当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0210257

漏洞标题:海尔集团某系统整站源码可下载(包含核心B2B数据库信息)

相关厂商:海尔集团

漏洞作者: 路人甲

提交时间:2016-05-18 19:55

修复时间:2016-07-03 16:50

公开时间:2016-07-03 16:50

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-05-18: 细节已通知厂商并且等待厂商处理中
2016-05-19: 厂商已经确认,细节仅向厂商公开
2016-05-29: 细节向核心白帽子及相关领域专家公开
2016-06-08: 细节向普通白帽子公开
2016-06-18: 细节向实习白帽子公开
2016-07-03: 细节向公众公开

简要描述:

海尔集团某系统整站源码可下载(包含核心B2B数据库信息)

详细说明:

Git控制不当,可以下载源码
http://renren.haier.com/.git/config
后台在这里
http://renren.haier.com/admin/default/login
本站同时自带phpmyadmin数据库管理软件
http://renren.haier.com:8080/phpmyadmin

haier1.png


管理员信息,直接泄露在里面的SQL文件里面

LOCK TABLES `t_admin` WRITE;
/*!40000 ALTER TABLE `t_admin` DISABLE KEYS */;
INSERT INTO `t_admin` VALUES (1,'haier','我是管理员祖宗','9d14ababa689cf383672f009bf3ae367',-1,'127.0.0.1',1458618470,'123dsfs',1439144654,0,'N',0),(2,'test2','test2','94e7c3cbbce44936c0e1e893a450156e',2,'127.0.0.1',1439144654,'',1439144654,1,'N',1),(3,'xiaogu','xiaogu','ddf617ba29f47c03802602cddf9411c7',1,'127.0.0.1',1452828994,'[email protected]',1442317250,0,'N',0),(4,'test3','test3','94e7c3cbbce44936c0e1e893a450156e',-1,'127.0.0.1',1442399418,'123456',1442399418,1,'N',1),(5,'test4','test4','94e7c3cbbce44936c0e1e893a450156e',2,'127.0.0.1',1442400554,'[email protected]',1442400554,0,'N',1),(6,'zeus','zeus','94e7c3cbbce44936c0e1e893a450156e',0,'127.0.0.1',1444717577,'',1444717577,1,'N',1),(7,'lily','lily','e0a7881269dd16dbf486dd5f69c84957',0,'121.34.130.159',1445239453,'lily123',1445239453,1,'N',1),(9,'cs','csnickname','94e7c3cbbce44936c0e1e893a450156e',0,'113.102.163.26',1445325826,'123',1445325826,1,'N',1),(10,'xuwei','xuwei','ebee1962d3f75b0f39078137b4f49542',0,'127.0.0.1',1445485392,'xuwei',1445485392,1,'N',1),(11,'zhengang','zhengang','7fbe924f5475841c174b6c451c67f611',0,'127.0.0.1',1445485401,'zhengang',1445485401,1,'N',1),(12,'xiaohua','xiaohua','d485ec2754d2067a41e4bddf0ee7cdec',0,'127.0.0.1',1445485409,'xiaohua',1445485409,1,'N',1),(13,'xiangnan','xiangnan','cacc3501a5e4f9b32084997bd85bb52e',-1,'127.0.0.1',1445485415,'xiangnan',1445485415,1,'N',1),(14,'liujie','liujie','d4232be652be3bca2b4bff8b7fea99ad',0,'127.0.0.1',1445485424,'liujie',1445485424,1,'Y',1),(17,'xiaogu2','xiaogu','94e7c3cbbce44936c0e1e893a450156e',1,'192.168.1.211',1448004073,'123456',1448004073,1,'N',1),(16,'3','3','e74350b9c49b61949b1fc2653cde191b',1,'127.0.0.1',1446186514,'',1446186514,1,'Y',1),(18,'xiaogu3','xiaogu','600caaea66c022466953e81c1e1c6388',-1,'127.0.0.1',1451620454,'',1451620454,1,'Y',1);
/*!40000 ALTER TABLE `t_admin` ENABLE KEYS */;

漏洞证明:

'oracle_config'     => [
        'user'       => 'HAIERB2B_READ',
        'pass'       => 'HAIERB2B_READ',
        'name'       => 'haierb2b',
        'desc'       => '(DESCRIPTION =(ADDRESS = (PROTOCOL = TCP)(HOST = haierb2b.JXJG.corp.haier.com)(PORT= 1521))(CONNECT_DATA =(SERVER = DEDICATED)(SERVICE_NAME = haierb2b)))',


<?php
return [
    'appKey'    => '1000017',
    'secret'    => 'f1531e7f49e837f4c2885b447965f4c1',
    'api_url'   => 'http://api.ux.haier.com',
    'pay_url'   => 'http://pay.ux.haier.com',
];


<?php
return [
    'connectionString' 		=> 'mysql:host=10.138.26.52;dbname=tob',
    'emulatePrepare'	 	=> true,
    'username' 				=> 'root',
    'password' 				=> '7lqJcyC86RCMOcM1',
    'charset' 				=> 'utf8mb4',
    'tablePrefix'			=> 'diy_',
];

修复方案:

删除

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-05-19 16:42

厂商回复:

感谢白帽子的测试与提醒,已经控制.git的目录访问。

最新状态:

暂无