当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0208640

漏洞标题:中国铁通某计费系统GetShell泄露大量客户信息(包括姓名\身份证\账号\密码等)可生成充值卡

相关厂商:中国铁通

漏洞作者: 路人甲

提交时间:2016-05-14 22:30

修复时间:2016-07-02 11:30

公开时间:2016-07-02 11:30

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-05-14: 细节已通知厂商并且等待厂商处理中
2016-05-18: 厂商已经确认,细节仅向厂商公开
2016-05-28: 细节向核心白帽子及相关领域专家公开
2016-06-07: 细节向普通白帽子公开
2016-06-17: 细节向实习白帽子公开
2016-07-02: 细节向公众公开

简要描述:

....

详细说明:

**.**.**.**:7001/


反序列getshell

**.**.**.**:7001/bea_wls_internal/1.jsp


密码:

mask 区域 
*****og*****


jdbc:

<url>jdbc:oracle:thin:@**.**.**.**:1521:bims</url>
    <driver-name>oracle.jdbc.OracleDriver</driver-name>
    <properties>
      <property>
        <name>user</name>
        <value>bill</value>
      </property>
    </properties>
    <password-encrypted>{3DES}Cf1CPot/AttvyyiMgE9nGg==</password-encrypted>


TESTBILL	MONTHLYTONGJIDETAIL_TABLE	20217083
BILL	MONTHLYTONGJIDETAIL_TABLE	20217083
TESTBILL	MONTHLYFLUECNT_TABLE	6832675
BILL	MONTHLYFLUECNT_TABLE	6832675
BILL	DAILYTONGJIDETAIL_TABLE	6120534
BILL	LOG_TABLE	4465949
BILL	USERMONTHLY_TABLE	4188706
TESTBILL	DAILYTONGJIDETAIL_TABLE	3775497
BILL	MONPREPAID_TABLE	2630136
TESTBILL	MONPREPAID_TABLE	2630136
BILL	SYS_SPACE_TAB	2128172
BILL	ORDERFLUEHST_TAB	1941578
BILL	DB_TABLESPACE_TAB	1880220
BILL	IDRERRORS_TABLE	1402302
TESTBILL	ORDERFLUEHST_TAB	1339918
TESTBILL	IDRERRORS_BAK2	1054011
BILL	DAILY_BAK	1045174
BILL	USER_ENDTIME_LOG	1037796
BILL	MONTHLYDETAIL_TABLE	966718
BILL	MONTHLYBILL_TABLE	894026
BILL	INFOMODIFY_TABLE	820969
TESTBILL	USER_ENDTIME_LOG	773145
BILL	ACCURALHISYEAR_TABLE	696271
BILL	ADSLLOG_TABLE	600066
BILL	CUSTOMERLOG_TABLE	594889
BILL	BILLCURRSESSION_TABLE	537023
BILL	RAD_DETAILLOG	485606
BILL	ORDERADSLHST_TAB	415196
BILL	MONTHLYQUANZE_TABLE	408531
BILL	ORDERCUSTOMERHST_TAB	404810
BILL	ORDERFEEDETAILHST_TAB	397695
TESTBILL	USER_LASTENDTIME	392530
BILL	ORDERFEEHST_TAB	390330
TESTBILL	MON_EXP	389781
BILL	MON_EXP	389781
BILL	ORDERINDEXHST_TAB	385844
TESTBILL	ADSLLOG_TABLE	373962
TESTBILL	CUSTOMERLOG_TABLE	370315
SYS	WRI$_OPTSTAT_HISTGRM_HISTORY	358778
TESTBILL	ACCURALHISYEAR_TABLE	354626
TESTBILL	SYS_SPACE_TAB	326088
TESTBILL	RAD_DETAILLOG	301275
TESTBILL	ORDERFEEDETAILHST_TAB	299140
TESTBILL	ORDERFEEHST_TAB	293874
TESTBILL	ORDERINDEXHST_TAB	289442
TESTBILL	ORDERCUSTOMERHST_TAB	284324
TESTBILL	ORDERADSLHST_TAB	283210
TESTBILL	DB_TABLESPACE_TAB	278513
BILL	USERSWILLBELOCKED_TAB2	277473
BILL	DAILYSESSION_BY	275539
TESTBILL	DAILYSESSION_BY	275539
BILL	USERSWILLBELOCKED_TAB3	271361
TESTBILL	DEPOSITMONTH_20080222TEMP	268710
TESTBILL	MONTHLYQUANZE_TABLE	262243
TESTBILL	BILLCURRSESSION_TABLE	260817
BILL	USERSWILLBELOCKED_TAB	258785
BILL	BOSSDAILYSESSION_TABLE	248225
TESTBILL	CURRSESSION_ASYNC_TABLE	228919
BILL	VLAN_TABLE	227173
TESTBILL	VLAN_TABLE	227173
TESTBILL	DAILYTONGJIDETAIL_WH	227115
BILL	DAILYDEL_TABLE	217065
BILL	TC_BROADBAND_INTERFACE_FAIL	211465
SYS	SOURCE$	210340
BILL	IDF_TABLE	196541
BILL	USER_ENDTIME	191200
BILL	USER_ENDTIME_LAST	189416
TESTBILL	IDR_TABLE	185964
TESTBILL	USERSWILLBELOCKED_TAB	185842
TESTBILL	USERSWILLBELOCKED_TAB2	181149
TESTBILL	ORDERPOSTAMOUNTCHECK	176136
BILL	ORDERPOSTAMOUNTCHECK	176136
TESTBILL	USERSWILLBELOCKED_TAB3	174687
TESTBILL	USER_ENDTIME	156060
BILL	SYS_PERFORM_TAB	156046
TESTBILL	USER_ENDTIME_LAST	154796
BILL	CURRSESSION_TABLE	154329
TESTBILL	DAILYBDEL_TABLE	153891
BILL	DAILYBDEL_TABLE	153891
TESTBILL	IDFCREATE	143038
BILL	IDFCREATE	143038
TESTBILL	CURRSESSION_TABLE	141429
TESTBILL	MONTHLYDETAIL_TABLE	137952
BILL	IDRTEMP_TABLE	133212
TESTBILL	BASESTATISTICS_TABLE	130119
BILL	BASESTATISTICS_TABLE	130119
BILL	USER_LASTENDTIME	126522
BILL	T_HTBT	123211
TESTBILL	T_HTBT	123211
TESTBILL	HTBT	123211
TESTBILL	TC_BROADBAND_INTERFACE_FAIL	119352
TESTBILL	DAILYDEL_TABLE	115035
BILL	DEPOSITERROR_TABLE	106972
BILL	BASETAB_0210	100968
BILL	CUSTOMER_TMP	100809
BILL	VNET_PASSWDCHANGEBAK_TAB	97209
TESTBILL	CUSTOMER_STATE20110530	97129
BILL	CUSTOMER20110426	96449
TESTBILL	BASETAB_0210	95205
BILL	DAILYTEMP_TABLE	94446
TESTBILL	CUSTOMER_TABLE_ENDTIME	94340
BILL	CUSTOMER_TABLE_ENDTIME	94340
BILL	CUSTOMER20110228	93727
BILL	ABS_USER_BALANCE	93423
TESTBILL	ABS_USER_BALANCE	93423
TESTBILL	ISBINDING_TABLE	92355
BILL	ISBINDING_TABLE	92355
BILL	ABS2BMS_ADSLLANCUSTOMER_TAB	92152
TESTBILL	ABS2BMS_ADSLLANCUSTOMER_TAB	92152
TESTBILL	ABS2BMS_ADSLLANCUSTOMER_TABBAK	89681
TESTBILL	XVNI_TMP	85580
BILL	C210_RATESELECT	84027
SYS	HISTGRM$	83962
BILL	A	82511
BILL	MONTHLYPREFER_TABLE	81741
TESTBILL	C210_RATESELECT	81154
SYS	WRH$_LATCH	78738
BILL	DESTROYUSER_ENDTIME	78404
SYS	WRH$_SYSSTAT	73600
TESTBILL	DEPOSITERROR_TABLE	72817
BILL	RAD_DETAIL	70501
TESTBILL	RAD_DETAIL	69804
BILL	ADSL_TABLE	69489
TESTBILL	CUSTOMER_TABLE	69175
TESTBILL	ADSL_TABLE	69175
BILL	CUSTOMER_TABLE	69113
TESTBILL	IDRTEMP_TABLE	67131
BILL	T_ERROR_USERLIST	61564
TESTBILL	DESTROYUSER_ENDTIME	59837
TESTBILL	DAILYTEMP_TABLE	59802
TESTBILL	MONTHLYPREFER_TABLE	58610


A7.png


A6.png


使用账号登陆前台

user:


mask 区域


*****dm*****







pass:123456


A8.png


漏洞证明:

A7.png


A6.png


A8.png

修复方案:

更新补丁

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2016-05-18 11:25

厂商回复:

CNVD未复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.

最新状态:

暂无