当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142142

漏洞标题:捷信金融敏感配置文件泄漏短信平台信息(70W用户通讯录)

相关厂商:捷信金融

漏洞作者: 路人甲

提交时间:2015-09-22 23:51

修复时间:2015-11-06 23:52

公开时间:2015-11-06 23:52

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-11-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

捷信金融是乌云家的吗

详细说明:

看姿势:

https://github.com/crazycoody/msg-hub/blob/a9dc08c28577380b9f0b702c87737fadf932a12c/msg-plugin-service/src/test/java/cn/homecredit/msg/plugin/internal/DefaultHttpHelperIT.java


看烧饼:

//Wuhan
            /*params.put("SpCode", "211733");
            params.put("LoginName", "sz_jx");
            params.put("Password", "jr2009");*/
            //Hangzhou
            /*params.put("SpCode", "211815");
            params.put("LoginName", "jx_jr");
            params.put("Password", "jr123456");
*/
            //Nanjing
            /*params.put("SpCode", "214221");
            params.put("LoginName", "nj_jx");
            params.put("Password", "jx7890");
            params.put("id", "2062356785");*/
            //params.put("SerialNumber","00000000000000000001");
            //params.put("MessageContent","尊敬的客户,为了提供更优质的服务和保护您的隐私,请把验证码在前提供给办理业务的销售人员。感谢您的申请!");
            //params.put("UserNumber", "13410805872");
            //params.put("f", "1");
            //Wuhan
            //String result = helper.post("http://112.65.228.36:8899/sms/Api/Send.do", params,"GB2312");
            //Hangzhou
           // String result = helper.post("http://ums.zj165.com:8888/sms/Api/Send.do", params,"GB2312");
            //Nanjing
            //String result = helper.post("http://192.168.2.11:8899/sms/Api/Send.do", params,"GB2312");
            //String result = helper.post("http://js.ums86.com:8899/sms/Api/report.do", params,"GB2312");
            String result = helper.post("http://js.ums86.com:8899/sms/Api/replyConfirm.do", params,"GB2312");
            //String result = helper.post("http://112.65.228.36:8899/sms/Api/reply.do", params,"GB2312");


看内容:

1.jpg


2.jpg


短信验证码可以干什么,不用我多说了吧
最后看通讯录:
227759
260452
288669
--------
776880

漏洞证明:

看姿势:

https://github.com/crazycoody/msg-hub/blob/a9dc08c28577380b9f0b702c87737fadf932a12c/msg-plugin-service/src/test/java/cn/homecredit/msg/plugin/internal/DefaultHttpHelperIT.java


看烧饼:

//Wuhan
            /*params.put("SpCode", "211733");
            params.put("LoginName", "sz_jx");
            params.put("Password", "jr2009");*/
            //Hangzhou
            /*params.put("SpCode", "211815");
            params.put("LoginName", "jx_jr");
            params.put("Password", "jr123456");
*/
            //Nanjing
            /*params.put("SpCode", "214221");
            params.put("LoginName", "nj_jx");
            params.put("Password", "jx7890");
            params.put("id", "2062356785");*/
            //params.put("SerialNumber","00000000000000000001");
            //params.put("MessageContent","尊敬的客户,为了提供更优质的服务和保护您的隐私,请把验证码在前提供给办理业务的销售人员。感谢您的申请!");
            //params.put("UserNumber", "13410805872");
            //params.put("f", "1");
            //Wuhan
            //String result = helper.post("http://112.65.228.36:8899/sms/Api/Send.do", params,"GB2312");
            //Hangzhou
           // String result = helper.post("http://ums.zj165.com:8888/sms/Api/Send.do", params,"GB2312");
            //Nanjing
            //String result = helper.post("http://192.168.2.11:8899/sms/Api/Send.do", params,"GB2312");
            //String result = helper.post("http://js.ums86.com:8899/sms/Api/report.do", params,"GB2312");
            String result = helper.post("http://js.ums86.com:8899/sms/Api/replyConfirm.do", params,"GB2312");
            //String result = helper.post("http://112.65.228.36:8899/sms/Api/reply.do", params,"GB2312");


看内容:

1.jpg


2.jpg


短信验证码可以干什么,不用我多说了吧
最后看通讯录:
227759
260452
288669
--------
776880

修复方案:

改密码

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)