优美世界官方敏感数据泄漏(内部工资/身份证等数据)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0138864

漏洞标题：优美世界官方敏感数据泄漏(内部工资/身份证等数据)

漏洞作者：八神

提交时间：2015-09-04 12:28

修复时间：2015-10-19 12:30

公开时间：2015-10-19 12:30

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-09-04：积极联系厂商并且等待厂商认领中，细节不对外公开
2015-10-19：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

详细说明：

官方 www.casagroup.com.cn
订单系统 http://order.casagroup.com.cn
后台地址 http://home.casagroup.com.cn
注册会员更改会员头像处任意上传文件
上传或得大马地址
http://vip.umisky.com/UploadFiles/Users/U1000025007/adefbb25-4ce8-45b7-924f-116bd50cd7e8.aspx
安全检测并成功添加管理帐号Administratos 服务器Ip为192.168.2.50、192.168.2.51、192.168.2.49
-----------------------------------以下是官方所有内部数据库帐号密码

<add key="ConnectionString" value="User ID=dnt2;Initial Catalog=dnt2;Data Source=sr-db-08.casagroup.com.cn;Password=X\ckkuUK5J" />
    <add key="ConnectionStringVip" value="Data Source=sr-db-02.casagroup.com.cn;Initial Catalog=jxcdb;User ID=webapp;Password=W#e2b1" />
     <add name="QXDBConnectionString" connectionString="Data Source=9YV8VGFZ6VPKSFI\AAA;Initial Catalog=QXDB;UID=sa;Password=88888888;" providerName="System.Data.SqlClient"/>-->
    <add name="QXDBConnectionString" connectionString="Data Source=sr-db-08.casagroup.com.cn;Initial Catalog=QXDB;UID=qxdb;Password=KINH+%C9;"
    <add name="QXDBConnectionString" connectionString="Data Source=.;Initial Catalog=QXDB;UID=sa;Password=88888888;" providerName="System.Data.SqlClient"/>-->
    <add name="connstr" connectionString="Data Source=sr-db-02.casagroup.com.cn;Initial Catalog=ERP_PRODUCT;Persist Security Info=True;User ID=webapp;Password=W#e2b1"
    <add name="connstr_casagroup" connectionString="Data Source=sr-db-02.casagroup.com.cn;Initial Catalog=ERP_PRODUCT;Persist Security Info=True;User ID=webapp;Password=W#e2b1"
    <add name="connstr_oa" connectionString="Data Source=sr-db-02.casagroup.com.cn;Initial Catalog=jxcdb;Persist Security Info=True;User ID=webapp;Password=W#e2b1"
    <add name="connstr_sms" connectionString="Data Source=sr-sms-02.casagroup.com.cn;Initial Catalog=CasaSMS;Persist Security Info=True;User ID=sms;Password=smsadmin"
<!--   <add name="SQLConnString1" connectionString="server=20101223-1300\SQLSERVER2008;database=HQBCMSDB;uid=sa;pwd=sa" />-->
 <!--<add name="SQLConnString1" connectionString="server=.;database=sz_umisky;uid=sa;pwd=sa"/>-->
 <add name="SQLConnString1" connectionString="server=sr-db-08.casagroup.com.cn;database=vip;uid=vip;pwd=KINH+%C9" />
 <add key="ConnectionString" value="server=sr-db-08.casagroup.com.cn;uid=Umisky;pwd=casa1234;database=Umisky" />
 <dataSource name="SqlServer" connectionString="data source=192.168.108.157;database=Portal;user id=sa;password=sa;" />
 <add key="email_user" value="[email protected]" />
<add key="email_pwd" value="204043" />
<add key="ConnectionString" value="User ID=dnt2;Initial Catalog=dnt2;Data Source=sr-db-08.casagroup.com.cn;Password=X\ckkuUK5J" />
<add key="ConnectionStringVip" value="Data Source=sr-db-02.casagroup.com.cn;Initial Catalog=jxcdb;User ID=webapp;Password=W#e2b1" />
<add name="SQLConnString1" connectionString="Data Source=sr-db-08.casagroup.com.cn;Initial Catalog=Image;UID=image;Password=im@gE123;" providerName="System.Data.SqlClient"/>
 <!--add name="SQLConnString1" connectionString="Data Source=sr-db-08.casagroup.com.cn;Initial Catalog=ImageWebsite;UID=imagewebsite;Password=Image@website123;"
 <!--add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
 <!--<dataSource name="SqlServer" connectionString="data source=localhost;database=Job;user id=sa;password=sa;" />-->
<dataSource name="SqlServer" connectionString="data source=sr-db-08.casagroup.com.cn;database=Job;user id=job;password=VmnjtRESB9;" />