京东团购敏感信息泄漏 | wooyun-2012-010958 | WooYun.org

当前位置：WooYun >> 漏洞信息

漏洞概要关注数(24) 关注此漏洞

缺陷编号：

wooyun-2012-010958

漏洞标题：

京东团购敏感信息泄漏

相关厂商：

京东商城

漏洞作者：

笔墨

提交时间：

2012-08-16 12:58

修复时间：

2012-08-21 12:59

公开时间：

2012-08-21 12:59

漏洞类型：

敏感信息泄露

危害等级：

中

自评Rank：

7

漏洞状态：

漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源：

http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：

无

分享漏洞：

>

漏洞详情

披露状态：

2012-08-16：细节已通知厂商并且等待厂商处理中
2012-08-21：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

配置不当。

详细说明：

京东首页打开团购页面。

漏洞证明：

Ice_UnknownException Object ( [unknown] => Thread.cpp:521: IceUtil::ThreadSyscallException: syscall exception: Resource temporarily unavailable [message:protected] => [string:Exception:private] => [code:protected] => 0 [file:protected] => /export/data/tomcatRoot/tuan.360buy.com/include/library/Ice.class.php [line:protected] => 22 [trace:Exception:private] => Array ( [0] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/library/Ice.class.php [line] => 22 [function] => Ice_initialize [args] => Array ( ) ) [1] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/function/iceUtils.php [line] => 201 [function] => findIce [class] => IceUtil [type] => :: [args] => Array ( [0] => RpcJdUserService ) ) [2] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/function/iceUtils.php [line] => 159 [function] => getJdUser [args] => Array ( [0] => dosbear ) ) [3] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/classes/ZLogin.class.php [line] => 37 [function] => inituser [args] => Array ( [0] => 233E96400AD0D2F381C7F3FFA68A4AFDB96526624BD9D76A37CD300B5CAF2F90860B776D73752781BEB5723CBE828EA3B9FACD9DE31176470C296E26815A5B3F7D94493B2F4CFFB115CA88D65D11F7386ACB99B6C02B20CFC0059F424B613A212A8480286BDAB37B9249987C468A89A542413BC36D4C0A4FA224919607A852A7BCD37C58E95B1914328661A6829ED8B7 [1] => 4ef687a948709891d0cfc2ab64b43661 ) ) [4] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/include/classes/ZLogin.class.php [line] => 26 [function] => initUserInfo [class] => ZLogin [type] => :: [args] => Array ( [0] => 233E96400AD0D2F381C7F3FFA68A4AFDB96526624BD9D76A37CD300B5CAF2F90860B776D73752781BEB5723CBE828EA3B9FACD9DE31176470C296E26815A5B3F7D94493B2F4CFFB115CA88D65D11F7386ACB99B6C02B20CFC0059F424B613A212A8480286BDAB37B9249987C468A89A542413BC36D4C0A4FA224919607A852A7BCD37C58E95B1914328661A6829ED8B7 [1] => 4ef687a948709891d0cfc2ab64b43661 ) ) [5] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/app.php [line] => 26 [function] => GetLoginId [class] => ZLogin [type] => :: [args] => Array ( ) ) [6] => Array ( [file] => /export/data/tomcatRoot/tuan.360buy.com/forward.php [line] => 9 [args] => Array ( [0] => /export/data/tomcatRoot/tuan.360buy.com/app.php ) [function] => require_once ) ) [previous:Exception:private] => )

修复方案：

技术人员都懂的。

版权声明：转载请注明来源笔墨@乌云

>

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2012-08-21 12:59

厂商回复：

最新状态：

暂无