当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-070040

漏洞标题:中华人民共和国商务部某信息服务系统后台弱口令+信息泄露+网站路径等信息泄露

相关厂商:中华人民共和国商务部

漏洞作者: 路人甲

提交时间:2014-07-28 19:14

修复时间:2014-09-11 19:16

公开时间:2014-09-11 19:16

漏洞类型:内部绝密信息泄漏

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-07-28: 细节已通知厂商并且等待厂商处理中
2014-08-02: 厂商已经确认,细节仅向厂商公开
2014-08-12: 细节向核心白帽子及相关领域专家公开
2014-08-22: 细节向普通白帽子公开
2014-09-01: 细节向实习白帽子公开
2014-09-11: 细节向公众公开

简要描述:

中华人民共和国商务部某信息服务系统后台弱口令+信息泄露+网站路径等信息泄露
后台数据乌云可进入后台自行查看
ps:数据未做任何其他用途。
PS:不带打脸滴

详细说明:

后台地址:

http://www.wmtj.mofcom.gov.cn/zdlx/login.html
账号admin
密码00000000


网站部分路径:

配置信息
http://www.wmtj.mofcom.gov.cn/zdlx/login_loginform.html
http://yfk.mofcom.gov.cn/card/page.html
http://www.wmtj.mofcom.gov.cn/zdlx/pages/department/fileshare/
感觉是框架运维错误了吧。我是不懂
百度site:www.wmtj.mofcom.gov.cn  找到相关结果数约198个


/usr/local/ciecc/webapps/zdlx/WEB-INF/classes/:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/JimiProClasses.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/XmlSchema-1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/activation-1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ant-1.6.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ant-antlr-1.6.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ant-junit-1.6.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ant-launcher-1.6.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/antlr-2.7.6.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/asm-2.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/backport-util-concurrent-3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/bcprov-jdk15-133.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/bsf-2.3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/c3p0-0.8.5.2.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/cglib-nodep-2.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/cobertura-1.8.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/cofortune-framework-20120326-dist.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-beanutils-1.7.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-codec-1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-collections-3.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-dbcp.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-digester-1.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-fileupload-1.2.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-httpclient-3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-io-1.4.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-jexl-2.1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-lang-2.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-logging-1.0.4.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-pool-1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/dom4j-1.6.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/dwr-2.0.rc4a.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ehcache-1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ejb3-persistence.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/emory-util-all.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ezmorph-1.0.4.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/freemarker-2.3.2.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/freemarker.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hibernate-annotations.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hibernate-commons-annotations.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hibernate-search.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hibernate-validator.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hibernate3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hivemind-1.1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hivemind-lib-1.1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/itext-2.0.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/javamail-1.3.2.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/javassist-3.4.ga.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxb-api-2.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxb-impl-2.0.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxb-xjc-2.0.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxen-1.1-beta-6.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxen-1.1-beta-9.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxws-api-2.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jcommon-1.0.9.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jdbc2_0-stdext.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jdom-1.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jfreechart-1.0.5-experimental.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jfreechart-1.0.5-swt.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jfreechart-1.0.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/json-lib-2.4-jdk15.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jsr173_api-1.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jstl.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jta.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jtds-0.7.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/junit-3.8.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jxl.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jxls-core-1.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jxls-reader-1.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/log4j-1.2.9.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/lucene-analyzers-2.3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/lucene-core-2.3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/lucene-highlighter-2.3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/mysql-connector-java-3.1.7-bin.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/nekohtml-0.9.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/nekohtml.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ognl-2.7.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ojdbc14.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/opensaml-1.0.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/org.mortbay.jetty.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/oro-2.0.8.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/oscache-2.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/pinyin4j-2.5.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/poi-3.7-20101029.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/poi-contrib-3.2-FINAL-20081019.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/poi-ooxml-3.7-20101029.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/poi-ooxml-schemas-3.7-20101029.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/poi-scratchpad-3.7-20101029.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/portlet-api-1.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/quartz-1.5.2.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/saaj-api-1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/saaj-impl-1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/saxpath-1.0-FCS.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/serializer.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/slf4j-api-1.6.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/slf4j-simple-1.6.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/spring.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/standard.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/stax-api-1.0.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/stax-utils-20040917.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/swtgraphics2d.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/tapestry-4.1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/tapestry-annotations-4.1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/tapestry-contrib-4.1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/tapestry-spring-1.0.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/uuid.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/wsdl4j-1.6.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/wss4j-1.5.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/wstx-asl-3.2.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/xmemcached-1.3.8.jar:/usr/local/apache-tomcat-zdlx/lib/:/usr/local/apache-tomcat-zdlx/lib/tomcat-i18n-ja.jar:/usr/local/apache-tomcat-zdlx/lib/tomcat-i18n-fr.jar:/usr/local/apache-tomcat-zdlx/lib/catalina-ha.jar:/usr/local/apache-tomcat-zdlx/lib/jasper.jar:/usr/local/apache-tomcat-zdlx/lib/tomcat-i18n-es.jar:/usr/local/apache-tomcat-zdlx/lib/catalina.jar:/usr/local/apache-tomcat-zdlx/lib/tomcat-dbcp.jar:/usr/local/apache-tomcat-zdlx/lib/catalina-tribes.jar:/usr/local/apache-tomcat-zdlx/lib/catalina-ant.jar:/usr/local/apache-tomcat-zdlx/lib/jsp-api.jar:/usr/local/apache-tomcat-zdlx/lib/jasper-el.jar:/usr/local/apache-tomcat-zdlx/lib/ecj-3.7.jar:/usr/local/apache-tomcat-zdlx/lib/annotations-api.jar:/usr/local/apache-tomcat-zdlx/lib/el-api.jar:/usr/local/apache-tomcat-zdlx/lib/tomcat-coyote.jar:/usr/local/apache-tomcat-zdlx/lib/servlet-api.jar:/usr/local/apache-tomcat-zdlx/bin/bootstrap.jar:/usr/java/jdk1.6.0_26/jre/lib/ext/sunpkcs11.jar:/usr/java/jdk1.6.0_26/jre/lib/ext/sunjce_provider.jar:/usr/java/jdk1.6.0_26/jre/lib/ext/dnsns.jar:/usr/java/jdk1.6.0_26/jre/lib/ext/localedata.jar


某些XML

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<page-specification class="com.cofortune.pages.rbac.LoginPage">
<description>add a description</description>
<property-specification name="userName" type="java.lang.String"/>
<property-specification name="password" type="java.lang.String"/>
<property-specification name="errMessage" type="java.lang.String"/>
<property-specification name="isCheckCode" type="java.lang.Boolean" initial-value="true"/>
</page-specification>


漏洞证明:

QQ截图20140728185452.png

路径.png

QQ截图20140728185620.png

QQ截图20140728185753.png

修复方案:

我只是个水手,看不懂阿帕奇+java的东东。不知道构造。你们弄吧
PS:求不打脸

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2014-08-02 09:43

厂商回复:

最新状态:

2014-08-04:CNVD确认并复现所述情况,已经转由CNCERT向商务部中国国际电子商务中心处置。