漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0158214
漏洞标题:XX宝源代码泄露+数据库对外网开放,可脱库
相关厂商:经营宝
漏洞作者: 路人甲
提交时间:2015-12-04 13:02
修复时间:2016-01-21 18:22
公开时间:2016-01-21 18:22
漏洞类型:重要敏感信息泄露
危害等级:中
自评Rank:5
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-04: 细节已通知厂商并且等待厂商处理中
2015-12-08: 厂商已经确认,细节仅向厂商公开
2015-12-18: 细节向核心白帽子及相关领域专家公开
2015-12-28: 细节向普通白帽子公开
2016-01-07: 细节向实习白帽子公开
2016-01-21: 细节向公众公开
简要描述:
XX宝源代码泄露,代码中有数据库配置
更奇葩的,数据库可以从外网链接
详细说明:
无意发现的
https://**.**.**.**/hwf452/efb/blob/ab34ce57c1c94d32f4c40ac64a49a0851e1ea7ae/efb/build/classes/jdbc.properties
里面有数据库帐号配置。为什么说是经营宝的呢,可以在这个工程继续搜jyb360就能看到信息,当然,也可以从数据库里面看出来确实是jyb360
漏洞证明:
这个efb应该是jyb下的什么产品吧,为什么说是jyb的呢,因为数据库里面有写啊
请审核帮忙打下码
mysql> show tables;
+------------------------------------------------+
| Tables_in_efb-1-3 |
+------------------------------------------------+
| accessright |
| account |
| accountpayableledger |
| accountpayableledgerdetail |
| accountpayableledgerdetailattachment |
| accountpayableledgertemp |
| accountreceivableledger |
| accountreceivableledgerdetail |
| accountreceivableledgerdetailattachment |
| accountreceivableledgertemp |
| actualaccountpayablesummarygroupbydebtor |
| actualaccountreceivablesummarygroupbydebtor |
| actualoperatingexpensesummary |
| appnotificationtemplatedefine |
| areaaddress |
| attachedmaterial |
| businesscircle |
| businesscircle_businesscirclerelation |
| businesscircleinvitation |
| businesscirclejoinapply |
| businesscirclerelation |
| businessid |
| cashflowstatement |
| clientassetsummary |
| clientassetsummaryconfirm |
| coreenterprise |
| coreenterpriseapply |
| enterprise |
| enterpriseaddress |
| enterprisedetail |
| enterpriseextconfig |
| enterpriseidseq |
| enterpriselofincome |
| enterpriseprovider |
| enterpriseuser |
| enterpriseuser_rolerightmap |
| enterpriseuser_userrolemap |
| enterpriseuseraccessright |
| enterpriseuserrole |
| feedback |
| fileindexconfirm |
| financeformula |
| financialactualindicator |
| financialcalcjobschedule |
| financialindicatorgroup |
| financialindicatorref |
| financialindicatorsetdefine |
| financialmainindicatordefine |
| financialoptimizedindicator |
| financialproduct |
| financialproductad |
| financialproductaddetail |
| financialproductadditionalinformation |
| financialproductorder |
| financialproductorderconfirm |
| financialproductorderpayment |
| financialproductpurchaseintention |
| financialproposedindicator |
| financialsubindicatordefine |
| financialsubindicatorformuladefine |
| fundprovider |
| helplinerequest |
| incomestatement |
| incomestatementsubindicator |
| industrialclassification |
| interestedenterprise |
| investmentschedule |
| investmenttransactionconfirm |
| joinenterprisedesire |
| loan_categorycondition |
| loan_productcondition |
| loanagreement |
| loanapply |
| loanapplyattachment |
| loanapprove |
| loancondition |
| loanperformance |
| loanpermission |
| loanproduct |
| loanrepaymentplan |
| loanrepaymentrecord |
| loffundbatchjobconfig |
| lofnetassetvalue |
| menu |
| notificationchannel |
| notificationclient |
| notificationclientgroupmapping |
| notificationcontact |
| notificationcontactgroup |
| notificationcontactgroupmapping |
| notificationgroup |
| notificationitem |
| notificationitemchannel |
| notificationschedule |
| notificationsubscription |
| notificationtemplate |
| optimizedaccountpayablesummarygroupbydebtor |
| optimizedaccountreceivablesummarygroupbydebtor |
| optimizedoperatingexpensesummary |
| optimizedoperatingexpensesummarytemp |
| portalannouncement |
| portalfinancialannouncement |
| portalnews |
| position |
| positionstatement |
| positionstatementsubindicator |
| productcategory |
| proposedfinancialoptimizationplan |
| publicenterprise |
| qrtz_blob_triggers |
| qrtz_calendars |
| qrtz_cron_triggers |
| qrtz_fired_triggers |
| qrtz_job_details |
| qrtz_job_listeners |
| qrtz_locks |
| qrtz_paused_trigger_grps |
| qrtz_scheduler_state |
| qrtz_simple_triggers |
| qrtz_trigger_listeners |
| qrtz_triggers |
| reportfield |
| reporttype |
| role |
| roleright |
| schedulemessagequeue |
| serviceattachedmaterial |
| serviceattachedmaterialdefine |
| serviceattachedmaterialdetail |
| serviceversionconfig |
| smsnotificationlog |
| smsnotificationorder |
| smstemplatedefine |
| systemconfig |
| systemparam |
| transactionsummary |
| user |
| userpersonalsetting |
| userrole |
| userverificationcode |
| verificationcode |
| wcmenu |
+------------------------------------------------+
142 rows in set (0.06 sec)
mysql> select * from user;
+----+---------------------+---------+----------------------------------+-------------+------+-------+---------------------+-----------+--------------+---------------------+---------+-----------------+-----------+
| id | email | imgPath | password | phoneNumber | sex | state | time | userName | lastUpdateBy | lastUpdateTime | version | fullName | wechat |
+----+---------------------+---------+----------------------------------+-------------+------+-------+---------------------+-----------+--------------+---------------------+---------+-----------------+-----------+
| 1 | admin@**.**.**.** | | d5c6f0216ea4bdca3022a8f5c94797cf | 1234567 | 0 | 0 | 2014-10-13 14:43:53 | admin | system | 2015-06-02 14:31:00 | 21 | JYB管家小宝 | grando.lu |
| 2 | [email protected] | | 21218CCA77804D2BA1922C33E0151105 | 13800885125 | 0 | 0 | 2014-10-13 14:43:56 | root | system | 2015-06-02 14:31:24 | 5 | root | tofu.chen |
| 3 | grando.lu@**.**.**.** | | 21218CCA77804D2BA1922C33E0151105 | 13631281228 | 1 | 0 | 2014-10-13 14:44:00 | grando.lu | system | 2015-06-02 14:53:28 | 4 | grando.lu | NULL |
| 4 | qwe123@**.**.**.** | | 21218CCA77804D2BA1922C33E0151105 | 123456 | 1 | 0 | 2014-10-13 14:44:02 | qwe123 | system | 2015-06-02 14:53:30 | 4 | qwe123 | NULL |
| 14 | leo@**.**.**.** | | 21218CCA77804D2BA1922C33E0151105 | 13589526305 | 1 | 0 | 2014-10-13 14:44:28 | leo | system | 2015-06-02 14:54:21 | 7 | 朱丛洲 | leo.chu |
| 15 | tony.hon@**.**.**.** | | 21218CCA77804D2BA1922C33E0151105 | 18688181959 | 1 | 0 | 2014-10-13 14:44:28 | hanbin | system | 2015-06-02 15:02:49 | 4 | 韩冰 | tony.hon |
+----+---------------------+---------+----------------------------------+-------------+------+-------+---------------------+-----------+--------------+---------------------+---------+-----------------+-----------+
6 rows in set (0.06 sec)
修复方案:
1. 教育员工,内部保密代码不能随便传gayhub
2. 修改数据库密码,关闭数据库外联,做好权限分配和控制
3. 这个代码是7月份就出现在github上了,时间很久,说其他人没有发现我不信,查查内部系统的日志,说不定已经发展成安全事件了
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2015-12-08 11:21
厂商回复:
CNVD未直接复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
最新状态:
暂无