破壳企业应急安全(防御方向)课程 应急响应 勒索病毒 挖矿木马 DDOS 日志分析

ShopEx某服务器存在心脏出血

编号118953
Urlhttp://www.wooyun.org/bug.php?action=view&id=118953
漏洞状态厂商已经确认
漏洞标题ShopEx某服务器存在心脏出血
漏洞类型敏感信息泄露
厂商ShopEx
白帽子路人甲
提交日期2015-06-08 17:07:00
公开日期2015-07-23 17:24:00
修复时间(not set)
确认时间2015-06-08 00:00:00
Confirm Spend0
漏洞标签
关注数0
收藏数0
白帽评级
白帽自评rank20
厂商评级
厂商评rank5
漏洞简介
**
漏洞细节

oauth.ishopex.cn
openapi.ishopex.cn
id.shopex.cn
IP:122.144.135.220

shopex.cnopenapi.ishopex.cn.ishopex.cnAccept: */*Content-Length: 430Content-Type: application/x-www-form-urlencodeddata=%7B%22tid%22%3A%2220150608114237%22%2C%22from_type%22%3A%22local%22%2C%22province%22%3A330000%2C%22from_nodeid%22%3A%22%22%2C%22amount%22%3A%2285.500%22%2C%22prod_nums%22%3A%222%22%2C%22time%22%3A1433734388%2C%22%40class%22%3A%22prodata-order%22%2C%22nodeid%22%3A%22%22%2C%22shopexid%22%3A%22%22%2C%22code%22%3A%22product_0182%22%2C%22product%22%3A%22C-0003%22%7D&routing_key=bnow.stat.fenxiao&content-type=application%2Fjsonc,[email protected]^8$53Xrr=jafx79-lo<`BFR P+#xn%2Fjson*%@\j5U+gVjXHupM'[u)*u5546%5Cuff0c%5Cu81ea%5Cu5df1%5Cu8d5a%5Cu94b1%5Cu4e0d%5Cu9700%5Cu8981%5Cu9760%5Cu5bb6%5Cu957f%5Cuff0c%5Cu5efa%5Cu8bae%5Cu6ca1%5Cu6709%7E%22%2C%22new_product_cat%22%3A%221027%2C1031%2C1033%2C%22%2C%22customerid%22%3A2299631%2C%22contactuserid%22%3A1418149%7D%7D+:m9K~+\Cu53d1%5Cu8bf7%5Cu8054%5Cu7cfb%5Cu6211+%7E%5Cuff01%22%2C%22new_product_cat%22%3A%221027%2C1031%2C1032%2C%22%2C%22customerid%22%3A2299589%2C%22contactuserid%22%3A1418113%7D%7D^Uvywx2C%22%2C%22customerid%22%3A2299578%2C%22contactuserid%22%3A1418102%7D%7Dm%`q?o%27%2C%271417791%27%2C%271417788%27%2C%271417789%27%2C%271417790%27%2C%271417792%27%2C%271417794%27%2C%271417796%27%2C%271417797%27%29%22%7D%5D%7D>.oGD9e3ea%5Cu662f%5Cu4e2a%5Cu521a%5Cu5f00%5Cu59cb%5Cu505a%5Cu7684%5Cu4e5f%5Cu4e0d%5Cu4f1a%5Cu770b%5Cu4e0d%5Cu8d77%5Cu4f60%5Cuff0c%5Cu4e0d%5Cu7406%5Cu4f60%5Cu4ec0%5Cu4e48%5Cu7684%5Cuff0c%5Cu4e00%5Cu89c6%5Cu540c%5Cu4ec1%5Cuff0c%5Cu800c%5Cu4e14%5Cu8ddf%5Cu4ed6%5Cu4eec%5Cu5728%5Cu4e00%5Cu8d77%5Cuff0c%5Cu771f%5Cu7684%5Cu5b66%5Cu4f1a%5Cu5f88%5Cu591a%5Cu4e1c%5Cu897f%5Cuff01%5Cu652f%5Cu6301%5Cu4f60%5Cu4eec%5Cuff01%5Cu963f%5Cu91cc%5Cu5206%5Cu9500%5Cuff01%5Cuff01%22%2C%22new_product_cat%22%3A%221027%2C1028%2C1029%2C%22%2C%22customerid%22%3A2299108%2C%22contactuserid%22%3A1417683%7D%7DO<p]mBS(Kz>%b,>811DNSTNBYN`NCapplication/rss+xmlrssintxth)[email protected]+ww[~HYI`+ ,{7+p,T+!8,,e`D,@-1#ob--D-server192.168.23.54:8080PQ6192.168.23.54:8080serverq!%[email protected](SPjwTw/ %(Q `(0h1  HIPvQ-Rp28ZV`)Q67(EPp}xd677*@/@[email protected](P`T(`Y(`dIZ2(Wt`7JX5#@ep P1<[email protected]#OGPwwq W#`1J8!}"(RX)@"/0Y084H(!#3((DPkp/\#(D=3PJ$Pqx7p8zH=tzHh`pz0ka`  @ p0c>[email protected]`fP0k  [email protected] `    ad  `(>@ `(> 00kA  [email protected] gSSST TPT`TTii0jknqsuwTxy{}}0~`~~~(xXP8vP0b ``_0u0ud"h<@[email protected]@[email protected][email protected],!! Np?NNNN{?NNN,``` @  !1DN$0$$#N

POC

RT

修复方案

**

状态信息 2015-06-08: 细节已通知厂商并且等待厂商处理中
2015-06-08: 厂商已经确认,细节仅向厂商公开
2015-06-18: 细节向核心白帽子及相关领域专家公开
2015-06-28: 细节向普通白帽子公开
2015-07-08: 细节向实习白帽子公开
2015-07-23: 细节向公众公开
厂商回复非常感谢您为shopex信息安全做的贡献
我们将尽快修复
非常感谢
回应信息危害等级:中漏洞Rank:5 确认时间:2015-06-08 17:22