNX0irBP0vG5V6rFUd8bk6TOow6pXHkPywAFMcGqoaUVVBOBKc3aqXxkyEuDC8kNR4rxQtdt3/jFAkEAv8ptCCA3zNw 1UAYBkNWCTGgKdzg7zOPwO/XL3MAG6AipsLZW6PyrKilOGNqAqSKjkETTyERqapMNWgtNc9lwzQJBAIPT7WdO6hndCYKe1FT61rf4ngUIWFrDjJjGcR14K4Wc1WUmw7EndPN9vjuiZ055ySctRt+GvUGpVDnyfFQCujUCQQCdiKEMRqJu5AXqaDSLCcUQC3llOcxs3GFsbtX3yccielMfsnYqw7e4VtsuMPPzeV9OVip62i9qwMT7zELfQKCVAkEAktYowgSOVSF7GNrSa7nc3vqMCLQMJjwpGJPpIumFKGMLoNmWmox8lbyaubeyecY37H0gBVsfzadkX0D11ZqAYw==","ApiKey":"825AA973E08C497DB6955DE2D0FC7AA6","SecretKey":"61D1260FBCD640AB9790473F3FFC37D1","ChannelPayCallBack":"http://mhtj1.duoku.com/baidu91/Kinside/kinside/pay/amigoplayandroid/paycallback.php","PublicKey":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZkjkrqOSH06M3km3lB0u4OhFlMovE3lkY90fKcu6kwGgYbmXS8VjphXlCqIkjm9l9kOmNO+7Xk4FCOTk+tN3DXbjpDulUv1PmbHLt8bT9mvbvz+jHb7NFqZ9Giu3XBoyMJC9aKnmlACTmqvQtYl1vy7JkpkHVfhDzo9p8onDEAQIDAQAB","PayIcon":"http://dl.mhtj.duoku.com/91ftp/v3/channel/jinli.png","PakgeName":"com.mobimirage.mhtj.am"},"ppsandroid":{"AppId":"675","ChannelId":"mhtj_test","LoginKey":"74974bf301ff7e270d0e1e6860735f38","AppKey":"MHTJjsafg15f12fLISGF1f3lpPpsgames675","PakgeName":"com.mobimirage.mhtj.pps"}}}

修复方案:

你们更厉害!

版权声明:转载请注明来源 方大核桃@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-04-05 17:07

厂商回复:

感谢您关注百度安全!

最新状态:

暂无

漏洞评价:

评价

  1. 2016-04-01 18:59 | sauce ( 普通白帽子 | Rank:228 漏洞数:36 | test)

    666