当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0190806

漏洞标题:宜信某站运维不当涉及内部系统人员信息

相关厂商:宜信

漏洞作者: 路人甲

提交时间:2016-03-30 17:54

修复时间:2016-05-14 18:40

公开时间:2016-05-14 18:40

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-03-30: 细节已通知厂商并且等待厂商处理中
2016-03-30: 厂商已经确认,细节仅向厂商公开
2016-04-09: 细节向核心白帽子及相关领域专家公开
2016-04-19: 细节向普通白帽子公开
2016-04-29: 细节向实习白帽子公开
2016-05-14: 细节向公众公开

简要描述:

RT

详细说明:

118.145.13.119:11211 memcached未授权访问

1.png


里面找到了 名字 电话 暂时无法判定是否为内部系统还是用户系统数据

1.jpg

漏洞证明:

遍历结果:数组/对象 序列化后显示,JSON字符串反序列化后以数组形式显示
KEY : Entitys/User/200706字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] 201603030607 姚春辉bef833a518de6c28 sysadmin+C201603030607F 13812778948t @
Flags:8类型:string大小:973 byte失效时间:2016-03-30 17:39:00反序列化刷新删除
KEY : Entitys/User/190797字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] M201512080234 李国雅21234e9af8fb006f sysadminۅM201512080234p/. 152611832126 >l
Flags:8类型:string大小:973 byte失效时间:2016-03-30 17:42:51反序列化刷新删除
KEY : Entitys/User/202459字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] 201603090448周超340e6837987f1ffc sysadminõØH201603090448A8X 18262952560q @bQmڻ
Flags:8类型:string大小:970 byte失效时间:2016-03-30 17:42:48反序列化刷新删除
KEY : Entitys/User/178653字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] ݹ201509170009 何志国c03a838f11ea0b2e sysadmin+`ݿ201509170009x 152563208196
Flags:8类型:string大小:973 byte失效时间:2016-03-30 17:42:47反序列化刷新删除
KEY : f58c86a7-6950-4672-b043-29b4d154a0d0字符集:
WETMS.Components.ExOnlineTest.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null5ETMS.Components.ExOnlineTest.API.Entity.Ex_OnLineTest<OnLineTestID>k__BackingField<OrgID>k__BackingField<OnLineTestName>k__BackingField<OnLineTestDesc>k__BackingField<IsShowAnswer>k__BackingField!<OnLineTestStatus>k__BackingField<MaxCount>k__BackingField<LimitTime>k__BackingField<TotalScore>k__BackingField<PassLine>k__BackingField<CreateTime>k__BackingField<CreateUserID>k__BackingField<CreateUser>k__BackingField<ModifyTime>k__BackingField<ModifyUser>k__BackingField<Remark>k__BackingField<DelFlag>k__BackingField<TestPaperID>k__BackingField<TestPaperType>k__BackingFieldAbstractObject+m_KeyNameSystem.Guid System.Guid_a_b_c_d_e_f_g_h_i_j_kPirFC)T3.28【1周1练】产品考试 100.0080.00ܺVİ张菡V张菡 $606c70e7-bc7a-4270-8835-dbfbc1d634b2
Flags:8类型:string大小:1048 byte失效时间:2016-03-30 17:44:57反序列化刷新删除
KEY : Entitys/Course/b0fe7e11-12ec-4b71-a317-5c84923fcb79字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null2ETMS.Components.Basic.API.Entity.Course.Res_Course<CourseID>k__BackingField<CourseCode>k__BackingField<CourseName>k__BackingField<CourseLevelID>k__BackingField<CourseTypeID>k__BackingField<CourseStatus>k__BackingField<IsPublic>k__BackingField<CourseHours>k__BackingField<ThumbnailURL>k__BackingField<ForObject>k__BackingField#<CourseIntroduction>k__BackingField<CourseOutline>k__BackingField<OrgID>k__BackingField<CreateTime>k__BackingField<CreateUserID>k__BackingField<CreateUser>k__BackingField<ModifyTime>k__BackingField<ModifyUser>k__BackingField<Remark>k__BackingField<DelFlag>k__BackingFieldAbstractObject+m_KeyNameSystem.Guid System.Guid_a_b_c_d_e_f_g_h_i_j_k~qK\?y GQYHZ15014新员工-宜分期1.00+2015\06\16\20150616174040718.jpg p#qv 延子娜p#qv 延子娜
Flags:8类型:string大小:1068 byte失效时间:2016-03-30 17:39:21反序列化刷新删除
KEY : Entitys/Course/a76c4dbc-7b18-48d6-8a56-8e3a1a4b1368字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null2ETMS.Components.Basic.API.Entity.Course.Res_Course<CourseID>k__BackingField<CourseCode>k__BackingField<CourseName>k__BackingField<CourseLevelID>k__BackingField<CourseTypeID>k__BackingField<CourseStatus>k__BackingField<IsPublic>k__BackingField<CourseHours>k__BackingField<ThumbnailURL>k__BackingField<ForObject>k__BackingField#<CourseIntroduction>k__BackingField<CourseOutline>k__BackingField<OrgID>k__BackingField<CreateTime>k__BackingField<CreateUserID>k__BackingField<CreateUser>k__BackingField<ModifyTime>k__BackingField<ModifyUser>k__BackingField<Remark>k__BackingField<DelFlag>k__BackingFieldAbstractObject+m_KeyNameSystem.Guid System.Guid_a_b_c_d_e_f_g_h_i_j_kMl{HV:Kh GQYHZ15007新员工-合规课程1.00+2015\05\27\20150527104347195.jpg 0&yf 延子娜0&yf 延子娜
Flags:8类型:string大小:1071 byte失效时间:2016-03-30 17:39:28反序列化刷新删除
KEY : Entitys/User/169690字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] ږ201507220128范磊[email protected] sysadminԋy 201507220128@KG= 18669062185; P
Flags:8类型:string大小:992 byte失效时间:2016-03-30 17:42:36反序列化刷新删除
KEY : Entitys/User/167732字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] 4201507080226 聂亚菲720bb3d916e1c8f1 sysadmint+201507080226P,j3+ 135845541786 |C
Flags:8类型:string大小:973 byte失效时间:2016-03-30 17:42:36反序列化刷新删除
KEY : Entitys/User/183862字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] 6201510290178 李和敏3c18d1f7bc52a915 sysadmin+L201510290178 13166291203 +@
Flags:8类型:string大小:973 byte失效时间:2016-03-30 17:39:57反序列化刷新删除
KEY : Entitys/User/195487字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] 201601080069 白兆正37eadc2134507f6c sysadmin%C2016010800690s> 13826807495%= J
Flags:8类型:string大小:973 byte失效时间:2016-03-30 17:41:12反序列化刷新删除
KEY : Entitys/User/196854字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] 201601270134 杨丽艳4df79a81417d6b82 sysadminpJ(201601270134g'. 151611016826 @+
Flags:8类型:string大小:973 byte失效时间:2016-03-30 17:42:22反序列化刷新删除
KEY : Entitys/User/205784字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] #201603290055 赵长亮[email protected] sysadminе%PX 201603290055аX 18538881991)< ;{
Flags:8类型:string大小:1002 byte失效时间:2016-03-30 17:39:21反序列化刷新删除
KEY : Entitys/User/196845字符集:
PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] 201601270112 沈瑶佳bef833a518de6c28 sysadminpJ(2016012701120EY1+ 13775117340B @,


2.jpg


修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-03-30 18:36

厂商回复:

感谢提醒,正在修复中。

最新状态:

暂无