当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0131885

漏洞标题:Q房网看房记录一览无余

相关厂商:qfang.com

漏洞作者: im503

提交时间:2015-08-10 17:03

修复时间:2015-08-15 17:04

公开时间:2015-08-15 17:04

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:8

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-10: 细节已通知厂商并且等待厂商处理中
2015-08-15: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

各种看房记录..任意浏览.http://58.61.160.7:8080/

漏洞证明:

[ ]	qfang_20140630.zip	30-Jun-2014 01:06 	471M	 
[ ] qfang_20140707.zip 07-Jul-2014 01:06 454M
[ ] qfang_20140714.zip 14-Jul-2014 01:07 488M
[ ] qfang_20140721.zip 21-Jul-2014 01:06 480M
[ ] qfang_20140728.zip 28-Jul-2014 01:06 478M
[ ] qfang_20140804.zip 04-Aug-2014 01:07 553M
[ ] qfang_20140811.zip 11-Aug-2014 01:09 646M
[ ] qfang_20140818.zip 18-Aug-2014 01:10 701M
[ ] qfang_20140825.zip 25-Aug-2014 01:12 725M
[ ] qfang_20140901.zip 01-Sep-2014 01:08 664M
[ ] qfang_20140908.zip 08-Sep-2014 01:09 713M
[ ] qfang_20140915.zip 15-Sep-2014 01:05 517M
[ ] qfang_20140922.zip 22-Sep-2014 01:03 387M
[ ] qfang_20140929.zip 29-Sep-2014 01:05 492M
[ ] qfang_20141006.zip 06-Oct-2014 01:03 359M
[ ] qfang_20141020.zip 20-Oct-2014 01:04 415M
[ ] qfang_20141027.zip 27-Oct-2014 01:04 473M
[ ] qfang_20141103.zip 03-Nov-2014 01:06 533M
[ ] qfang_20141110.zip 10-Nov-2014 01:05 499M
[ ] qfang_20141117.zip 17-Nov-2014 01:04 483M
[ ] qfang_20141124.zip 24-Nov-2014 01:06 532M
[ ] qfang_20141201.zip 01-Dec-2014 01:05 487M
[ ] qfang_20141208.zip 08-Dec-2014 01:05 479M
[ ] qfang_20141215.zip 15-Dec-2014 01:05 489M
[ ] qfang_20141222.zip 22-Dec-2014 01:06 495M
[ ] qfang_20141229.zip 29-Dec-2014 01:05 483M
[ ] qfang_20150105.zip 05-Jan-2015 01:05 468M
[ ] qfang_20150112.zip 12-Jan-2015 01:05 489M
[DIR] qfang_20150112/ 13-Jan-2015 10:45 -
[ ] qfang_20150119.zip 19-Jan-2015 01:06 504M
[ ] qfang_20150126.zip 26-Jan-2015 01:05 493M
[ ] qfang_20150202.zip 02-Feb-2015 01:04 450M
[ ] qfang_20150209.zip 09-Feb-2015 01:04 387M
[ ] qfang_20150216.zip 16-Feb-2015 01:03 321M
[ ] qfang_20150223.zip 23-Feb-2015 01:02 204M
[ ] qfang_20150302.zip 02-Mar-2015 01:03 397M
[ ] qfang_20150309.zip 09-Mar-2015 01:04 482M
[ ] qfang_20150316.zip 16-Mar-2015 01:04 391M
[ ] qfang_20150323.zip 23-Mar-2015 01:05 425M
[ ] qfang_20150330.zip 30-Mar-2015 01:05 505M
[ ] qfang_20150406.zip 06-Apr-2015 01:04 382M
[ ] qfang_20150413.zip 13-Apr-2015 01:02 223M
[ ] qfang_20150420.zip 20-Apr-2015 01:03 308M
[ ] qfang_20150427.zip 27-Apr-2015 01:03 335M
[ ] qfang_20150504.zip 04-May-2015 01:04 365M
[ ] qfang_20150511.zip 11-May-2015 01:05 425M
[ ] qfang_20150518.zip 18-May-2015 01:05 445M
[ ] qfang_20150525.zip 25-May-2015 01:05 430M
[ ] qfang_20150601.zip 01-Jun-2015 01:05 429M
[ ] qfang_20150608.zip 08-Jun-2015 01:05 470M
[ ] qfang_20150615.zip 15-Jun-2015 01:06 482M
[ ] qfang_20150622.zip 22-Jun-2015 01:05 415M
[ ] qfang_20150629.zip 29-Jun-2015 01:04 298M
[ ] qfang_20150706.zip 06-Jul-2015 01:03 301M
[ ] qfang_20150713.zip 13-Jul-2015 01:04 329M
[ ] qfang_20150720.zip 20-Jul-2015 01:04 339M
[ ] qfang_20150727.zip 27-Jul-2015 01:03 294M
[ ] qfang_20150803.zip 03-Aug-2015 01:01 98M

修复方案:

目录权限控制下,别直接777..

版权声明:转载请注明来源 im503@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-15 17:04

厂商回复:

漏洞Rank:2 (WooYun评价)

最新状态:

暂无