当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0124369

漏洞标题:中国建筑某处存在漏洞可泄漏大量信息

相关厂商:国建筑股份有限公司网站

漏洞作者: 路人甲

提交时间:2015-07-05 09:49

修复时间:2015-08-23 14:06

公开时间:2015-08-23 14:06

漏洞类型:后台弱口令

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-05: 细节已通知厂商并且等待厂商处理中
2015-07-09: 厂商已经确认,细节仅向厂商公开
2015-07-19: 细节向核心白帽子及相关领域专家公开
2015-07-29: 细节向普通白帽子公开
2015-08-08: 细节向实习白帽子公开
2015-08-23: 细节向公众公开

简要描述:

RT

详细说明:

网址一:http://www.cscec.com/,点击右上角的“办公信息系统”进行登陆,此处验证码可重用,可用猪猪侠的常用用户名获取有效账号。网址二:http://oa.cscec.com/extcomponent/security/loginnoredirect.jsp,此处左下角提示可用移动端进行登陆,移动端地址为:http://oa.cscec.com/cscecPhone/,此处根本无验证码,可直接进行爆破,密码与网址一登陆处通用。用某个账号登陆后,可进入邮箱,进入工作台,查看公司通讯录,爬取邮箱名,将用户名再做成字典,又可跑出不少账号。网址三:http://cscec-hr1.cscec.com.cn:8080/templates/index/employLogon.jsp,此为人力资源系统网站,此处虽然不能直接从办公信息系统进行登陆,但是此处验证码是可以重用的,用之前爬取用户名进行爆破,获得二百多个有效账号,里面包括很多敏感信息,有个人身份信息、家庭人员信息、个人培训经历、薪资等等,权限高的账号还可以查看其他所有人员信息(看到了易军副部长、官庆董事长信息)。

1.png

2.png

3.png

4.png

5.png

6.png

7.png

8.png

9.png

10.png

11.png

12.png

13.png


办公信息登陆用户:
liujzh
shaojj
guxb
chen_xin
wangjch
songdouhua
xiedong
wanqingyun
wangzhx
wany
wusw
liudy
yanghy
xuqin
wujj
chenlin
zhouyan
yangyi
tianll
limeng
lidanqing123
(以上用户密码为123456)
xuhy
wangzhongde
liub
wangzhijian
(以上用户密码为111111)


人力资源系统用户(密码均为123456):
heyang
huyueyun
shenhongjing
yanglm
zhangshiyuan
wangqinghong
liaogq
liyinxiao
yij
guanq
gemin
liuj
liuy
huqin
mazp
maol
qus
chaog
cheny
yanglili
xiongl
yuanyue
heyang
liuy
gefeng
yuanyue
hanm
quming
tianh
xiangx
tanch
wenj
qus
xuem
chaog
zhoum
yaolan
yangl
zhouhp
chengj
lid
herui
cheny
zhuh
yuand
wuyang
jianing
qil
xiongl
lvnuan
liuzhao
wangn
maj
wangj
zhanglin
quming
gu_shan
liufu
gaoxiang
wuyang
zhengyi
songyang
wanghui
liufu
lij
lij
liuwei
zengzhh
liujzh
kongqp
wangxm
liba
shaojj
chenguocai
mengqy
yaoxb
xuekq
qinyx
mengqy
zhuzijun
xuekq
liba
majzh
guojy
zhanghongsheng
guochl
lifl
guoht
mafujun
liuyt
guxb
chengjingchao
magr
songzhn
zhouwl
zhangjb
qinyx
yangfch
hupsh
zhuxq
zhouyuhan
zhenghaiyun
maozhb
mamj
xuww
zhongap
majq
mengqy
yangjm
guoxw
yinzhy
zhangliangjie
lifl
wangjingjie
huqin
caiwp
liujingming
tangweihua
jiaguizhi
zhuzijun
maol
songxinjun
zhangyb
zhouchunlin
lixb
durenjie
guoht
zhangjw
liangpeijie
shenxl
mafujun
nibeilei
zhangyongming
liyinxiao
xuekq
liuyt
guxb
xuyl
lisht
lifx
yuanlh
houxidong
tianzhihua
lilinlin
wangchunguang
xiaxy
sunbl
zhengfangming
yuanxiaodong
xujianping
zhouyuhan
liba
yanglili
zhaipengyu
xinsongmei
wangshenglan
liuqiquan
zhuburong
zhenghaiyun
qinyx
zhouqinghua
lishuaiqi
magr
chengjingchao
zhangdl
yuejm
xiangyy
hankeyan
wangjingjie
majzh
songzhn
zhangjb
ouym
wukx
yuzhp
xiaoxw
guojy
wanghr
liushy
liaodh
dingwenlong
cuipengwei
jiangyl
xiguodong
chengjingchao
yangfch
yangdw
zhouwl
yanjm
tandw
zhenghaixiao
mamj
miaoshzh
guochl
longqzh
wujh
yuantt
xuww
xuxy
lidehua
zhanghongsheng
hupsh
hdch
fangzh
zhshq
lifl
zhongap
lifl
yangjm
majq
sunzhl
lishikui
qiaolili
qianjzh
liql
zhangwg
shiww
yuech
wangjch
tian_sanchuan
li_xiaoqian
mazp
tandw
kongqp
wangjianfeng

漏洞证明:

1.png

2.png

3.png

4.png

5.png

6.png

7.png

8.png

9.png

10.png

11.png

12.png

13.png


办公信息登陆用户:
liujzh
shaojj
guxb
chen_xin
wangjch
songdouhua
xiedong
wanqingyun
wangzhx
wany
wusw
liudy
yanghy
xuqin
wujj
chenlin
zhouyan
yangyi
tianll
limeng
lidanqing123
(以上用户密码为123456)
xuhy
wangzhongde
liub
wangzhijian
(以上用户密码为111111)


人力资源系统用户(密码均为123456):
heyang
huyueyun
shenhongjing
yanglm
zhangshiyuan
wangqinghong
liaogq
liyinxiao
yij
guanq
gemin
liuj
liuy
huqin
mazp
maol
qus
chaog
cheny
yanglili
xiongl
yuanyue
heyang
liuy
gefeng
yuanyue
hanm
quming
tianh
xiangx
tanch
wenj
qus
xuem
chaog
zhoum
yaolan
yangl
zhouhp
chengj
lid
herui
cheny
zhuh
yuand
wuyang
jianing
qil
xiongl
lvnuan
liuzhao
wangn
maj
wangj
zhanglin
quming
gu_shan
liufu
gaoxiang
wuyang
zhengyi
songyang
wanghui
liufu
lij
lij
liuwei
zengzhh
liujzh
kongqp
wangxm
liba
shaojj
chenguocai
mengqy
yaoxb
xuekq
qinyx
mengqy
zhuzijun
xuekq
liba
majzh
guojy
zhanghongsheng
guochl
lifl
guoht
mafujun
liuyt
guxb
chengjingchao
magr
songzhn
zhouwl
zhangjb
qinyx
yangfch
hupsh
zhuxq
zhouyuhan
zhenghaiyun
maozhb
mamj
xuww
zhongap
majq
mengqy
yangjm
guoxw
yinzhy
zhangliangjie
lifl
wangjingjie
huqin
caiwp
liujingming
tangweihua
jiaguizhi
zhuzijun
maol
songxinjun
zhangyb
zhouchunlin
lixb
durenjie
guoht
zhangjw
liangpeijie
shenxl
mafujun
nibeilei
zhangyongming
liyinxiao
xuekq
liuyt
guxb
xuyl
lisht
lifx
yuanlh
houxidong
tianzhihua
lilinlin
wangchunguang
xiaxy
sunbl
zhengfangming
yuanxiaodong
xujianping
zhouyuhan
liba
yanglili
zhaipengyu
xinsongmei
wangshenglan
liuqiquan
zhuburong
zhenghaiyun
qinyx
zhouqinghua
lishuaiqi
magr
chengjingchao
zhangdl
yuejm
xiangyy
hankeyan
wangjingjie
majzh
songzhn
zhangjb
ouym
wukx
yuzhp
xiaoxw
guojy
wanghr
liushy
liaodh
dingwenlong
cuipengwei
jiangyl
xiguodong
chengjingchao
yangfch
yangdw
zhouwl
yanjm
tandw
zhenghaixiao
mamj
miaoshzh
guochl
longqzh
wujh
yuantt
xuww
xuxy
lidehua
zhanghongsheng
hupsh
hdch
fangzh
zhshq
lifl
zhongap
lifl
yangjm
majq
sunzhl
lishikui
qiaolili
qianjzh
liql
zhangwg
shiww
yuech
wangjch
tian_sanchuan
li_xiaoqian
mazp
tandw
kongqp
wangjianfeng

修复方案:

。。。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2015-07-09 14:05

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给北京分中心,由其后续协调网站管理单位处置。

最新状态:

暂无