当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142679

漏洞标题:万银财富某交易登录存在漏洞导致getshell泄漏大量信息可内网

相关厂商:万银财富

漏洞作者: 路人甲

提交时间:2015-09-22 09:16

修复时间:2015-09-27 09:18

公开时间:2015-09-27 09:18

漏洞类型:服务弱口令

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-22: 细节已通知厂商并且等待厂商处理中
2015-09-27: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

getshell泄漏大量信息可内网

详细说明:

http://106.120.97.2:7001/etrading/

2.jpg


http://106.120.97.2:7001/console/login/LoginForm.jsp
weblogic/weblogic1
上传war格式的马 拿到shell
http://106.120.97.2:7001/ma/ma3.jsp
D:/ETSDomain/config/jdbc/dstrade2edatasource2esysConfig-7697-jdbc.xml

jdbc:oracle:thin:@192.168.1.111:1521/orcl
hssale
hssale


大量表信息

VYEBPAYINRESULT 
VYEBPAYOUTREQUEST 
THSMSSEND 
TCHECKIDRESULT 
TARCHIVES 
TCXGRIDVIEW 
TSALESYSGUID 
TLATERREQUEST 
THLATERREQUEST 
TQUERYCONFIG 
TMP_LIMIT_TRUST 
TMP_LIMIT_SHARETYPE 
TMP_LIMIT_OTHERFUNDCODE 
TMP_LIMIT_FUNDCODE 
TMP_LIMIT_CUSTTYPE 
TMP_LIMIT_CUSTKIND 
TMP_LIMIT_CAPITALMODE 
TMP_LIMIT_BUSINFLAG 
TMP_LIMIT_BANKNO 
TMP_DISCOUNT_TRUST 
TMP_DISCOUNT_TRADEACCO 
TMP_DISCOUNT_SHARETYPE 
TMP_DISCOUNT_PROMOTION 
TMP_DISCOUNT_OTHERFUNDCODE 
TMP_DISCOUNT_NETNO 
TMP_DISCOUNT_MINBALA 
TMP_DISCOUNT_MAXBALA 
TMP_DISCOUNT_FUNDCODE 
TMP_DISCOUNT_CUSTTYPE 
TMP_DISCOUNT_CUSTKIND 
TMP_DISCOUNT_CENTERNO 
TMP_DISCOUNT_CAPITALMODE 
TMP_DISCOUNT_BUSINFLAG 
TMP_DISCOUNT_BROKERNO 
TMP_DISCOUNT_BANKNO 
TTRADEINTERACT 
TTRUSTJKCONFIRM 
TTRUSTPZCONFIRM 
TDEALPROCESS_NET 
SEQUENCES_TMP 
TACCOINTERACT 
TSHARECOMP 
TACCOMANAGER 
TACCOTGR 
TAGENCYFUNDINFO 
TALLOTREDEEMBATIMP 
TBACKCAPMIDACCO 
TBANKBALANCEDETAIL 
TBANKCAPITAL 
TCAPITALCOMMAND 
TCAPITALDATASFLAG 
TCAPITALSYSTEMCONFIG 
TCAPSPILITPARAMETER 
TCHECKCONFIG 
TCHINAPAYFIXPLANSHOT 
TCOLLECTCAPIN 
TCOMEINASSET 
TCONFIRM_LIQ 
TCUSTMATCH 
TDIVIDENDDETAIL_LIQ 
TDSAPPADDRESS 
TEFUNDCONTRACT 
TFUNDATTACHINFO 
TFUNDINFOQUERY 
TFUNDMARKET_REST 
TGLRYEBINCOMECURRENT 
THACCOINTERACT 
THCAPITALCOMMAND 
THPARTNERREQUEST 
THTRADEINTERACT 
TINTRANSITREQ 
TORGPAYRATE 
TPARTNERREQUEST 
TPARTNERREQUESTDETAIL_WEB_JD 
TPARTNERSENDCONFIG 
TPROEXPORTCAPITALSET 
TRISKLIMIT_WEB 
TSHAREQUERY 
TSUMREQUEST_TMP 
TTHIRDPROTOCOL 
TTHIRDPROTOCOLCURRENT 
TTHIRDPROTOCOLCURRENT_TMP 
TTHIRDPROTOCOLDETAIL 
TTHIRDPROTOCOL_TMP 
TTRUSTJKCONFIRM_TMP 
TTRUSTPZCONFIRM_TMP 
TTZRYEBINCOMECURRENT 
TUSERMANAGER 
TYEBACCOBANK 
TYEBACCOINFO 
TYEBASSET 
TYEBASSET_BEFORECASH_DS 
TYEBASSET_TOTAL 
TYEBCALLDSTRANSFERORDER 
TYEBCONVERTREQUEST 
TYEBFROZENCURRENT 
TYEBFUNDDAY 
TYEBPAYINREQUEST 
TZFFUNDLIMIT 
TBANKNAME 
TCOMFORMAT 
HSI_MODIFYDETAILLOG 
TQUERYCOMFORMAT 
TWORDSPELL 
TIFILEFIELD 
TERRORCODE 
TEXPSCALE 
TDEINTERFACE 
TSERVICE 
TSUBAREACODE 
TDICTIONARY 
HSI_OPLOG 
HSI_MODIFYLOG 
TVOUCHERFIELD 
TCOMDICT 
TEVIEWCONFIG 
TAUDITLOG 
TFIELDCORRESPOND 
TJZFIELDCORRESPOND 
TJZIFILEFIELD 
HSI_GROUPRIGHT 
TACCOMODIFYLOG 
TOPENDAY 
TBUSINPERMISSION 
TJZINTERFACEDICT 
TREPORTGROUPSET 
TDICCODERELATION 
TINTERFACEDICT 
TCITY 
TFAREZONE 
TQUERYGRIDSET 
TAREACODE 
TESERVICE 
TLIMIT 
TSQL 
HSI_MENU 
TSYSPARAMETER 
HSR_REPORTCLASS 
TREPORTFIELDSET 
TQUESTIONOPTION 
TBUSINFLAG 
TSZTCOMFORMAT 
TBATCHREQCPD 
TTRUSTPERMISSION 
HSR_REPORT 
TBATCHREQDICT 
TCAPITALBUSIN 
HSI_PARAMETER 
TTAINFO 
TSZTCOMDICT 
TFUNDTYPE 
TCAPITALMODEBROKER 
TVOUCHERSQL 
TQUESTIONREPLY 
TLIQUIDATEFLAG 
TTRADESETFIELDPARAM 
HSI_TOOLBUTTON 
TDEALPROCESS 
TFREEQUERY 
TQUESTIONNAIRE 
TFILETYPE 
HSI_PASSWORDHIS 
TFUNDACCO_NET 
TERRORMSG 
TACCORELATION_NET 
HSR_CLASS 
TFUNDACCO 
TACCORELATION 
HSI_USERSTATE 
TCUSTRISKINFO 
TCUSTFUND 
HSI_USERNETNO 
HSI_USERGROUP 
HSI_USER 
HSI_RIGHT 
HSI_GROUP 
TCUSTFUND_NET 
HSI_ERRORLOG 
TRISKLIMIT 
TDISCOUNT 
TCAPITALMODENET 
TBUSINAUDIT 
THYLFEE 
TSZTMSGSERVICE 
TSZTCOMPONENT 
TSALE 
TQUERYOTHERSET 
TBUSINSETUPMUX 
TBUSINCFG 
HSI_SYSTEM 
TNETSTATION 
TFUNDINTERFACE 
TTAAUTHORIZATION 
TFUNDMANAGER 
TBANKACCOCAPITAL 
TCHILDCENTER 
TBROKER 
TBRANCH 
TBANKACCOCURRENT 
TSTATICSHARE 
TACCOBANK 
TACCOCONFIRM 
TACCOCONFIRM_TMP 
TACCOINFO 
TACCOREQUEST 
TACCOREQUEST_BATCH 
TACCOTRUSTCHANNEL 
TBANKACCOCURRENT_TMP 
TBROKERSUCCESS 
TCAPITALINNOACCO 
TCAPITALIN_TMP 
TCAPITALMATCH 
TCHINAPAYCOMP 
TCHINAPAYCOMPRESULT 
TCOMMANDDETAIL 
TCOMMANDRELATION 
TCOMMANDTOTAL 
TCOMPRESULT 
TCONFIRM 
TCONFIRMCOLLECT_TMP 
TCONFIRMDETAIL 
TCONFIRM_TMP 
TCONTRACTCONFIRM 
TCUSTINFO 
TCUSTSUCCESS 
TCUSTSVRSTATE 
TDIVIDENDDETAIL 
TDIVIDENDDETAIL_TMP 
TFIXREQUEST 
TFUNDCOMPRESULT 
TFUNDCURRENT 
TFUNDDETAIL 
TFUNDGO 
TLINKBANKACCO 
TLINKBANKCAPITAL 
TPARTNERSUCCESS 
TREQUEST 
TREQUESTMODIFYLOG 
TREQUEST_BATCH 
TSHARECOMP_TMP 
TSHARECURRENT 
TSHAREDETAIL 
HSI_LOGINMAC 
HSI_MACLIST 
HSI_MUTEX 
HSR_FLOWAUTOREPORT 
STG_TSHARE 
TACCOBANKMINBALANCE 
TACCOBANKRELATION 
TACCOBANK_NET 
TACCOCONFIRM_TMP02 
TACCOINFO_NET 
TACCOINTERESTRATE 
TACCORANGE 
TACCOREQUEST_BACK20120725 
TACCOREQUEST_NET 
TACCOTRUSTCHANNEL_NET 
TADVISERCOMPANY 
TAGENCYACCOBANK 
TAGENCYACCOBANK_TMP 
TAGENCYREQUEST 
TAGENCYSHARECURRENT 
TAGENCYSTATICSHARE 
TAGENCYSTATICSHARE_TMP 
TAGENCYTRANSFER 
TALIYUNOSDATA 
TAREACODEALL 
TAUDIT 
TAUDITDETAIL 
TAVGEXPONENT 
TAVGPERATIO 
TBANKACCO 
TBANKACCORULE 
TBANKBALANCE 
TBANKBALANCECURRENT 
TBANKDETAIL 
TBANKPROTOCOL 
TBLACKLIST 
TBROKEREVENT 
TBROKERRATIO 
TBROKERRATIO_TMP 
TBROKERSUCCESS_CALCTMP 
TCAPBANKTUOSHOU 
TCAPINNOSERVEDACCOBANK 
TCAPITALCHECK 
TCAPITALDATE 
TCAPITALDATEDETAIL 
TCAPITALMODEHOST 
TCAPITALMODERATIO 
TCAPITALPROCESS 
TCERTIFICATE 
TCHANNELDISCOUNT 
TCHARGEREQUEST 
TCHINAPAYACCOBANKMOD 
TCHINAPAYACCOREQUEST 
TCHINAPAYALLOT 
TCHINAPAYFIXPLAN 
TCOMBACCOAMOUNT 
TCOMBACCOFARE 
TCOMBACCOINFO 
TCOMBINVEST 
TCONFIRM_FUND123 
TCONFIRM_TMP02 
TCONTACT 
TCONTACT_TMP 
TCONTRACT 
TCONTRACTCONFIRM_TMP 
TCONTRACTVERIFY 
TCOUNTY 
TCREDITCARDBILL 
TCUSTBROKER 
TCUSTEXTINFO 
TCUSTINFOPROFIT 
TCUSTINFO_NET 
TCUSTINTEREST 
TCUSTPWPRO 
TCUSTRISKLIST 
TDAYCOLLECT 
TDAYCOLLECT_TMP 
TDAYINCOME 
TDEFAULTBROKER 
TDYNAMICFUNDINFO 
TEACCOINFO 
TELEMENTSECURITY 
TEMPLOYEE 
TENGAGEMENT 
TEXPONENTPERATIO 
TEXPSCHEMA 
TEXPSCHEMASCALE 
TEXPSETTING 
TFAILACCOREQUEST 
TFAILCURRENTCONFIG 
TFAILFUNDCURRENT 
TFAILREQUEST 
TFARERATIO 
TFARERETURN 
TFAREZONE_TMP 
TFASTTRANSFERPARAMETER 
TFIELDVALIDATOR 
TFILEDEALNOTICE 
TFIXINVESTEXPERIENCE 
TFIXINVESTMARKETTREND 
TFIXPROMOTION 
TFIXREQUEST_NET 
TFTINCOMECOMPDATA 
TFUNDCOMEFROM 
TFUNDCONTRACT 
TFUNDCURRENT_NET 
TFUNDCURRENT_TMP 
TFUNDINFO 
TFUNDINFO_20120814 
TFUNDLIMIT 
TFUNDMARKET 
TFUNDMARKET_20120814 
TFUNDRISKINFO 
TFUNDSTATESCHEDULE 
TFUNDWORKDAY 
TFUNDYIELDLIMIT 
THACCOBANKMINBALANCE 
THACCOCONFIRM 
THACCOMODIFYLOG 
THACCOREQUEST 
THAUDITLOG 
THBANKACCOCAPITAL 
THBANKDETAIL 
THBROKERSUCCESS 
THCAPITALCHECK 
THCAPITALIN_TMP 
THCHINAPAYCOMP 
THCHINAPAYCOMPRESULT 
THCONFIRM 
THCONFIRMDETAIL 
THCONTACT 
THCREDITCARDBILL 
THCUSTRISKINFO 
THCUSTSUCCESS 
THELEMENTSECURITY 
THFAILACCOREQUEST 
THFAILFUNDCURRENT 
THFAILREQUEST 
THFUNDCURRENT 
THFUNDDETAIL 
THFUNDGO 
THFUNDMARKET 
THFUNDRISKINFO 
THLATERACCOMODIFYLOG 
THLATERCONFIRM 
THLATERFUNDINFO 
THPAYMENTCOMP 
THPAYMENTCOMPRESULT 
THPAYMENTCURRENT 
THQUESTIONREPLY 
THREMITCAPINCOMPRESULT 
THREQUEST 
THREQUESTBILL 
THREQUESTMODIFYLOG 
THSENDCHINAPAY 
THSENDCHINAPAYCOLLECT 
THSHARECURRENT 
THSHAREDETAILSUCCESS 
THSTOCK 
THSUBACCOREQUEST 
THTHIRDALLOCATIONCOMPRESULT 
THTRANSFERCOMMAND 
TIMPORTCOMPFILE 
TINCOMERATIO 
TINF_ACCONET 
TINF_ACCOREQUEST 
TINF_ACOUNTSTATIC 
TINF_AGENCYINFO 
TINF_ARLIMIT 
TINF_CAPITALRECORD 
TINF_CHANGELIMIT 
TINF_CITYNO 
TINF_CONFIRM 
TINF_CONFIRMDETAIL 
TINF_CUSTOMERINFO 
TINF_DIVIDENDDETAIL 
TINF_ECONTRACTMETA 
TINF_FAREZONE 
TINF_FUNDDAY 
TINF_FUNDINFO 
TINF_INFODISCLOSE 
TINF_NETINFO 
TINF_PROFITCURRENTS 
TINF_PROFITSCHEMA 
TINF_REQUEST 
TINF_SALELIMIT 
TINF_SHARECURRENTS 
TINF_SHAREDETAIL 
TINF_SHARESINCOME 
TINF_STATICSHARES 
TINF_SUBPROJECTS 
TINF_TRADEDETAIL 
TINF_TRUSTBENEFITCERT 
TINF_TRUSTCLIENTINFO 
TINF_TRUSTCONTRACTDETAILS 
TINF_TRUSTFUNDAGENCYINFO 
TINF_TRUSTFUNDPROFIT 
TINF_TRUSTPROFITCHANGE 
TINF_TRUSTPROJECTDAY 
TINF_TRUSTPROJECTS 
TINTEREST 
TINTERESTCURRENT 
TINTERESTRATE 
TINTERFACERECORD 
TINVESTADVISER 
TINVESTORS 
TKJZFCOMPRESULT 
TKJZFSHARECOMP 
TKJZFSHARECOMP_TMP 
TLATERACCOMODIFYLOG 
TLATERACCOREQUEST 
TLATERCONFIRM 
TLATERCONFIRMEXCLUDE 
TLATERCONFIRM_TMP 
TLATERCUSTINFO 
TLATERFUNDINFO 
TLATERFUNDINFO_TMP 
TLATERUNSETTLEDREQ 
TLIMIT_TMP 
TLINKBANKCOMP 
TLINKBANKCOMPRESLUT 
TLINKICBCCAPITAL 
TLINKICBCCOMPRESULT 
TLINKPROTOCOL 
TMANGEFARERATE 
TMONEYFUNDPAYCOMP 
TMONEYFUNDPAYCOMPRESULT 
TMONEYPAYSIGN 
TORGAN 
TOVERDRAFT 
TPARTNERACCO_WEB 
TPARTNERERRORCODECAST_WEB 
TPARTNERFEESETTING 
TPARTNERREQUESTDETAIL_WEB 
TPAYMENTACCOBANK 
TPAYMENTBANKDATE 
TPAYMENTCHECK 
TPAYMENTCOMP 
TPAYMENTCOMPRESULT 
TPAYMENTCURRENT 
TPAYMENTUNIT 
TPENDCAPITAL 
TPERATIOVALUATION 
TPROMISE 
TPROMOTIONINFO 
TPROTOCOL 
TPROTOCOLCURRENT 
TPWDLETTER 
TQUERYCONDITION 
TQUERYFIELDVALUE 
TQUERYSTATSET 
TQUERYTEMPLATEDETAIL 
TQUESTIONRISK 
TREALDEALNOTICE 
TRECOVERLOG 
TRECOVERSCHEMA 
TREMITCAPINCOMP 
TREMITCAPINCOMPRESULT 
TREQUESTBILL 
TREQUESTBILL_TMP 
TREQUEST_NET 
TRESTORETEMP 
TRISKANNOUNCE 
TSEAT 
TSECRETFIELD 
TSECTIONSCHEMA 
TSENDCHINAPAY 
TSENDCHINAPAYCOLLECT 
TSENDFAX 
TSERVICEVALIDATOR 
TSHAREDETAILSUCCESS 
TSHAREDETAIL_NET 
TSHAREDETAIL_TMP 
TSLBFUNDCURRENT 
TSLBFUNDINFO 
TSMSSEND 
TSMSSENDCFG 
TSMSSEND_TMP 
TSPECIALWORD 
TSTATICSHAREPROFIT 
TSTATICSHARES_TA 
TSTATICSHARE_NET 
TSTOCK 
TSTOCKEXPONENT 
TSUBACCOFUNDRIGHT 
TSUBACCOPROFIT 
TSUBACCOREQUEST 
TSUBACCOUNTINFO 
TSUMLIMIT 
TTHIRDALLOCATIONCOMP 
TTHIRDALLOCATIONCOMPRESULT 
TTIMELIMIT 
TTRAILCOMMISSION 
TTRANSFERCAPITALMODE 
TTRANSFERCOMMAND 
TTRANSFERSPECACCOUNT 
TTRANSMITINFO 
TTRUSTBENEFITCERT 
TTRUSTCONTRACT 
TTRUSTCURRENT 
TTRUSTDISCOUNT 
TTRUSTDISCOUNT_TMP 
TTRUSTINFO 
TTRUSTMARKET 
TTRUSTMARKET_TMP 
TTRUSTPROFIT 
TUSBKEY 
TUSERDISCOUNT 
TYEBPAYOUTREQUEST 
TYEBTRANSFERORDER 
TFUNDMARKET_TMP


然后探测下内网

1.jpg

漏洞证明:

http://106.120.97.2:7001/ma/out.jsp

3.jpg

修复方案:

修改密码

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-09-27 09:18

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无