当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0156266

漏洞标题:厦门大学内网漫游

相关厂商:厦门大学

漏洞作者: kin13

提交时间:2015-11-27 11:46

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:成功的入侵事件

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-27: 细节已通知厂商并且等待厂商处理中
2015-11-27: 厂商已经确认,细节仅向厂商公开
2015-12-07: 细节向核心白帽子及相关领域专家公开
2015-12-17: 细节向普通白帽子公开
2015-12-27: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

rt

详细说明:

在统一身份认证处可利用[工号+888888]爆破:http://idstar.xmu.edu.cn/amserver/UI/Login

baopo2.png


可获得大量可用账号
以2010100130/888888为例
可登录信息门户http://i.xmu.edu.cn

zhengming.png


oa.png


xietong.png


dianfei.png


在http://inc2.xmu.edu.cn/handbook/public/24/看到vpn设置
可直接利用上述账号登录
内网漫游(只扫了些弱密码)
摄像头admin/12345:

172.16.240.3
172.16.240.6
172.16.240.9
172.16.240.12
172.16.240.15
172.16.240.18
172.16.240.21
172.16.240.24
172.16.240.30
172.16.240.33
172.16.240.36
172.16.240.39
172.19.204.38
172.19.240.66
172.19.240.67
172.19.240.69
172.19.240.70
172.19.240.71
172.19.240.72
172.19.240.73
172.19.240.74
172.19.240.75
172.19.240.76
172.19.240.77
172.19.240.78
172.19.240.81
172.19.240.82
172.19.240.83
172.19.240.84
172.19.240.86
172.19.240.90
172.19.240.91
172.19.240.92
172.19.240.93
172.19.240.96
172.19.240.97
172.19.240.98
172.19.240.99
172.19.240.100
172.19.240.102
172.19.240.103
172.19.240.104
172.19.240.133
172.19.240.137
172.19.240.139
172.19.240.145
172.19.240.147
172.19.240.149
172.19.240.151
172.19.240.153
172.19.240.155
172.19.240.157
172.19.240.159
172.19.240.161
172.19.240.163
172.19.240.165
172.19.240.167


摄像头2.png


数据库服务器 密码:admin

172.16.221.10:8080


数据库服务器.png


tomcat 

[*]Cracking Start...
[+] Found 172.17.247.8:8080 --> admin : admin
[+] Found 172.17.247.9:8080 --> admin : admin
[+] Found 172.17.247.12:8080 --> admin : admin
[+] Found 172.17.247.17:8080 --> admin : admin
[+] Found 172.17.247.18:8080 --> admin : admin
[+] Found 172.17.247.19:8080 --> admin : admin
[+] Found 172.17.247.20:8080 --> admin : admin
[+] Found 172.17.247.24:8080 --> admin : admin
[+] Found 172.17.247.25:8080 --> admin : admin
[+] Found 172.17.247.26:8080 --> admin : admin
[+] Found 172.17.247.27:8080 --> admin : admin
[+] Found 172.17.247.28:8080 --> admin : admin
[+] Found 172.17.247.41:8080 --> admin : admin
[+] Found 172.17.247.42:8080 --> admin : admin
[+] Found 172.17.247.46:8080 --> admin : admin
[+] Found 172.17.247.47:8080 --> admin : admin
[+] Found 172.17.247.49:8080 --> admin : admin
[+] Found 172.17.247.50:8080 --> admin : admin
[+] Found 172.17.247.52:8080 --> admin : admin
[+] Found 172.17.247.53:8080 --> admin : admin
[+] Found 172.17.247.54:8080 --> admin : admin
[+] Found 172.17.247.56:8080 --> admin : admin
[+] Found 172.17.247.57:8080 --> admin : admin
[+] Found 172.17.247.58:8080 --> admin : admin
[+] Found 172.17.247.72:8080 --> admin : admin
[+] Found 172.17.247.73:8080 --> admin : admin
[+] Found 172.17.247.74:8080 --> admin : admin
[+] Found 172.17.247.75:8080 --> admin : admin
[+] Found 172.17.247.76:8080 --> admin : admin
[+] Found 172.17.247.82:8080 --> admin : admin
[+] Found 172.17.247.92:8080 --> admin : admin
[+] Found 172.17.247.93:8080 --> admin : admin
[+] Found 172.17.247.103:8080 --> admin : admin
[+] Found 172.17.247.104:8080 --> admin : admin
[+] Found 172.17.247.105:8080 --> admin : admin
[+] Found 172.17.247.107:8080 --> admin : admin
[+] Found 172.17.247.109:8080 --> admin : admin
[+] Found 172.17.247.110:8080 --> admin : admin
[+] Found 172.17.247.111:8080 --> admin : admin


监控中心

172.19.241.18


监控.png

漏洞证明:

zhengming.png


dianfei.png


摄像头2.png


数据库服务器.png


监控.png

修复方案:

加强管理

版权声明:转载请注明来源 kin13@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-11-27 14:11

厂商回复:

通知有关单位整改

最新状态:

2016-01-10:感谢反馈。使用的是金智教育的统一身份认证系统,已与厂商一起完成以下操作: 已强制修改用户的弱密码。 已通知用户强密码要求。 已对登陆页面加上认证错误多次后永久性返回密码错误的功能。