当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170110

漏洞标题:苏省某市计生系统漏洞(涉及海量个人详细信息/涉及全市某些隐私信息/大量具体信息

相关厂商:center

漏洞作者: 路人甲

提交时间:2016-01-15 23:36

修复时间:2016-03-04 13:27

公开时间:2016-03-04 13:27

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-01-15: 细节已通知厂商并且等待厂商处理中
2016-01-19: 厂商已经确认,细节仅向厂商公开
2016-01-29: 细节向核心白帽子及相关领域专家公开
2016-02-08: 细节向普通白帽子公开
2016-02-18: 细节向实习白帽子公开
2016-03-04: 细节向公众公开

简要描述:

详细说明:

**.**.**.**/jsw2/ 南京计生系统存在命令执行,泄露了1400W+900W详细的个人信息(详细到门牌号,)30W+30W+30W个人身份信息。个人身份信息在第一个数据库,前三个表,1400W+900W在第二个数据库第一个表和第二个表,在下文中会详细标注出来。
数据过于庞大,只给出部分作为证明。

漏洞证明:

1111.png

db.png

db1.png

xinxi.png

xinxi1.png

xinxi2.png

xinxi3.png

xinxi4.png

xinxi5.png

xinxi6.png

<url>jdbc:oracle:thin:@**.**.**.**:1521:newjsw</url>
<driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name>
<properties>
<property>
<name>user</name>
<value>newjsw</value>
</property>
</properties>
<password-encrypted>{AES}dEZPo7qIt3MM2zCL6du/3BzOPatkRFQOWGy6BH70FvY=</password-encrypted> les1028
<url>jdbc:oracle:thin:@**.**.**.**:1521:jswbt</url>
<driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name>
<properties>
<property>
<name>user</name>
<value>jswbt</value>
</property>
</properties>
<password-encrypted>{AES}rHKIQNE6mqsNW75maekqELa5lggoDu9WfMKz48gvtdM=</password-encrypted> les1028

数据库配置

Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS desc
TABLE_NAME
VARCHAR2 NUM_ROWS
NUMBER
JSBT_TXDA_320100V3 333965
JSW_TXDA 333849
JSW_TXDA_20151111BAK 325576
JSW_TXDA_20151012BAK 320655
JSW_TXDA_20150813BAK 314212
JSW_TXDA_20150630BAK 311708
JSW_TXDA_20150604BAK 309579
JSW_TXDA_20150513BAK 300563
JSW_TXDA_20150309BAK 295287
JSW_TXDA_20150202BAK 292358
JSW_TXDA_20141215 283399
JSW_TXDA_20150114BAK 283399
JSBT_TXDA2 283004
JSBT_TXDA 280297
JSW_TXDA_20141201BAK 278586
JSW_TXDA_20141104BAK 273934
JSW_TXDA_20141010BAK 270572
JSW_TXDA_20140801BAK 264138
JSW_TXDA_20140911BAK 264138
JSW_TXDA_20140804BAK 260116
JSW_TXDA_20140701BAK 256633
JSW_TXDA_20140509 253179
JSW_TXDA_20140603BAK 253119
JSW_SQJLB_20150402 252870
JSW_TXDA_20140505BAK 249626
JSW_TXDA_20140403BAK 245901
JSW_TXDA_20140307BAK 243457
JSW_TXDA_20140112BAK 235669
JSW_TXDA_20140220BAK 235669
JSW_TXDA_20140107BAK 230191
JSW_TXDA_20131013BAK 219642
JSW_TXDA_20131231BAK 219642
JSW_TXDA_20131009BAK 214630
JSW_TXDA_20130901BAK 206081
TMP_JSW_ZFQKMXB_BAK20131009 201596
JSW_TXDA_20130703BAK 201569
JSW_TXDA_20130617BAK 196804
JSW_TXDA_20130428BAK 192955
TMP_JSW_ZFQKMXB 187912
JSW_TXDA_20130403BAK 184605
JSW_TXDA_BAK_20130301 184605
VVV_FFRYTJ 163072
JSW_GSQKMXB 154644
JSW_SQJLB 153461
JSW_ZFQKMXB 150289
JSW_SQJLB_20150402BAK 128999
JSW_SQJLB20140619 104158
TMP_JSW_HPQKMXB 79085
JSBT_TXDA_BC 73455
JSW_HPQKMXB2 45515
VVV_FFFFF 41875
JSW_SQJLB_20131013BAK 38099
JSW_GSQKMXB_20131013BAK 37748
JSW_ZFQKMXB_20131013BAK 37095
JSW_JFRY 29506
JSW_GSQKMXB_20130424BAK 25210
JSW_HPQKMXB2_20140415BAK 24426
JSW_JFRY_20150416_BAK 23017
JSW_SQJLB_BAK20130514 22799
OA_MANAGER_QX 21206
JSW_DWDA_20151111BAK 18295
JSW_DWDA_20151012BAK 18061
JSW_DWDA 17762
Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS desc
TABLE_NAME
VARCHAR2 NUM_ROWS
NUMBER
TP_JSBT_TXDWMX
TP_JSBT_SQJLMX
TP_JSBT_TXCXMX
WAS_TRANSDATASET 14028748 1400W个人的详细信息
BAK$WAS_TRANSDATASET101219 9732609 900W个人详细信息
BAK$WAS_TRANSDATA101219 5664107
WAS_TRANSDATA 5071046
WAS_TRANSLOG 739474
BAK$WAS_TRANSDATA 518357
BAK_JSBT_HPQKMXB_20141208 447799
BAK_JSBT_HPQKMXB_20140530 445908
BAK_JSBT_HPQKMXB_20150716 444970
BAK_JSBT_HPQKMXB_20121025 443914
BAK_JSBT_HPQKMXB_20121106 441857
JSBT_KPQKMXB_TMP 440432
BAK_JSBT_HPQKMXB_20120112 439701
JSBT_HPQKMXB 429604
BAK$JSBT_HPQKMXB$20110701 423722
BAK_JSBT_KPQKMXB_20121025 418216
BAK_JSBT_KPQKMXB_20120112 416273
JSBT_KPQKMXB 416034
YY_HP1 410698
BAK$JSBT_KPQKMXB$20110701 398972
BAK$JSBT_HPQKMXB$20101224 386080
JSBT_TXDA_OLD 302870
JSBT_TXDA_20100623 302870
JSBT_TXDA20100525 294326
JSBT_TXDA20100524 292479
JSBT_TXDA2 283004
JSBT_TXDA_20140212_BAK 282494
JSBT_TXDA_20140125BAK 282394
JSBT_TXDA_20131028BAK 282384
BAK_JSBT_TXDA_20121012 282384
BAK_JSBT_TXDA_20120112 280474
BAK_JSBT_TXDA_20111130 280343
BAK_JSBT_TXDA_20111111 280335
BAK_JSBT_TXDA_20111101 280299
JSBT_TXDA 280297
BAK$JSBT_TXDA$20110701 280297
BAK$JSBT_TXDA$20101224 279825
JSBT_TXDA_20101222 279672
BAK$WAS_TRANSDATASET 276151
BAK$JSBT_KPQKMXB$20101224 268207
JSBT_KPQKMXB_20100623 262354
JSBT_TXDA_320100V3 211848
JSBT_TXDA_320100V2_BAK 211838
JSBT_GSQKLSB 193956
BAK_JSBT_ZFQKMXB_20150716 178992
JSBT_ZFQKMXB 178980
BAK_JSBT_ZFQKMXB_20141208 178778
JSB_ZFQKMXB_20140612 178776
BAK_JSBT_ZFQKMXB_20140530 178774
BAK_JSBT_ZFQKMXB_20130606 178488
BAK_JSBT_ZFQKMXB_201314 178484
BAK_JSBT_ZFQKMXB_201313 178484
BAK_JSBT_ZFQKMXB_20121012 175282
BAK_JSBT_ZFQKMXB_20121025 175282
BAK_JSBT_ZFQKMXB_20121106 175263
JSBT_ZFQKMXB_20120712 174764
BAK_JSBT_ZFQKMXB_20120112 172590
YY_ZF_HP 166316
BAK$JSBT_ZFQKMXB$20110701 143144
JSBT_ZFQKMXB20101229 137440
BAK$JSBT_ZFQKMXB$20101224 137136
TMP_JSBT_HPQKMXB 135980
TP_LDFF_20121115 128836
TP_LDFF 128451
TP_JSBT_FFHP20110228 117368
JSBT_TXDA_320100V2_BC_BAK 103778
JSBT_TXDA_BC 73455
JSBT_TXDA_BC_20101222 73167
JSBT_TXDA_BC_20131030BAK 72815
JSBT_TXDA_320100V2_BC_20100622 68152
WAS_CZRZB 59385
TP_JSBT_DXQY 55338
TP_JSBT_ZXDW 33163
BAK$JSBT_KPQKMXB_SBSQY 31092
TP_JSBT_TXDA_SBSQY_QH 30487
BAK$JSBT_TXDA_BC_SBSQY 30319
JSBT_TXDA_BAK 21764
BAK_JSBT_SQJLB_20121025 17608
BAK_JSBT_GSQKMXB_20121025 17603
JSBT_SQJLB 17561
BAK$JSBT_GSQKMXB$20110701 17510
JSBT_GSQKMXB 17388
BAK$JSBT_SQJLB$20101224 16819
BAK$JSBT_GSQKMXB$20101224 16490
JSBT_SQJLB_20100705 15481
YY_HP2 12890
TP_JSBT_WD 10394
JSBT_HPQKMXB_20100623 10235
BAK_JSBT_HPQKB_20150716 9929
JSBT_TXDA_20110916_SWRY 9911
BAK_JSBT_HPQKB_20141208 9895
BAK_JSBT_HPQKB_20140530 9864
BAK_JSBT_HPQKB_20121106 9667
BAK_JSBT_HPQKB_20121025 9666
BAK_JSBT_HPQKB_20120112 9554
JSBT_HPQKB 9522
BAK$JSBT_HPQKB$20110701 9370
OA_MANAGER_QX 8926
JSBT_TXDA20100601 8544
TP_JNTXDA 8280
JSBT_HPQKB20101230 8156
BAK$JSBT_HPQKB$20101224 7960
TP_JSBT_YHYFF_20120113 7254
TP_JSBT_SBSQY_RYB 6115
TP_GCTXDA 6073
TP_JSBT_SWRQ20101201TO20110630 5536
JSBT_DWDA_OLD 5505
JSBT_DWDA_20100623 5505
JSBT_DWDA20100525 5497
JSBT_DWDA20100524 5476
JSBT_DWDA_20140408BAK 5464
JSBT_DWDA_20140212_BAK 5458
BAK$JSBT_DWDA$20110701 5457
BAK$JSBT_DWDA$20101224 5455
JSBT_DWDA_20100707 5454
JSBT_DWDA 5454
TMP_HASNOTSEND 5126
BAK_JSBT_KPQKB_20121025 4985
BAK_JSBT_KPQKB_20120112 4966
BAK$JSBT_KPQKB$20110701 4877
BAK_JSBT_ZFQKMXB_YFHRY 4835
BAK$JSBT_KPQKB$20101224 4823
JSBT_KPQKB 4791
TP_JSBT_FFRY_LH_0617 4444
JSBT_DWDA_320100V2_20100622 4272
JSBT_DWDA_320100V2_BAK 4272
JSBT_KPQKB_20100623 4049
TP_LDFF_20130606 3847
TP_JSBT_ZFQKMXB_20121011 3576
TP_JSBT_ZFQKMXB_20130606 3489
TP_PANDA_SENDED_20121114 2888
TP_JSBT_FFRY_JN_0617 2864
TP_SWRY_20121115 2761
TP_SWRY 2737
JSBT_ZFQKMXB_BAK 2689
JSBT_HPQKMXB_BAK 2683
TP_JSBT_SWZFB 2498
TP_JSBT_SWFF20110308 2492
TP_JSBT_SWFF20110429 2491
TP_JSBT_SWRY_20110915 2443
TP_JSBT_SWFF20110727 2443
TP_JSBT_XSRY_GC 2360
BZ_JSBT_SQMCH 2292
JSBT_DWDA_320100V2_BC_BAK 2281
JSBT_DWDA_BC 2281
BZ_JSBT_SQB 2127
BZ_SQB 2110
TMP_JSBT_QYFH_20130130_2 2100
TP_JSBT_FFRY_GC_0617 1961
JSW_TXDA_20120113 1907
TP_JSBT_FFRY_LS_0617 1623
TP_JSBT_FFRY_LS 1623
TP_JSBT_KPQKMXB_SBSQY 1557
TP_FFQKMX_20121128 1513
JSBT_HPQKMXB_00000039 1422
TP_JSBT_FFRY_PK_0617 1416
JSBT_DWDA_BAK 1409
JSBT_SQJLB_BAK 1143
JSBT_HPQKB_20100623 1069
BAK_JSBT_ZFQKB_20150716 837
JSBT_ZFQKB 831
BAK_JSBT_ZFQKB_20141208 821
BAK_JSBT_ZFQKB_20140530 815
TP_JSBT_1ST2HPDW 775
BAK_JSBT_ZFQKB_20121025 769
BAK_JSBT_ZFQKB_20121106 761
JSBT_TXDA_320100V2 748
BAK_JSBT_ZFQKB_20120112 744
BAK$JSBT_ZFQKB$20110701 721
TP_JSBT_TXDA 712
JSBT_GSQKB 690
TP_JSBT_XSRY_LH 675
WAS_FIELD 636
JSBT_ZFQKB20101229 519
BAK$JSBT_GSQKB$20110701 513
TMP_JSBT_HASNOTINSERT 507
TMP_JSBT_QYFH_20130130 505
BAK$JSBT_ZFQKB$20101224 487
TP_JSBT_TXDA_20110616 466
JSBT_FFCWMXB 460
JSBT_DWFFQKB 440
TP_FHQYMX_20121115 360
TP_FHQYMX 360
TP_JSBT_ZFQKMXB_20130613 358
TP_KNQY 341
BAK$JSBT_KPQKB_SBSQY 317
OA_ROLES_QX 300
YX_RYB 291
BAK$JSBT_GSQKB$20101224 287
OA_MAN_ROLES 287
ZFTEST 286
P 286
TP_JSBT_CZRY 274
OA_TZ_SJKSB 257
TP_JSBT_ZTQY_0720 255
TP_JSBT_DW20110107 253
TP_JSBT_DWDA_20110915 247
OA_ACTMENU 244
JSBT_DWDA_ZLKP 234
TP_JSBT_KPQKB_SBSQY 207
WAS_BMXZB 205
BAK_JSBT_KPQKMXB_100528 204
TMP_ZDXM_20121107 197
JSBT_GSDYB 192
TP_JSBT_GZQY 171
JSBT_KPTOJDDW 168
BAK_JSBT_KPTOJDDW_20121025 167
TP_JSBT_KPQKMXB_20110616 157
TEST3_20140626 149
TEST4_20140626 149
BZ_JDB 148
BZ_JSBT_JDB 148
TEST20140701 145
TP_JSBT_ZTDW_V2 136
TEST_20140626 129
JSBT_FF_LH 123
TP_JSBT_XM 122
TP_JSBT_KPWDJQY 119
TP_PANDA 114
JSBT_ZFQKMXB_BAK_20130926 114
TMP_JSBT_RSFF_20130704 113
JSBT_QRSB 113
TP_JSBT_ZFQKMXB_20130614 112
TP_PANDA_FF 112
TMP_BBB 108
JSBT_DWDA_CXKP 107
WAS_NODE 84
PP 81
TP_JSBT_GTQY 69
BAK_JSBT_DWDA_20130325 68
TMP_JSBT_4TO99 68
TMP_JSBT_FFQK_CHECK_20130121 66
OA_TYMENU 56
TP_JSBT_XSRY_JN 45
TP_JSBT_XSRY_LS 43
JSBT_CDLQ 42
JSBT_ZFQKMXB_20131025BAK 42
TP_JSBT_DW20110916 41
TP_SWRY_20120109 37
WAS_DATASET 36
TP_JSBT_NOFF 36
WAS_DATASETCOL 36
WAS_ITEMAPPID 32
WAS_RWPRO 31
WAS_ITEM 31
TMP_JSBT_LEFT_RY 27
TP_JSBT_XSRY_PK 26
TP_JSBT_TXDA_20121012 26
JSBT_ZFQKMXB_20100623 22
PBCATEDT 21
PBCATFMT 20
OA_TZ_XXB 19
TP_JSBT_ZTDW_V3 19
JSBT_ZFQKB_20100623 18
BZ_JSBT_QHDZB 17
BZ_QMB 17
TP_JSBT_ZTDW_V5 16
TP_JSBT_ZTDW_V4 16
JSBT_ZFQKMXB_BAK_20110620 16
JSBT_HPQKMXB_BAK_20110620 16
JSBT_DWDA_RECOVERY 16
JSBT_SQJLB20140626 14
OA_TZ_FJB 12
BZ_JSBT_LSGXB 10
JSBT_HPQKMXB_2014_DELINFO 9
BAK_JSBT_GSQKMXB_20111122 8
JSBT_ZFQKMXB_2014_DELINFO 8
JSBT_DWDA20100601 8
OA_ROLES 7
BZ_JSBT_TCQHB 6
JSBT_HPQKB_RECOVERY 6
JSBT_HPQKMXB_RECOVERY 6
JSBT_ZFQKMXB_CG6R 6
OA_THEME 6
JSBT_ZFQKMXB_BAK_20130606 5
JSBT_TXDA_BC_RECOVERY 5
JSBT_HPQKB_00000039 5
JSBT_HPQKMXB_BAK_20130606 5
BZ_JSBT_RYLBB 5
JSBT_DWDA_320100V2 5
JSBT_ZFQKB_RECOVERY 4
JSBT_HPQKB_BAK_20110620 4
JSBT_ZFQKMXB_RECOVERY 4
JSBT_ZFQKB_BAK_20110620 4
BZ_JSBT_DWTZHB 4
JSBT_TXDA_201407DELINFO 3
BZ_JSBT_DLGXB 3
TP_JSBT_DWDA_20110616 3
BZ_JSBT_XBB 3
JSBT_ZFQKMXB20140702 3
JSBT_GSQKMXB_RECOVERY 3
JSBT_SQJLB_BAK20130903 2
JSBT_SQJLB_201407DELINFO 2
JSBT_HPQKB_BAK_20130606 2
JSBT_GSQKMXB_BAK20130903 2
BZ_JSBT_ZJLXB 2
BZ_JSBT_TXTZB 2
BZ_JSBT_FFFSB 2
BZ_JSBT_BTJGB 2
OA_STATUS 2
OA_YCCSB 2
OA_YDCSB 2
OA_GQCSB 2
OA_FJCSB 2
JSBT_ZFQKB_BAK_20130606 2
JSBT_TXDA_RECOVERY 2
JSBT_HPQKMXB_DELINFO 1
JSBT_KPQKMXB_DELINFO 1
TP_JSBT_HPQKMXB_00004262 1
BZ_JSBT_BTJS 1
JSBT_TXDA_BC_DELINFO 1
JSBT_TXDA_DELINFO 1
JSBT_GSQKB_BAK20130903 1
JSBT_KPTOJDDW_20130903 1
JSBT_TKQKB 0
JSBT_ZFQKMXB_TMP 0
OA_FJB 0
OA_JSXXB 0
OA_XXB 0
ZH_ERR_JL 0
PBCATTBL 0
PBCATVLD 0
WAS_DTBMXZB 0
WAS_TAB_COL 0
WAS_TRANSDATA_BF 0
PBCATCOL 0
OA_JSXXB 0
JSW_ZFQKMXB_JC20130301BAK 0

数据库结构

**.**.**.**/jsw2/1.jspx  9635789

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-01-19 13:26

厂商回复:

漏洞重复,CNVD不在重复处置。

最新状态:

暂无