当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0157428

漏洞标题:某建筑设计研究总院邮箱系统设计缺陷获取大量账户权限(敏感信息)

相关厂商:cncert国家互联网应急中心

漏洞作者: 班尼路

提交时间:2015-12-02 15:50

修复时间:2016-01-16 17:36

公开时间:2016-01-16 17:36

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:11

漏洞状态:已交由第三方合作机构(广东省信息安全测评中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-02: 细节已通知厂商并且等待厂商处理中
2015-12-02: 厂商已经确认,细节仅向厂商公开
2015-12-12: 细节向核心白帽子及相关领域专家公开
2015-12-22: 细节向普通白帽子公开
2016-01-01: 细节向实习白帽子公开
2016-01-16: 细节向公众公开

简要描述:

RT

详细说明:

深圳市建筑设计研究总院邮箱系统登录口

https://**.**.**.**/


mail.png


无验证码,可爆破。

burp1.png


burp.png


burp抓包,top500导入,密码123456,获得了一些弱口令账户。

lijing	
zhangmin	
liuwei	
zhangli	
liqiang	
liuyang	
wangyan	
wangmin	
zhangjie	
lijuan	
zhangtao	
wangchao	
wangjie	
wangping	
liufang	
liujun	
wangyan	
chenwei	
liujing	
lichao	
zhangpeng	
zhangling	
yangyong	
zhangyu	
zhangli	
wangping	
wangping	
zhangbo	
liuhui	
yangjie	
yangmin	
liubin	
wangting	
wangna	
chenying	
chenjun	
zhangting	
chenhao	
zhangna	
zhanglin	
liujia	
wangqian	
chenqiang	
zhaojing	
chenliang	
chenping	
zhangmei	
yanghua	
zhangjie	
liuyang	
liujun	
chenchen	
lidongmei	
chenlei	
liufei	
chenhui	
wanglijuan	
liuting	
liuming	
zhanghaiyan	
lijing	
zhangyu	
lilong	
zhouwei	
wangkun	
lixiang	
liuhui	
wangrong	
yangping	
wangyan	
liufeng	
zhangbo	
zhanglin	
huangmin	
chenjianhua	
chenping	
zhangli	
sunwei	
chenjun	
zhangrong	
zhangyu	
zhoujing	
xujing	
wanglu	
zhangwen	
zhouli	
chenxin	
liguihua		
liwei	
limin	
liyan	
lili	
lidan	
liyan	
lihui	
lili	
lixin	
lihui	
lilin	
liyun	
lihao	
lixin	
mali	
lilin	
liyan	
liuyu


登录其中一个账号,从通讯录里将所有邮箱用户导出整理,按照上述步骤批量测试,发现所有邮箱用户里使用弱口令123456的共有631人,账号列表如下:

duanrongrong	
chenxianfeng	
dengcongcong	
fengyonggang	
guanqiaohuan	
huangbinxiang	
zhangxiaoyan	
lianghanfeng	
zhoutianyang	
chenfangfang	
changweiqiang	
zhengyinglin	
qinpengchong	
shengquanwei	
wangjialiang	
xiaoyingzhen	
zhengmianhui	
liaoxiaoling	
pengchaoying	
zhangxinyuan	
zhenghuichuan	
zhouchangsheng	
chenyingwang	
songchonghuan	
xionglingzhi	
huangkaipeng	
huangmingxing	
linshaozhong	
zhangguangtao	
zhangbinghuo	
zhangbingshun	
zhangjintian	
zhangjunhong	
zhangwenting	
zhangyinghao	
zhangyongjun	
zhangxiaolin	
zhengshuangming	
zhongxiaolin	
zuohuaizheng	
jiangjinfeng	
jiangshaohua	
wangpengcheng	
zhangchuanfa	
penggonghuan	
ruanjianghao	
wangyongrong	
zhangbingqian	
caixiancheng	
jiangweilong	
jiangchengai	
zhangchangjing	
zhengxiaohui	
wangminguang	
zhongguanzhou	
zhuangsuzhou	
guochangming	
zhangguocheng	
zhengfanghua	
mengminglong	
zhongwenjuan	
chenjingjing	
linianyanghui	
mengxiangzhu	
zhanguoliang	
zhangweixiang	
luochenglian	
wangmingfeng	
zhaozhanzhan	
liangjialing	
zhongcuilian	
jiangzhengmin	
zhanghuichan	
wangmingying	
zhanghongshuo	
zhengjianhua	
zhuangruimin	
jiangwangming	
jinchenliang	
wangyongqiang1	
yanchuanquan	
tangpeiliang	
zhangjunhong1	
wangjiangtao	
caomaozhu	
chenxinmin	
hulimin	
jiangrong	
mashuhui	
shenye	
wangjielan	
xianxueying	
zhangmei	
zhouyajing	
caichanglin	
zengjinxuan	
chendonghou	
chenjianhua	
chenjinying	
chenjing3	
chenxiaoqin	
chenzehan	
dengweidian	
gaochunming	
gaowei1	
gongwenwei	
hejunhao	
hetianhong	
hongchenxue	
hushijiang	
huyongkun	
huangyan	
lijialiang	
lijunjie	
liminxian	
liaomanli	
linchuanwen	
linjiawei	
liuchaofan	
liugang3	
liuyizhong	
liuyuanming	
luhuajiong	
luxiaoqian	
jiqing	
shidichen	
wangbaojing	
weigenghua	
wurihua	
wuruihui	
wushuang	
xubin1	
xujing	
xuxuwu	
xumaoyu	
xushiming	
yuwentao	
zhanghaibin	
zhangpeng	
zhengpu	
fengyuanfei	
huangsiqin1	
lizhengang	
lincheng	
liufenge	
liulili	
liuwei	
wangna	
wangyixu	
wangzefu	
yezengming	
zhengbin	
baopengfei	
chenhao	
chenqianli	
chenwei3	
gaoran	
heqiang	
libinbin	
lijun1	
lishuluan	
luxiaofeng	
qiufeng	
sunchang	
wuhaiping	
wuyufeng	
xiaofan	
yangjin	
yangyu	
yeyuan	
zhongzhen	
zhousuhua	
mochangwen	
nidunyuan	
ningke	
pengjuan1	
ruanrihua	
tanwenchao	
tanyichang	
wangyuerui	
xierujian	
xiezhiheng	
xuyong	
yangchuxin	
yangying2	
yuanhaoyang	
zhanghuan	
zhangkun2	
zhenghuiyu	
zhengxinkai	
zhoujian	
zhouwenfeng	
zhouzhan	
chenyanli	
caiyanyan	
chenjunru	
chenlu	
biyijun	
guzhengjun	
guofei	
hejuan	
jianghua	
liyongsheng	
liquanfeng	
linwuqian	
liuruixia	
luying	
miting	
qiuyinghu	
renyan	
shengyue	
shixiangli	
tanwei1	
wanchuanda	
wanglijun	
wangxiaobo	
wusiyuan	
xiexiangli	
xushun	
chenlei	
dingchaxin	
fangjing	
huweifeng	
jiangle	
lixinran	
liutianyu	
pengyukun	
wangjing4	
wangshuya	
xiaquan	
xiaxin	
yangyong	
yaodayong	
yeqian	
zhangbaiyan	
zhutingfu	
chensi	
tongting	
wenfang	
wengqiyun	
wuhanwen	
yangna1	
yezhenhao	
zhouqing	
zhuangyuan	
liuguoyin2	
liuhaiyan2	
luolingyan	
maihantu	
niewei	
ouyangli	
sunlei	
wanjia	
wanxiaowei	
wangaohang	
wangjian6	
wangxinran	
wangzhi1	
wenmengying	
xiaoyirong	
xiongfeng	
xuxiaoyan	
yanmeng	
yangbijie	
yufeng	
zhangwenwu	
zhangyongbo	
zhousujun	
zhuangjiaqi	
chenyuntian	
chenzhisen	
chengli	
fanyongling	
guomanliang	
guoshun	
guoting1	
lingjiang	
rentan	
yuchao	
zhangdejing	
zhouyahan	
yuechongfu	
zhanghu	
zhanglue	
zhangwei5	
zhangwenhao	
zhangyixiao	
zhangyuan1	
zhaonana	
zhenghui	
zhengjiahui	
zhongte	
zhongxi	
zhouli	
zhouwen	
zhouyufei	
zhujuanxia	
zhukezhi	
zhuzhanhua	
zouwei	
zuominggang	
caihuaping	
dudingyong	
hujinying	
huangyandi	
lichengjian	
luolei1	
quanquan	
wukang	
yanyuehu	
zhanhanwei	
zhangjielin	
zhaowuguo	
zouchengzhu	
pudawei	
puzhennan2	
jiancheng	
taoran	
wangyili	
weiqiang	
weiyajun	
wunanhua	
wuchanghua	
xubing	
yangxu	
yangyichen	
yuqiao	
zhengqing	
chenliang	
gaobeibei	
linhuixin	
lvshuai	
menglin	
wangxiaodan	
yangwantong	
yuxuedong	
zhengyan	
huting1	
huangmin1	
liyeshu	
libiao1	
linhuaxi	
liubin2	
songxin	
wanghong2	
wangxuhui	
wenchaolun	
wuqin1	
yanshan	
yangzi	
yaowei	
yunansheng	
zhanghao3	
zhulijuan	
zhuxianhe	
zouxinrui	
guojian	
huhuayu	
huangjing1	
lidong1	
linruibin	
xiedong	
yeqiulu	
tianxin	
wangxu1	
weitangbin	
wuhongling	
xielimin	
xieliang	
xinglihua	
xucailong	
xuyunchao	
yanghan	
zhangge	
zhangna	
zhangru	
zhangrui2	
zhaoguojian	
zhengjinhai	
zhengyushi	
zhoufu	
zhoujiaqi	
zhouxiaohui	
zhouyao	
chuwenming	
lichanglan	
qinxuan	
huitingting	
sunxiaoxi	
wenglifei	
baixingchen	
caoping	
chenbaohong	
chenjinqiu	
daidonghui	
daimingfeng	
duyuchen	
guohao2	
hemincong	
huzhiguo	
huanghua	
jinlihua	
lijie4	
limaobao	
lipeisong	
lipengfei1	
liaoxuwen	
liuwenyuan	
liuyingfeng	
liuchangfu	
luoyongshu	
lvzhijie	
mengyaping	
ningshuai	
pengxiaomin	
qinwei1	
songwenbo	
songyichao	
tanchangbo	
wanjun	
wangjin2	
weiyating	
wuconghe	
wufengli	
wujianming	
wulijun	
wuyanqiang	
wuweizhi	
xiaobo	
xiaolijun	
xieyufa	
yanpeiqi	
yanjiachun	
yanghua	
yangweiping	
yaozhuang	
yejingren	
zhangdecong	
zhaokuan	
zhaolanruo	
zhouwangjun	
zhujianhui	
zhuyuanfu	
fengzhuoran	
huangpeng	
lishanshan	
lixiaolin	
liyuanzhuo	
liuyiping	
luying	
luojinyong	
qiaozhe	
shilihong	
shijiacheng	
shiwuyang	
wangliqun	
xiajia	
xuyiwen	
zhaoyunsui	
gaowei	
guozhijun1	
huangxinan1	
litao2	
liuwenye	
luoling	
qinxungang	
shentao	
wangmin	
wangqiong	
weisiqiong	
wuzanjun	
xieyuanxin	
yangmin	
laicaiping	
lishuguang	
lixuanwei	
liyangxian	
lizhonghui	
liuyi2	
liuzhenqi	
machao1	
menqianhui	
shihongli	
taohoucheng	
wangjian2	
wangqiuju	
wangyousan	
wangzhenhua	
weiyuemin	
xuzhigang	
yuxueqing	
zhaichen	
zhaoshirong	
zhouping	
zhuyingli	
liangkai	
liuzhijun	
luoweipeng	
shiwen	
songjiaqi	
songjiaxin	
sunzhao	
wangjinhui	
xieyanfeng	
yangyi1	
zhanghuamin	
zhengluqiu	
zhuohui	
chenzhihua1	
liyanrong	
liupeijin	
qiugang	
zhuojunjia	
chensq	
gaoyunfeng	
limingfu	
liaozhuoxin	
liuyang	
xiaoyun	
yangwanghua	
liucuicui	
liufeihong	
liutao2	
liuwenjie	
luocheng1	
luozhongzhi	
mengjie1	
wangzuo	
wangbohua	
wangjunying	
wuhao1	
wuhongju	
xiongfang	
xucheng	
yanfei	
yangqiang	
zhangjingru	
zhangruili	
zhangyu2	
guweijun	
jiangpu	
kuanglingli	
laixuelan	
liyingjie	
qinshi	
wanglin2	
wumeimei	
wuyankui	
xiebeinan	
yuehongwen	
rendianxiao	
songlibo	
tianyihan	
wanyingchun	
wangjian1	
wanglijuan	
wangsongtao	
wuhongtao	
wulianhua	
wuqiang1	
xiezhenyin	
xiezhongmin	
xuershun	
yaohao	
yinshengwen	
yujiguang	
zhangwen	
zhaoyan	
zhaoyanbo	
zhenweizhen	
zhouli1	
daiping	
haoyaru	
jinweipeng	
linjiedi	
luoguiliu	
luoshan	
qiaoguan	
sulongfei	
sunyue1	
wanghaihe	
wangyunhao	
weiwei	
wujiaxiang	
xiejunchao	
xingfei	
yeming	
zhangxun2	
zhanghao2	
dirangmei	
lijing	
lvshuai	
penglina	
wuyongdong	
xiaomingqi	
xinqiliang	
chenweisong	
fengchun1	
lidanlin	
wangqiwen	
zhangjiayin	
niudunsheng	
suzishen		
wanqi	
majun	
xuyun	
xuzhe	
raoxi	
yurui	
kexue	
lidan	
wuyu	
yuxin	
hubei	
yanke	
lile	
xuhao	
wenxi	
wenyi	
wudao	
yanlu	
xuedi	
houqi	
piyan	
xinyi	
like	
lixin	
lihui	
xudan	
yiyu


使用弱口令12345678的共有4人,账号列表如下:

wangjinyang
liwanjie
yangyan
fanhuitao


使用弱口令123456789的共有6人,账号列表如下:

mozhifeng
huzhiyong
jiangnengfei
lifangfang
yangchunyan
linyumei


使用弱口令666666的2人

wangnaihui
zouguobiao


使用弱口令888888的2人

heyihua
zhangxusong


使用弱口令88888888的1人

cairui


登录其中几个邮箱
通讯录

txl.png


图纸

tu1.png


tu.png


密码

mima.png


mima1.png


邮箱太多,就不细翻了。

漏洞证明:

mima.png


mima1.png

修复方案:

1、加验证码。
2、修改强密码,严禁使用弱密码。

版权声明:转载请注明来源 班尼路@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-12-02 17:35

厂商回复:

非常感谢您的报告。
报告中的问题已确认并复现.
影响的数据:高
攻击成本:低
造成影响:高
综合评级为:高,rank:10
正在联系相关网站管理单位处置。

最新状态:

暂无