当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2015-0140733
漏洞标题:
三好某处配置不当致敏感信息泄露
相关厂商:
北京三好互动教育科技有限公司
漏洞作者:
路人甲
提交时间:
2015-09-14 11:54
修复时间:
2015-10-29 17:04
公开时间:
2015-10-29 17:04
漏洞类型:
重要敏感信息泄露
危害等级:
自评Rank:
10
漏洞状态:
厂商已经确认
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2015-09-14: 细节已通知厂商并且等待厂商处理中
2015-09-14: 厂商已经确认,细节仅向厂商公开
2015-09-24: 细节向核心白帽子及相关领域专家公开
2015-10-04: 细节向普通白帽子公开
2015-10-14: 细节向实习白帽子公开
2015-10-29: 细节向公众公开

简要描述:

安全无小事

详细说明:

泄露:appid、mch_id、nonce_str、sign、prepay_id

http://m.sanhao.com/log.txt


1.png


385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => whu9SVO3TCql5tJs
    [sign] => 912550CCA1E6C666A1FD737073B3FBD6
    [result_code] => SUCCESS
    [prepay_id] => wx2015091112472967fb2f79d40455813543
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => 0SG8JTRGeBPFf3ND
    [sign] => 37945C6AA105376EF3051C7C518D5BA6
    [result_code] => SUCCESS
    [prepay_id] => wx201509111247315c79fe35060992186451
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => XKHcvReHVIEHt1pN
    [sign] => 2A220F442A4F6B761523B442D20EF19E
    [result_code] => SUCCESS
    [prepay_id] => wx2015091115080444d83cc4250727331944
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => UkfdSm1dj6IBvOcA
    [sign] => 01AD1DBB82EB434B344335F7749B182D
    [result_code] => SUCCESS
    [prepay_id] => wx20150911153341a09308bfcb0070453335
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => 0V6IEBHfFooMdp6W
    [sign] => CE565E8503C704D81DBC2B47AEAC582C
    [result_code] => SUCCESS
    [prepay_id] => wx20150911153343b584e3cf930619789114
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => Z2lKhe8XLtpgIVxM
    [sign] => 0E8A6D358CBBC2C3133AA7C46D8D9DE5
    [result_code] => SUCCESS
    [prepay_id] => wx20150911160153277e98be350514738715
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => oSz8KlfZqgnhvpsK
    [sign] => 583DD3A26D8018E474D1FAEE8107F140
    [result_code] => SUCCESS
    [prepay_id] => wx2015091116485781d93b37cb0271126164
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => ydnrMiKAk5PoGtP1
    [sign] => 1925D51EA3B683D657CCEAC800A92263
    [result_code] => SUCCESS
    [prepay_id] => wx20150911170738d1eecd4a3b0225958521
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => 1mkxlVOJngl5RkG9
    [sign] => 4FA26BC104FE0D36993673CD38F02E0C
    [result_code] => SUCCESS
    [prepay_id] => wx201509111727350c272994e80305664667
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => 8dXgz8ltdJRcvaDW
    [sign] => 0F542E80A053E771FCAECB94CDBF49A1
    [result_code] => SUCCESS
    [prepay_id] => wx2015091117563131254998f00592012413
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => EnOEdB2G6wAXoauK
    [sign] => 325727EB3EBE8CABDFA60C24C92563E0
    [result_code] => SUCCESS
    [prepay_id] => wx201509120924310bccae911c0774327432
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => SNMYDjNbnlsSBLG1
    [sign] => 68C6746B606C3AF243DD36D85AA15950
    [result_code] => SUCCESS
    [prepay_id] => wx20150912094620250940a2bb0770703222
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => 1hJcOJj1AmaYpc2B
    [sign] => F388DF47705AA36B2650EE17BED55111
    [result_code] => SUCCESS
    [prepay_id] => wx20150912101143b3eae45ea10643518544
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => 9W55LmcEbXYvryjB
    [sign] => 6D72BA58E142A524A0245684ACD28240
    [result_code] => SUCCESS
    [prepay_id] => wx201509121034222a4b9c1f5b0520175089
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => 5lvilBs1TyUgnhfK
    [sign] => 4D30954603D8712A558A3B2030BD052E
    [result_code] => SUCCESS
    [prepay_id] => wx201509121048069e1056b4a30274246094
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => 7URe6wWSJw89aBpZ
    [sign] => 2CB1F7E1A39EF59E4E89C670DA7E61DC
    [result_code] => SUCCESS
    [prepay_id] => wx2015091211553412417366000303379778
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => w9AUbVcPGwei0lVW
    [sign] => D290014DD70D9718DE8AC8B2C8D250B6
    [result_code] => SUCCESS
    [prepay_id] => wx20150912140523dc22c5de840926348877
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => jIqZLqMozpCOWfXS
    [sign] => 5B2F568B7CC94B72201B9A845497A950
    [result_code] => SUCCESS
    [prepay_id] => wx201509121405272e9193faa50912959552
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => UsmcJEKkd4lYNW2V
    [sign] => 4C40F760260A5DDF8177908C76B38965
    [result_code] => SUCCESS
    [prepay_id] => wx20150912140531587f5fc8b30320989522
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => tgV5id0Kik7ItTAb
    [sign] => BAC3461E161DC0818DDD4BC35872DD34
    [result_code] => SUCCESS
    [prepay_id] => wx201509121427358ac354737f0196091096
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => ZPHAe3zVrhDy7o8R
    [sign] => AB2917B73E2C38C97C8837431E11592F
    [result_code] => SUCCESS
    [prepay_id] => wx201509121441544169f921030083299761
    [trade_type] => JSAPI
)
385result:
Array
(
    [return_code] => SUCCESS
    [return_msg] => OK
    [appid] => wxaf4d73f2fab8e874
    [mch_id] => 1224587202
    [nonce_str] => ebXPrMQ8GftGzYIT
    [sign] => 488139C51B4F7E82B7D426AA3078FE5D
    [result_code] => SUCCESS
    [prepay_id] => wx20150912150228f442b249120989083027
    [trade_type] => JSAPI
)

漏洞证明:

0x02:flash跨域

http://bbs.sanhao.com/crossdomain.xml

修复方案:

我是来找礼物的!

版权声明:转载请注明来源 路人甲@乌云

>

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-09-14 17:03

厂商回复:

漏洞已经确认,谢谢提交!

最新状态:

暂无