当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0194775

漏洞标题:恒丰银行某缴费系统GetShell影响内网安全(含测试数据)

相关厂商:恒丰银行

漏洞作者: 路人甲

提交时间:2016-04-11 11:49

修复时间:2016-05-29 17:50

公开时间:2016-05-29 17:50

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:12

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-04-11: 细节已通知厂商并且等待厂商处理中
2016-04-14: 厂商已经确认,细节仅向厂商公开
2016-04-24: 细节向核心白帽子及相关领域专家公开
2016-05-04: 细节向普通白帽子公开
2016-05-14: 细节向实习白帽子公开
2016-05-29: 细节向公众公开

简要描述:

rt

详细说明:



mask 区域


1.://**.**.**/paybank/html/main.htm


反序列getshell



mask 区域


1.://**.**.**/bea_wls_internal/1.jsp


密码:

mask 区域 
*****og*****


JDBC:

<url>jdbc:oracle:thin:@**.**.**.**:1521:ebank</url>
    <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name>
    <properties>
      <property>
        <name>user</name>
        <value>ebanktest</value>
      </property>
    </properties>
    <password-encrypted>{AES}vtkscAvz42uBt6DA12bMVHt88yM8D8fWNIBeMTQp2mo=</password-encrypted>


密码:

mask 区域 
*****NK*****


EBANK	CB_USER_BSN	4523385
EBANK	MB_LOG	3909845
EBANKTEST	MB_LOG	3565431
EBANK	CB_CST_BSN	3294741
EBANK	PB_PAYMENT_NEWBANK	1990316
EBANKTEST	PB_PAYMENT_NEWBANK	1990316
EBANK	CB_COMM_FLOW_EXTRA	1858884
EBANK	MB_TRANFLOW	1849127
EBANK	YQ_SERIANO	1709810
EBANK	CB_TRANFLOW	1658191
EBANK	CB_COMM_FLOW	1567144
EBANK	CB_AUTH_REF	1262992
EBANKTEST	PB_LOG	1179797
EBANK	IM_LOG	1145044
EBANKTEST	IM_LOG	1145044
EBANKTEST	MB_LOG_BAK	1045953
EBANK	MB_LOG_BAK	1045953
EBANKTEST	MB_TRANFLOW	885366
EBANK	CB_WAGE_DETAIL	823256
EBANK	LM_CONTENT_DETAIL	763731
EBANKTEST	LM_CONTENT_DETAIL	763731
EBANKTEST	MB_CUST_APP_MENU	629466
EBANKTEST	PB_PAYBOOK	544110
EBANK	PB_PAYBOOK	543992
EBANK	CB_CST_PAYEE	516817
EBANK	CB_AUTH_HISTORY	507641
EBANKTEST	IM_AUTH_CHANGELOG	500659
EBANK	PB_BANKBOOK	378658
EBANKTEST	PB_CST_MSG	359920
EBANKTEST	WX_INFORM_MESSAGE	341624
EBANK	MB_CUST_APP_MENU	316681
EBANK	CB_BATCH_FLOW_DETAIL	302655
EBANKTEST	IM_AUTO_LOG	272260
EBANKTEST	PB_ACCINF	270681
EBANK	PB_ACCINF	270098
EBANKTEST	IM_AUTH_HISTORY	248026
EBANK	IM_AUTH_HISTORY	248026
EBANK	PB_CSTINF_PRO	243667
EBANK	PB_LIMIT_CST	213312
EBANKTEST	PB_LIMIT_CST	213312
EBANKTEST	CB_WAGE_DETAIL	198450
EBANKTEST	PB_CSTINF_PRO	184031
EBANK	PB_ACCBRANCH_TEMP	177585
EBANKTEST	PB_ACCBRANCH_TEMP	177585
EBANK	PB_ACCBRANCH_TEMP1	170435
EBANKTEST	PB_ACCBRANCH_TEMP1	170435
EBANK	PB_CST_MSG	163573
EBANKTEST	PB_CERT_INF	148716
EBANK	PB_CERT_INF	146092
EBANK	MB_PAYBOOK	142617
EBANKTEST	MB_PAYBOOK	142617
EBANKTEST	PUB_PMSBANKNO10	141664
EBANKTEST	PUB_PMSBANKNO	141664
EBANKTEST	PUB_PMSBANKNO4	141664
EBANKTEST	PUB_PMSBANKNO3	141633
EBANKTEST	PUB_PMSBANKNO2	141633
EBANKTEST	PUB_PMSBANKNO_PRO	141633
EBANK	IM_AUTO_LOG	140214
EBANKTEST	T_CPIM_CNAPSBANKINFO	136986
EBANK	PUB_PMSBANKNO_TEMP1	136712
EBANKTEST	PUB_PMSBANKNO_TEMP1	136712
EBANK	PUB_PMSBANKNO	135068
EBANKTEST	PUB_PMSBANKNO5	133563
EBANKTEST	PUB_PMSBANKNO1	133563
EBANKTEST	CB_WAGE_DETAIL_TEMPORARY	120084
EBANKTEST	CB_USER_BSN	99491
EBANKTEST	PY_ORDER	98133
EBANK	PY_ORDER	98133
EBANK	PY_TRANFLOW_HIS	94848
EBANKTEST	PY_TRANFLOW_HIS	94848
EBANK	CB_DEDUCT_DETAIL	91347
EBANK	MB_ACCINF	86083
EBANK	MB_ACCINF_HOST	85432
EBANKTEST	MB_ACCINF_HOST	85418
EBANKTEST	MB_ACCINF	82864
EBANK	MB_CST_REL	80652
EBANKTEST	MB_CST_REL_ALL	80370
EBANKTEST	MB_PAYLIMIT	79132
EBANKTEST	MB_CUSTLIMIT	79132
EBANK	MB_CSTINF_NEW	79123
EBANK	MB_CUSTLIMIT	79119
EBANKTEST	MB_CSTINF_PRO	79101
EBANK	MB_CSTINF_PRO	79098
EBANK	MB_PAYLIMIT	79084


S1.png


s2.png


S3.png


S4.png


S5.png


漏洞证明:

S1.png


s2.png


S3.png


S4.png


S5.png


修复方案:

更新补丁

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2016-04-14 17:40

厂商回复:

最新状态:

暂无