陆金所某处敏感信息泄露 | wooyun-2016-0213264| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0213264

漏洞标题：陆金所某处敏感信息泄露

漏洞作者：路人甲

提交时间：2016-05-26 22:59

修复时间：2016-07-11 11:20

公开时间：2016-07-11 11:20

漏洞类型：重要敏感信息泄露

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-05-26：细节已通知厂商并且等待厂商处理中
2016-05-27：厂商已经确认，细节仅向厂商公开
2016-06-06：细节向核心白帽子及相关领域专家公开
2016-06-16：细节向普通白帽子公开
2016-06-26：细节向实习白帽子公开
2016-07-11：细节向公众公开

简要描述：

陆金所某处敏感信息泄露

详细说明：

https://github.com/dingquantracy/dingquantracy.github.io/blob/d5509aa19a6c75e36a8c7a3c14e5b970233d8806/a.txt

泄露多个开发，测试，外网环境的hosts配置

#172.17.40.33 swang.lufax.com
#172.19.8.80 test.lufax.com
#172.19.8.80 test.lu.com
#172.19.8.80 test.lufax.com
#172.19.8.80 test.lu.com
172.19.14.24  gitlab.lujs.cn
172.19.14.7    bettle.lujs.cn
172.19.8.7      lujs.cn
172.19.14.24 maven.lujs.cn
#==== localhost
#172.19.23.160 h5.lu.com
172.19.23.160 assets.lu.com 
172.19.23.129 my.lu.com
#172.19.23.129 ally.lu.com
#172.19.23.160 my.lufax.app
#172.19.23.160 mkt.lufax.app
#172.19.23.160 trading.lu.com
#172.19.23.160 cashier.lu.com
#172.19.23.160 user.lu.com
#172.19.23.160 user.lufax.app
#172.19.23.160 list.lu.com
#172.19.23.160 list.lufax.app
#172.19.23.160 pl.lu.com
#172.19.23.160 ljbao.lu.com
#172.19.23.160 yeb.lu.com
#172.19.23.160 affiliate.lu.com
#172.19.23.52 e.lufunds.com
#====
#==== lumidev
#127.0.0.1	ies-be.paic.com.cn
#127.0.0.1 points.lufax.app 
#127.0.0.1 points.lufax.com
#127.0.0.1	lumi.lufax.com
#127.0.0.1	lumi.lufax.app
#====
#==== int
#172.17.40.43 cal.lufax.app
#172.17.40.43 mkt.lufax.app
#172.17.40.43 session.lufax.app
#172.17.40.43 user.lufax.com
#172.17.40.43 static.lufaxcdn.com
#172.17.40.43 loan.lufax.com
#172.17.40.43 zt.lufax.app
172.17.40.46 db.lufax.com
#172.17.40.43 lufax.com
#172.17.40.43 list.lufax.com
#172.17.40.43 list.lufax.app
#172.17.40.43 www.lufax.com
#172.17.40.43 affiliate.lufax.com
#172.17.40.43 common.lufax.com
#172.17.40.43 static.lufax.com
#172.17.40.43 member.lufax.com
#172.17.40.43 pl.lufax.com
#172.17.40.43 fa.lufax.com
#172.17.40.43 ies-be.paic.com.cn
#172.17.40.43 app.affiliate.lufax.com
#172.17.40.43 app.common.lufax.com
#172.17.40.43 scheduler.common.lufax.com
#172.17.40.43 app.member.lufax.com
#172.17.40.43 app.pl.lufax.com
#172.17.40.43 app.fa.lufax.com
#172.17.40.43 app.ies-be.paic.com.cn
#172.17.40.43 app.ies-ext.paic.com.cn
#172.17.40.43 user.lufax.app
#172.17.40.43 my.lufax.com
#172.17.40.43 my.lufax.app
#172.17.40.43 points.lufax.com
#172.17.40.43 cashier.lufax.com
172.19.17.17 im.lufax.com
#172.17.40.43 ms.lufax.com
#172.17.40.43	trading.lufax.com
#172.17.40.43	yeb.lufax.com
#172.17.40.43	trading.lufax.app
#172.17.40.43	xinbao.lufax.app
#172.17.40.43 account.lufax.app
#172.17.40.43 cashier.lufax.app
172.17.40.43	lumi.lufax.com
#172.17.40.43 app.ies-wcm.paic.com.cn
#====
#==== QA1
#172.19.10.9 session.lufax.app
#172.19.10.9 mkt.lufax.app
#172.19.10.9 user.lu.com
172.19.10.9 static.lufaxcdn.com
#172.19.10.9 loan.lu.com
#172.19.10.9 zt.lufax.app
#172.19.10.9 lu.com
#172.19.10.9 list.lu.com
#172.19.10.9 list.lufax.app
#172.19.10.9 www.lu.com
#172.19.10.9 affiliate.lu.com
#172.19.10.9 common.lu.com
172.19.10.9 static.lufax.com
#172.19.10.9 member.lufax.com
#172.19.10.9 pl.lu.com
#172.19.10.9 fa.lu.com
#172.19.10.9 ies-be.paic.com.cn
#172.19.10.9 app.affiliate.lufax.com
#172.19.10.9 app.common.lufax.com
#172.19.10.9 scheduler.common.lufax.com
#172.19.10.9 app.member.lufax.com
#172.19.10.9 app.pl.lufax.com
#172.19.10.9 app.fa.lufax.com
#172.19.10.9 app.ies-be.paic.com.cn
#172.19.10.9 app.ies-ext.paic.com.cn
#172.19.10.9 user.lufax.app
#172.19.10.9 my.lu.com
#172.19.10.9 my.lufax.app
#172.19.10.9 points.lu.com
#172.19.10.9 cashier.lu.com
#172.19.10.9 ms.lu.com
#172.19.10.9	trading.lu.com
#172.19.10.9	trading.lufax.app
#172.19.10.9	xinbao.lufax.app
#172.19.10.9 account.lufax.app
#172.19.10.9 cashier.lufax.app
#172.19.10.9 app.ies-wcm.paic.com.cn
#172.19.10.9	ljbao.lu.com
#172.19.10.9	yeb.lu.com
#172.19.10.9	lumi.lu.com
#172.19.10.9 rsrv.lufax.app
#172.19.10.9 rcmd.lufax.app
#172.19.10.9 lbo.lufax.app
172.19.10.9 nfsc.lufax.app
#====
#==== QA2
#172.19.15.199 lu.com
#172.19.15.199 user.lu.com
#172.19.15.199 session.lufax.app
#172.19.15.199 user.lufax.com
172.19.15.199 coin.lufax.com
#172.19.15.199 static.lufaxcdn.com
#172.19.15.199 loan.lufax.com
#172.19.15.199 zt.lufax.app
172.19.15.199 lufax.com
172.19.15.199 list.lufax.com
#172.19.15.199 list.lufax.app
172.19.15.199 www.lufax.com
#172.19.15.199 affiliate.lufax.com
172.19.15.199 common.lufax.com
#172.19.15.199 static.lufax.com
#172.19.15.199 member.lufax.com
#172.19.15.199 pl.lufax.com
#172.19.15.199 fa.lufax.com
#172.19.15.199 ies-be.paic.com.cn
#172.19.15.199 app.affiliate.lufax.com
#172.19.15.199 app.common.lufax.com
#172.19.15.199 scheduler.common.lufax.com
#172.19.15.199 app.member.lufax.com
#172.19.15.199 app.pl.lufax.com
#172.19.15.199 app.fa.lufax.com
#172.19.15.199 app.ies-be.paic.com.cn
#172.19.15.199 app.ies-ext.paic.com.cn
#172.19.15.199 user.lufax.app
172.19.15.199 my.lufax.com
#172.19.15.199 my.lufax.app
#172.19.15.199 points.lufax.com
#172.19.15.199 cashier.lufax.com
172.19.15.199 ms.lufax.com
172.19.15.199	trading.lufax.com
#172.19.15.199	trading.lufax.app
#172.19.15.199	xinbao.lufax.app
#172.19.15.199 account.lufax.app
#172.19.15.199 cashier.lufax.app
#172.19.15.199 app.ies-wcm.paic.com.cn
172.19.15.199	ljbao.lufax.com
172.19.15.199	yeb.lufax.com
172.19.15.199 lbo.lufax.app
#====
#==== QA3
172.19.11.9 session.lufax.app
172.19.11.9 user.lu.com
#172.19.11.9 static.lufaxcdn.com
172.19.11.9 loan.lu.com
172.19.11.9 zt.lufax.app
172.19.11.9 lu.com
172.19.11.9 list.lu.com
172.19.11.9 list.lufax.app
172.19.11.9 www.lu.com
172.19.11.9 affiliate.lu.com
172.19.11.9 common.lu.com
#172.19.11.9 static.lufax.com
172.19.11.9 member.lufax.com
172.19.11.9 pl.lu.com
172.19.11.9 fa.lu.com
172.19.11.9 ies-be.paic.com.cn
172.19.11.9 app.affiliate.lufax.com
172.19.11.9 app.common.lufax.com
172.19.11.9 scheduler.common.lufax.com
172.19.11.9 app.member.lufax.com
172.19.11.9 app.pl.lufax.com
172.19.11.9 app.fa.lufax.com
172.19.11.9 app.ies-be.paic.com.cn
172.19.11.9 app.ies-ext.paic.com.cn
172.19.11.9 user.lufax.app
#172.19.11.9 my.lu.com
172.19.11.9 my.lufax.app
172.19.11.9 points.lu.com
172.19.11.9 cashier.lu.com
172.19.11.9 ms.lu.com
172.19.11.9	trading.lu.com
172.19.11.9	trading.lufax.app
172.19.11.9	xinbao.lufax.app
172.19.11.9 account.lufax.app
172.19.11.9 cashier.lufax.app
172.19.11.9 app.ies-wcm.paic.com.cn
172.19.11.9	ljbao.lu.com
172.19.11.9	yeb.lu.com
172.19.11.9	lumi.lu.com
172.19.11.9 rsrv.lufax.app
172.19.11.9 rcmd.lufax.app
#====
#==== QA4
172.19.25.9 partner.lufax.app
#172.19.25.9 session.lufax.app
#172.19.25.9 user.lu.com
#172.19.25.9 static.lufaxcdn.com
#172.19.25.9 loan.lufax.com
#172.19.25.9 zt.lufax.app
#172.19.25.9 lu.com
#172.19.25.9 list.lu.com
#172.19.25.9 list.lufax.app
#172.19.25.9 www.lu.com
#172.19.25.9 affiliate.lufax.com
#172.19.25.9 common.lufax.com
#172.19.25.9 static.lufax.com
#172.19.25.9 member.lufax.com
#172.19.25.9 pl.lufax.com
#172.19.25.9 fa.lufax.com
#172.19.25.9 ies-be.paic.com.cn
#172.19.25.9 app.affiliate.lufax.com
#172.19.25.9 app.common.lufax.com
#172.19.25.9 scheduler.common.lufax.com
#172.19.25.9 app.member.lufax.com
#172.19.25.9 app.pl.lufax.com
#172.19.25.9 app.fa.lufax.com
#172.19.25.9 app.ies-be.paic.com.cn
#172.19.25.9 app.ies-ext.paic.com.cn
#172.19.25.9 user.lufax.app
#172.19.25.9 my.lu.com
#172.19.25.9 my.lufax.app
#172.19.25.9 points.lufax.com
#172.19.25.9 cashier.lufax.com
#172.19.25.9 ms.lufax.com
#172.19.25.9	trading.lu.com
#172.19.25.9	trading.lufax.app
#172.19.25.9	xinbao.lufax.app
#172.19.25.9 account.lufax.app
#172.19.25.9 cashier.lufax.app
#172.19.25.9 app.ies-wcm.paic.com.cn
#172.19.25.9	ljbao.lu.com
#172.19.25.9	yeb.lu.com
#====
#==== QA5
172.19.26.9 mkt.lufax.app
#172.19.26.9 session.lufax.app
#172.19.26.9 user.lu.com
#172.19.26.9 static.lufaxcdn.com
#172.19.26.9 loan.lu.com
#172.19.26.9 zt.lufax.app
#172.19.26.9 lu.com
#172.19.26.9 list.lu.com
#172.19.26.9 list.lufax.app
#172.19.26.9 www.lu.com
#172.19.26.9 affiliate.lu.com
#172.19.26.9 common.lu.com
#172.19.26.9 static.lufax.com
#172.19.26.9 member.lufax.com
#172.19.26.9 pl.lu.com
#172.19.26.9 fa.lu.com
#172.19.26.9 ies-be.paic.com.cn
#172.19.26.9 app.affiliate.lufax.com
#172.19.26.9 app.common.lufax.com
#172.19.26.9 scheduler.common.lufax.com
#172.19.26.9 app.member.lufax.com
#172.19.26.9 app.pl.lufax.com
#172.19.26.9 app.fa.lufax.com
#172.19.26.9 app.ies-be.paic.com.cn
#172.19.26.9 app.ies-ext.paic.com.cn
#172.19.26.9 user.lufax.app
#172.19.26.9 my.lu.com
#172.19.26.9 my.lufax.app
#172.19.26.9 points.lu.com
#172.19.26.9 cashier.lu.com
#172.19.26.9 ms.lu.com
#172.19.26.9	trading.lu.com
#172.19.26.9	trading.lufax.app
#172.19.26.9	xinbao.lufax.app
#172.19.26.9 account.lufax.app
#172.19.26.9 cashier.lufax.app
#172.19.26.9 app.ies-wcm.paic.com.cn
#172.19.26.9	ljbao.lu.com
#172.19.26.9	yeb.lu.com
#172.19.26.9	lumi.lu.com
#172.19.26.9 rsrv.lufax.app
#172.19.26.9 rcmd.lufax.app
#====
#==== nest-int1
#172.19.9.9 mkt.lufax.app
#172.19.9.9 session.lufax.app
#172.19.9.9 user.lu.com
#172.19.9.9 static.lufaxcdn.com
#172.19.9.9 loan.lu.com
#172.19.9.9 zt.lufax.app
#172.19.9.9 lu.com
#172.19.9.9 list.lu.com
#172.19.9.9 list.lufax.app
#172.19.9.9 www.lu.com
#172.19.9.9 affiliate.lu.com
#172.19.9.9 common.lu.com
#172.19.9.9 static.lufax.com
#172.19.9.9 member.lufax.com
#172.19.9.9 pl.lu.com
#172.19.9.9 fa.lu.com
#172.19.9.9 ies-be.paic.com.cn
#172.19.9.9 app.affiliate.lufax.com
#172.19.9.9 app.common.lufax.com
#172.19.9.9 scheduler.common.lufax.com
#172.19.9.9 app.member.lufax.com
#172.19.9.9 app.pl.lufax.com
#172.19.9.9 app.fa.lufax.com
#172.19.9.9 app.ies-be.paic.com.cn
#172.19.9.9 app.ies-ext.paic.com.cn
#172.19.9.9 user.lufax.app
#172.19.9.9 my.lu.com
#172.19.9.9 my.lufax.app
#172.19.9.9 points.lu.com
#172.19.9.9 cashier.lu.com
#172.19.9.9 ms.lu.com
#172.19.9.9	trading.lu.com
#172.19.9.9	trading.lufax.app
#172.19.9.9	xinbao.lufax.app
#172.19.9.9 account.lufax.app
#172.19.9.9 cashier.lufax.app
#172.19.9.9 app.ies-wcm.paic.com.cn
#172.19.9.9	ljbao.lu.com
#172.19.9.9	yeb.lu.com
#172.19.9.9	lumi.lu.com
#172.19.9.9 rsrv.lufax.app
#172.19.9.9 rcmd.lufax.app
#====
#==== Nest-QA6
172.19.34.9 partner.lu.com
172.19.34.9 api.lu.com
#172.19.34.9 lumi.lu.com
#172.19.34.9 points.lu.com
#172.19.34.9 cashier.lu.com
#172.19.34.9 trading.lu.com
#172.19.34.9 user.lu.com
#172.19.34.9 ljbao.lu.com
#172.19.34.9 pl.lu.com
#172.19.34.9 www.lu.com
#172.19.34.9 affiliate.lu.com
172.19.34.9 promo.lu.com
172.19.34.9 static.lu.com
#172.19.34.9 static.lufaxcdn.com
172.19.34.9 contact.lu.com
#172.19.34.9 loan.lu.com
172.19.34.9 search.lu.com
#172.19.34.9 list.lu.com
#172.19.34.9 my.lu.com
172.19.34.9 mapp.lu.com
172.19.34.9 m.lu.com
#172.19.34.9 ms.lu.com
172.19.34.9 h5.lu.com
172.19.34.9 wechat.lu.com
172.19.34.9 t.lu.com
172.19.34.9 vip.lu.com
172.19.34.9 perf.lu.com
172.19.34.9 media.lu.com
#172.19.34.9 ies-be.paic.com.cn
172.19.34.9 ally.lu.com
172.19.34.9 media.lu.com            
#172.19.34.9 static.lufax.com
#172.19.34.9 static.lufaxcdn.com
172.19.34.9 media.lu.com
#172.19.34.9 app.ies-wcm.paic.com.cn
172.19.8.80 test.lu.com
172.19.34.9 swang.lu.com 
#172.19.34.9 common.lu.com 
172.19.34.9 static.lu.com
172.19.34.9 member.lu.com 
#172.19.34.9 fa.lu.com 
172.19.34.9 app.affiliate.lu.com
172.19.34.9 app.common.lu.com 
172.19.34.9 scheduler.common.lu.com 
172.19.34.9 app.member.lu.com 
172.19.34.9 app.pl.lu.com 
172.19.34.9 app.fa.lu.com 
#172.19.34.9 app.ies-be.paic.com.cn 
#172.19.34.9 app.ies-ext.paic.com.cn 
172.19.34.9 mobile.lufax.app
172.19.34.9 app.mq.lufax.app 
172.19.34.9 s1-static.lufaxcdn.com 
172.19.34.9 s2-static.lufaxcdn.com 
172.19.34.9 s1-img1.lufaxcdn.com 
172.19.34.9 s1-img2.lufaxcdn.com 
172.19.34.9 s1-img3.lufaxcdn.com 
172.19.34.9 s2-img1.lufaxcdn.com 
172.19.34.9 s2-img2.lufaxcdn.com 
172.19.34.9 s2-img3.lufaxcdn.com
172.19.8.80 test.lufax.com
172.19.8.80 test.lu.com
#172.19.34.9 my.lufax.app
#172.19.34.9  session.lufax.app
#====
#==== Nest-QA7
#172.19.35.9 session.lufax.app
#172.19.35.9 user.lu.com
#172.19.35.9 static.lufaxcdn.com
#172.19.35.9 loan.lu.com
#172.19.35.9 zt.lufax.app
#172.19.35.9 lu.com
#172.19.35.9 list.lu.com
#172.19.35.9 list.lufax.app
#172.19.35.9 www.lu.com
#172.19.35.9 affiliate.lu.com
#172.19.35.9 common.lu.com
#172.19.35.9 static.lufax.com
#172.19.35.9 member.lufax.com
#172.19.35.9 pl.lu.com
#172.19.35.9 fa.lu.com
#172.19.35.9 ies-be.paic.com.cn
#172.19.35.9 app.affiliate.lufax.com
#172.19.35.9 app.common.lufax.com
#172.19.35.9 scheduler.common.lufax.com
#172.19.35.9 app.member.lufax.com
#172.19.35.9 app.pl.lufax.com
#172.19.35.9 app.fa.lufax.com
#172.19.35.9 app.ies-be.paic.com.cn
#172.19.35.9 app.ies-ext.paic.com.cn
#172.19.35.9 user.lufax.app
#172.19.35.9 my.lu.com
#172.19.35.9 my.lufax.app
#172.19.35.9 points.lu.com
#172.19.35.9 cashier.lu.com
#172.19.35.9 ms.lu.com
#172.19.35.9	trading.lu.com
#172.19.35.9	trading.lufax.app
#172.19.35.9	xinbao.lufax.app
#172.19.35.9 account.lufax.app
#172.19.35.9 cashier.lufax.app
#172.19.35.9 app.ies-wcm.paic.com.cn
#172.19.35.9	ljbao.lu.com
#172.19.35.9	yeb.lu.com
#172.19.35.9	lumi.lu.com
#172.19.35.9 rsrv.lufax.app
#172.19.35.9 rcmd.lufax.app
#====
#==== NEST-QA8
#172.19.36.9 session.lufax.app
#172.19.36.9 user.lufax.com
#172.19.36.9 static.lufaxcdn.com
#172.19.36.9 loan.lufax.com
#172.19.36.9 zt.lufax.app
#172.19.36.9 lufax.com
#172.19.36.9 list.lufax.com
#172.19.36.9 list.lufax.app
#172.19.36.9 www.lufax.com
#172.19.36.9 affiliate.lufax.com
#172.19.36.9 common.lufax.com
#172.19.36.9 static.lufax.com
#172.19.36.9 member.lufax.com
#172.19.36.9 pl.lufax.com
#172.19.36.9 fa.lufax.com
#172.19.36.9 ies-be.paic.com.cn
#172.19.36.9 app.affiliate.lufax.com
#172.19.36.9 app.common.lufax.com
#172.19.36.9 scheduler.common.lufax.com
#172.19.36.9 app.member.lufax.com
#172.19.36.9 app.pl.lufax.com
#172.19.36.9 app.fa.lufax.com
#172.19.36.9 app.ies-be.paic.com.cn
#172.19.36.9 app.ies-ext.paic.com.cn
#172.19.36.9 user.lufax.app
#172.19.36.9 my.lufax.com
#172.19.36.9 my.lufax.app
#172.19.36.9 points.lufax.com
#172.19.36.9 cashier.lufax.com
#172.19.36.9 ms.lufax.com
#172.19.36.9	trading.lufax.com
#172.19.36.9	trading.lufax.app
#172.19.36.9	xinbao.lufax.app
#172.19.36.9 account.lufax.app
#172.19.36.9 cashier.lufax.app
#172.19.36.9 app.ies-wcm.paic.com.cn
#172.19.36.9	ljbao.lufax.com
#172.19.36.9	yeb.lufax.com
#====
#==== what
#222.73.151.175 cashier.lu.com
#222.73.151.175 list.lu.com
#222.73.151.175 ljbao.lu.com
#222.73.151.175 media.lu.com
#222.73.151.175 my.lu.com
#222.73.151.175 pl.lu.com
#222.73.151.175 trading.lu.com
#222.73.151.175 user.lu.com
#222.73.151.175 lu.com
#222.73.151.175 www.lu.com
#222.73.151.175 home.lu.com
#222.73.151.175 top.lu.com
#222.73.151.175 anyidai.lu.com
#222.73.151.175 campaign.lu.com
#222.73.151.174 affiliate.lu.com
#222.73.151.174 ally.lu.com
#222.73.151.174 api.lu.com
#222.73.151.174 contact.lu.com
#222.73.151.174 game.lu.com
#222.73.151.174 h5.lu.com
#222.73.151.174 loan.lu.com
#222.73.151.174 lumi.lu.com
#222.73.151.174 mapp.lu.com
#222.73.151.174 minisite.lu.com
#222.73.151.174 m.lu.com
#222.73.151.174 ms.lu.com
#222.73.151.174 partner.lu.com
#222.73.151.174 points.lu.com
#222.73.151.174 promo.lu.com
#222.73.151.174 search.lu.com
#222.73.151.174 static.lu.com
#222.73.151.174 staticdn.lu.com
#222.73.151.174 mres.lu.com
#222.73.151.174 perf.lu.com
#222.73.151.174 t.lu.com
#222.73.151.174 vip.lu.com
#222.73.151.174 wechat.lu.com
#222.73.151.174 xdata.lu.com
#====
#==== stg4
172.168.76.9 :8000 e.lufunds.com
172.168.76.9  cal.lu.com                        
#172.168.76.9  partner.lu.com                    
#172.168.76.9  my.lufax.app                         
#172.168.76.9  lu.com                            
#172.168.76.9  www.lu.com                        
#172.168.76.9  affiliate.lu.com                  
#172.168.76.9  common.lu.com                     
#172.168.76.9  static.lufax.com                     
#172.168.76.9  member.lu.com                     
#172.168.76.9  pl.lu.com                         
#172.168.76.9  fa.lu.com                     
#172.168.76.9  app.affiliate.lu.com              
#172.168.76.9  app.common.lu.com                 
#172.168.76.9  my.lu.com                         
#172.168.76.9  scheduler.common.lu.com           
#172.168.76.9  app.member.lu.com                 
#172.168.76.9  app.pl.lu.com                     
#172.168.76.9  app.fa.lu.com                     
#172.168.76.9  app.ies-be.paic.com.cn               
#172.168.76.9  app.ies-ext.paic.com.cn              
#172.168.76.9  app.ies-wcm.paic.com.cn              
#172.168.76.9  ies-be.paic.com.cn                   
#172.168.76.9  points.lu.com                     
172.168.76.9  cal.lufax.app                        
172.168.76.9  fund.lu.com                       
#172.168.76.9  user.lu.com                       
#172.168.76.9  user.lufax.app                       
#172.168.76.9  app.mq.lufax.app                     
172.168.76.9  points.lufax.app                     
#172.168.76.9  list.lu.com                       
#172.168.76.9  list.lufax.app                       
#172.168.76.9  ljbao.lu.com                      
#172.168.76.9  cashier.lu.com                    
#172.168.76.9  trading.lufax.app                    
#172.168.76.9  session.lu.com                    
#172.168.76.9  session.lufax.app                    
#172.168.76.9  trading.lu.com                    
#172.168.76.9  static.lufaxcdn.com                  
#172.168.76.9  perf.lu.com                       
172.168.76.9  statement.lufax.app                  
#172.168.76.9  m.lu.com    
#172.168.76.9  my.lu.com                          
#172.168.76.9  lumi.lu.com                       
#172.168.76.9  media.lu.com                      
172.168.76.9  media.lufax.app                                          
#172.168.76.9  perf.lu.com
172.168.76.9  verify.lufax.app
172.168.76.9  ally.lufax.app
#172.168.76.9  ally.lu.com
#172.168.76.9  search.lu.com
172.168.76.9  search.lufax.app
172.168.76.9  jijin.lufax.app
172.168.76.9  e.lufunds.com
#====
#172.19.14.24 gitlab.lujs.cn
#172.19.8.80 test.lufax.com
#hide
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

漏洞证明：

https://xdata.lu.com/celebrus/

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：5

确认时间：2016-05-27 11:14

厂商回复：

非常感谢您的报告，感谢对陆金所安全的关注，此次相关内容为测试信息，已经立即进行了清除。如果您有任何疑问，欢迎反馈。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0213264

漏洞标题：陆金所某处敏感信息泄露

相关厂商：陆金所

漏洞作者：路人甲

提交时间：2016-05-26 22:59

修复时间：2016-07-11 11:20

公开时间：2016-07-11 11:20

漏洞类型：重要敏感信息泄露

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0213264

漏洞标题：陆金所某处敏感信息泄露

相关厂商：陆金所

漏洞作者： 路人甲

提交时间：2016-05-26 22:59

修复时间：2016-07-11 11:20

公开时间：2016-07-11 11:20

漏洞类型：重要敏感信息泄露

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0213264"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云