Bug 曝光台 iQiyi RESTful API Bug | 爱奇艺 RESTful API Bug

LawisChen · 2020年05月17日 · 1205 次阅读

Recently, we found RESTful API bugs in some popular mobile applications by a fuzzing test tool:

iQiyi - version: 10.10.0

Bug ID 1

API: GET https://api-yuedu.iqiyi.com/book/register

when parameter "appVer" = "A\"*500" we get the status code of 500

see detailed information in the appendix -> Bug ID 1

近期，我们利用某模糊测试工具发现了几家大厂 App 接口存在如下 bug：

爱奇艺 - 版本: 10.10.0

Bug ID 1

接口: GET https://api-yuedu.iqiyi.com/book/register

参数 "appVer" = "A\"*500" 时报 500

具体报文见附录 -> Bug ID 1

Appendix 附录

Bug ID 1

{
  "appName": "iQiyi",
  "method": "GET",
  "url": "https://api-yuedu.iqiyi.com/book/register",
  "status_code": 500,
  "request": {
    "appVer": "A\"*500",
    "soVer": "1",
    "srcPlatform": "10"
  },
  "response_data": {
    "msg": "服务端异常",
    "code": "E00001",
    "data": {
      "reason": "Server Execution",
      "ctrl": "0001"
    }
  }
}

2 个赞

暂无回复。

需要登录后方可回复, 如果你还没有账号请点击这里注册。