当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0121853

漏洞标题:人类的怠惰之一安全管理执行力度不够导致寺库中国安全边界被突破(进入内网)

相关厂商:寺库中国

漏洞作者: 路人甲

提交时间:2015-06-20 22:53

修复时间:2015-08-06 17:18

公开时间:2015-08-06 17:18

漏洞类型:成功的入侵事件

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-20: 细节已通知厂商并且等待厂商处理中
2015-06-22: 厂商已经确认,细节仅向厂商公开
2015-07-02: 细节向核心白帽子及相关领域专家公开
2015-07-12: 细节向普通白帽子公开
2015-07-22: 细节向实习白帽子公开
2015-08-06: 细节向公众公开

简要描述:

就是个弱口令,简单而又高效且杀伤力巨大
中国姓名排行TOP500(数据统计来自国家人口数据库)
http://zone.wooyun.org/content/18372
Top 100 baby names per country
http://t.cn/RwLzSdU
List of most popular given names
http://t.cn/8sEjmYG
Some common countries. Top 10 surnames and forenames
http://t.cn/RwLzSd4
List of most common surnames in Asia
http://t.cn/zTAFSEu

详细说明:

http://www.secoo.com/
qqexmail:http://mail.secoo.com/
中国姓名排行TOP500(数据统计来自国家人口数据库)
http://zone.wooyun.org/content/18372
爆破知如下帐号密码:

mask 区域 
*****an@secoo.*****
*****oo.com*****
*****coo.com*****
*****oo.com*****
*****com a1*****
*****o.com a*****
*****oo.com*****
*****o.com a*****
*****oo.com *****
*****oo.com*****
*****coo.com*****
*****oo.com *****
*****oo.com *****
*****o.com a*****
*****ecoo.co*****
*****oo.com*****
*****oo.com*****
***** a123456&*****


漏洞证明:

开始了
DHL订单

dhl.png


dhl1.png


客服信息

kefu.png


kefu1.png


kefu2.png


等等,先想想为什么都是a123456
看这里

yuanlairuci.png


原来如此
那我们看RTX

RTX.png


rtx1.png


一开始登录不上,看下配置,选择远程登录即可

rtxpeizhi.png


商家后台密码泄漏

http://sop.secoo.com/cooperator/main.action    1719   shms   SHms0000


shangjia.png


shangjia1.png


shangjia2.png


企业邮箱通讯录

tongxunlu.png


mask 区域 
*****[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;lixuebing@se*****
*****@secoo.com;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>*****
*****com;[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a*****
*****t;;"罗之琳"<[email protected]>;"卢雅娜"<[email protected]>;"吕薇—投资"<[email protected]>;"马晓菲"<[email protected]>;"Michelle"<[email protected]>;"潘婷婷"<[email protected]>;"passport"<[email protected]>;"钱包业务服务"<[email protected]>;"支付"<[email protected]>;"易宝欧元账户"<[email protected]>;"易宝欧元账户"<[email protected]>;"易宝香港账户"<[email protected]>;"易宝日本帐号"<[email protected]>;"易宝日币账户"<[email protected]>;"易宝美国帐号"<[email protected]>;"易宝美国账户"<[email protected]>;"裴胜"<[email protected]>;"PostMaster"<[email protected]>;"钱赟"<[email protected]>;"权芸芸"<[email protected]>;"打印机"<[email protected]>;"secoo淘宝店"<[email protected]>;"举报邮箱"<[email protected]>;"支付宝"<[email protected]>;"美国站支付"<se*****


来,我们来看下一个叫曹京的人

CAOJINNIUBI.png


caojinniubii.png


掌管各种VPN
嗯,VPN

vpnnnnnnn.png


VPNNNN.png


vpn333333.png


vpn33333.png


vpn33.png


目测一个员工一个VPN
未相继测试
还有国外VPN,是一个叫lili美女的
一个邮件里有下载openvpn

vpn2.png


vpn22.png


vpn1.png


vpn11.png


各种密码哇

vpm43333.png


mima.png


修复方案:

mask 区域 
*****^^要的是默认^*****
**********
*****[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;lixuebing@se*****
*****@secoo.com;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>*****
*****com;[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a*****
*****om>;"罗之琳"<[email protected]>;"卢雅娜"<[email protected]>;"吕薇—投资"<[email protected]>;"马晓菲"<[email protected]>;"Michelle"<[email protected]>;"潘婷婷"<[email protected]>;"passport"<[email protected]>;"钱包业务服务"<[email protected]>;"支付"<[email protected]>;"易宝欧元账户"<[email protected]>;"易宝欧元账户"<[email protected]>;"易宝香港账户"<[email protected]>;"易宝日本帐号"<[email protected]>;"易宝日币账户"<[email protected]>;"易宝美国帐号"<[email protected]>;"易宝美国账户"<[email protected]>;"裴胜"<[email protected]>;"PostMaster"<[email protected]>;"钱赟"<[email protected]>;"权芸芸"<[email protected]>;"打印机"<[email protected]>;"secoo淘宝店"<[email protected]>;"举报邮箱"<[email protected]>;"支付宝"<[email protected]>;"美国站支付"*****
*****oo.com*****
*****oo.com*****
*****coo.com*****
*****oo.com*****
*****com a1*****
*****o.com a*****
*****oo.com*****
*****o.com a*****
*****oo.com *****
*****oo.com*****
*****coo.com*****
*****oo.com *****
*****oo.com *****
*****o.com a*****
*****ecoo.co*****
*****oo.com*****
*****oo.com*****
*****oo.com*****
**********
*****ji*****
**********
1.http://**.**.**/loginredirectUrl=http%3A%2F%2Fabdpop.secoo.com%2F_
**********
**********
2.http://**.**.**/cooperator/main.action    1719   shms   SHms0000_
**********
**********
*****.com   lili@*****
**********
**********
**********
*****089h    11*****
**********
**********
**********
**********
**********
*****cod*****

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-06-22 17:18

厂商回复:

感谢提交,已经积极修复

最新状态:

暂无