当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149982

漏洞标题:同程旅游网移动端某处接口未授权

相关厂商:苏州同程旅游网络科技有限公司

漏洞作者: 1937nick

提交时间:2015-10-28 09:48

修复时间:2015-12-12 09:58

公开时间:2015-12-12 09:58

漏洞类型:未授权访问/权限绕过

危害等级:低

自评Rank:3

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-28: 细节已通知厂商并且等待厂商处理中
2015-10-28: 厂商已经确认,细节仅向厂商公开
2015-11-07: 细节向核心白帽子及相关领域专家公开
2015-11-17: 细节向普通白帽子公开
2015-11-27: 细节向实习白帽子公开
2015-12-12: 细节向公众公开

简要描述:

麻麻:说标题不能太
还是高rank 送京东礼品卡就好

详细说明:

漏洞位置:URL:http://tcmobileapi.17usoft.com/Movie/default.aspx

1.png


来测试一下酒店接口地址:http://tcmobileapi.17usoft.com/hotel/orderhandler.ashx

"response":
{
"header":
{
"rspType":"0",
"rspCode":"0000",
"rspDesc":"查询成功"
},
"body":
{
"serialId":"hh55bddu67210024u610",
"orderFlag":"未入住",
"hotelId":"2111",
"hotelName":"北京丽苑公寓",
"hotelLinkPhone":"010-65258855",
"roomName":"敞开式套房",
"address":"王府井金鱼胡同18号近校尉胡同",
"totalPrice":"1680.00",
"realTotalPrice":"1680",
"comeDate":"2015-08-02",
"leaveDate":"2015-08-03",
"creationTime":"2015/8/2 17:09:59",
"rooms":"1",
"comeTime":"18:00",
"contactName":"7990862870D539A4",
"contactMobile":"13536848017",
"theNewContactMobile":"135****8017",
"guestName":"恩旺",
"guestMobile":"13536848017",
"theNewGuestMobile":"135****8017",
"otherGuests":"",
"remark":"",
"isAbleComment":"0",
"isGuarantee":"0",
"isCancelable":"0",
"isAblePay":"0",
"isCanDelete":"1",
"paymentType":"到店付款",
"guaranteeAmount":"0.00",
"couponPrice":"100.00",
"commentPrice":"0",
"invoiceName":"",
"invoiceRise":"",
"invoiceAddress":"",
"invoiceFee":"0",
"invoiceMobile":"",
"orderAmountDetailList":[
{
"amountAdvice":"1680.00",
"breakfast":"单份",
"stayDate":"20150802"
}],
"isProcess":"0",
"introduction":"",
"copywriter":"",
"commentTip":"",
"commentCashMoney":"",
"returnCashMoneyAll":"",
"isPromo":"0",
"currency":"0",
"isAbleSubmitCheckInfo":"0",
"isAbleChange":"0",
"policyId":"1401276",
"roomTypeId":"569761",
"supplierId":"74475",
"RemindCheckRoom":"0",
"RemindConfirm":"0",
"OtherGuaranteeAmount":"0.00",
"OtherCurrency":"0",
"OtherOrderPrice":"1680.00",
"platId":"",
"redEnvelopeAmount":"0"
}
}
}


2.png


要测试内容可以看这个漏洞http://wooyun.org/bugs/wooyun-2010-0137596
我就不在测试了 上次已经修复了 现在是第三次了

漏洞证明:

http://wooyun.org/bugs/wooyun-2010-0137596

修复方案:

还好我做过研发 把调试页面删除

版权声明:转载请注明来源 1937nick@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-10-28 09:56

厂商回复:

感谢关注同程旅游

最新状态:

暂无