当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0172046

漏洞标题:苏州某公积金管理中心漏洞(大量交易金额\泄露养老医疗工伤保险\个人业务办理家庭地址)

相关厂商:苏州工业园区

漏洞作者: 路人甲

提交时间:2016-01-23 11:10

修复时间:2016-03-10 16:42

公开时间:2016-03-10 16:42

漏洞类型:后台弱口令

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-23: 细节已通知厂商并且等待厂商处理中
2016-01-27: 厂商已经确认,细节仅向厂商公开
2016-02-06: 细节向核心白帽子及相关领域专家公开
2016-02-16: 细节向普通白帽子公开
2016-02-26: 细节向实习白帽子公开
2016-03-10: 细节向公众公开

简要描述:

详细说明:

**.**.**.**/wa/wa/ma3.jsp  carry

后台弱口令 通过配置,上传shell,找到数据库,得到大量居民和银行缴费的信息。

漏洞证明:

1.jpg

2.jpg

3.jpg

4.jpg

5.jpg

6.jpg

7.jpg

8.jpg

9.jpg

10.jpg

11.jpg

12.jpg

<url>jdbc:oracle:thin:@**.**.**.**:1521:web</url>
    <driver-name>oracle.jdbc.OracleDriver</driver-name>
    <properties>
      <property>
        <name>user</name>
        <value>website</value>
      </property>
    </properties>
    <password-encrypted>{3DES}Gu8MFWlGb2c=</password-encrypted>    解密123456
-----------------------------------------------------------------------
    <url>jdbc:oracle:thin:@**.**.**.**:1521:web</url>
    <driver-name>oracle.jdbc.OracleDriver</driver-name>  
    <properties>
      <property>
        <name>user</name>
        <value>netgjjnew</value>
      </property>                    解密  netgjjnew
    </properties>
    <password-encrypted>{3DES}UgNlpQAdKMPCAl7JR0IqkA==</password-encrypted>
--------------------------------------------------------------------------------

A	 
ARTICLEIMAGEVIEW	 
ART_STRU	 
ART_STRU_ITEM	 
BJDA_INRE	 
BLOG_ALBUM	 
BLOG_ARTICLE	 
BLOG_ARTICLE_TAG	 
BLOG_COMMENT	 
BLOG_PUR_GROUP_MODULE	 
BLOG_PIC_SPEC	 
BLOG_MAIN	 
BLOG_GUESTBOOK	 
BLOG_EDIT_ARTICLE_CLASS	 
BLOG_EDIT_ARTICLE	 
BLOG_CONFIG_SITE	 
BLOG_CONFIG_RSS	 
BLOG_CONFIG_FILE_UPLOAD	 
CLUSTER_NODE	 
CC_UDR_FEE	 
CAMS_NEWS_HISTORY	 
CAMS_ITEM	 
BLOG_VISITOR_COUNT	 
BLOG_USER_MODULE_MAP	 
BLOG_USER_MODULE_CLASS	 
BLOG_USER_MODULE	 
BLOG_USER	 
HYT_SITE_USER_STYLE	 
HYT_SITE_STYLE_PROPERTY	 
HYT_SITE_STYLE_INFO	 
GJJ_SENDMES	 
GJJ_REPLY_DATE	 
GJJ_RELAX_DATE	 
GJJ_KNOWLEDGE_KEYS	 
GJJ_KNOWLEDGE	 
GJJ_CUSTOMER	 
ONETFORUM	 
ONETFAVORITE	 
ONETFACTIONUSER	 
ONETFACTION	 
ONETAVATARUSER	 
ONETAVATARPROP	 
ONETAVATAR	 
ONETATTACHMENTPROP	 
ONETATTACHMENT	 
ONETLAYOUT	 
ONETGROUPPROP	 
ONETGROUPPERM	 
ONETGROUP	 
ONETFRIENDGROUP	 
ONETFRIEND	 
ONETFORUMTHREADTOP	 
ONETFORUMTHREADPROP	 
ONETFORUMTHREADEXC	 
ONETFORUMTHREAD	 
ONETFORUMPROP	 
ONETFORUMMESSAGEPROP	 
ONETFORUMCATEGORY	 
ONETFORUMAUTHORIZED	 
ONETUSER	 
ONETTRADE	 
ONETTASKDETAIL	 
ONETTASK	 
ONETSTYLE	 
ONETSTATUSLEVELPROP	 
ONETSTATUSLEVELPOINTS	 
ONETSKIN	 
ONETSEQUENCE	 
P_ALBUMPHOTO	 
P_ALBUM	 
P_AGENT_PROVINCE_CICO	 
P_AGENTWEB	 
P_AGENTROLE	 
P_AGENTDEFAULTWEB	 
P_AGENT	 
PLAN_TABLE	 
PB_EXCHANGE_RATE	 
P_INFOCONTENT20110625	 
P_INFOCONTENT	 
P_INFO	 
P_INDEXTEMPLET	 
P_HOUR	 
P_HOTSPOT	 
P_HOTKEY	 
P_HOSPITAL_20150122	 
P_HOSPITAL	 
P_HISTORYMSG	 
P_FLOW_TASK_HIS	 
P_FLOW_TASK	 
P_FLOW_NODE	 
P_FLOW_DETAIL	 
P_FLOWTASK_SEQ	 
P_FLOW	 
P_FILESIGNRESULT	 
P_FILESIGN	 
P_FILEDIC	 
P_FILE	 
P_EXPORT_MDB	 
P_EXCH_RATE	 
P_EXCHANGE_TYPE	 
P_EMPLOYEE	 
P_EMAIL_CALL_DEAL	 
P_EMAIL_CALLBACK	 
P_EMAIL	 
P_DOWNLOAD	 
P_DISPENSARY_20150122	 
P_DISPENSARY	 
P_DIRECTORY	 
P_DIR	 
P_DEPTNODEAGENT	 
P_DEPTGROUPLINK	 
P_DEPTGROUP	 
P_DEPTDUTY	 
P_DEPT	 
P_DEALDEPART	 
P_DAY	 
P_CUSTOM	 
P_CRITIC	 
P_COUNTER	 
P_COMMENT	 
P_COL_KEYWORD	 
P_COLUMN_WEB20110625	 
P_COLUMN_WEB	 
P_COLUMN_STATISTICS20110706	 
P_COLUMN_STATISTICS	 
P_COLUMN_MIRROR	 
P_COLUMNVISIBLE	 
P_COLUMNTOINFO	 
P_COLUMNTEMPLATE	 
P_COLUMNPOPHTML	 
P_COLUMNPERMISSIONS	 
P_COLUMN20110625	 
P_COLUMN	 
P_COLNAVIGATION	 
P_COLLECTMAGAZINE	 
P_CLUSTER_MODULE	 
P_CLINIC_20150122	 
P_CLINIC	 
P_CHILDWEB_STATISTICS20110706	 
P_CHILDWEB_STATISTICS	 
P_CHILDWEB20110625	 
P_CHILDWEB	 
P_CHATROOM	 
P_CHATMSG	 
P_CHATLIVE	 
P_BLOGVISITOR	 
P_BLOGTYPE	 
P_BLOGTITLE	 
P_BLOGTEMPLET	 
P_BLOGERINFO	 
P_WEB20110625	 
P_WEB	 
P_WANTAD	 
P_VIDEO	 
P_VEDIO_COLUMN	 
P_VEDIO	 
P_USER_MENU_URL	 
P_USER_MENU	 
P_USERINTEGRAL	 
P_USERDEPT	 
P_USER	 
P_UPLOAD_SIZE	 
P_UPLOADFILE	 
P_TOPICQUESTIONS	 
P_TOPIC	 
P_TODO	 
P_TEMPWEB	 
P_TEMPLET_BAK	 
P_TEMPLET20110625	 
P_TEMPLET	 
P_TABOO	 
P_TABLEPROGRAM	 
P_TABLEFIELD	 
P_TABLE	 
P_SYS_VAR	 
P_SYS_LOG	 
P_STYLE_MAIN	 
P_STYLE_CHILD	 
P_STOCK_BAK	 
P_STOCK	 
P_STATION_SETUP	 
P_STATION_PROVINCE_CICO	 
P_STATION_INFO	 
P_STATICSET	 
P_STATICCOLUMN	 
P_SPECIAL	 
P_SNATCH_KEY	 
P_SNATCH	 
P_SMS	 
P_SKIN	 
P_SITETEMPLATE	 
P_SEQUENCE	 
P_SENSTIVEWORDS	 
P_ROOM	 
P_ROLEWEB	 
P_ROLEMENU_URL	 
P_ROLEMENU	 
P_ROLE	 
P_RIGHT	 
P_REVERTMB	 
P_RESUME	 
P_RESTEXT	 
P_RESRESULT	 
P_RESOURCE	 
P_RESOPTION	 
P_RESEARCH	 
P_REPLY	 
P_RELEASEROLE	 
P_RECOMMEND	 
P_RECIPIENT	 
P_QUESTIONS	 
P_QUESTION	 
P_QNERESULT	 
P_PUBLISH_TASK_HIS	 
P_PUBLISH_TASK	 
P_PUBLICADDRESS	 
P_PROGRAMTEMPLET	 
P_PRIVATEADDRESS	 
P_POR_USER	 
P_POR_MODULES	 
P_POR_MODULELAYOUT	 
P_POR_MODULECONFIG	 
P_POPHTML	 
ZX_WORKTYPE	 
ZX_WORKLIST_WORKNUMBER	 
ZX_WORKLIST	 
ZX_USERINFO	 
ZX_DATE	 
ZX_CARDTYPE	 
ZXJ_USERINFO	 
ZKHL_SERVICE_TYPE	 
ZKHL_INCREMENT_INDEX	 
XWKBSJB	 
WAPCOLUMN	 
VOTE_USER_EXT_BAK	 
VOTE_USER_EXT	 
VOTE_USER	 
USER_TEXT	 
USER_RESEARCH	 
USER_OPTION	 
T_AD_MONTH	 
T_AD_HOUR	 
T_AD_EXPOSURELOG_HIS	 
T_AD_EXPOSURELOG	 
T_AD_DAY	 
T_AD_CLICKLOG_HIS	 
T_AD_CLICKLOG	 
T_ADVERTISEMENT	 
TEST	 
SYS_LOG_USER	 
SYS_LOG_TYPE	 
SYS_LOG_OPER	 
SYS_IP_RES	 
SYS_DATA_BAK_TABLES	 
SYS_DATA_BAK	 
SYS_CONFIG	 
SVC_PRODUCT	 
SP_INFO	 
SA_USER_EXT_BLOG	 
SA_USER	 
SA_GROUP	 
R_TAB_USER	 
R_TAB_TEST_TYPE	 
R_TAB_TEST_QUESTION	 
R_TAB_TEST_PAPER	 
R_TAB_TEST_OPTION	 
R_TAB_SFD	 
R_TAB_SALSESMAN	 
R_TAB_PUBLICATION	 
R_TAB_PROVINCE	 
R_TAB_ONLINE_QUESTION_ANSWER	 
R_TAB_ONLINE_QUESTION	 
R_TAB_INSURANCE_TYPE	 
R_TAB_INSURANCE_APPOINTMENT	 
R_TAB_FILIALE	 
R_TAB_ENSURE_TYPE	 
R_TAB_ENSURE_STATUS	 
R_TAB_CUSTOMER	 
R_TAB_COUNTRY	 
R_TAB_CITY	 
R_TAB_CASE	 
R_TAB_BOROUGH	 
P_WORKREVIEW	 
P_WORKPLAN	 
P_WORKLOG	 
P_WORKFLOWDETAIL	 
P_WORKFLOW	 
P_WEB_VERSION	 
P_WEB_T	 
P_WEB_RATIONAL_KEYWORD	 
P_WEB_KEYWORD	 
P_WEB_EXTEND	 
P_WEBTITLE	 
P_WEBINFO_VERSION	 
P_WEBCOPYRIGHT	 
P_PICTURE_BAK_200912041538	 
P_PICTURE	 
P_PIC	 
P_PERSONWEB	 
P_OTHERWEB	 
P_ORDERWEB	 
P_ONLINE	 
P_NODE_USER	 
P_NODE_ROLE	 
P_NODEFIELDIDI	 
P_NODEAGENT	 
P_NODE	 
P_NAVIGATION	 
P_MUSIC	 
P_MSG_UPDATATIME	 
P_MSG_SYS	 
P_MSG_SAVEBOX	 
P_MSG_OUTBOX	 
P_MSG_INBOX	 
P_MSG_BLACKLIST	 
P_MONTH	 
P_MODULE_RUNTIME	 
P_MODULE_LOG	 
P_MODULE_HOST	 
P_MODULE	 
P_MESSENGER	 
P_MESSAGEBOARD	 
P_MENU_URL	 
P_MENU	 
P_MEMO	 
P_MAGAZINEINFO	 
P_MAGAZINECOLUMN	 
P_MAGAZINE	 
P_MAGASERIALCOL	 
P_LOG_COLUMNHTML_DETAIL	 
P_LOG_COLUMNHTML	 
P_LOGINLOG	 
P_LOGINFO	 
P_LOGCATEGORY	 
P_LOGANALYSIS_HIS	 
P_LOGANALYSIS	 
P_LINK	 
P_LEAVEWORD_TYPE	 
P_LEAVEWORD_IDENTITY	 
P_LEAVEWORD_GRADE	 
P_LEAVEWORD_ANSWER	 
P_LEAVEWORD	 
P_LEADERMAIL1	 
P_LEADERMAIL	 
P_KEYS	 
P_KEYMANAGEMENTAAAA	 
P_KEYMANAGEMENT	 
P_JOB	 
P_ISSUEMAGAZINE	 
P_IPDATA_BAK	 
P_IPACCESSED	 
P_IP	 
P_INTEREST_TYPE	 
P_INTEREST_RATE	 
P_INTEGRALDETAIL	 
P_INFOTOINFO	 
P_INFOSEND	 
P_INFODOT	 
P_INFOCONTENT_T	 
P_BLOGCRITIC	 
P_BLOGCOLUMN	 
P_BLOG	 
P_BBSREVERT	 
P_BBSCOLUMN	 
P_BBS	 
P_BACKUP	 
P_APPRAISE	 
ONETZONEPROP	 
ONETZONE	 
ONETWATCHSCHEDULED	 
ONETWATCH	 
ONETVOTETRACK	 
ONETUSERPROP	 
ONETUSERPERM	 
ONETUSERGROUP	 
ONETREADTRACK	 
ONETPOLLITEM	 
ONETPOLL	 
ONETPOINTSHEET	 
ONETPOINTS	 
ONETPOINTCATEGORY	 
ONETPMESSAGEPROP	 
ONETPMESSAGEFLDR	 
ONETATTACHDATA	 
ONETAPERM	 
ONETANNOUNCEPROP	 
ONETALLIANCE	 
LOGIN_INFO	 
LEAVEMOVE	 
LEAVEINFO	 
HYT_USER_COLUMN	 
GJJ_CONSULT_TYPE	 
GJJ_CONSULT_REMARK	 
GJJ_CONSULT	 
EXPORT_MDB	 
EASYSITE	 
COM_MEMBER_INFO	 
COM_CONFIG_MEMBER_COLUMN	 
COM_CFG_MEMBER	 
BLOG_SYS_WORD_FILTER	 
BLOG_SYS_SEQUENCE	 
BLOG_SYS_RESOURCE	 
BLOG_SYS_MODULE	 
BLOG_SKIN_CLASS	 
BLOG_SKIN	 
BLOG_SEARCH_INDEX_DB	 
BLOG_PUR_USER_MODULE	 
BLOG_CLICK_COUNT	 
BLOG_ARTICLE_CLASS	 
BLOG_ALBUM_PHOTO	 
BJDA_INREPLAY	 
BJCOLUMNINFO	 
HYT_FILE	
HYT_REPORT	
ONETPROPERTY
ONETSKINPROP	
ARTICLECONTENTS	
ONETTRADEPROP	
ONETTASKPROP	
ONETTASKDETAILPROP	
ONETSYNCHRONIZE	
ONETSTYLEPROP	
ONETSTATUSLEVEL	
ONETPMESSAGE	
GDDTSJB	0
ONETANNOUNCE	
ONETFORUMEVENT	
ONETPLUGINPROP
ONETFORUMMESSAGE	
HYT_RECORD	
ARTICLEINF

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-01-27 17:45

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置.

最新状态:

暂无