当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0153190

漏洞标题:投资安全之中民投某处弱口令泄露信息再到账号体系控制不严(影响内网安全\全体人员信息\高管信息\内部数据\多个核心系统)

相关厂商:中国民生投资有限公司

漏洞作者: 路人甲

提交时间:2015-11-10 09:01

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-10: 细节已通知厂商并且等待厂商处理中
2015-11-20: 厂商已经确认,细节仅向厂商公开
2015-11-30: 细节向核心白帽子及相关领域专家公开
2015-12-10: 细节向普通白帽子公开
2015-12-20: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

求一个雷!

详细说明:

悲剧就是从这个点开始出来了,

**.**.**.**/


默认口令admin/admin

1.png


通过修改id遍历邮箱账号与姓名大概遍历800个

2.png


3.png


获取了账号之后就是对mail/vpn/OA下手了
mail

http://**.**.**.**/


4.png


漏洞证明:

OA

**.**.**.**


468	songweirui/123456					
589	cuizhongfang					
706	suoshaofu					
776	xianmingxing					
813	caopengfei					
817	chenjie					
818	chenlifeng					
826	dingdandan					
825	daizhenquan					
832	gaozepei					
849	zhaodanwan					
864	maoawei					
	shaoxing					
890	wangtao					
902	xujinhao					
906	yanweiqi					
921	zhangyanjun					
927	zhongbaozhu					
929	zhourenjia					
934	zhuyan					
953	zhangyu2					
960	lekai					
207	mayingqi					
331	fengbin					
334	wangxiao					
384	huangping1					
403	xiexingxing					
452	zhangdongzhen					
473	houdanqing					
529	tianxin					
586	hanyang					
590	yangyong					
725	zhouxiyun@**.**.**.**					
763	wangweiran					
762	zhoubingweui					
764	zhaiganyun					
774	wangling					
780	yangxiaofeng					
799	kangjun					
800	wangkeming					
766	judequan@**.**.**.**					
811	caimujin@cm-inv					
816	chenfeng					
820	chenxiaojuan					
822	chenyingsong					
831	gaoxingjian					
839	hebiao					
844	jiangtao					
845	jiangweiguang					
846	jiangyiwen					
848	jinjiaxin					
853	linqing					
856	liuyaming					
863	mayao					
866	meixiaoqiang					
870	quanyunyun					
874	shenting					
	shenxia					
878	shixian					
885	wangqiong					
886	wangchenfeng					
887	wangjinmei					
892	wangxuehua					
894	weihaibo					
899	xijun					
901	xiejian					
852	liwenxiang					
909	yanghairong					
911	yeyaxuan					
855	linyingxue					
915	zhanghaolong					
918	zhangxi					
920	zhangxueyi					
925	zhenghuan					
	shenjiaqi					
900	xiafei					
955	liuguoqing					
984	wangyunchang@**.**.**.**					
82	yangfan					
157	wengxiaoquan@**.**.**.**					
237	dufanghong@**.**.**.**					
312	zhaochangpu					
324	zhengzhenyuan					
329	gujunchao					
333	zhongyuqing					
339	i-fanxiao@**.**.**.**					
360	zhangyuye					
330	linhong					
395	lishu					
404	wangzhengde@**.**.**.**					
450	zhuolijuan					
454	daiyinyu					
466	zouzhipeng					
472	dongshuying					
474	mayingyue					
477	zhaolin					
478	lijian					
484	fanxingming					
483	wangsangqi					
485	qianzheng					
487	daiyinjue					
494	liudong1					
542	zhaoaixin					
547	changying					
556	huangping					
564	pengnan					
566	wangqiang					
585	chenxudong					
601	chenyongwen					
602	linjing					
603	huangshaotang					
606	weigang					
617	zhujunping					
618	chaixiaoxuan					
640	liuhuan					
661	lizhigang@**.**.**.**					
665	shixiangwei					
670	huwenfei					
677	gengyan					
685	gaoxijun					
703	chenyi					
711	liangyonghua					
720	zuxuefeng					
761	zhaowei					
765	zhangjun1@**.**.**.**					
775	zhangwen					
789	zhangyu1					
809	hanzheng					
810	caiguangyi					
812	caojiale					
814	caoyewei					
815	caoyihan					
819	chensuinin					
784	zhangyuehan					
821	chenxiuzhi					
823	chengwenjie					
824	daiyang					
827	dinghongwen					
828	fanyong					
829	fangying					
830	fengxiaoxue					
834	gujieyu					
836	guqingyi					
837	guoyijie					
838	guozhiwei					
840	huminmin					
841	huangbei					
842	huangsongting					
843	jihongdi					
835	gujingfen					
847	xietingjun					
850	leyixin					
851	lijianhui					
808	luyang					
854	linyan					
857	liuyan1					
858	liuying					
859	luwenping					
860	luoxiuling					
861	majunping					
862	mali					
865	meigongyu					
867	mingmin					
869	panxuedan					
872	shenchunhui					
876	shiqiang					
	shishunfu					
833	geyan					
880	suchang					
881	sunxin					
882	sunying					
883	tangjun					
884	tuminjun					
889	wangpu					
893	wangyinliang					
895	weiqianfang					
896	wuhao					
898	wuyouhong					
897	wuxingye					
903	xumengjun					
904	xunannan					
905	xuweili					
907	yangboke					
908	yangchengcheng					
910	yangyimin					
912	yuweilin					
913	yuxiaopin					
914	yuanxiaoran					
916	zhangji					
917	zhangkai					
919	zhangxialin					
922	zhaoxiaolei					
924	zhaoying					
923	zhaoyi					
926	zhengzihua					
928	zhouqi					
930	zhouyang					
931	zhulihao					
932	zhushuzheng					
933	zhuxiaobo					
963	i-hujing					
978	luyanming@**.**.**.**					
982	anronghui@**.**.**.**					
983	wuguohui@**.**.**.**					
985	yanghui@**.**.**.**					
990	chenyazheng					
90	yuyue					
98	zhangyuanxinyi					
51	matt					
93	zhanghan					
123	yujie					
142	zhangnian					
144	yanjiannan


审核通过后麻烦打码感激不尽!

8.png


5.png


6.png


7.png


vpn

**.**.**.**


成功进入内网

15.png


9.png


10.png


11.png


13.png


成功进入HR系统

14.png


各大系统

12.png


EAS系统

16.png


投资管理平台

18.png


还有st2

19.png


仅测试,并未对系统进行破坏。

修复方案:

提升人员安全认识
修改口令
增加口令复杂度

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-11-20 16:16

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向银行业信息化主管部门通报,由其后续协调网站管理单位处置。

最新状态:

暂无