当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144324

漏洞标题:中国普天支付某漏洞导致getshell可泄漏持卡人等信息

相关厂商:中国普天支付

漏洞作者: 路人甲

提交时间:2015-09-30 22:43

修复时间:2015-11-24 16:54

公开时间:2015-11-24 16:54

漏洞类型:服务弱口令

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-30: 细节已通知厂商并且等待厂商处理中
2015-10-10: 厂商已经确认,细节仅向厂商公开
2015-10-20: 细节向核心白帽子及相关领域专家公开
2015-10-30: 细节向普通白帽子公开
2015-11-09: 细节向实习白帽子公开
2015-11-24: 细节向公众公开

简要描述:

中国普天

详细说明:

**.**.**.**:7001/cardservice/payment/index.action

1.jpg


**.**.**.**:7001/console/login/LoginForm.jsp
weblogic/11111111
可以上传war格式的马
拿到shell
**.**.**.**:7001/ma/ma3.jsp
数据库连接信息
/domains/payment/config/jdbc/PTPAY_POOL-0359-jdbc.xml

jdbc:oracle:thin:@**.**.**.**:1521:testdb
devaccount
devaccount


连接数据库

T_BAT_CARD_BAL 
T_LOG_ONLINE_PAYMENT_HIS 
T_BAT_CLEAR_PAYMENT_DETAIL 
T_LOG_ONLINE_P20120313_HIS 
T_LOG_ONLINENT_HIS111222 
T_LOG_ONLINE__HIS20120612 
T_BAT_CARD_BAL_TEMP 
T_INFO_ACCOUNT 
T_INFO_ACCOUNT_CARD 
T_INFO_CARD 
T_LOG_ACCOUNT_PAYMENT 
T_LOG_OFFACCOUNT_PAYMENT 
T_BAT_LOG_PROCEDURE 
T_LOG_OFFLINE_PAYMENT_HIS 
T_BAT_SETTLE_CHECK_CYC 
WL_OPRCARDSTOCKDETAIL 
T_POSP_ACCT_CHK_INST_D 
WULIU_BAT_STATISTICS_STOCK 
WL_BUSCARDINOUTDETAIL 
T_POSP_TXN 
T_BAT_AML_ACCOUNT 
T_BAT_CLEAR_DTL 
T_POSP_TERM_INF 
T_POSP_TERM_INF20131111 
T_INFO_ORG_TERMINAL 
T_POSP_OUT_TERM_ORG_INFO 
T_LOG_OPERATION 
T_RGHT_ROLE_FUNCTION 
T_BAT_RUN_LOG 
T_BAT_CLEAR_DTL20120612 
T_BAT_XY_RECON_DETAIL_HIS 
T_LOG_ACCOUNT_MANAGEMENT 
T_LOG_PREAUTH_APPLY 
T_POSP_TXN_MNG 
T_POSP_TXN_MNG_PID 
T_POSP_ALLACCT_STAT 
T_INFO_ORG 
T_LOG_PRINT_INVOICE 
T_POSP_TXN_FILE_REG 
WL_INNER_DEBUG_LOG 
T_INFO_BUYCRD_CUSTOMER 
T_BAT_TXN_AMT_STAT 
T_POSP_OUT_MCHNT_INFO 
T_RULE_SETTLE_2 
T_POSP_TXN_2CORE_PID 
T_RULE_SETTLE_CYCLE_2_TEMP 
T_RULE_SETTLE_CYCLE_2 
T_INFO_CUSTOMER 
T_INFO_CARD_NO_MAP 
WL_BUSCARDSTOCK_HIS 
T_LOG_BOND_PAYMENT 
WL_TXNDTL_SELL 
T_BAT_SETTLE_DTL_2 
T_BAT_FILE_LOG 
T_LOG_ACCOUNT_ALTER 
T_BAT_XY_RECON_INOUT 
WL_BUSCARDINOUT 
WL_OPRCARDSTOCKDETAIL_HIS 
T_BAT_SETTLE_DTL_1 
T_POSP_SHTY_ACCT_DAYSQEQ 
T_DICT_CODE 
WULIU_BAT_STATISTICS 
T_POSP_TERM_PRM_CFG 
T_RGHT_FUNCTION 
T_REPORT_RP_COLUMN 
WL_BUSCARDSTOCKDETAIL 
WL_BUSCARDSTOCK 
T_LOG_ONLINE_PAYMENT 
T_LOG_ONLINE_PAYMENT20140215 
T_INF_CARD_ISSUE_2ND 
T_DICT_AREA_CITY 
T_BAT_AML_MERCH 
T_LOG_ONLINE_PAYMENT20130808 
WL_BUSCARDSTOCKDETAIL_HIS 
T_BAT_DIFF_LOTTERYORG_HIS 
T_POSP_BMP_INF 
T_INFO_INVOICE 
T_INFO_ORDER 
T_RGHT_USER_ROLE 
EACODE 
T_LOG_ONLINE_PAYMENT20130806 
T_BAT_XY_RECON_FILE 
T_POSP_FLD_INF 
T_INFO_USER 
T_INFO_ORDER_DTL 
T_LOG_CHANGECARD_APPLY 
T_POSP_TXN_AUTH 
T_DICT_INFO 
T_POSP_CON_INF 
T_DICT_TXN_ERRCODE 
T_LOG_OFFLINE_PAYMENT20130625 
TBCARDCSNRELATION 
WL_BUSCARDINOUTDF 
T_POSP_BATTR_TXN 
T_REPORT_RP_QUERY 
T_INFO_ORDER_PAY 
T_POSP_MSG_INF 
T_REPORT_OUTKEYTB 
T_LOG_CARD_ISSUANCE 
T_RGHT_ROLEDEF 
T_INFO_INVOICE_TEMP 
T_INFO_BUYCRD_CUSTOMER_TEMP 
T_POSP_NO_HANDLINGCHARGE 
T_DICT_TXN_CODE 
WL_ORDER 
T_LOG_COUPON_PAYMENT_HIS 
T_INFO_ORDER_CARDDTL 
T_POSP_TXN_TONGLIAN 
T_REPORT_RIGHT_ROLE_FUNCTION 
T_POSP_TXN_IC_PURSE 
T_LOG_ONLINE_PAYMENT20130807 
T_POSP_TXN_REVSAL_PID 
T_POSP_RSP_CODE_MAP 
T_INFO_SALESMAN 
T_LOG_MNG_TXN_REG 
T_LOG_MNG_TXN_DTL 
T_BAT_AML_TXN 
T_GM_OPEN_ACCOUNT 
T_INFO_ORDER_DTL_TEMP 
T_BAT_SHARED_DTL_2 
T_BAT_SELL_SIGNCARD 
T_LOG_ONLINE_PAYMENT20130617 
T_INFO_ORDER_TEMP 
T_LOG_ONLINE_PAYMENT20130625 
T_POSP_ROUTE_INF 
T_POSP_TXN_INF 
T_FILE_ERROR_PAYMENT 
T_BAT_CRDMANAGE_DTL 
T_LOG_ONLINE_PAYMENT20130803 
WL_OPRCARDSTOCK 
T_ENCODERULE_CARD 
T_DETAIL_BANK_RECMENT 
T_LOG_ONLINE_PAYMENT20140219 
T_LOG_ONLINE_PAYMENT20140213 
T_REPORT_RP_BASE 
T_INFO_BLACK 
T_LOG_OFFLINE_PAYMENT20130803 
T_LOG_ONLINE_PAYMENT20130804 
T_FILE_BATCH_OPEN_ACCOUNT 
T_LOG_ONLINE_PAYMENT20140216 
T_CLAIM_BANK_RECMENT 
T_POSP_PRM_INF_SORTED 
T_RULE_SHARED 
TDUPPKGREGTB 
T_LOG_ONLINE_PAYMENT20130623 
T_POSP_PRM_INF 
T_BAT_CLEAR_COUPON_DTL 
T_RULE_SETTLE_1 
T_RULE_FEE 
T_LOG_ONLINE_PAYMENT20130802 
T_POSP_DIFF_RESULT 
T_LOG_POINT_INACTIVE 
T_LOG_ONLINE_PAYMENT20130621 
T_POSP_MSQ_INF 
T_REPORT_DICT_CODE 
T_BAT_SHARED_DTL_1 
T_INFO_DEPARTMENT 
T_INFO_CARDHOLDER_FEE_RATE 
T_INFO_BLACKBAK 
T_FILE_CONTROL 
T_SYS_PRM 
T_POSP_SHTY_ACCT_DTL 
T_REPORT_RIGHT_FUNCTION 
T_POSP_SAF_MSG 
T_LOG_ONLINE_PAYMENT20130329 
T_BAT_TASK_CFG 
T_RULE_SETTLE_CYCLE_2_HIS 
T_LOG_ONLINE_PAYMENT20130331 
T_POSP_SRV_INF 
T_INFO_ORDER_REBATE 
T_ENCODERULE_CARD_ADD 
T_LOG_POINT_ACTIVE 
T_LOG_ONLINE_PAYMENT20130805 
T_LOG_OFFLINE_PAYMENT20130806 
T_POSP_KEY_CFG 
T_POSP_DICT_INF 
WL_TXNDTL_TH 
T_LOG_OFFLINE_PAYMENT20130802 
T_LOG_ONLINE_PAYMENT20130330 
T_BAT_DIFF_LOTTERYORG_INOUT 
T_REPORT_DICT_INFO 
T_POSP_TXN_TRANSFER2CUP 
T_INFO_CARDHOLDER_FEE 
T_TRANS_LINK 
T_POSP_INF_DICT 
T_LOG_ONLINE_PAYMENT20130325 
T_POSP_LINE_CFG 
T_INFO_ADVICE 
T_LOG_OFFLINE_PAYMENT 
T_INFO_ISSORG_SERVICEFEE 
T_INFO_ACCESS_ORG 
T_LOG_ONLINE_PAYMENT20130622 
T_INFO_POINT_COUPON 
T_LOG_OFFLINE_PAYMENT20130805 
T_POSP_CONV_TYPE 
T_INFO_COUPON 
WL_BISUPPLYUNIT 
T_RULE_SETTLE_CYCLE_1 
T_LOG_ONLINE_PAYMENT20121109 
T_LOG_ONLINE_PAYMENT20130326 
T_POSP_IPC_INF 
XJ_CUSTOMER 
T_LOG_ACCT_PAYMENT 
T_DICT_BUSI_INF 
T_RULE_SHARED_HIS 
T_LOG_ONLINE_PAYMENT20121202 
T_LOG_ONLINE_PAYMENT20130101 
T_REPORT_RIGHT_USER 
T_PAYMENT_MSG_SEND 
T_REPORT_RP_INFO 
T_RULE_FEE_HIS 
T_LOG_APPLY_RECONCILIATION 
T_POSP_SHTY_ACCT_STAT 
T_LOG_ONLINE_PAYMENT20121203 
T_LOG_ONLINE_PAYMENT20130327 
T_POSP_RED_TERM_SIGNIN_RESULT 
T_FILE_BANK_RECMENT 
T_BAT_SETTLE_DTL_INVOICE 
T_BAT_FILE_TASK_DEF 
EAPARAM 
T_BAT_XY_RECON_DETAIL_SUPPLE 
T_RULE_SETTLE_0 
T_POSP_OUT_ORG_INFO 
T_REPORT_RIGHT_USER_ROLE 
T_RULE_SETTLE_CYCLE_0_HIS 
T_RULE_SETTLE_2_HIS 
T_RULE_SETTLE_0_HIS 
T_BAT_POINT_RECONCIL 
XJ_CCCC 
XI 
T_PAYMENT_MSG_TEMP_SEND 
T_POSP_OUT_SYS_INF 
T_POSP_LINE_INF 
CNTXDTB 
CNDATADIRINFOTB 
T_LOG_DUBIOUS_TXN 
T_LOG_OFFLINE_PAYMENT20130617 
T_POSP_TERM_INF20131001 
T_POSP_TIMEOUT_INFO 
T_POSP_OUT_SHOP_INFO 
T_BAT_BOC_CONSIGN 
T_LOG_OFFLINE_PAYMENT20130621 
T_LOG_ONLINE_PAYMENT20130626 
T_LOG_ONLINE_PAYMENT20130627 
T_BAT_CUT_CTL 
T_BAT_FILE_TASK_CFG 
WL_BUSMAKECARDDETAIL 
WL_RCCIMPORT 
T_REPORT_BACKUP 
T_REPORT_RIGHT_ROLE 
T_RISK_PASSWD_ERR_CTL 
T_POSP_BAT_CUT_CTL 
T_POSP_SSN 
T_BAT_XJ_LOG 
T_INFO_MSG_RECEIVE_ADDR 
T_RULE_SETTLE_1_HIS 
T_INVOICE_MISS_BACK 
T_LOG_ONLINE_PAYMENT20121110 
T_LOG_ONLINE_PAYMENT20130131 
T_LOG_OFFLINE_PAYMENT20130808 
T_POSP_TONGLIAN_MERCHANT_INFO 
T_LOG_OFFLINE_PAYMENT20130804 
T_SUPPLY_TXN_LOGS 
T_POSP_SINOPEC_TERM 
SMSSVR_IN 
SMSVR_OUT 
T_INFO_ORDER_REFUNDDTL 
T_LOG_OFFLINE_PAYMENT20130623 
T_LOG_OFFLINE_PAYMENT20130622 
T_LOG_OFFLINE_PAYMENT20130627 
T_LOG_OFFLINE_PAYMENT20130626 
T_BAT_DIFF_LOTTERYORG 
T_POSP_TXN_TRANSFER_ACCT 
T_BAT_XY_RECON_DETAIL 
T_LOG_OFFLINE_PAYMENT20121110 
T_LOG_ONLINE_PAYMENT20121113 
T_LOG_OFFLINE_PAYMENT20121113 
T_LOG_OFFLINE_PAYMENT20121114 
T_LOG_ONLINE_PAYMENT20121114 
T_LOG_ONLINE_PAYMENT20121115 
T_LOG_OFFLINE_PAYMENT20121115 
T_LOG_OFFLINE_PAYMENT20121130 
T_LOG_OFFLINE_PAYMENT20121129 
T_LOG_ONLINE_PAYMENT20121129 
T_LOG_ONLINE_PAYMENT20121130 
T_LOG_OFFLINE_PAYMENT20121202 
T_LOG_OFFLINE_PAYMENT20121201 
T_LOG_ONLINE_PAYMENT20121201 
T_LOG_OFFLINE_PAYMENT20121203 
T_LOG_OFFLINE_PAYMENT20121205 
T_LOG_OFFLINE_PAYMENT20121204 
T_LOG_ONLINE_PAYMENT20121204 
T_LOG_OFFLINE_PAYMENT20121230 
T_LOG_ONLINE_PAYMENT20121205 
T_LOG_OFFLINE_PAYMENT20121231 
T_LOG_ONLINE_PAYMENT20121230 
T_LOG_ONLINE_PAYMENT20121231 
T_LOG_OFFLINE_PAYMENT20130103 
T_LOG_OFFLINE_PAYMENT20130101 
T_LOG_OFFLINE_PAYMENT20130102 
T_LOG_ONLINE_PAYMENT20130102 
T_LOG_OFFLINE_PAYMENT20130128 
T_LOG_ONLINE_PAYMENT20130103 
T_LOG_ONLINE_PAYMENT20130128 
T_LOG_OFFLINE_PAYMENT20130131 
T_LOG_ONLINE_PAYMENT20130129 
T_LOG_OFFLINE_PAYMENT20130129 
T_LOG_OFFLINE_PAYMENT20130130 
T_LOG_ONLINE_PAYMENT20130130 
T_LOG_OFFLINE_PAYMENT20130201 
T_LOG_ONLINE_PAYMENT20130201 
T_LOG_ONLINE_PAYMENT20130202 
T_LOG_OFFLINE_PAYMENT20130202 
T_BAT_SETTLE_BANK 
T_LOG_OFFLINE_PAYMENT20130325 
T_LOG_OFFLINE_PAYMENT20130327 
T_LOG_OFFLINE_PAYMENT20130326 
T_LOG_OFFLINE_PAYMENT20130329 
T_LOG_ONLINE_PAYMENT20130328 
T_LOG_OFFLINE_PAYMENT20130328 
T_LOG_OFFLINE_PAYMENT20130330 
T_LOG_OFFLINE_PAYMENT20130331 
T_LOG_OFFLINE_PAYMENT20130807 
T_LOG_OFFLINE_PAYMENT20140213 
T_BAT_ORDER_CARDNO 
T_BAT_ORDER_BALANCE 
T_LOG_OFFLINE_PAYMENT20140217 
T_POSP_MON_DISKSPACE 
T_LOG_OFFLINE_PAYMENT20140215 
T_LOG_OFFLINE_PAYMENT20140216 
T_LOG_OFFLINE_PAYMENT20140218 
T_LOG_ONLINE_PAYMENT20140217 
T_LOG_ONLINE_PAYMENT20140218 
T_LOG_OFFLINE_PAYMENT20140219 
T_ORDER_SCOPE 
T_ORDER_SCOPE_CURR 
T_TEST_DICT 
T_INFO_NOTICE_TEST 
T_INFO_ENTERPRISE 
T_INFO_OTAPWD_TRANSFER 
T_INFO_SERVICEFEE 
T_LOG_ACCOUNT_ALTER_HIS 
T_LOG_ACCOUNT_MANAGEMENT_HIS 
T_LOG_ACCOUNT_PAYMENT_HIS 
T_LOG_ASK_COMPLAITS 
CNUNITDATAMAP 
TDDOWNPKGREGTB 
TPPARAMTB 
WL_BUSCARDINOUTTHCONDITION 
WL_BUSMAKECARDDETAIL_HIS 
WL_OPRCARDSTOCKDETAILCK 
WL_OPRCDKREGISTE 
WL_OPRCDKREGISTEDETAIL 
T_FILE_BATCH_CHARGE_ACCOUNT 
T_FILE_BATCH_SALE_ACCOUNT 
T_FILE_BAT_DEAL 
T_INFO_ACCOUNT_BOND 
WL_TXNDTL_RECORD 
WL_TXNDTL_TH_BACK 
WULIU_BAT_LOG 
T_TEMP_LOG_PAYMENT_BAT_LOTTERY 
T_POSP_TXN_HIS 
T_POSP_TXN_IC_PURSE_HIS 
T_POSP_TXN_TRANSFER_ACCT_HIS 
T_RISK_BLACK_CUSTOMER 
T_RISK_BLACK_MERCHANT 
T_RISK_CUSTOMER_COMMON_RULE 
T_RISK_MERCHANT_COMMON_RULE 
T_LOG_RECONCILIATION 
T_LOG_REFUND_APPLY 
T_LOG_UPACCCOUNT_TXN 
T_MSG_CONFIRM 
T_MSG_UNCONFIRM 
T_PARA_ACCOUNT_BAL 
T_PARA_MERCHANT_REFUND_RULE 
T_POSP_SAF_MSG_HIS 
T_LOG_DUBIOUS_TXN_HIS 
T_LOG_MERCHANT_DAY_TXN 
T_LOG_MESSAGE 
T_LOG_MESSAGE_RANGE 
T_LOG_MESSAGE_VIEWER 
T_POSP_TXN_4046_REG 
T_RULE_SETTLE_CYCLE_1_HIS 
XIAJIE 
T_LOG_DISC_JNL 
T_INFO_JOIN_ARCH 
T_INFO_DISC_RATE 
T_INFO_DISC_ARCH 
XJ_TEST 
T_BAT_CLEAR_DTL_FINAL 
T_INFO_POINT 
T_LOG_COUPON_PAYMENT 
T_BAT_POINT_CONFIRM 
T_BAT_POINT_CONFIRM_HIS 
T_BAT_POINT_RECONCIL_HIS 
T_RULE_SETTLE_CYCLE_0 
T_BAT_AML_MERCH_CONFIG 
T_LOG_ONLINE_PAYMENT20121111 
T_LOG_OFFLINE_PAYMENT20121111 
T_LOG_OFFLINE_PAYMENT20121112 
T_LOG_ONLINE_PAYMENT20121112 
T_LOG_OFFLINE_PAYMENT20121109 
。。。。。。。。。。。。。。


大量信息泄漏

1.jpg

漏洞证明:

2.jpg

修复方案:

修改密码

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-10-10 16:52

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给上海分中心,由其后续协调网站管理单位处置(需要新建立联系渠道).

最新状态:

暂无