乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-08: 细节已通知厂商并且等待厂商处理中 2016-01-12: 厂商已经确认,细节仅向厂商公开 2016-01-22: 细节向核心白帽子及相关领域专家公开 2016-02-01: 细节向普通白帽子公开 2016-02-11: 细节向实习白帽子公开
**.**.**.**/nhis/ 湖北省卫生计生综合监督业务系统,全湖北的卫生检查,以及医疗单位从业检查,信息爆炸,泄露大约300W从业者信息,500W左右的企业单位(包括大型企业和小吃店)检查及单位信息。危害十分巨大,涉及数据库近10个。数据量过大,只截取部分数据作为证明。这里卫生并不是单纯的卫生,包括医疗卫生。也就是医疗事业从业者,包括诊所医院,湖北省全省的数据。**.**.**.**/nhis/2.jspx 9635789
<property name="connection.url"> jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb </property> <property name="connection.username">standard</property> <property name="connection.password">hbdb42NHIS</property> <property name="dialect"> <url>jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>adminlice</value> </property> </properties> <password-encrypted>{AES}mJ+ATysS+xdd5ij1Bomhm0XpypdqE5/J9IgbTiubpSs=</password-encrypted> hbdb42NHIS <url>jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>eap</value> </property> </properties> <password-encrypted>{AES}3wZvnJmNeCzEe8O1swJf1/ACEGHyJG159QFbC2MjMXs=</password-encrypted> hbdb42NHIS <url>jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb</url> <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name> <properties> <property> <name>user</name> <value>nhalstatistics</value> </property> </properties> <password-encrypted>{AES}dUwhz4ENdbb8DUcGHp55a5qkvd8WI3Jk3KRxe7nwTa0=</password-encrypted> <url>jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>nhis42</value> </property> </properties> <password-encrypted>{AES}CQ+GWxaRNgttNy3KpaPljiMYIMzkf0Hy2QajQ9zgBnw=</password-encrypted> <url>jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>nhspstatistics</value> </property> </properties> <password-encrypted>{AES}z/UCcsEjVwgRIjdG+NQD7C5gwfsnyo8trC1nwhODSe0=</password-encrypted> <url>jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>standard</value> </property> </properties> <password-encrypted>{AES}KbU0IkLEuxpVw6hU/9DpNy/Br4v9zzKjBtML625AorY=</password-encrypted> <url>jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>statistics</value> </property> </properties> <password-encrypted>{AES}Boc5QcFeSSHfB1VKesVxQbwXGIcalDp6ZM7Fvmn5tmo=</password-encrypted> <url>jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>supervise</value> </property> </properties> <password-encrypted>{AES}rGnV5nWrQa9KkJuOPHyGjwSo1GfCgQyQfFrU4vGGYWk=</password-encrypted>
密码均是hbdb42NHIS
<code>Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS descTABLE_NAMEVARCHAR2 NUM_ROWSNUMBERT_USER_PURVIEW 691946T_ROLE_PURVIEW 140627T_REGION 48090T_USER_20141129 21263T_ADDETAIL 20484T_DEPT 11998T_USER_ROLE 7089T_USER 4799T_ROLE 4070T_BUSINESS 3972T_ORGANIZATION 3602T_ORGANIZATION_20141129 3601T_WORK_DATE 2373T_PURVIEW_MENU 2241T_FLOW_SET 1924T_PERMITNO_MODULE 1736T_USER_FASTTRACK 870T_ADDRESSBOOK 705T_BBS_REPLY 609T_UNVOUCHER_V1 436T_REGION1 399T_LICE_MATERIAL_LIST 66816T_LICE_PUBLIC_PLACE 50937 5W家单位卫生检查信息T_LICE_TRANSACT 40134T_SQ_SQMATERIALAFFIX 34547T_LICE_MEDICALCOMMON 30771T_LICE_REMIND_TEMP 11768T_LICE_FOOD_SAFETY_STAND 9401T_SQ_AUDITING 8982T_PRO_WRITEAP_SYS_WF_ACTOR 55444EAP_SYS_WF_HISTORY 46693EAP_SYS_OPINION 46692EAP_SYS_USER_BASEPROFILE 20912MTM_USER 19419EAP_SYS_TODO_MESSAGE 13614EAP_SYS_APPLOG 13563EAP_SYS_WF_RUNNINGSTATUS 11219EAP_SYS_WF_MAIN 11134EAP_SYS_ELE 5812EAP_SYS_WF_UNDERWAY 5118EAP_SYS_ELE_ATT 5010T_AUDITING 1740981 200W企业检测结果T_REGULAR_SUPERVISION 373611T_REGULAR_COMPTYPESEC 370803T_PERSON 319759 30W医生个人资料T_PERSON_V1 305494 30W医生个人资料T_REGULAR_SUPERVISION_V1 229913T_REGULAR_COMPTYPESEC_V1 225578T_QUALITYCONTROL 189612T_PUBLICPLACES_HISTORY 127230T_CASEINFORMATION 112741T_PUBLICPLACES 71004T_RECENTLYREPORTED 62880T_DETECTION_SUB 51468
</code>数据库结构
危害等级:高
漏洞Rank:10
确认时间:2016-01-12 16:34
漏洞重复,CNVD不在重复处置。
暂无