当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0131885

漏洞标题:Q房网看房记录一览无余

相关厂商:qfang.com

漏洞作者: im503

提交时间:2015-08-10 17:03

修复时间:2015-08-15 17:04

公开时间:2015-08-15 17:04

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:8

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-10: 细节已通知厂商并且等待厂商处理中
2015-08-15: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

各种看房记录..任意浏览.http://58.61.160.7:8080/

漏洞证明:

[ ]	qfang_20140630.zip	30-Jun-2014 01:06 	471M	 
[ ]	qfang_20140707.zip	07-Jul-2014 01:06 	454M	 
[ ]	qfang_20140714.zip	14-Jul-2014 01:07 	488M	 
[ ]	qfang_20140721.zip	21-Jul-2014 01:06 	480M	 
[ ]	qfang_20140728.zip	28-Jul-2014 01:06 	478M	 
[ ]	qfang_20140804.zip	04-Aug-2014 01:07 	553M	 
[ ]	qfang_20140811.zip	11-Aug-2014 01:09 	646M	 
[ ]	qfang_20140818.zip	18-Aug-2014 01:10 	701M	 
[ ]	qfang_20140825.zip	25-Aug-2014 01:12 	725M	 
[ ]	qfang_20140901.zip	01-Sep-2014 01:08 	664M	 
[ ]	qfang_20140908.zip	08-Sep-2014 01:09 	713M	 
[ ]	qfang_20140915.zip	15-Sep-2014 01:05 	517M	 
[ ]	qfang_20140922.zip	22-Sep-2014 01:03 	387M	 
[ ]	qfang_20140929.zip	29-Sep-2014 01:05 	492M	 
[ ]	qfang_20141006.zip	06-Oct-2014 01:03 	359M	 
[ ]	qfang_20141020.zip	20-Oct-2014 01:04 	415M	 
[ ]	qfang_20141027.zip	27-Oct-2014 01:04 	473M	 
[ ]	qfang_20141103.zip	03-Nov-2014 01:06 	533M	 
[ ]	qfang_20141110.zip	10-Nov-2014 01:05 	499M	 
[ ]	qfang_20141117.zip	17-Nov-2014 01:04 	483M	 
[ ]	qfang_20141124.zip	24-Nov-2014 01:06 	532M	 
[ ]	qfang_20141201.zip	01-Dec-2014 01:05 	487M	 
[ ]	qfang_20141208.zip	08-Dec-2014 01:05 	479M	 
[ ]	qfang_20141215.zip	15-Dec-2014 01:05 	489M	 
[ ]	qfang_20141222.zip	22-Dec-2014 01:06 	495M	 
[ ]	qfang_20141229.zip	29-Dec-2014 01:05 	483M	 
[ ]	qfang_20150105.zip	05-Jan-2015 01:05 	468M	 
[ ]	qfang_20150112.zip	12-Jan-2015 01:05 	489M	 
[DIR]	qfang_20150112/	13-Jan-2015 10:45 	- 	 
[ ]	qfang_20150119.zip	19-Jan-2015 01:06 	504M	 
[ ]	qfang_20150126.zip	26-Jan-2015 01:05 	493M	 
[ ]	qfang_20150202.zip	02-Feb-2015 01:04 	450M	 
[ ]	qfang_20150209.zip	09-Feb-2015 01:04 	387M	 
[ ]	qfang_20150216.zip	16-Feb-2015 01:03 	321M	 
[ ]	qfang_20150223.zip	23-Feb-2015 01:02 	204M	 
[ ]	qfang_20150302.zip	02-Mar-2015 01:03 	397M	 
[ ]	qfang_20150309.zip	09-Mar-2015 01:04 	482M	 
[ ]	qfang_20150316.zip	16-Mar-2015 01:04 	391M	 
[ ]	qfang_20150323.zip	23-Mar-2015 01:05 	425M	 
[ ]	qfang_20150330.zip	30-Mar-2015 01:05 	505M	 
[ ]	qfang_20150406.zip	06-Apr-2015 01:04 	382M	 
[ ]	qfang_20150413.zip	13-Apr-2015 01:02 	223M	 
[ ]	qfang_20150420.zip	20-Apr-2015 01:03 	308M	 
[ ]	qfang_20150427.zip	27-Apr-2015 01:03 	335M	 
[ ]	qfang_20150504.zip	04-May-2015 01:04 	365M	 
[ ]	qfang_20150511.zip	11-May-2015 01:05 	425M	 
[ ]	qfang_20150518.zip	18-May-2015 01:05 	445M	 
[ ]	qfang_20150525.zip	25-May-2015 01:05 	430M	 
[ ]	qfang_20150601.zip	01-Jun-2015 01:05 	429M	 
[ ]	qfang_20150608.zip	08-Jun-2015 01:05 	470M	 
[ ]	qfang_20150615.zip	15-Jun-2015 01:06 	482M	 
[ ]	qfang_20150622.zip	22-Jun-2015 01:05 	415M	 
[ ]	qfang_20150629.zip	29-Jun-2015 01:04 	298M	 
[ ]	qfang_20150706.zip	06-Jul-2015 01:03 	301M	 
[ ]	qfang_20150713.zip	13-Jul-2015 01:04 	329M	 
[ ]	qfang_20150720.zip	20-Jul-2015 01:04 	339M	 
[ ]	qfang_20150727.zip	27-Jul-2015 01:03 	294M	 
[ ]	qfang_20150803.zip	03-Aug-2015 01:01 	98M

修复方案:

目录权限控制下,别直接777..

版权声明:转载请注明来源 im503@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-15 17:04

厂商回复:

漏洞Rank:2 (WooYun评价)

最新状态:

暂无