Bug 曝光台 Pinduoduo RESTful API Bug | 拼多多 RESTful API Bug

LawisChen · 2020年05月17日 · 859 次阅读

Recently, we found RESTful API bugs in some popular mobile applications by a fuzzing test tool:

Pinduoduo - version: 4.77.0

Bug ID 2

API: GET https://api.yangkeduo.com/api/cappuccino/splash

when parameter "platform" = "/.:/" we get the status code of 500

see detailed information in the appendix -> Bug ID 2

近期，我们利用某模糊测试工具发现了几家大厂 App 接口存在如下 bug：

拼多多 - 版本: 4.77.0

Bug ID 2

接口: GET https://api.yangkeduo.com/api/cappuccino/splash

参数 "platform" = "/.:/" 时报 500

具体报文见附录 -> Bug ID 2

Appendix 附录

Bug ID 2

{
  "appName": "Pinduoduo",
  "method": "GET",
  "url": "https://api.yangkeduo.com/api/cappuccino/splash",
  "status_code": 500,
  "request": {
    "client_time": "1575319562214",
    "density": "2.75",
    "height": "1821",
    "launch_type": "1",
    "pdduid": "",
    "platform": "/.:/",
    "support_formats": "1",
    "version": "1",
    "width": "1080"
  },
  "response_data": {
    "error_code": 50000,
    "error_msg": "http error:500"
  }
}

2 个赞

暂无回复。

需要登录后方可回复, 如果你还没有账号请点击这里注册。