乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-22: 细节已通知厂商并且等待厂商处理中 2014-03-23: 厂商已经确认,细节仅向厂商公开 2014-04-02: 细节向核心白帽子及相关领域专家公开 2014-04-12: 细节向普通白帽子公开 2014-04-22: 细节向实习白帽子公开 2014-09-26: 细节向公众公开
发布时候存留下来的代码包。
#1 源码可下载http://waptest.ctrip.com/market/m.ctrip.com.market.ziphttp://waptest.ctrip.com/passupdate/passupdate.rar
web.config
<?xml version="1.0"?><configuration> <connectionStrings> <add name="MobileDB_INSERT" connectionString="Tpfa4xR5POfm3sabpk9Ccqxfe+zwfXn3L0VTvLovS+hJXwAgljQ7IvPNIBackjJS4JsMfdTlZskotcEGNNT5oEq1Xwihpp*************k0I8HYBwdj7rFjzYciMIwVE3LKYrcTaNiKk8ke0biXGnjMDk4rmdrfVcSLOS/+oumXJSmz3QBpoAcltyJsEruT3DtLr2xwmc0vNg1LxVqGZ9kwjBBg==" providerName="System.Data.SqlClient" /> </connectionStrings> <appSettings> <add key="PassTypeIdentifier" value="pass.ctrip.test"/> <add key="TeamIdentifier" value="977*****GSZ"/> <add key="PassBookCertificateThumbprint" value="A38B076D0F59EDE4*****B35E7BAAB540DBB73"/> <add key="WebServiceUrl" value="https://www.security.mobile.ctrip.com/passupdate/"/> <add key="IsLogTrace" value="true"/> <add key="AboutPassbook" value="除了在Passbook中便捷的浏览您的航班信息,携程无线还为您提供一项重要的免费增值服务--航班动态,说明见下。"/> <add key="FlighVariIllustrate" value="航班动态为免费服务,仅在航班起飞当日生效。携程无线会及时通知您航班状态变化,以便您合理安排出行。常见状态:计划、起飞、到达、延误、取消等。"/> <add key="Disclaimer" value="由于航空公司会随时调整,信息仅供参考。您可以和携程无线取得联系,免费电话:400-008-6666"/> <add key="MemcacheClusterName" value="MobileApServer"/> <!--架构组新日志系统的AppID--> <add key="AppID" value="340101"/> <!--架构组新日志系统的服务器,分测试环境、UAT、生产环境; logservice_temp.sh.ctriptravel.com for product--> <add key="RemoteIP" value="logging.test.sh.ctriptravel.com"/> <!--架构组新日志系统的端口--> <add key="Port" value="63100"/> </appSettings> <system.web> <compilation targetFramework="4.0" /> <customErrors mode="Off"/> </system.web> <system.webServer> <modules runAllManagedModulesForAllRequests="true"> <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </modules> </system.webServer> <system.serviceModel> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/> <standardEndpoints> <webHttpEndpoint> <!-- Configure the WCF REST service base address via the global.asax.cs file and the default endpoint via the attributes on the <standardEndpoint> element below --> <!--<standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true"/>--> </webHttpEndpoint> </standardEndpoints> </system.serviceModel></configuration>
<?xml version="1.0" encoding="utf-8" ?><items> <item key="HotCityLowestPriceInThreeDaysCore" value="BJS,SHA,CAN,SZX,CTU,HGH,HAK,WNZ,WUH,HET,NKG,XMN,FOC,KHN,CSX,HFE" type="1" remark="" /> <item key="HotHotelCore" value="1,2,17,32,30,12,28,14,25,7,477,43" type="2" remark="热门城市酒店:北京、上海、杭州、广州、深圳、南京、成都、苏州、厦门、青岛、武汉、三亚" /> <item key="HotDiscountHotelCore" value="1, 2, 17, 25, 43 " type="2" remark="热门惠选酒店:北京,上海,杭州,厦门,三亚" /> <item key="PjnOnlyPayment" value="1|限中行信用卡支付,2|限工商银行信用卡支付,22|限平安信用卡支付" type="2" remark="不需要行程单,信用卡限制" /> <!--火车票预订开关--> <item key="IsOpenTrainOrder" value="true" type="3" remark="火车票预订开关" /> <!--普通车次预订开关--> <item key="IsOpenCommonTrainOrder" value="false" type="3" remark="普通车次预订开关" /> <!--显示距离当前时间几小时内的车次--> <item key="ShowTrain" value="3" type="3" remark="距离当前时间几小时内的车次不下发" /> <item key="TrainOrderDay" value="12" type="3" remark="" /> <item key="TrainOrderToDay" value="" type="3" remark="" /> <item key="CtripContract" value="携程;021-34064880X54133;18717781513;上海市长宁区福泉路99号携程网络技术大楼;200335;NASDAQ:CTRP;其他" type="3" remark="直连机票订位联系人" /> <item key="HotelAutoCompleteCity" value="1,2,3,4,5,6,7,10,11,12,13,14,15,16,17,19,22,23,24,25,26,27,28,30,31,32,33,34,35,36,37,38,39,40,41,42,43,45,52,58,59,82,83,86,87,90,91,94,95,96,97,99,100,103,104,105,110,111,112,124,129,135,136,139,140,141,143,144,145,147,149,150,158,159,171,177,179,181,182,185,186,189,201,202,206,211,213,214,215,216,218,221,223,231,236,237,238,246,251,252,257,258,267,268,272,275,278,282,287,288,290,292,297,299,305,307,308,316,317,318,325,327,328,331,335,340,344,345,346,348,350,351,352,353,354,355,370,375,376,377,378,380,385,387,406,407,408,411,422,428,436,437,441,446,447,451,452,454,458,459,464,468,475,477,478,479,481,489,491,492,494,496,498,507,510,512,513,514,515,518,521,527,533,534,536,537,539,542,544,547,548,550,551,552,553,556,558,559,560,562,569,571,577,578,579,580,583,589,598,601,603,606,612,614,617,621,654,655,657,662,663,664,667,686,692,693,720,729,732,866,872,918,933,937,945,947,951,956,970,992,1006,1024,1030,1037,1048,1050,1071,1074,1078,1083,1088,1093,1094,1097,1100,1105,1106,1111,1113,1117,1125,1128,1133,1140,1148,1155,1200,1206,1208,1232,1300,1303,1315,1317,1332,1358,1367,1370,1371,1421,1422,1436,1452,1453,1472,1490,1518,1541,1597,1659,1664,1677,1705,1706,1820,1823,1840,1899,1993,2963,3053,3221,3222,3230,3277,3863,3876,3887,3909,3910,3917,3921,3929,3933,3946,3976,4255,7521,7587,20919,21151,22249" /> <!--<item key="HotelAutoCompleteCity" value="11,12,13,14,15,21,22,23,31,32,33,34,35,36,37,41,42,43,44,45,46,50,51,52,53,54,61,62,63,64,65" />--> <!--1:酒店 2:品牌 3:商业区 4:行政区 5:地标 6:地铁线 7:地铁站--> <item key="HotelAutoCompleteType" value="2, 1, 5, 3, 6, 7, 4" /> <!--高德服务URL--> <item key="GaoDeApiUrl" value="http://restapi.amap.com/gss/simple" /> <!--支付平台商户ID: 机票,酒店--> <item key="PaymentMerchantID" value="200003, 200002" /> <!--支付结果页面地址,生产环境:https://secure.ctrip.com/wapSecurity/PayResult.aspx--> <item key="PaymentReturnUrl" value="https://secure.ctrip.com/wapSecurity/PayResult.aspx" /> <!--手机号码验证正则--> <item key="CallphonePattern" value="^(1[3|4|5|8])\d{9}$" /> <!--酒店是否支持Offline售卖--> <item key="IsSupportOfflineSale" value="true" /> <!-- 是否开通直连 --> <item key="IsStraightFlightOpen" value="true" /> <!--机票直连销售中过滤8L:祥鹏航空公司,2字码 格式要求8L,FM,CZ--> <item key="FilterDirectAirLineCode" value="8L" /> <!--无需调用订位服务的渠道号--> <item key="NoBookingChannel" value="CZ-SP, MU-SP" /> <!--是否打开七天酒店--> <item key="IsSevenDayOpen" value="false" /> <!--航班,酒店订单状态和航班动态组合服务刷新间隔时间; 0表示客户端自己控制, 单位为分钟--> <item key="OrderRefreshInterval" value="15" /> <!--Test_Url 192.168.81.44:2227/upload --> <!--Product_Url images4.c-ctrip.com/target --> <item key="PictureDomain" value="http://images4.c-ctrip.com/target" type="3" remark="新图片服务地址" /> <item key="MemExpiredtime" value="15" type="3" remark="Memcache缓存过期时间,单位分钟" /> <!-- 第三方支付配置信息 Start --> <!--第三方支付Alipay配置Start--> <!--测试:partnerId:20882015****9153,key:zpdjh9ywq4*****c5pys7ipkosnz,[email protected]> <item key="Alipay_Partner" value="208880*****19324"/> <item key="Alipay_Seller_Account" value="[email protected]"/> <item key="Alipay_Key" value="vlrqvhyqoqlx*******3eetib6r21j6"/> <!--以上配置测试生产需要对应配置--> <item key="Alipay_GatewayUrl" value="https://wappaygw.alipay.com:443/service/rest.htm"/> <item key="Alipay_DirectService" value="alipay.wap.trade.create.direct"/> <item key="Alipay_AuthService" value="alipay.wap.auth.authAndExecute"/> <item key="Alipay_Version" value="2.0"/> <item key="Alipay_Format" value="xml"/> <item key="Alipay_Encrypt_Type" value="MD5"/> <item key="Alipay_CallBackUrl" value="https://secure.ctrip.com/wapSecurity/PayResult.aspx"/> <item key="Alipay_NotifyUrl" value="http://210.13.114.28/AliPayMobile/PaymentNotice.aspx"/> <item key="Alipay_MerchantUrl" value="http://m.ctrip.com"/> <!--第三方支付netpay配置End--> <!--第三方支付Alipay配置Start--> <item key="MerchantName" value="携程无线" type="3" remark="商户名称" /> <item key="MerchantId" value="802310048990595" type="3" remark="商户id,生产:802310048990595,测试id:100011000110154" /> <!-- 如果是连接测试环境,填写测试申请后分配的代码。生产环境填写正式分配的商户代码 --> <item key="TerminalId" value="00000001" type="3" remark="终端id" /> <!-- 该域是提供给浏览器调用插件时的通知返回使用。APP调用时无需填写,测试地址:https://210.13.114.28/UnionPayMobile.Test/PaymentNotice.aspx --> <item key="ResultUrl" value="https://210.13.114.28:443/UnionPayMobile/PaymentNotice.aspx" type="3" remark="银联通知返回url" /> <!-- 当前只是在信用卡还款交易中使用。可不填写 --> <item key="ServiceInfo" value="" type="3" remark="服务信息" /> <!-- 当前是可选域。建议不填写 --> <item key="ContentExtention" value="" type="3" remark="内容拓展方" /> <!-- 银联交易类型:同步:Purchase.MARsp;异步:PurchaseAdvice.MARsp --> <item key="NetPay_TransationType" value="PurchaseAdvice.MARsp" /> <!-- 6w账户测试金额 --> <item key="Thirdpay_6w_Amount" value="1" /> <!--第三方支付netpay配置End--> <!-- 第三方支付配置信息 End --> <!-- 第三方支付各业务平台开放的网银,value一定要取自PayBankType.ToString --> <item key="PayBankType_Flight" value="LLPAY,ALPAY" type="3" remark="机票支持的第三方支付方式" /> <item key="PayBankType_Hotel" value="LLPAY,ALPAY" type="3" remark="酒店支持的第三方支付方式" /> <!--是否过滤准点率, 首都国际机场, 南苑机场--> <item key="FilterPunctualityRateAirport" value="PEK,NAY" remark="机场名称" /> <!--国际机票查询超时时间--> <item key="OvertimeForSearch" value="20" type="3" remark="" /> <!--满舱检测票量,少于当前设置的票量则要满舱检测--> <item key="FlightCheckQuantity" value="5" remark="剩余量票" /> <item key="NeedPreBook" value="1" remark="是否需要预订位" /></items>
#1 删除发布时候存留下来的代码包
危害等级:高
漏洞Rank:20
确认时间:2014-03-23 02:57
携程技术人员已经确认该漏洞,并在两小时内及时修复,对于乌云平台发现的漏洞信息表示感谢。该漏洞受影响的用户为近期的部份交易客户,目前并没有用户受到该漏洞的影响而造成相应财产损失的情况发现。携程旅行网始终对信息安全非常重视,对于此次漏洞事件如果有新的进展将持续通报。
暂无
