咕咚网分站某错输入错误参数导致数据库信息泄露

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-033357

漏洞标题：咕咚网分站某错输入错误参数导致数据库信息泄露

漏洞作者： mango

提交时间：2013-08-03 09:08

修复时间：2013-09-17 09:08

公开时间：2013-09-17 09:08

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2013-08-03：细节已通知厂商并且等待厂商处理中
2013-08-03：厂商已经确认，细节仅向厂商公开
2013-08-13：细节向核心白帽子及相关领域专家公开
2013-08-23：细节向普通白帽子公开
2013-09-02：细节向实习白帽子公开
2013-09-17：细节向公众公开

简要描述：

泄露数据库和小部分源码

详细说明：

漏洞存在与捐献卡币时点捐献 plan_id 改为负值

$1H4WAT{QIZU8}FP0I_T]V{5.jpg$

DATABASES 	
{'default': {'ENGINE': 'django.db.backends.mysql',
             'HOST': 'rdsfviy3ifviy3i1367979506919.mysql.rds.aliyuncs.com',
             'NAME': 'app_codoon',
             'OPTIONS': {},
             'PASSWORD': '********************',
             'PORT': '3306',
             'TEST_CHARSET': None,
             'TEST_COLLATION': None,
             'TEST_MIRROR': None,
             'TEST_NAME': None,
             'TIME_ZONE': 'Asia/Shanghai',
             'USER': 'aliyunmysql'}}

漏洞证明：

IntegrityError at /give_calcoin
(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))')
Request Method: 	POST
Request URL: 	http://gongyi.codoon.com/give_calcoin
Django Version: 	1.3.1
Exception Type: 	IntegrityError
Exception Value: 	
(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))')
Exception Location: 	/opt/python2.7.2/lib/python2.7/site-packages/MySQLdb/connections.py in defaulterrorhandler, line 36
Python Executable: 	/opt/python2.7.2/bin/python
Python Version: 	2.7.2
Python Path: 	
['/var/www/ncodoon/gongyi',
 '/opt/python2.7.2/lib/python2.7/site-packages/distribute-0.6.24-py2.7.egg',
 '/opt/python2.7.2/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg',
 '/var/www/ncodoon/src/gevent',
 '/opt/python2.7.2/lib/python27.zip',
 '/opt/python2.7.2/lib/python2.7',
 '/opt/python2.7.2/lib/python2.7/plat-linux2',
 '/opt/python2.7.2/lib/python2.7/lib-tk',
 '/opt/python2.7.2/lib/python2.7/lib-old',
 '/opt/python2.7.2/lib/python2.7/lib-dynload',
 '/opt/python2.7.2/lib/python2.7/site-packages',
 '/opt/python2.7.2/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg-info',
 '/var/www/ncodoon/gongyi',
 '/var/www/ncodoon']
Server time: 	星期五, 2 八月 2013 21:47:00 +0800
Traceback Switch to copy-and-paste view
    /opt/python2.7.2/lib/python2.7/site-packages/django/core/handlers/base.py in get_response
                                response = callback(request, *callback_args, **callback_kwargs)
        ...
    ▼ Local vars
    Variable 	Value
    exceptions 	
    <module 'django.core.exceptions' from '/opt/python2.7.2/lib/python2.7/site-packages/django/core/exceptions.pyc'>
    e 	
    IntegrityError(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))')
    callback_args 	
    ()
    receivers 	
    [(<function _rollback_on_exception at 0x1857d70>, None)]
    middleware_method 	
    <bound method AuthenticationMiddleware.process_request of <django.contrib.auth.middleware.AuthenticationMiddleware object at 0x1680b50>>
    self 	
    <django.core.handlers.wsgi.WSGIHandler object at 0x1632390>
    settings 	
    <django.conf.LazySettings object at 0x13b5e10>
    request 	
    <WSGIRequest
    GET:<QueryDict: {}>,
    POST:<QueryDict: {u'plan_id': [u'-1'], u'calcoin': [u'1']}>,
    COOKIES:{'Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f': '1375451017',
     'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f': '1374217191,1375449009,1375449119,1375449162',
     'sessionid': '2927ea2dce22f153cf094f1781672934'},
    META:{'CONTENT_LENGTH': '20',
     'CONTENT_TYPE': 'application/x-www-form-urlencoded',
     'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
     'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
     'HTTP_ACCEPT_LANGUAGE': 'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3',
     'HTTP_CONNECTION': 'close',
     'HTTP_COOKIE': 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f=1374217191,1375449009,1375449119,1375449162; Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f=1375451017; sessionid=2927ea2dce22f153cf094f1781672934',
     'HTTP_HOST': 'gongyi.codoon.com',
     'HTTP_MANGO': 'TEST',
     'HTTP_REFERER': 'http://gongyi.codoon.com/plan/1',
     'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0',
     'HTTP_X_REAL_IP': '122.225.175.91',
     'HTTP_X_SCHEME': 'http',
     'PATH_INFO': u'/give_calcoin',
     'QUERY_STRING': '',
     'REMOTE_ADDR': '127.0.0.1',
     'REQUEST_METHOD': 'POST',
     'SCRIPT_NAME': u'',
     'SERVER_NAME': 'gongyi.codoon.com',
     'SERVER_PORT': '80',
     'SERVER_PROTOCOL': 'HTTP/1.0',
     'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f4e2d698270>,
     'wsgi.input': <_io.BytesIO object at 0x1e62bf0>,
     'wsgi.multiprocess': True,
     'wsgi.multithread': False,
     'wsgi.run_once': False,
     'wsgi.url_scheme': 'http',
     'wsgi.version': (1, 0)}>
    callback 	
    <function _decorator at 0x1cc35f0>
    resolver 	
    <RegexURLResolver gongyi.urls (None:None) ^/>
    urlresolvers 	
    <module 'django.core.urlresolvers' from '/opt/python2.7.2/lib/python2.7/site-packages/django/core/urlresolvers.pyc'>
    callback_kwargs 	
    {}
    response 	
    None
    urlconf 	
    'gongyi.urls'
    /var/www/ncodoon/gongyi/commonweal/decorators.py in _decorator
                return func(request, *args, **kwargs)
        ...
    ▼ Local vars
    Variable 	Value
    code 	
    None
    args 	
    ()
    request 	
    <WSGIRequest
    GET:<QueryDict: {}>,
    POST:<QueryDict: {u'plan_id': [u'-1'], u'calcoin': [u'1']}>,
    COOKIES:{'Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f': '1375451017',
     'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f': '1374217191,1375449009,1375449119,1375449162',
     'sessionid': '2927ea2dce22f153cf094f1781672934'},
    META:{'CONTENT_LENGTH': '20',
     'CONTENT_TYPE': 'application/x-www-form-urlencoded',
     'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
     'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
     'HTTP_ACCEPT_LANGUAGE': 'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3',
     'HTTP_CONNECTION': 'close',
     'HTTP_COOKIE': 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f=1374217191,1375449009,1375449119,1375449162; Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f=1375451017; sessionid=2927ea2dce22f153cf094f1781672934',
     'HTTP_HOST': 'gongyi.codoon.com',
     'HTTP_MANGO': 'TEST',
     'HTTP_REFERER': 'http://gongyi.codoon.com/plan/1',
     'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0',
     'HTTP_X_REAL_IP': '122.225.175.91',
     'HTTP_X_SCHEME': 'http',
     'PATH_INFO': u'/give_calcoin',
     'QUERY_STRING': '',
     'REMOTE_ADDR': '127.0.0.1',
     'REQUEST_METHOD': 'POST',
     'SCRIPT_NAME': u'',
     'SERVER_NAME': 'gongyi.codoon.com',
     'SERVER_PORT': '80',
     'SERVER_PROTOCOL': 'HTTP/1.0',
     'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f4e2d698270>,
     'wsgi.input': <_io.BytesIO object at 0x1e62bf0>,
     'wsgi.multiprocess': True,
     'wsgi.multithread': False,
     'wsgi.run_once': False,
     'wsgi.url_scheme': 'http',
     'wsgi.version': (1, 0)}>
    token 	
    {u'access_token': u'bbcf72d399e17323684fc1d238b11051',
     u'expire_in': 93312000,
     u'refresh_token': u'53a5e2ec575f3d6751af3f7df6f4937e',
     u'scope': u'feeds messages user',
     u'token_type': u'bearer',
     u'user_id': u'45273fbc-8804-4d5b-b435-6225997a6d15'}
    error 	
    None
    func 	
    <function _decorator at 0x1cc3578>
    kwargs 	
    {}
    token_flag 	
    True
    /var/www/ncodoon/gongyi/commonweal/decorators.py in _decorator
                return func(request, *args, **kwargs)
        ...
    ▼ Local vars
    Variable 	Value
    args 	
    ()
    request 	
    <WSGIRequest
    GET:<QueryDict: {}>,
    POST:<QueryDict: {u'plan_id': [u'-1'], u'calcoin': [u'1']}>,
    COOKIES:{'Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f': '1375451017',
     'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f': '1374217191,1375449009,1375449119,1375449162',
     'sessionid': '2927ea2dce22f153cf094f1781672934'},
    META:{'CONTENT_LENGTH': '20',
     'CONTENT_TYPE': 'application/x-www-form-urlencoded',
     'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
     'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
     'HTTP_ACCEPT_LANGUAGE': 'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3',
     'HTTP_CONNECTION': 'close',
     'HTTP_COOKIE': 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f=1374217191,1375449009,1375449119,1375449162; Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f=1375451017; sessionid=2927ea2dce22f153cf094f1781672934',
     'HTTP_HOST': 'gongyi.codoon.com',
     'HTTP_MANGO': 'TEST',
     'HTTP_REFERER': 'http://gongyi.codoon.com/plan/1',
     'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0',
     'HTTP_X_REAL_IP': '122.225.175.91',
     'HTTP_X_SCHEME': 'http',
     'PATH_INFO': u'/give_calcoin',
     'QUERY_STRING': '',
     'REMOTE_ADDR': '127.0.0.1',
     'REQUEST_METHOD': 'POST',
     'SCRIPT_NAME': u'',
     'SERVER_NAME': 'gongyi.codoon.com',
     'SERVER_PORT': '80',
     'SERVER_PROTOCOL': 'HTTP/1.0',
     'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f4e2d698270>,
     'wsgi.input': <_io.BytesIO object at 0x1e62bf0>,
     'wsgi.multiprocess': True,
     'wsgi.multithread': False,
     'wsgi.run_once': False,
     'wsgi.url_scheme': 'http',
     'wsgi.version': (1, 0)}>
    token 	
    {u'access_token': u'bbcf72d399e17323684fc1d238b11051',
     u'expire_in': 93312000,
     u'refresh_token': u'53a5e2ec575f3d6751af3f7df6f4937e',
     u'scope': u'feeds messages user',
     u'token_type': u'bearer',
     u'user_id': u'45273fbc-8804-4d5b-b435-6225997a6d15'}
    user 	
    {u'_auto_id': 1288778,
     u'address': u'',
     u'age': 13,
     u'birthday': {u'd': 1, u'm': 8, u'y': 2000},
     u'certificateid': u'',
     u'certificateinfo': u'',
     u'certificatename': u'',
     u'descroption': u'\u201c><img src=1 onerror=alert(1);>',
     u'domain': u'~tc5v!i!',
     u'email': u'[email protected]',
     u'emailverified': False,
     u'fighting_level': 0,
     u'followers': 0,
     u'followings': 2,
     u'gender': u'0',
     u'get_icon_large': u'http://static.codoon.com/image/default_header/female_l.png',
     u'get_icon_middle': u'http://static.codoon.com/image/default_header/female_m.png',
     u'get_icon_small': u'http://static.codoon.com/image/default_header/female_s.png',
     u'get_icon_tiny': u'http://static.codoon.com/image/default_header/female_t.png',
     u'get_icon_xlarge': u'http://static.codoon.com/image/default_header/female_x.png',
     u'group_ids': u'',
     u'height': 170,
     u'hobby': u'\u8dd1\u6b65',
     u'id': u'45273fbc-8804-4d5b-b435-6225997a6d15',
     u'installed_apps': u'CDN_JOURNAL CDN_WELFARE',
     u'is_newuser': False,
     u'last_login': 0,
     u'location': u'\u5317\u4eac ',
     u'mobile_portraits': [],
     u'mobile_portraits_l': [],
     u'mobile_portraits_x': [],
     u'mobilenumber': u'I1375449215156',
     u'mobileverified': False,
     u'nick': u'mango1995',
     u'portrait': u' ',
     u'realname': u' ',
     u'routes_count': 0,
     u'runstridelength': 90,
     u'stridelength': 50,
     u'tmp_portrait': u'',
     u'verify_code': u'c25553c5e99f427d8e35046eee52574b',
     u'week_goal_type': u'steps',
     u'week_goal_value': 70000,
     u'weight': 60.0}
    func 	
    <function give_calcoin at 0x1cc3500>
    kwargs 	
    {}
    /var/www/ncodoon/gongyi/commonweal/views.py in give_calcoin
            flag, result = interface.create_order(plan_id, user_id, calcoin, request.user.get('nick'), request.user.get('domain'))
        ...
    ▼ Local vars
    Variable 	Value
    urlencode 	
    <function urlencode at 0x1e9ea28>
    plan_id 	
    u'-1'
    request 	
    <WSGIRequest
    GET:<QueryDict: {}>,
    POST:<QueryDict: {u'plan_id': [u'-1'], u'calcoin': [u'1']}>,
    COOKIES:{'Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f': '1375451017',
     'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f': '1374217191,1375449009,1375449119,1375449162',
     'sessionid': '2927ea2dce22f153cf094f1781672934'},
    META:{'CONTENT_LENGTH': '20',
     'CONTENT_TYPE': 'application/x-www-form-urlencoded',
     'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
     'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
     'HTTP_ACCEPT_LANGUAGE': 'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3',
     'HTTP_CONNECTION': 'close',
     'HTTP_COOKIE': 'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f=1374217191,1375449009,1375449119,1375449162; Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f=1375451017; sessionid=2927ea2dce22f153cf094f1781672934',
     'HTTP_HOST': 'gongyi.codoon.com',
     'HTTP_MANGO': 'TEST',
     'HTTP_REFERER': 'http://gongyi.codoon.com/plan/1',
     'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0',
     'HTTP_X_REAL_IP': '122.225.175.91',
     'HTTP_X_SCHEME': 'http',
     'PATH_INFO': u'/give_calcoin',
     'QUERY_STRING': '',
     'REMOTE_ADDR': '127.0.0.1',
     'REQUEST_METHOD': 'POST',
     'SCRIPT_NAME': u'',
     'SERVER_NAME': 'gongyi.codoon.com',
     'SERVER_PORT': '80',
     'SERVER_PROTOCOL': 'HTTP/1.0',
     'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f4e2d698270>,
     'wsgi.input': <_io.BytesIO object at 0x1e62bf0>,
     'wsgi.multiprocess': True,
     'wsgi.multithread': False,
     'wsgi.run_once': False,
     'wsgi.url_scheme': 'http',
     'wsgi.version': (1, 0)}>
    token 	
    {u'access_token': u'bbcf72d399e17323684fc1d238b11051',
     u'expire_in': 93312000,
     u'refresh_token': u'53a5e2ec575f3d6751af3f7df6f4937e',
     u'scope': u'feeds messages user',
     u'token_type': u'bearer',
     u'user_id': u'45273fbc-8804-4d5b-b435-6225997a6d15'}
    calcoin 	
    u'1'
    user_id 	
    u'45273fbc-8804-4d5b-b435-6225997a6d15'
    /var/www/ncodoon/gongyi/commonweal/interface.py in create_order
                                             value=value, order_num=create_order_num())
        ...
    ▼ Local vars
    Variable 	Value
    nick 	
    u'mango1995'
    domain 	
    u'~tc5v!i!'
    user_id 	
    u'45273fbc-8804-4d5b-b435-6225997a6d15'
    value 	
    1
    plan_id 	
    u'-1'
    /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/manager.py in create
                return self.get_query_set().create(**kwargs)
        ...
    ▼ Local vars
    Variable 	Value
    self 	
    <django.db.models.manager.Manager object at 0x1cc0cd0>
    kwargs 	
    {'codoon_plan_id': u'-1',
     'order_num': '2013080221476uXE',
     'user_domain': u'~tc5v!i!',
     'user_id': u'45273fbc-8804-4d5b-b435-6225997a6d15',
     'user_nick': u'mango1995',
     'value': 1}
    /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/query.py in create
                obj.save(force_insert=True, using=self.db)
        ...
    ▼ Local vars
    Variable 	Value
    self 	
    [<CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, <CalcoinOrder: CalcoinOrder object>, '...(remaining elements truncated)...']
    obj 	
    <CalcoinOrder: CalcoinOrder object>
    kwargs 	
    {'codoon_plan_id': u'-1',
     'order_num': '2013080221476uXE',
     'user_domain': u'~tc5v!i!',
     'user_id': u'45273fbc-8804-4d5b-b435-6225997a6d15',
     'user_nick': u'mango1995',
     'value': 1}
    /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/base.py in save
                self.save_base(using=using, force_insert=force_insert, force_update=force_update)
        ...
    ▼ Local vars
    Variable 	Value
    using 	
    'default'
    self 	
    <CalcoinOrder: CalcoinOrder object>
    force_update 	
    False
    force_insert 	
    True
    /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/base.py in save_base
                            result = manager._insert(values, return_id=update_pk, using=using)
        ...
    ▼ Local vars
    Variable 	Value
    origin 	
    <class 'gongyi.commonweal.models.CalcoinOrder'>
    non_pks 	
    [<django.db.models.fields.related.ForeignKey object at 0x1cc05d0>,
     <django.db.models.fields.CharField object at 0x1cc0710>,
     <django.db.models.fields.CharField object at 0x1cc0790>,
     <django.db.models.fields.CharField object at 0x1cc0810>,
     <django.db.models.fields.CharField object at 0x1cc0890>,
     <django.db.models.fields.FloatField object at 0x1cc0910>,
     <django.db.models.fields.IntegerField object at 0x1cc0950>,
     <django.db.models.fields.DateTimeField object at 0x1cc0990>]
    f 	
    <django.db.models.fields.DateTimeField object at 0x1cc0990>
    self 	
    <CalcoinOrder: CalcoinOrder object>
    force_update 	
    False
    connection 	
    <django.db.backends.mysql.base.DatabaseWrapper object at 0x1870258>
    force_insert 	
    True
    raw 	
    False
    manager 	
    <django.db.models.manager.Manager object at 0x1cc0cd0>
    meta 	
    <Options for CalcoinOrder>
    values 	
    [(<django.db.models.fields.related.ForeignKey object at 0x1cc05d0>, -1),
     (<django.db.models.fields.CharField object at 0x1cc0710>, '2013080221476uXE'),
     (<django.db.models.fields.CharField object at 0x1cc0790>,
      u'45273fbc-8804-4d5b-b435-6225997a6d15'),
     (<django.db.models.fields.CharField object at 0x1cc0810>, u'mango1995'),
     (<django.db.models.fields.CharField object at 0x1cc0890>, u'~tc5v!i!'),
     (<django.db.models.fields.FloatField object at 0x1cc0910>, 1.0),
     (<django.db.models.fields.IntegerField object at 0x1cc0950>, 0),
     (<django.db.models.fields.DateTimeField object at 0x1cc0990>,
      u'2013-08-02 21:47:00')]
    pk_val 	
    None
    using 	
    'default'
    pk_set 	
    False
    org 	
    None
    cls 	
    <class 'gongyi.commonweal.models.CalcoinOrder'>
    update_pk 	
    True
    record_exists 	
    False
    /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/manager.py in _insert
                return insert_query(self.model, values, **kwargs)
        ...
    ▼ Local vars
    Variable 	Value
    self 	
    <django.db.models.manager.Manager object at 0x1cc0cd0>
    values 	
    [(<django.db.models.fields.related.ForeignKey object at 0x1cc05d0>, -1),
     (<django.db.models.fields.CharField object at 0x1cc0710>, '2013080221476uXE'),
     (<django.db.models.fields.CharField object at 0x1cc0790>,
      u'45273fbc-8804-4d5b-b435-6225997a6d15'),
     (<django.db.models.fields.CharField object at 0x1cc0810>, u'mango1995'),
     (<django.db.models.fields.CharField object at 0x1cc0890>, u'~tc5v!i!'),
     (<django.db.models.fields.FloatField object at 0x1cc0910>, 1.0),
     (<django.db.models.fields.IntegerField object at 0x1cc0950>, 0),
     (<django.db.models.fields.DateTimeField object at 0x1cc0990>,
      u'2013-08-02 21:47:00')]
    kwargs 	
    {'return_id': True, 'using': 'default'}
    /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/query.py in insert_query
            return query.get_compiler(using=using).execute_sql(return_id)
        ...
    ▼ Local vars
    Variable 	Value
    raw_values 	
    False
    return_id 	
    True
    values 	
    [(<django.db.models.fields.related.ForeignKey object at 0x1cc05d0>, -1),
     (<django.db.models.fields.CharField object at 0x1cc0710>, '2013080221476uXE'),
     (<django.db.models.fields.CharField object at 0x1cc0790>,
      u'45273fbc-8804-4d5b-b435-6225997a6d15'),
     (<django.db.models.fields.CharField object at 0x1cc0810>, u'mango1995'),
     (<django.db.models.fields.CharField object at 0x1cc0890>, u'~tc5v!i!'),
     (<django.db.models.fields.FloatField object at 0x1cc0910>, 1.0),
     (<django.db.models.fields.IntegerField object at 0x1cc0950>, 0),
     (<django.db.models.fields.DateTimeField object at 0x1cc0990>,
      u'2013-08-02 21:47:00')]
    using 	
    'default'
    query 	
    <django.db.models.sql.subqueries.InsertQuery object at 0x1dcf550>
    model 	
    <class 'gongyi.commonweal.models.CalcoinOrder'>
    /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/sql/compiler.py in execute_sql
                cursor = super(SQLInsertCompiler, self).execute_sql(None)
        ...
    ▼ Local vars
    Variable 	Value
    self 	
    <django.db.backends.mysql.compiler.SQLInsertCompiler object at 0x1dcffd0>
    return_id 	
    True
    /opt/python2.7.2/lib/python2.7/site-packages/django/db/models/sql/compiler.py in execute_sql
                cursor.execute(sql, params)
        ...
    ▼ Local vars
    Variable 	Value
    cursor 	
    <django.db.backends.util.CursorDebugWrapper object at 0x1dcff90>
    self 	
    <django.db.backends.mysql.compiler.SQLInsertCompiler object at 0x1dcffd0>
    params 	
    (-1,
     '2013080221476uXE',
     u'45273fbc-8804-4d5b-b435-6225997a6d15',
     u'mango1995',
     u'~tc5v!i!',
     1.0,
     0,
     u'2013-08-02 21:47:00')
    result_type 	
    None
    sql 	
    'INSERT INTO `commonweal_calcoinorder` (`codoon_plan_id`, `order_num`, `user_id`, `user_nick`, `user_domain`, `value`, `state`, `create_time`) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)'
    /opt/python2.7.2/lib/python2.7/site-packages/django/db/backends/util.py in execute
                    return self.cursor.execute(sql, params)
        ...
    ▼ Local vars
    Variable 	Value
    self 	
    <django.db.backends.util.CursorDebugWrapper object at 0x1dcff90>
    stop 	
    1375451220.39204
    start 	
    1375451220.388513
    params 	
    (-1,
     '2013080221476uXE',
     u'45273fbc-8804-4d5b-b435-6225997a6d15',
     u'mango1995',
     u'~tc5v!i!',
     1.0,
     0,
     u'2013-08-02 21:47:00')
    sql 	
    u'INSERT INTO `commonweal_calcoinorder` (`codoon_plan_id`, `order_num`, `user_id`, `user_nick`, `user_domain`, `value`, `state`, `create_time`) VALUES (-1, 2013080221476uXE, 45273fbc-8804-4d5b-b435-6225997a6d15, mango1995, ~tc5v!i!, 1.0, 0, 2013-08-02 21:47:00)'
    duration 	
    0.003526926040649414
    /opt/python2.7.2/lib/python2.7/site-packages/django/db/backends/mysql/base.py in execute
                    return self.cursor.execute(query, args)
        ...
    ▼ Local vars
    Variable 	Value
    query 	
    'INSERT INTO `commonweal_calcoinorder` (`codoon_plan_id`, `order_num`, `user_id`, `user_nick`, `user_domain`, `value`, `state`, `create_time`) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)'
    self 	
    <django.db.backends.mysql.base.CursorWrapper object at 0x1dcf110>
    args 	
    (-1,
     '2013080221476uXE',
     u'45273fbc-8804-4d5b-b435-6225997a6d15',
     u'mango1995',
     u'~tc5v!i!',
     1.0,
     0,
     u'2013-08-02 21:47:00')
    e 	
    IntegrityError(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))')
    /opt/python2.7.2/lib/python2.7/site-packages/MySQLdb/cursors.py in execute
                    self.errorhandler(self, exc, value)
        ...
    ▼ Local vars
    Variable 	Value
    charset 	
    'utf8'
    exc 	
    <class '_mysql_exceptions.IntegrityError'>
    self 	
    <MySQLdb.cursors.Cursor object at 0x1dcf150>
    args 	
    (-1,
     '2013080221476uXE',
     u'45273fbc-8804-4d5b-b435-6225997a6d15',
     u'mango1995',
     u'~tc5v!i!',
     1.0,
     0,
     u'2013-08-02 21:47:00')
    db 	
    <weakproxy at 0x1e6aaa0 to Connection at 0x1fdf3a0>
    value 	
    IntegrityError(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))')
    query 	
    "INSERT INTO `commonweal_calcoinorder` (`codoon_plan_id`, `order_num`, `user_id`, `user_nick`, `user_domain`, `value`, `state`, `create_time`) VALUES (-1, '2013080221476uXE', '45273fbc-8804-4d5b-b435-6225997a6d15', 'mango1995', '~tc5v!i!', 1, 0, '2013-08-02 21:47:00')"
    /opt/python2.7.2/lib/python2.7/site-packages/MySQLdb/connections.py in defaulterrorhandler
            raise errorclass, errorvalue
        ...
    ▼ Local vars
    Variable 	Value
    errorclass 	
    <class '_mysql_exceptions.IntegrityError'>
    errorvalue 	
    IntegrityError(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))')
    error 	
    (<class '_mysql_exceptions.IntegrityError'>,
     IntegrityError(1452, 'Cannot add or update a child row: a foreign key constraint fails (`app_codoon`.`commonweal_calcoinorder`, CONSTRAINT `codoon_plan_id_refs_id_6bd1254d` FOREIGN KEY (`codoon_plan_id`) REFERENCES `commonweal_codoonplan` (`id`))'))
Request information
GET
No GET data
POST
Variable 	Value
plan_id 	
u'-1'
calcoin 	
u'1'
FILES
No FILES data
COOKIES
Variable 	Value
Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f 	
'1374217191,1375449009,1375449119,1375449162'
sessionid 	
'2927ea2dce22f153cf094f1781672934'
Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f 	
'1375451017'
META
Variable 	Value
HTTP_X_SCHEME 	
'http'
CONTENT_TYPE 	
'application/x-www-form-urlencoded'
HTTP_REFERER 	
'http://gongyi.codoon.com/plan/1'
wsgi.multithread 	
False
SCRIPT_NAME 	
u''
wsgi.input 	
<_io.BytesIO object at 0x1e62bf0>
REQUEST_METHOD 	
'POST'
HTTP_HOST 	
'gongyi.codoon.com'
PATH_INFO 	
u'/give_calcoin'
SERVER_PROTOCOL 	
'HTTP/1.0'
QUERY_STRING 	
''
HTTP_CONNECTION 	
'close'
HTTP_X_REAL_IP 	
'122.225.175.91'
CONTENT_LENGTH 	
'20'
HTTP_USER_AGENT 	
'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0'
wsgi.version 	
(1, 0)
HTTP_COOKIE 	
'Hm_lvt_9cca1c462e3682d7fb991e5cf0c7382f=1374217191,1375449009,1375449119,1375449162; Hm_lpvt_9cca1c462e3682d7fb991e5cf0c7382f=1375451017; sessionid=2927ea2dce22f153cf094f1781672934'
SERVER_NAME 	
'gongyi.codoon.com'
REMOTE_ADDR 	
'127.0.0.1'
wsgi.run_once 	
False
wsgi.errors 	
<open file '<stderr>', mode 'w' at 0x7f4e2d698270>
wsgi.multiprocess 	
True
HTTP_ACCEPT_LANGUAGE 	
'zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3'
wsgi.url_scheme 	
'http'
HTTP_MANGO 	
'TEST'
SERVER_PORT 	
'80'
HTTP_ACCEPT 	
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
HTTP_ACCEPT_ENCODING 	
'gzip, deflate'
Settings
Using settings module settings
Setting 	Value
USE_L10N 	
True
USE_THOUSAND_SEPARATOR 	
False
LANGUAGE_CODE 	
'zh-cn'
ROOT_URLCONF 	
'gongyi.urls'
MANAGERS 	
()
SAE_MYSQL_USER 	
'aliyunmysql'
DEFAULT_CHARSET 	
'utf-8'
SERVER_DOMAIN 	
'xiaogd.com'
STATIC_ROOT 	
'/var/www/ncodoon/static_root_s'
TEST_DATABASE_CHARSET 	
None
MESSAGE_STORAGE 	
'django.contrib.messages.storage.user_messages.LegacyFallbackStorage'
DATABASE_HOST 	
''
EMAIL_SUBJECT_PREFIX 	
'[Django] '
SEND_BROKEN_LINK_EMAILS 	
False
URL_VALIDATOR_USER_AGENT 	
'Django/1.3.1 (http://www.djangoproject.com)'
STATICFILES_FINDERS 	
('django.contrib.staticfiles.finders.FileSystemFinder',
 'django.contrib.staticfiles.finders.AppDirectoriesFinder')
SESSION_COOKIE_DOMAIN 	
None
SESSION_COOKIE_NAME 	
'sessionid'
ADMIN_FOR 	
()
TIME_INPUT_FORMATS 	
('%H:%M:%S', '%H:%M')
DATABASES 	
{'default': {'ENGINE': 'django.db.backends.mysql',
             'HOST': 'rdsfviy3ifviy3i1367979506919.mysql.rds.aliyuncs.com',
             'NAME': 'app_codoon',
             'OPTIONS': {},
             'PASSWORD': '********************',
             'PORT': '3306',
             'TEST_CHARSET': None,
             'TEST_COLLATION': None,
             'TEST_MIRROR': None,
             'TEST_NAME': None,
             'TIME_ZONE': 'Asia/Shanghai',
             'USER': 'aliyunmysql'}}
TEST_DATABASE_NAME 	
None
FILE_UPLOAD_PERMISSIONS 	
None
FILE_UPLOAD_HANDLERS 	
('django.core.files.uploadhandler.MemoryFileUploadHandler',
 'django.core.files.uploadhandler.TemporaryFileUploadHandler')
DEFAULT_CONTENT_TYPE 	
'text/html'
APPEND_SLASH 	
True
FIRST_DAY_OF_WEEK 	
0
DATABASE_ROUTERS 	
[]
YEAR_MONTH_FORMAT 	
'F Y'
STATICFILES_STORAGE 	
'django.contrib.staticfiles.storage.StaticFilesStorage'
CACHES 	
{'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
             'LOCATION': ''}}
SERVER_EMAIL 	
'root@localhost'
SESSION_COOKIE_PATH 	
'/'
USE_X_FORWARDED_HOST 	
False
IGNORABLE_404_ENDS 	
('mail.pl', 'mailform.pl', 'mail.cgi', 'mailform.cgi', 'favicon.ico', '.php')
MIDDLEWARE_CLASSES 	
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware')
USE_I18N 	
True
THOUSAND_SEPARATOR 	
','
SECRET_KEY 	
'********************'
HOME_URL 	
'http://www.a.com/home'
LANGUAGE_COOKIE_NAME 	
'django_language'
FILE_UPLOAD_TEMP_DIR 	
None
TRANSACTIONS_MANAGED 	
False
LOGGING_CONFIG 	
'django.utils.log.dictConfig'
TEMPLATE_LOADERS 	
('django.template.loaders.filesystem.Loader',)
TEMPLATE_DEBUG 	
True
AUTHENTICATION_BACKENDS 	
('django.contrib.auth.backends.ModelBackend',)
TEST_DATABASE_COLLATION 	
None
FORCE_SCRIPT_NAME 	
None
CACHE_BACKEND 	
'locmem://'
SSO_KEY 	
'12345678'
DECIMAL_SEPARATOR 	
'.'
SESSION_COOKIE_SECURE 	
False
CSRF_COOKIE_DOMAIN 	
None
FILE_CHARSET 	
'utf-8'
DEBUG 	
True
SESSION_FILE_PATH 	
None
DEFAULT_FILE_STORAGE 	
'django.core.files.storage.FileSystemStorage'
INSTALLED_APPS 	
['django.contrib.sessions',
 'gongyi.custom_tags',
 'gongyi.demo',
 'gongyi.commonweal',
 'gongyi.common']
LANGUAGES 	
(('ar', 'Arabic'),
 ('az', 'Azerbaijani'),
 ('bg', 'Bulgarian'),
 ('bn', 'Bengali'),
 ('bs', 'Bosnian'),
 ('ca', 'Catalan'),
 ('cs', 'Czech'),
 ('cy', 'Welsh'),
 ('da', 'Danish'),
 ('de', 'German'),
 ('el', 'Greek'),
 ('en', 'English'),
 ('en-gb', 'British English'),
 ('es', 'Spanish'),
 ('es-ar', 'Argentinian Spanish'),
 ('es-mx', 'Mexican Spanish'),
 ('es-ni', 'Nicaraguan Spanish'),
 ('et', 'Estonian'),
 ('eu', 'Basque'),
 ('fa', 'Persian'),
 ('fi', 'Finnish'),
 ('fr', 'French'),
 ('fy-nl', 'Frisian'),
 ('ga', 'Irish'),
 ('gl', 'Galician'),
 ('he', 'Hebrew'),
 ('hi', 'Hindi'),
 ('hr', 'Croatian'),
 ('hu', 'Hungarian'),
 ('id', 'Indonesian'),
 ('is', 'Icelandic'),
 ('it', 'Italian'),
 ('ja', 'Japanese'),
 ('ka', 'Georgian'),
 ('km', 'Khmer'),
 ('kn', 'Kannada'),
 ('ko', 'Korean'),
 ('lt', 'Lithuanian'),
 ('lv', 'Latvian'),
 ('mk', 'Macedonian'),
 ('ml', 'Malayalam'),
 ('mn', 'Mongolian'),
 ('nl', 'Dutch'),
 ('no', 'Norwegian'),
 ('nb', 'Norwegian Bokmal'),
 ('nn', 'Norwegian Nynorsk'),
 ('pa', 'Punjabi'),
 ('pl', 'Polish'),
 ('pt', 'Portuguese'),
 ('pt-br', 'Brazilian Portuguese'),
 ('ro', 'Romanian'),
 ('ru', 'Russian'),
 ('sk', 'Slovak'),
 ('sl', 'Slovenian'),
 ('sq', 'Albanian'),
 ('sr', 'Serbian'),
 ('sr-latn', 'Serbian Latin'),
 ('sv', 'Swedish'),
 ('ta', 'Tamil'),
 ('te', 'Telugu'),
 ('th', 'Thai'),
 ('tr', 'Turkish'),
 ('uk', 'Ukrainian'),
 ('ur', 'Urdu'),
 ('vi', 'Vietnamese'),
 ('zh-cn', 'Simplified Chinese'),
 ('zh-tw', 'Traditional Chinese'))
DATABASE_ENGINE 	
''
DATABASE_NAME 	
''
COMMENTS_FIRST_FEW 	
0
PREPEND_WWW 	
False
SESSION_COOKIE_HTTPONLY 	
False
DATABASE_PORT 	
''
DEBUG_PROPAGATE_EXCEPTIONS 	
False
IMG_URL 	
'http://img2.a.com'
MONTH_DAY_FORMAT 	
'F j'
LOGIN_URL 	
'/accounts/login/'
SESSION_EXPIRE_AT_BROWSER_CLOSE 	
False
SAE_MYSQL_PASS 	
'aliyunmysql5401036'
TIME_FORMAT 	
'P'
REDIRECT_URL 	
'http://gongyi.codoon.com'
DATE_INPUT_FORMATS 	
('%Y-%m-%d',
 '%m/%d/%Y',
 '%m/%d/%y',
 '%b %d %Y',
 '%b %d, %Y',
 '%d %b %Y',
 '%d %b, %Y',
 '%B %d %Y',
 '%B %d, %Y',
 '%d %B %Y',
 '%d %B, %Y')
CSRF_COOKIE_NAME 	
'csrftoken'
EMAIL_HOST_PASSWORD 	
'********************'
PASSWORD_RESET_TIMEOUT_DAYS 	
'********************'
CACHE_MIDDLEWARE_ALIAS 	
'default'
SESSION_SAVE_EVERY_REQUEST 	
False
ADMIN_MEDIA_PREFIX 	
'/static/admin/'
NUMBER_GROUPING 	
0
SAE_MYSQL_HOST 	
'rdsfviy3ifviy3i1367979506919.mysql.rds.aliyuncs.com'
SESSION_ENGINE 	
'django.contrib.sessions.backends.db'
CSRF_FAILURE_VIEW 	
'django.views.csrf.csrf_failure'
COMMENTS_SKETCHY_USERS_GROUP 	
None
LOGIN_REDIRECT_URL 	
'/accounts/profile/'
IMG2_URL 	
'http://img2.a.com'
LOGGING 	
{'disable_existing_loggers': False,
 'handlers': {'mail_admins': {'class': 'django.utils.log.AdminEmailHandler',
                              'level': 'ERROR'}},
 'loggers': {'django.request': {'handlers': ['mail_admins'],
                                'level': 'ERROR',
                                'propagate': True}},
 'version': 1}
CACHE_MIDDLEWARE_KEY_PREFIX 	
''
LOCALE_PATHS 	
()
TEMPLATE_STRING_IF_INVALID 	
''
COMMENTS_ALLOW_PROFANITIES 	
False
LOGOUT_URL 	
'/accounts/logout/'
EMAIL_USE_TLS 	
False
TEMPLATE_DIRS 	
('/var/www/ncodoon/gongyi/templates',)
FIXTURE_DIRS 	
()
EMAIL_HOST 	
'localhost'
DATE_FORMAT 	
'Y-m-d'
SAE_MYSQL_DB 	
'app_codoon'
MEDIA_ROOT 	
'/var/www/ncodoon/gongyi/media'
ADMINS 	
()
FORMAT_MODULE_PATH 	
None
DEFAULT_FROM_EMAIL 	
'webmaster@localhost'
VAR_DICT 	
{'db': ('aliyunmysql',
        'aliyunmysql5401036',
        'rdsfviy3ifviy3i1367979506919.mysql.rds.aliyuncs.com'),
 'home_url': 'http://www.a.com/home',
 'img2_url': 'http://img2.a.com',
 'media_url': '/media',
 'mom_url': 'http://mom.a.com:8003',
 'sso_url': 'http://sso.a.com:8002'}
STATICFILES_DIRS 	
()
MEDIA_URL 	
'/media'
DATETIME_FORMAT 	
'Y-m-d H:i'
IGNORABLE_404_STARTS 	
('/cgi-bin/', '/_vti_bin', '/_vti_inf')
SITE_ID 	
1
DISALLOWED_USER_AGENTS 	
()
ALLOWED_INCLUDE_ROOTS 	
()
API_DOMAIN 	
'http://api.codoon.com'
SSO_DOMAIN 	
'http://sso.a.com:8002'
SHORT_DATE_FORMAT 	
'm/d/Y'
DATABASE_USER 	
''
TEST_RUNNER 	
'django.test.simple.DjangoTestSuiteRunner'
TIME_ZONE 	
'Asia/Shanghai'
FILE_UPLOAD_MAX_MEMORY_SIZE 	
2621440
EMAIL_BACKEND 	
'django.core.mail.backends.smtp.EmailBackend'
DEFAULT_TABLESPACE 	
''
TEMPLATE_CONTEXT_PROCESSORS 	
('django.core.context_processors.debug',
 'django.core.context_processors.i18n',
 'django.core.context_processors.media',
 'django.core.context_processors.request',
 'gongyi.common.context_processors.config')
SITE_DOMAIN 	
'http://www.codoon.com'
SESSION_COOKIE_AGE 	
1209600
SETTINGS_MODULE 	
'settings'
USE_ETAGS 	
False
SITE_ROOT 	
'/var/www/ncodoon/gongyi'
MOM_DOMAIN 	
'http://mom.a.com:8003'
LANGUAGES_BIDI 	
('he', 'ar', 'fa')
DEFAULT_INDEX_TABLESPACE 	
''
INTERNAL_IPS 	
()
STATIC_URL 	
'/static/'
EMAIL_PORT 	
25
SHORT_DATETIME_FORMAT 	
'm/d/Y P'
ABSOLUTE_URL_OVERRIDES 	
{}
DATABASE_OPTIONS 	
{}
CACHE_MIDDLEWARE_SECONDS 	
600
BANNED_IPS 	
()
DATETIME_INPUT_FORMATS 	
('%Y-%m-%d %H:%M:%S',
 '%Y-%m-%d %H:%M',
 '%Y-%m-%d',
 '%m/%d/%Y %H:%M:%S',
 '%m/%d/%Y %H:%M',
 '%m/%d/%Y',
 '%m/%d/%y %H:%M:%S',
 '%m/%d/%y %H:%M',
 '%m/%d/%y')
DATABASE_PASSWORD 	
'********************'
COMMENTS_MODERATORS_GROUP 	
None
PROFANITIES_LIST 	
'********************'
SAE_MYSQL_PORT 	
'3306'
EMAIL_HOST_USER 	
''
COMMENTS_BANNED_USERS_GROUP 	
None
You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard 500 page.

修复方案：

你懂得

版权声明：转载请注明来源 mango@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：6

确认时间：2013-08-03 10:57

厂商回复：

谢谢，已修改

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-033357

漏洞标题：咕咚网分站某错输入错误参数导致数据库信息泄露

相关厂商：咕咚网

漏洞作者： mango

提交时间：2013-08-03 09:08

修复时间：2013-09-17 09:08

公开时间：2013-09-17 09:08

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 mango@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-033357

漏洞标题：咕咚网分站某错输入错误参数导致数据库信息泄露

相关厂商：咕咚网

漏洞作者： mango

提交时间：2013-08-03 09:08

修复时间：2013-09-17 09:08

公开时间：2013-09-17 09:08

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2013-033357"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 mango@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：