Ctrip Payment Log Vulnerability User credit card information disclosure
Source: Internet
Author: User
KeywordsCredit card Ctrip
Vulnerability reporting Platform Cloud Network today posted a network security vulnerability message on its official web site, the paper points out that Ctrip security payment log can traverse downloading, resulting in a large number of users ' bank card information leakage (including cardholder name ID card, bank card number, card CVV code, 6-bit card bin), and said the details have been notified to the manufacturer and waiting for the manufacturer to process. In addition, Ctrip is also exposed to a branch of the source code package can be directly downloaded. Vulnerability Details Description: Because Ctrip is used to deal with user payment of the Security payment server interface has debugging functions, the user pays the record with the text saved. At the same time because the server that holds the payment log does not have a strict baseline security configuration, there is a directory traversal vulnerability, which results in all the debugging information in the payment process can be read by any hacker. Traversal is usually defined as a search route, one for each node in the tree, and one visit at a time. This is classified as sensitive information leakage vulnerability, is alleged to lead to a large number of Ctrip user cardholder name ID card, bank card number, card CVV code, 6-bit card bin and other information leaked. Ctrip response:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.