慢雾首席信息安全官：推测 WOO X 或因 API 权限控制问题导致越权漏洞

foresightnews

25 Jul

Foresight News 消息，慢雾首席信息安全官 23pds 发推表示，WOO X 曾于 6 月 30 日进行了 API v3 升级，其推测是 API 权限控制问题导致的越权漏洞。原因如下：是分多笔提币、能明确说 9 个恶意用户。“所以大概率是因为新旧 API 混用，权限控制或逻辑问题导致的漏洞，从而被恶意利用。”

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2554737193"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2554737193\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2554737193?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-07-25 10:26","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2554737193","market":"hk","top_or_hot":-1,"title":"慢雾首席信息安全官：推测 WOO X 或因 API 权限控制问题导致越权漏洞","media":"foresightnews","content":"<html><body><p>Foresight News 消息，慢雾首席信息安全官 23pds 发推表示，WOO X 曾于 6 月 30 日进行了 API v3 升级，其推测是 API 权限控制问题导致的越权漏洞。原因如下：是分多笔提币、能明确说 9 个恶意用户。“所以大概率是因为新旧 API 混用，权限控制或逻辑问题导致的漏洞，从而被恶意利用。”</p></body></html>","source":"foresightnews_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>慢雾首席信息安全官：推测 WOO X 或因 API 权限控制问题导致越权漏洞</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n慢雾首席信息安全官：推测 WOO X 或因 API 权限控制问题导致越权漏洞\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-07-25 10:26 北京时间&nbsp;&nbsp;&nbsp;<a href=https://foresightnews.pro/foresightnews/news/detail/79182><strong>foresightnews</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>Foresight News 消息，慢雾首席信息安全官 23pds 发推表示，WOO X 曾于 6 月 30 日进行了 API v3 升级，其推测是 API 权限控制问题导致的越权漏洞。原因如下：是分多笔提币、能明确说 9 个恶意用户。“所以大概率是因为新旧 API 混用，权限控制或逻辑问题导致的漏洞，从而被恶意利用。”</p>\n\n<a href=\"https://foresightnews.pro/foresightnews/news/detail/79182\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"SG9999014906.USD","symbol_name":"大华全球优质成长基金Acc USD","start_time":0,"source_url":"https://foresightnews.pro/foresightnews/news/detail/79182","article_id":"2554737193","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2554737193","pubTimestamp":1753410360,"columns":[],"sourceInfo":{"source_id":"foresightnews_live","name":"foresightnews"},"weMediaInfo":null,"summary":"Foresight News 消息，慢雾首席信息安全官 23pds 发推表示，WOO X 曾于 6 月 30 日进行了 API v3 升级，其推测是 API 权限控制问题导致的越权漏洞。原因如下：是分","collect":0,"end_time":0,"defaultTopTitle":"foresightnews.pro","property":[],"viewcount":null,"language":"zh","relate_stocks":{"165523":"信息安全","399994":"信息安全","SG9999014906.USD":"大华全球优质成长基金Acc USD","SG9999014880.SGD":"大华全球优质成长基金Acc SGD","LU1316542783.SGD":"Janus Henderson Horizon Global Technology Leaders A2 SGD","IE00B19Z3B42.SGD":"Legg Mason ClearBridge - Value A Acc SGD","SG9999015978.USD":"利安颠覆性创新基金A","LU0107464264.USD":"abrdn SICAV I - GLOBAL INNOVATION EQUITY \"A\" (USD) ACC","SG9999018857.SGD":"United Global Quality Growth Fd Cl Acc SGD-H","IE00B7SZLL34.SGD":"Legg Mason ClearBridge - Value A Acc SGD-H","SGXZ51526630.SGD":"大华环球创新基金A Acc SGD","LU0106261372.USD":"SCHRODER ISF US LARGE CAP \"A\" ACC","IE00B19Z3581.USD":"Legg Mason ClearBridge - Value A Acc USD","SG9999018865.SGD":"United Global Quality Growth Fd Cl Dist SGD-H","IE0002270589.USD":"LEGG MASON CLEARBRIDGE VALUE \"A\" (USD) INC","BK4585":"ETF&股票定投概念","LU1988902786.USD":"FULLERTON LUX FUNDS GLOBAL ABSOLUTE ALPHA \"I\" (USD) ACC","BK4503":"景林资产持仓","LU0642271901.SGD":"Janus Henderson Horizon Global Technology Leaders A2 SGD-H","OTX.SI":"迈怡汇有限公司","LU0082616367.USD":"摩根大通美国科技A（dist）","BK4536":"外卖概念","LU0719512351.SGD":"JPMorgan Funds - US Technology A (acc) SGD","LU0006306889.USD":"SCHRODER ISF US LARGE CAP \"A\" (USD) INC AV","BK4230":"旅客陆运","BK4505":"高瓴资本持仓","SG9999017495.SGD":"UGDP UNITED GLOBAL QUALITY GROWTH \"B\" (SGD) ACC","IE00BZ199S13.USD":"BNY MELLON MOBILITY INNOVATION \"B\" (USD) ACC","LU1861214812.USD":"Blackrock Future of Transport A2 USD","BK4535":"淡马锡持仓","LU2087625088.SGD":"ALLSPRING  US ALL CAP GROWTH \"A\" (SGDHDG) ACC","LU1814569148.SGD":"WELLINGTON GLOBAL QUALITY GROWTH \"D\" (SGDHDG) ACC","SGXZ81514606.USD":"大华环球创新基金A Acc USD","LU0353189680.USD":"富国美国全盘成长基金Cl A Acc","SG9999014898.SGD":"United Global Quality Growth Fund Dis SGD","SGXZ31699556.SGD":"UGDP UNITED GLOBAL QUALITY GROWTH \"C\" (SGDHDG) ACC","LU1861219969.SGD":"Blackrock Future of Transport A2 SGD-H","UBER":"优步","SG9999014914.USD":"UNITED GLOBAL QUALITY GROWTH (USDHDG) INC","BK4588":"碎股","BK4550":"红杉资本持仓","LU1064131342.USD":"Fullerton Lux Funds - Global Absolute Alpha A Acc USD","SG9999015952.SGD":"LIONGLOBAL DISRUPTIVE INNOVATION \"I\" (SGD) ACC","LU0353189763.USD":"ALLSPRING  US ALL CAP GROWTH FUND \"I\" (USD) ACC","LU2360107325.USD":"BGF FUTURE OF TRANSPORT \"A4\" (USD) INC","BK6520":"工商业服务概念","LU2264538146.SGD":"Fullerton Lux Funds - Global Absolute Alpha A Acc SGD","IE00BFMHRM44.USD":"NEUBERGER BERMAN GLOBAL EQUITY MEGATRENDS \"A\" (USD) ACC","BK4551":"寇图资本持仓","GB00BDT5M118.USD":"天利环球扩展Alpha基金A Acc"},"translate_title":"Slow Fog Chief Information Security Officer: It is speculated that WOO X may lead to ultra-vires vulnerabilities due to API permission control issues","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"165523":1,"399994":1,"OTX.SI":1,"UBER":1},"content_text":"Foresight News 消息，慢雾首席信息安全官 23pds 发推表示，WOO X 曾于 6 月 30 日进行了 API v3 升级，其推测是 API 权限控制问题导致的越权漏洞。原因如下：是分多笔提币、能明确说 9 个恶意用户。“所以大概率是因为新旧 API 混用，权限控制或逻辑问题导致的漏洞，从而被恶意利用。”","kind":"live","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":true,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"code":"91000000","status":"200"}}}