当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-010958

漏洞标题:京东团购敏感信息泄漏

相关厂商:京东商城

漏洞作者: 笔墨

提交时间:2012-08-16 12:58

修复时间:2012-08-21 12:59

公开时间:2012-08-21 12:59

漏洞类型:敏感信息泄露

危害等级:中

自评Rank:7

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2012-08-16: 细节已通知厂商并且等待厂商处理中
2012-08-21: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

配置不当。

详细说明:

京东首页打开团购页面。


漏洞证明:

Ice_UnknownException Object ( [unknown] => Thread.cpp:521: IceUtil::ThreadSyscallException: syscall exception: Resource temporarily unavailable [message:protected] => [string:Exception:private] => [code:protected] => 0 [file:protected] => /export/data/tomcatRoot/tuan.360buy.com/include/library/Ice.class.php [line:protected] => 22 [trace:Exception:private] => Array ( [0] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/library/Ice.class.php [line] => 22 [function] => Ice_initialize [args] => Array ( ) ) [1] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/function/iceUtils.php [line] => 201 [function] => findIce [class] => IceUtil [type] => :: [args] => Array ( [0] => RpcJdUserService ) ) [2] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/function/iceUtils.php [line] => 159 [function] => getJdUser [args] => Array ( [0] => dosbear ) ) [3] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/classes/ZLogin.class.php [line] => 37 [function] => inituser [args] => Array ( [0] => 233E96400AD0D2F381C7F3FFA68A4AFDB96526624BD9D76A37CD300B5CAF2F90860B776D73752781BEB5723CBE828EA3B9FACD9DE31176470C296E26815A5B3F7D94493B2F4CFFB115CA88D65D11F7386ACB99B6C02B20CFC0059F424B613A212A8480286BDAB37B9249987C468A89A542413BC36D4C0A4FA224919607A852A7BCD37C58E95B1914328661A6829ED8B7 [1] => 4ef687a948709891d0cfc2ab64b43661 ) ) [4] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/classes/ZLogin.class.php [line] => 26 [function] => initUserInfo [class] => ZLogin [type] => :: [args] => Array ( [0] => 233E96400AD0D2F381C7F3FFA68A4AFDB96526624BD9D76A37CD300B5CAF2F90860B776D73752781BEB5723CBE828EA3B9FACD9DE31176470C296E26815A5B3F7D94493B2F4CFFB115CA88D65D11F7386ACB99B6C02B20CFC0059F424B613A212A8480286BDAB37B9249987C468A89A542413BC36D4C0A4FA224919607A852A7BCD37C58E95B1914328661A6829ED8B7 [1] => 4ef687a948709891d0cfc2ab64b43661 ) ) [5] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/app.php [line] => 26 [function] => GetLoginId [class] => ZLogin [type] => :: [args] => Array ( ) ) [6] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/forward.php [line] => 9 [args] => Array ( [0] => /export/data/tomcatRoot/tuan.360buy.com/app.php ) [function] => require_once ) ) [previous:Exception:private] => )

修复方案:

技术人员都懂的。

版权声明:转载请注明来源 笔墨@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2012-08-21 12:59

厂商回复:

最新状态:

暂无